Oct 12 • 🙋♂️ CISSP
CISSP Practice Question – Control Selection & Residual Risk
A recent assessment identified that a key web application handling payment data has several high-severity vulnerabilities. Management approved funding to implement a web application firewall (WAF) and continuous code scanning as compensating controls. After both controls are deployed and verified, the residual risk remains above the organization’s formally documented risk appetite.
What should the information security manager recommend NEXT?
A. Accept the residual risk since reasonable controls have been implemented.
B. Transfer the residual risk through a cyber-insurance policy.
C. Escalate the residual risk to senior management for a risk acceptance decision.
D. Implement additional detective controls to reduce exposure further.
3
14 comments
CISSP Practice Question – Control Selection & Residual Risk
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+46
2
+31
3
+30
4
+26
5
+17
Powered by