nerdexam
(ISC)2

CISSP-ISSEP · Question #39

Fill in the blank with the appropriate phrase. The ____________ is the risk that remains after the implementation of new or enhanced controls.

The correct answer is A. residual risk. Residual risk is defined as the risk that remains after controls have been applied - making option A the only correct choice. After an organization implements security controls (technical, administrative, or physical), some level of risk typically persists because no control elim

Risk Management

Question

Fill in the blank with the appropriate phrase. The ____________ is the risk that remains after the implementation of new or enhanced controls.

Options

  • Aresidual risk

How the community answered

(40 responses)
  • A
    100% (40)

Explanation

Residual risk is defined as the risk that remains after controls have been applied - making option A the only correct choice. After an organization implements security controls (technical, administrative, or physical), some level of risk typically persists because no control eliminates 100% of exposure; that leftover risk is the residual risk.

This question has no distractors - only one answer choice (A) is provided, so the focus is purely on knowing the definition.

Memory tip: Think of "residual" as what's left behind, like residue in a bottle after you've poured it out. Controls pour out most of the risk, but residual risk is the risk "residue" that remains. Contrast it with inherent risk (risk before any controls) to avoid confusing the two on exam day.

Topics

#residual risk#risk management#security controls#risk mitigation

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSEP Practice