CRISC Certified in Risk and Information Systems Control – Question216
How residual risk can be determined? A. By determining remaining vulnerabilities after countermeasures are in place. B. By transferring all risks. C. By threat analysis D. By risk assessment
Correct Answer: D
Explanation:
Explanation: All risks are determined by risk assessment, regardless whether risks are residual or not.
Incorrect Answers:
A: Determining remaining vulnerabilities after countermeasures are in place says nothing about threats, therefore risk cannot be determined.
B: Transferring all the risks in not relevant to determining residual risk. It is one of the method of risk management.
C: Risk cannot be determined by threat analysis alone, regardless whether it is residual or not.
Please disable your adblocker or whitelist this site!