Certified Incident Handler (ECIH v3) — Question 3

In a qualitative risk analysis, risk is calculated in terms of:

Answer options

• A. (Attack Success + Criticality ) ""(Countermeasures)
• B. Asset criticality assessment "" (Risks and Associated Risk Levels)
• C. Probability of Loss X Loss
• D. (Countermeasures + Magnitude of Impact) "" (Reports from prior risk assessments)

Correct answer: C

Explanation

The correct answer is C, as it represents the quantitative formula for assessing risk by multiplying the probability of loss by the potential loss. The other options mix qualitative factors or do not provide a clear formula for risk assessment, making them inappropriate for this context.