How residual risk can be determined?
A.
By determining remaining vulnerabilities after countermeasures are in place.
B.
By transferring all risks.
C.
By threat analysis
D.
By risk assessment
Explanation:
All risks are determined by risk assessment, regardless whether risks are residual or not.
Answer A is incorrect. Determining remaining vulnerabilities after countermeasures are in place
says nothing about threats, therefore risk cannot be determined.
Answer C is incorrect. Risk cannot be determined by threat analysis alone, regardless whether it is
residual or not.
Answer B is incorrect. Transferring all the risks in not relevant to determining residual risk. It is one
of the method of risk management.