nerdexam
EC-Council

312-50V11 · Question #488

What kind of risk will remain even if all theoretically possible safety measures would be applied?

The correct answer is A. Residual risk. Residual risk is the risk that remains after all feasible controls and safeguards have been applied to an identified threat.

Information Security and Ethical Hacking Fundamentals

Question

What kind of risk will remain even if all theoretically possible safety measures would be applied?

Options

  • AResidual risk
  • BInherent risk
  • CImpact risk
  • DDeferred risk

How the community answered

(61 responses)
  • A
    95% (58)
  • B
    3% (2)
  • C
    2% (1)

Why each option

Residual risk is the risk that remains after all feasible controls and safeguards have been applied to an identified threat.

AResidual riskCorrect

Residual risk is defined as the remaining level of risk after security controls have been applied to reduce inherent risk. Even with every theoretically possible safeguard in place, some level of uncertainty and exposure cannot be fully eliminated. Risk management frameworks like NIST SP 800-39 acknowledge that residual risk is accepted by organizational leadership after controls are implemented.

BInherent risk

Inherent risk is the level of risk that exists before any controls are applied, not the risk that remains after controls are implemented.

CImpact risk

Impact risk is not a standard term in recognized risk management frameworks and is not used to describe risk remaining after controls.

DDeferred risk

Deferred risk is not a standard risk classification in IT security or risk management frameworks.

Concept tested: Residual risk in security risk management

Source: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-39.pdf

Topics

#residual risk#risk management#risk terminology#security controls

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice