CompTIA Security+ (SY0-701) — Question 286

Which of the following best describes the risk present after controls and mitigating factors have been applied?

Answer options

• A. Residual
• B. Avoided
• C. Inherent
• D. Operational

Correct answer: A

Explanation

The correct answer is 'Residual', as it refers to the risk that is left after all controls have been applied. 'Avoided' describes risks that have been eliminated, 'Inherent' refers to the natural level of risk before any controls, and 'Operational' relates to risks associated with day-to-day operations, not specifically about the effectiveness of controls.