ExamTopics Logo
Mail Us[email protected]
Menu
Isc Discussions
exam questions

Exam CSSLP All Questions

View all questions & answers for the CSSLP exam
Go to Exam

Exam CSSLP topic 1 question 61 discussion

Actual exam question from ISC's CSSLP
Question #: 61
Topic #: 1
[All CSSLP Questions]

Which of the following statements is true about residual risks?

  • A. It is the probabilistic risk after implementing all security measures.
  • B. It can be considered as an indicator of threats coupled with vulnerability.
  • C. It is a weakness or lack of safeguard that can be exploited by a threat.
  • D. It is the probabilistic risk before implementing all security measures.
Show Suggested Answer Hide Answer
Suggested Answer: vulnerability). Answer: B is incorrect. In information security, security risks are considered as an indicator of threats coupled with vulnerability. In other words, 🗳️
The residual risk is the risk or danger of an action or an event, a method or a (technical) process that still conceives these dangers even if all theoretically possible safety measures would be applied. The formula to calculate residual risk is (inherent risk) x (control risk) where inherent risk is (threats security risk is a probabilistic function of a given threat agent exercising a particular vulnerability and the impact of that risk on the organization. Security risks can be exploited by a threat, thus causing harm to the information systems or networks. It can exist in hardware , operating systems, firmware, applications, and configuration files. Vulnerability has been variously defined in the current context as follows: 1.A security weakness in a Target of Evaluation due to failures in analysis, design, implementation, or operation and such. 2.Weakness in an information system or components (e.g. system security procedures, hardware design, or internal controls that could be exploited to produce an information-related misfortune.) 3.The existence of a weakness, design, or implementation error that can lead to an unexpected, undesirable event compromising the security of the system, network, application, or protocol involved.
by 74gjd_37 at Sept. 29, 2023, 1:14 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
74gjd_37
5 months, 2 weeks ago
Selected Answer: A
the correct answer is A. Residual risk is the risk that remains after all planned risk responses have been implemented. It is the risk that is left over even after all security measures have been taken. The residual risk can be assessed by conducting a risk assessment after the planned risk responses have been implemented. The residual risk assessment helps to determine if the planned risk responses were effective in reducing the overall risk to an acceptable level.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago