CSSLP · Question #61
CSSLP Question #61: Real Exam Question with Answer & Explanation
The correct answer is D: It is a risk that remains after planned risk responses are taken.. Residual risk is defined as the risk that remains after all planned risk responses and mitigation actions have been implemented.
Question
You work as a project manager for BlueWell Inc. You with your team are using a method or a (technical) process that conceives the risks even if all theoretically possible safety measures would be applied. One of your team member wants to know that what is a residual risk. What will you reply to your team member?
Options
- AIt is a risk that remains because no risk response is taken.
- BIt is a risk that can not be addressed by a risk response.
- CIt is a risk that will remain no matter what type of risk response is offered.
- DIt is a risk that remains after planned risk responses are taken.
Explanation
Residual risk is defined as the risk that remains after all planned risk responses and mitigation actions have been implemented.
Common mistakes.
- A. This describes a risk that might be accepted without further action, not specifically the remainder after taking responses.
- B. This implies an unaddressable risk, which is different from residual risk that remains after attempting to address it.
- C. This definition is close but less precise than option D, as residual risk specifically implies actions were taken to reduce it.
Concept tested. Residual risk definition
Reference. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf
Topics
Community Discussion
No community discussion yet for this question.