Certified Authorization Professional – CAP – Question395

Which of the following statements correctly describes DIACAP residual risk?

A.
It is the remaining risk to the information system after risk palliation has occurred.
B. It is a process of security authorization.
C. It is the technical implementation of the security design.
D. It is used to validate the information system.

Correct Answer: A