New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 ISSEP Exam - Topic 2 Question 70 Discussion

Actual exam question for ISC2's ISSEP exam
Question #: 70
Topic #: 2
[All ISSEP Questions]

Which of the following statements is true about residual risks

Show Suggested Answer Hide Answer
Suggested Answer: B

The types of cryptography defined by FIPS 185 are as follows:

Type I cryptography: It describes a cryptographic algorithm or a tool accepted by the National

Security Agency for protecting classified

information.

Type II cryptography: It describes a cryptographic algorithm or a tool accepted by the National

Security Agency for protecting

sensitive, unclassified information in the systems as stated in Section 2315 of Title 10, United States

Code, or Section 3502(2) of Title

44, United States Code.

Type III cryptography: It describes a cryptographic algorithm or a tool accepted as a Federal

Information Processing Standard.

Type III (E) cryptography: It describes a Type III algorithm or a tool that is accepted for export from

the United States.


by Mari at Jul 04, 2023, 08:30 AM

Limited Time Offer

25%

Off

Get Premium ISSEP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Sabina
3 months ago
Totally agree with C, it’s all about what’s left after security measures!
upvoted 0 times
...
Shantell
3 months ago
Wait, is D really a thing? That seems off to me.
upvoted 0 times
...
Amie
4 months ago
A sounds right, threats and vulnerabilities go hand in hand.
upvoted 0 times
...
Leanna
4 months ago
I think B is misleading, it’s not just about weaknesses.
upvoted 0 times
...
Cassie
4 months ago
C is definitely true, residual risk is what’s left after controls.
upvoted 0 times
...
Stefany
4 months ago
I’m leaning towards A, but I’m not entirely confident. It seems like it could relate to both threats and vulnerabilities.
upvoted 0 times
...
Gregoria
4 months ago
I feel like I’ve seen a question like this before, and I think D was about risks before safeguards, so it can’t be right.
upvoted 0 times
...
Rene
5 months ago
I remember discussing vulnerabilities in class, but I’m not sure if that makes B correct. It feels a bit off.
upvoted 0 times
...
Hollis
5 months ago
I think residual risk refers to what’s left after all security measures are in place, so maybe C is the right answer?
upvoted 0 times
...
Ceola
5 months ago
The Greenhouse Gas Protocol seems like the most likely choice here, but I want to double-check the other options just to be sure.
upvoted 0 times
...
Shoshana
5 months ago
I'm a bit confused on this one. I'm not sure if the next state would be inIt or Get Transaction Data. I'll have to think it through step-by-step.
upvoted 0 times
...
Marquetta
5 months ago
Okay, let's think this through. The architect is responsible for the high-level design and ensuring the software meets its intended purpose, so I'd say C is definitely one of the right answers. And they also need to consider technical quality and implementation, so B seems like a good choice too.
upvoted 0 times
...
Dorian
10 months ago
Wait, is this a pop quiz or something? I thought we were just here to have a good time and learn about cybersecurity. Oh well, C it is!
upvoted 0 times
Lucia
8 months ago
D) It is the probabilistic risk before implementing all security measures.
upvoted 0 times
...
Therese
8 months ago
C) It is the probabilistic risk after implementing all security measures.
upvoted 0 times
...
Roslyn
8 months ago
B) It is a weakness or lack of safeguard that can be exploited by a threat.
upvoted 0 times
...
Bette
8 months ago
A) It can be considered as an indicator of threats coupled with vulnerability.
upvoted 0 times
...
Marion
8 months ago
D) It is the probabilistic risk before implementing all security measures.
upvoted 0 times
...
Twana
9 months ago
C) It is the probabilistic risk after implementing all security measures.
upvoted 0 times
...
Kirk
9 months ago
B) It is a weakness or lack of safeguard that can be exploited by a threat.
upvoted 0 times
...
Buddy
9 months ago
A) It can be considered as an indicator of threats coupled with vulnerability.
upvoted 0 times
...
...
Elza
10 months ago
Ha! This is a classic trick question. If you don't know the difference between residual risk and inherent risk, you're in trouble. I'm going with C.
upvoted 0 times
...
Elin
10 months ago
Hmm, that's an interesting perspective. I can see how both answers could be valid depending on the context.
upvoted 0 times
...
Shelia
10 months ago
I disagree, I believe the answer is C) It is the probabilistic risk after implementing all security measures.
upvoted 0 times
...
Elin
10 months ago
I think the answer is A) It can be considered as an indicator of threats coupled with vulnerability.
upvoted 0 times
...
Van
10 months ago
But wouldn't residual risks still exist even after implementing all security measures?
upvoted 0 times
...
Josue
10 months ago
Hmm, I'm not sure about that. I was thinking option D sounded more like the definition of residual risk. Guess I need to review my notes again.
upvoted 0 times
Dalene
9 months ago
User 2: I believe it's option C, the risk after all security measures.
upvoted 0 times
...
Vallie
10 months ago
User 1: I think option A is the correct statement.
upvoted 0 times
...
...
Edna
10 months ago
I disagree, I believe the answer is C) It is the probabilistic risk after implementing all security measures.
upvoted 0 times
...
Anika
11 months ago
I think option C is the correct answer. Residual risk is the probabilistic risk that remains after implementing all security measures.
upvoted 0 times
Leslie
9 months ago
It is important to consider residual risks even after implementing security measures.
upvoted 0 times
...
Melodie
9 months ago
Yes, you are right. Option C is the correct answer.
upvoted 0 times
...
Jeff
9 months ago
Residual risk is the probabilistic risk that remains after implementing all security measures.
upvoted 0 times
...
Leandro
9 months ago
I think option C is the correct answer.
upvoted 0 times
...
...
Van
11 months ago
I think the answer is A) It can be considered as an indicator of threats coupled with vulnerability.
upvoted 0 times
...

Save Cancel