CISSP-ISSEP · Question #39
Fill in the blank with the appropriate phrase. The ____________ is the risk that remains after the implementation of new or enhanced controls.
The correct answer is A. residual risk. Residual risk is defined as the risk that remains after controls have been applied - making option A the only correct choice. After an organization implements security controls (technical, administrative, or physical), some level of risk typically persists because no control elim
Question
Fill in the blank with the appropriate phrase. The ____________ is the risk that remains after the implementation of new or enhanced controls.
Options
- Aresidual risk
How the community answered
(40 responses)- A100% (40)
Explanation
Residual risk is defined as the risk that remains after controls have been applied - making option A the only correct choice. After an organization implements security controls (technical, administrative, or physical), some level of risk typically persists because no control eliminates 100% of exposure; that leftover risk is the residual risk.
This question has no distractors - only one answer choice (A) is provided, so the focus is purely on knowing the definition.
Memory tip: Think of "residual" as what's left behind, like residue in a bottle after you've poured it out. Controls pour out most of the risk, but residual risk is the risk "residue" that remains. Contrast it with inherent risk (risk before any controls) to avoid confusing the two on exam day.
Topics
Community Discussion
No community discussion yet for this question.