CompTIA Security Plus Mock Test Q238

Identifying residual risk is MOST important to which of the following concepts?

A. Risk deterrence
B. Risk acceptance
C. Risk mitigation
D. Risk avoidance


Correct Answer: B
Section: Compliance and Operational Security

Explanation:
Risk acceptance is often the choice you must make when the cost of implementing any of the other four choices exceeds the value of the harm that would occur if the risk came to fruition. To truly qualify as acceptance, it cannot be a risk where the administrator or manager is unaware of its existence; it has to be an identified risk for which those involved understand the potential cost or damage and agree to accept it. Residual risk is always present and will remain a risk thus it should be accepted (risk acceptance)

Incorrect Answers:
A: Risk deterrence involves understanding something about the enemy and letting them know the harm that can come their way if they cause harm to you.
C: Risk mitigation is accomplished any time you take steps to reduce risk. This category includes installing antivirus software, educating users about possible threats, monitoring
network traffic, adding a firewall, and so on.
D: Risk Avoidance is the opposite of risk acceptance and involves identifying a risk and making the decision not to engage any longer in the actions associated with that risk.

References:
D Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 3, 9, 10