CAP · Question #73
Which of the following statements is true about residual risks?
The correct answer is C. It is the probabilistic risk after implementing all security measures.. Residual risk is the remaining level of risk that persists after all security controls, safeguards, and countermeasures have been applied. No set of controls can eliminate 100% of risk, so residual risk represents what is left over and must be accepted by management. Option A des
Question
Which of the following statements is true about residual risks?
Options
- AIt is a weakness or lack of safeguard that can be exploited by a threat.
- BIt can be considered as an indicator of threats coupled with vulnerability.
- CIt is the probabilistic risk after implementing all security measures.
- DIt is the probabilistic risk before implementing all security measures.
How the community answered
(21 responses)- A5% (1)
- B10% (2)
- C86% (18)
Explanation
Residual risk is the remaining level of risk that persists after all security controls, safeguards, and countermeasures have been applied. No set of controls can eliminate 100% of risk, so residual risk represents what is left over and must be accepted by management. Option A describes a vulnerability; Option B describes risk itself (threat × vulnerability); Option D describes inherent risk - the risk level that exists before any controls are applied. Residual risk is specifically the post-control remainder.
Topics
Community Discussion
No community discussion yet for this question.