Certified Ethical Hacker (CEH v10) — Question 54

What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed?

Answer options

• A. Deferred risk
• B. Impact risk
• C. Inherent risk
• D. Residual risk

Correct answer: D

Explanation

The correct answer is D, Residual risk, which refers to the remaining risk after all mitigation strategies have been applied. A. Deferred risk pertains to risks that are postponed, B. Impact risk relates to the consequences of a risk event, and C. Inherent risk refers to the level of risk that exists before any controls are applied.