CompTIA Security+ Question H-50

Which of the following risk concepts requires an organization to determine the number of failures per year?

A. SLE
B. ALE
C. MTBF
D. Quantitative analysis

Answer: B

Explanation:
ALE is the annual loss expectancy value. This is a monetary measure of how much loss you could expect in a year.

CompTIA Security+ Question E-94

Upper management decides which risk to mitigate based on cost. This is an example of:

A. Qualitative risk assessment
B. Business impact analysis
C. Risk management framework
D. Quantitative risk assessment

Answer: D

Explanation:
Quantitative analysis / assessment is used to the show the logic and cost savings in replacing a server for example before it fails rather than after the failure. Quantitative assessments assign a dollar amount.