Question: Which of the following would be of GREATEST importance to the security manager in determining whether to accept residual risk?
A.) Historical cost of the asset
B.) Acceptable level of potential business impacts
C.) Cost versus benefit of additional mitigating controls
D.) Annualized loss expectancy (ALE)

Download pdf (with explanations) edition of this exam.