Certified Chief Information Security Officer (CCISO) — Question 48

Risk that remains after risk mitigation is known as_____________.

Answer options

• A. Accepted risk
• B. Residual risk
• C. Non-tolerated risk
• D. Persistent risk

Correct answer: B

Explanation

The correct answer, 'Residual risk', refers to the level of risk that remains after mitigation measures have been implemented. 'Accepted risk' pertains to risks that are acknowledged and accepted as part of a strategy, while 'Non-tolerated risk' and 'Persistent risk' do not accurately describe the concept of risk that remains after mitigation.