nerdexam
(ISC)2

CISSP · Question #895

Which of the following mandates the amount and complexity of security controls applied to a security risk?

The correct answer is B. Risk tolerance. Risk tolerance refers to the level of risk an organization is willing to accept in pursuit of its objectives. It plays a key role in determining the amount and complexity of security controls that should be applied to mitigate security risks. Risk tolerance helps determine how mu

Submitted by renata2k· Mar 5, 2026Security and Risk Management

Question

Which of the following mandates the amount and complexity of security controls applied to a security risk?

Options

  • ASecurity vulnerabilities
  • BRisk tolerance
  • CRisk mitigation
  • DSecurity staff

How the community answered

(31 responses)
  • A
    3% (1)
  • B
    94% (29)
  • C
    3% (1)

Explanation

Risk tolerance refers to the level of risk an organization is willing to accept in pursuit of its objectives. It plays a key role in determining the amount and complexity of security controls that should be applied to mitigate security risks. Risk tolerance helps determine how much risk is acceptable, which in turn influences how stringent or relaxed security controls should be. For example, an organization with a low risk tolerance will apply more robust and complex security controls to minimize potential threats, while an organization with a higher risk tolerance may apply fewer controls and accept a higher level of

Topics

#Risk tolerance#Security controls#Risk management

Community Discussion

No community discussion yet for this question.

Full CISSP Practice