Secure Software Lifecycle Professional – CSSLP – Question303

Gary is the project manager for his project. He and the project team have completed the qualitative risk analysis process and are about to enter the quantitative risk analysis process when Mary, the project sponsor, wants to know what quantitative risk analysis will review. Which of the following statements best defines what quantitative risk analysis will review?

A.
The quantitative risk analysis process will analyze the effect of risk events that may substantially impact the project's competing demands.
B. The quantitative risk analysis reviews the results of risk identification and prepares the project for risk response management.
C. The quantitative risk analysis seeks to determine the true cost of each identified risk event and the probability of each risk event to determine the risk exposure.
D. The quantitative risk analysis process will review risk events for their probability and impact on the project objectives.

Correct Answer: A

Explanation:

Explanation: Once the risk events have passed through qualitative risk analysis, then the risk events must be reviewed to determine the effect of the risks on the project’s competing demands. Answer: D is incorrect. While the quantitative risk analysis process will review the risk events for probability and impact, this statement does not answer the question as completely as answer option A. Answer: C is incorrect. The quantitative risk analysis process does not review every risk identified – only the risks which require further analysis. Answer: B is incorrect. Quantitative risk analysis process does not begin the risk response process. Its goal is to determine the effect of certain risk events on the project’s competing demands.