A company just released a new video card. Due to limited supply and high demand, attackers are employing automated systems to purchase the device through the company's web store so they can resell it on the secondary market. The company's intended customers are frustrated. A security engineer suggests implementing a CAPTCHA system on the web store to help reduce the number of video cards purchased through automated systems.
Which of the following now describes the level of risk?
Residual risk describes the level of risk that remains after measures have been taken to mitigate it. In this case, implementing a CAPTCHA system on the web store is a step to reduce the number of automated purchases and help mitigate the risk. However, the risk that some automated systems might still bypass the CAPTCHA remains, thus the appropriate level of risk is residual.
CAPTCHA does not completely mitigate the risk of Bots but rather reduces the risk and therefore Residual risk remains after the CAPTCHA implementation.
Residual is what is left. Cannot completely mitigate a risk unless you turn off your network. The question is a weird wording as in lets tell a story and you answer like it is a story. yes, current state is Inherent and after controls are implemented it is in a mitigated state. however, this whole what if type of framing makes Residual the answer. Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence) Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)
The CAPTCHA was suggested but it was never implemented. Inherent risk refers to the risk that exists before any controls or mitigations have been applied. In this case, since the CAPTCHA system has not been implemented yet, the risk associated with attackers employing automated systems to purchase the video cards is still at its inherent level.
D is the correct answer
The level of risk in option E, Transferred, would be appropriate if the company had transferred the responsibility for managing the risk to a third party. For example, if the company had outsourced the management of its web store to a third-party provider that assumed the responsibility for managing the risk of automated purchases, then it would be appropriate to describe the level of risk as transferred.
However, in this scenario, the company itself is proposing the solution of implementing a CAPTCHA system to mitigate the risk of automated purchases. Therefore, the responsibility for managing the risk remains with the company.
I was stuck between C and D for the longest, but then saw this: if there is still a possibility (residual risk) that some automated systems might bypass the CAPTCHA, then there is a level of risk that remains despite the mitigation efforts. the question reads "help reduce the number of video cards purchased through automated systems" which mean the risk still remains. If it read "lower the chances" or "Likelihood" then it would be C
A, inherent is before, residual is the remaining level of risk. What is being described is the risk before anything is done
A company just released a new video card. Due to limited supply and high demand, attackers are employing automated systems to purchase the device through the company's web store so they can resell it on the secondary market..... The next two sentences should be ignored because they change nothing about the current risk.
https://www.pwc.com/cyber/digital-trust
D Is Resdidual risk a "level" of risk in cybersecurity? Yes, "resdidual" risk is a level of risk in cybersecurity that refers to the risk that remains after security measures have been implemented. It is the risk that an event will still occur despite the implementation of risk management controls or stratagies. For example, if an organization implements an email security service to detect spamd and phishing attacks, but continues to receive phishing emails, that's an example of "residual" risk.
It says "level", the only one listed that is a cybersecurity level and makes sense is Low.
The question never says they implemented captcha, only suggested. This is a trick question so its A. However if the question is mistyped then it may be D.
Inherent Risk LOL Trick question: ChatGPT doesn't know how to solve trick questions. If you're broke, and I suggest, you get a job in cybersecurity. How are your finances now?
"Residual risk is the risk that remains after your organization has taken proper precautions and implemented appropriate controls" - Sybex CASP+ textbook
I don't like this question because the leftover risk after the mitigating control is known as Residual risk... but residual risk is not a "level" of risk. A level would be low, medium, high, etc. It's a type of risk.
question just says captcha was suggested not implemented than shouldn't it be A?
thinking C. the risk is getting lowered due to the new implementation of security measures
Copy/Paste from ChatGPT: The level of risk, after implementing the CAPTCHA system on the web store to help reduce the number of video cards purchased through automated systems, can be described as: C. Mitigated. The term "mitigated" refers to the reduction or mitigation of risk through the implementation of security controls or countermeasures. In this case, the CAPTCHA system is a security control that aims to reduce the risk of automated systems purchasing video cards by adding a layer of human verification, thus mitigating the risk of unauthorized purchases.