nerdexam
CompTIA

SY0-301 · Question #782

Identifying residual risk is MOST important to which of the following concepts?

The correct answer is B. Risk acceptance. Residual risk is the risk that remains after security controls have been applied. Risk acceptance is the process of acknowledging that residual risk exists and consciously deciding that the remaining risk is within an acceptable tolerance - rather than spending more resources to

Security program management and oversight

Question

Identifying residual risk is MOST important to which of the following concepts?

Options

  • ARisk deterrence
  • BRisk acceptance
  • CRisk mitigation
  • DRisk avoidance

How the community answered

(20 responses)
  • A
    15% (3)
  • B
    75% (15)
  • C
    5% (1)
  • D
    5% (1)

Explanation

Residual risk is the risk that remains after security controls have been applied. Risk acceptance is the process of acknowledging that residual risk exists and consciously deciding that the remaining risk is within an acceptable tolerance - rather than spending more resources to mitigate it further. Identifying residual risk is the foundational step before risk acceptance can occur; you must know what's left before deciding to accept it. Risk mitigation is about reducing risk (before residual risk is calculated). Risk avoidance eliminates the risk entirely. Risk deterrence discourages threats through consequences. Risk acceptance is uniquely tied to residual risk because it is the decision made about what remains after mitigation.

Topics

#residual risk#risk acceptance#risk management#risk treatment

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice