Certified Incident Handler (ECIH v3) — Question 77

The left over risk after implementing a control is called:

Answer options

• A. Residual risk
• B. Unaccepted risk
• C. Low risk
• D. Critical risk

Correct answer: A

Explanation

Residual risk is the term used to describe the remaining risk after controls have been applied. The other options do not accurately represent this concept, as unaccepted risk refers to risk that has not been acknowledged, low risk is a subjective assessment of risk severity, and critical risk implies a level of risk that may require immediate attention.