Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

ISC2 Exam CAP Topic 7 Question 82 Discussion

Actual exam question for ISC2's CAP exam
Question #: 82
Topic #: 7
[All CAP Questions]

Which of the following statements correctly describes DIACAP residual risk?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Raul at Apr 10, 2024, 06:22 AM

Limited Time Offer

25%

Off

Get Premium CAP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Skye
6 months ago
I see your point, It does make sense that residual risk is what's left after other measures have been taken. A) might actually be the right answer.
upvoted 0 times
...
Garry
6 months ago
But doesn't residual risk refer to the risk that remains after mitigations have been put in place? That's why I think A) is correct.
upvoted 0 times
...
Fanny
6 months ago
I'm leaning towards B) It is a process of security authorization. It makes sense to me.
upvoted 0 times
...
Skye
6 months ago
I disagree, I believe DIACAP residual risk is the technical implementation of the security design, so the answer is C).
upvoted 0 times
...
Garry
6 months ago
I think the correct answer is A) It is the remaining risk to the information system after risk palliation has occurred.
upvoted 0 times
...
Kenny
6 months ago
I beliKenny Shad is right. Residual risk is about ensuring the system meets security requirements, so D) makes sense.
upvoted 0 times
...
Cherrie
7 months ago
But doesn't residual risk refer to the remaining risk even after all security measures are in place?
upvoted 0 times
...
Shad
7 months ago
I don't think so. Residual risk is about validating the system, so I would go with D) It is used to validate the information system.
upvoted 0 times
...
Orville
7 months ago
I agree with Cherrie. Residual risk is what's left after mitigation efforts.
upvoted 0 times
...
Cherrie
7 months ago
I think the correct answer is A) It is the remaining risk to the information system after risk palliation has occurred.
upvoted 0 times
...
Tequila
8 months ago
Ooh, good point! I hadn't considered the DIACAP part. That could make a difference. I'm still leaning towards A, but I'm not as confident now.
upvoted 0 times
...
Antonio
8 months ago
Whoa, hold up there, buddy. Option A may be the right answer, but let's not forget that the question is specifically asking about DIACAP residual risk, not just general residual risk. We need to keep that in mind.
upvoted 0 times
...
Aleisha
8 months ago
You guys are overthinking this! It's clearly option A. Residual risk is the risk that's left after you've done all your risk management stuff. Easy peasy.
upvoted 0 times
...
Adell
8 months ago
Hmm, I'm not too confident about this one. I was thinking option B might be correct, as DIACAP is a security authorization process, but I'm not sure if that's the best description of residual risk.
upvoted 0 times
Joaquin
6 months ago
I agree with Yvette. Option A seems to fit the definition of residual risk.
upvoted 0 times
...
Yvette
7 months ago
I think option A is more accurate. It talks about the remaining risk.
upvoted 0 times
...
...
Rosenda
8 months ago
I agree, it's not a straightforward question. I'm leaning towards option A, as it sounds like it's describing the concept of residual risk, which is the risk that remains after controls are put in place.
upvoted 0 times
...
Selma
8 months ago
This question seems a bit tricky. I'm not entirely sure about the correct answer, but I think it has something to do with the remaining risk after implementing risk mitigation measures.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77