nerdexam
EC-Council

312-50V10 · Question #488

What kind of risk will remain even if all theoretically possible safety measures would be applied?

The correct answer is A. Residual risk. Residual risk is the risk that persists after all feasible security controls have been implemented. No set of controls can reduce risk to absolute zero.

Information Security and Ethical Hacking Fundamentals

Question

What kind of risk will remain even if all theoretically possible safety measures would be applied?

Options

  • AResidual risk
  • BInherent risk
  • CImpact risk
  • DDeferred risk

How the community answered

(56 responses)
  • A
    89% (50)
  • B
    2% (1)
  • C
    2% (1)
  • D
    7% (4)

Why each option

Residual risk is the risk that persists after all feasible security controls have been implemented. No set of controls can reduce risk to absolute zero.

AResidual riskCorrect

Residual risk is defined as the remaining level of risk after countermeasures and safeguards have been applied to inherent risk. Even after exhausting all theoretically possible safety measures, some degree of uncertainty and potential loss remains because perfect security is unattainable - this leftover exposure is, by definition, residual risk.

BInherent risk

Inherent risk is the level of risk that exists before any controls or mitigations are applied, which is the opposite of what the question describes.

CImpact risk

'Impact risk' is not a standard risk management term; impact is a component used to measure the severity of a risk event, not a category of remaining risk.

DDeferred risk

'Deferred risk' is not a recognized category in standard risk management frameworks such as NIST RMF or ISO 27005.

Concept tested: Residual risk definition after control implementation

Source: https://csrc.nist.gov/glossary/term/residual_risk

Topics

#residual risk#risk management#security controls

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice