shieldCISSP Practice Domain 1 — Security and Risk Management Q50 of 120

Which is the BEST description of qualitative risk analysis?

A CISSP practice question covering Domain 1: Security and Risk Management. Try answering before reading the explanation below.

▶ Show options & answer

Uses dollar values and statistical models

Uses ranked descriptors like Low/Medium/High based on subjective expert judgment

✓ Correct answer

Requires actuarial data

Is more accurate than quantitative analysis

Why "Uses ranked descriptors like Low/Medium/High based on subjective expert judgment" is the right answer

Qualitative analysis is descriptive and subjective — fast, cheap, good for triage. Quantitative analysis uses numbers and money. Programs commonly use qualitative to filter, then quantitative on the top risks.

Study videos for this topic

Want to go deeper on Domain 1? Watch the full breakdown — every video is free, no account, no upsell.

CISSP Domain 1: Ethics & the 5 Pillars (Canon Order)

Domain 1 — Security and Risk Management

CISSP Domain 1: Governance, Roles & Due Care (2026)

Domain 1 — Security and Risk Management

CISSP Domain 1: Laws, IP & GDPR (Compliance)

Domain 1 — Security and Risk Management

CISSP Domain 1: Investigation Types & Security Docs

Domain 1 — Security and Risk Management

Take the full CISSP practice test

120 questions, instant explanations, study-video links on every miss. No account.

Start full test →

Which is the BEST description of qualitative risk analysis?

Study videos for this topic

Other practice tests