nerdexam
Exams312-50V9Questions#355
EC-Council

312-50V9 · Question #355

312-50V9 Question #355: Real Exam Question with Answer & Explanation

The correct answer is A: Residual risk. Residual risk is the risk that remains after all feasible controls and safeguards have been applied. Even a theoretically complete set of security measures cannot reduce risk to zero.

Question

What kind of risk will remain even if all theoretically possible safety measures would be applied?

Options

  • AResidual risk
  • BInherent risk
  • CImpact risk
  • DDeferred risk

Explanation

Residual risk is the risk that remains after all feasible controls and safeguards have been applied. Even a theoretically complete set of security measures cannot reduce risk to zero.

Common mistakes.

  • B. Inherent risk is the level of risk that exists before any controls or mitigation measures are applied, which is the opposite scenario described in the question.
  • C. Impact risk is not a standard term in recognized risk management frameworks - impact refers to the magnitude of a risk event's consequence, not a category of risk.
  • D. Deferred risk is not a recognized risk classification in standard frameworks such as ISO 27001 or NIST SP 800-30.

Concept tested. Residual risk definition in risk management frameworks

Reference. https://csrc.nist.gov/publications/detail/sp/800-30/rev-1/final

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 312-50V9 Practice