nerdexam
GIAC

GSLC · Question #555

GSLC Question #555: Real Exam Question with Answer & Explanation

The correct answer is B. They can be analyzed and measured by the risk analysis process. C. They are considered an indicator of threats coupled with vulnerability. D. They can be mitigated by reviewing and taking responsible actions based on possible. Security risks cannot be fully eliminated - they can only be analyzed, quantified, and mitigated to an acceptable residual level through formal risk management processes.

Question

Which of the following statements are true about security risks? Each correct answer represents a complete solution. Choose three.

Options

  • AThey can be removed completely by taking proper actions.
  • BThey can be analyzed and measured by the risk analysis process.
  • CThey are considered an indicator of threats coupled with vulnerability.
  • DThey can be mitigated by reviewing and taking responsible actions based on possible

Explanation

Security risks cannot be fully eliminated - they can only be analyzed, quantified, and mitigated to an acceptable residual level through formal risk management processes.

Common mistakes.

  • A. Security risks can never be completely removed because residual risk always remains after controls are applied; the goal of risk management is reduction to an acceptable level, not total elimination.

Concept tested. Security risk management principles and risk analysis process

Reference. https://csrc.nist.gov/publications/detail/sp/800-30/rev-1/final

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GSLC Practice