CompTIA Security+ (SY0-601) — Question 816

Which of the following best describes the risk that is present once mitigations are applied?

Answer options

• A. Control risk
• B. Residual risk
• C. Inherent risk
• D. Risk awareness

Correct answer: B

Explanation

Residual risk refers to the risk that is still present after controls and mitigations have been put in place. Control risk pertains to the possibility that the controls may not be effective, while inherent risk is the level of risk that exists before any controls are applied. Risk awareness is simply the understanding of risks, not a specific type of risk itself.