Certified Ethical Hacker (CEH v11) — Question 270

What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed?

Answer options

• A. Residual risk
• B. Impact risk
• C. Deferred risk
• D. Inherent risk

Correct answer: A

Explanation

The correct answer is Residual risk, which refers to the risk that persists after controls are applied. Impact risk, deferred risk, and inherent risk do not specifically describe the remaining risk after countermeasures have been taken.