Certified Secure Software Lifecycle Professional (CSSLP) — Question 47

You are the project manager of the CUL project in your organization. You and the project team are assessing the risk events and creating a probability and impact matrix for the identified risks. Which one of the following statements best describes the requirements for the data type used in qualitative risk analysis?

Answer options

• A. A qualitative risk analysis encourages biased data to reveal risk tolerances.
• B. A qualitative risk analysis required unbiased stakeholders with biased risk tolerances.
• C. A qualitative risk analysis requires accurate and unbiased data if it is to be credible.
• D. A qualitative risk analysis requires fast and simple data to complete the analysis.

Correct answer: P, M, B, O, K, D

Explanation

The correct answer is C, as credible qualitative risk analysis hinges on having accurate and unbiased data to ensure reliable results. The other options propose biased data or stakeholder opinions, which would undermine the integrity of the analysis, or suggest that simplicity is a priority over accuracy, which is not the case.