312-50V10 · Question #488
What kind of risk will remain even if all theoretically possible safety measures would be applied?
The correct answer is A. Residual risk. Residual risk is the risk that persists after all feasible security controls have been implemented. No set of controls can reduce risk to absolute zero.
Question
What kind of risk will remain even if all theoretically possible safety measures would be applied?
Options
- AResidual risk
- BInherent risk
- CImpact risk
- DDeferred risk
How the community answered
(56 responses)- A89% (50)
- B2% (1)
- C2% (1)
- D7% (4)
Why each option
Residual risk is the risk that persists after all feasible security controls have been implemented. No set of controls can reduce risk to absolute zero.
Residual risk is defined as the remaining level of risk after countermeasures and safeguards have been applied to inherent risk. Even after exhausting all theoretically possible safety measures, some degree of uncertainty and potential loss remains because perfect security is unattainable - this leftover exposure is, by definition, residual risk.
Inherent risk is the level of risk that exists before any controls or mitigations are applied, which is the opposite of what the question describes.
'Impact risk' is not a standard risk management term; impact is a component used to measure the severity of a risk event, not a category of remaining risk.
'Deferred risk' is not a recognized category in standard risk management frameworks such as NIST RMF or ISO 27005.
Concept tested: Residual risk definition after control implementation
Source: https://csrc.nist.gov/glossary/term/residual_risk
Topics
Community Discussion
No community discussion yet for this question.