Last Attempt CBAP Questions

 Option B is both unambiguous and testable because it provides a specific color code (HEX #0000FF) that can be easily identified, verified, and tested. It leaves no room for interpretation or ambiguity, unlike the other options. A specific HEX code ensures that the exact shade of blue is understood and can be implemented consistently across different displays or prints. References: The answer is verified as per the Business Analysis Professional (CBAP) Learning documents or resources available on IIBA’s official website. Some of the relevant sources are:

A Guide to the Business Analysis Body of Knowledge® (BABOK® Guide)

Business Analysis Competency Model

Business Analysis for Practitioners: A Practice Guide

Verification is the process of evaluating the stated requirements to ensure that they are well-formed, consistent, complete, correct, and aligned with the organizational standards for business analysis. Verification is usually done by the BA or a peer reviewer before presenting the requirements to the stakeholders for validation or acceptance. Verification helps to ensure the quality and accuracy of the requirements, and to avoid errors, ambiguities, or misunderstandings. The other options are not the states that the BA is attempting to move the requirements into, as they are more related to the evaluation of the requirements against the business need, stakeholder expectations, or solution design. References: CBAP Handbook, CBAP Study Guide, BABOK Guide

Risk analysis is the process of defining and analyzing the dangers to individuals, businesses, and government agencies posed by potential natural and human-caused adverse events. Risk analysis involves identifying the sources and consequences of risk, estimating the likelihood and severity of risk events, and evaluating the effectiveness and feasibility of risk mitigation strategies. Risk analysis can be applied to various domains, such as IT, finance, security, health, environment, etc. Risk analysis can help to make informed decisions, optimize resource allocation, and enhance performance and resilience. One of the aspects of risk analysis is to measure the maturity level of the security program, which is the degree of development and capability of the security processes and controls that protect the organization from threats and vulnerabilities. A security maturity model is a framework that defines the stages or levels of security maturity and provides a roadmap for improvement. A security maturity model can help to identify the strengths and weaknesses of the security program, prioritize the actions and resources, and benchmark the progress and impact of the security program. References:

Security Maturity Models: Levels, Assessment, and Benefits, paragraph 1

Maturity Model | SANS Security Awareness, paragraph 1

CBAP / CCBA Certified Business Analysis Study Guide, 2nd Edition, page 47

The BA should recommend to eliminate the requirement that does not deliver benefit to any of the stakeholders and does not align with the solution scope. This is because the requirement is not necessary, valuable, or feasible, and it may introduce unnecessary complexity, cost, or risk to the solution. Eliminating the requirement would help to optimize the solution and ensure that it meets the stakeholder needs and expectations. Updating the solution design, re-evaluating the future state, or changing the solution scope are not the best options because they do not address the root cause of the problem and may result in scope creep or rework. References:

CBAP / CCBA Certified Business Analysis Study Guide, 2nd Edition, Chapter 3: Requirements Life Cycle Management, page 115

Business Analysis Body of Knowledge (BABOK) Guide, Version 3, Chapter 3: Requirements Life Cycle Management, section 3.6: Assess Requirements Changes, page 64