CAPTCHA does not completely mitigate the risk of Bots but rather reduces the risk and therefore Residual risk remains after the CAPTCHA implementation.

https://www.pwc.com/cyber/digital-trust

D Is Resdidual risk a "level" of risk in cybersecurity? Yes, "resdidual" risk is a level of risk in cybersecurity that refers to the risk that remains after security measures have been implemented. It is the risk that an event will still occur despite the implementation of risk management controls or stratagies. For example, if an organization implements an email security service to detect spamd and phishing attacks, but continues to receive phishing emails, that's an example of "residual" risk.

It says "level", the only one listed that is a cybersecurity level and makes sense is Low.

The question never says they implemented captcha, only suggested. This is a trick question so its A. However if the question is mistyped then it may be D.

Inherent Risk LOL Trick question: ChatGPT doesn't know how to solve trick questions. If you're broke, and I suggest, you get a job in cybersecurity. How are your finances now?

"Residual risk is the risk that remains after your organization has taken proper precautions and implemented appropriate controls" - Sybex CASP+ textbook

I don't like this question because the leftover risk after the mitigating control is known as Residual risk... but residual risk is not a "level" of risk. A level would be low, medium, high, etc. It's a type of risk.

question just says captcha was suggested not implemented than shouldn't it be A?

I was stuck between C and D for the longest, but then saw this: if there is still a possibility (residual risk) that some automated systems might bypass the CAPTCHA, then there is a level of risk that remains despite the mitigation efforts. the question reads "help reduce the number of video cards purchased through automated systems" which mean the risk still remains. If it read "lower the chances" or "Likelihood" then it would be C

thinking C. the risk is getting lowered due to the new implementation of security measures

Copy/Paste from ChatGPT: The level of risk, after implementing the CAPTCHA system on the web store to help reduce the number of video cards purchased through automated systems, can be described as: C. Mitigated. The term "mitigated" refers to the reduction or mitigation of risk through the implementation of security controls or countermeasures. In this case, the CAPTCHA system is a security control that aims to reduce the risk of automated systems purchasing video cards by adding a layer of human verification, thus mitigating the risk of unauthorized purchases.

Residual is what is left. Cannot completely mitigate a risk unless you turn off your network. The question is a weird wording as in lets tell a story and you answer like it is a story. yes, current state is Inherent and after controls are implemented it is in a mitigated state. however, this whole what if type of framing makes Residual the answer. Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence) Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)

The CAPTCHA was suggested but it was never implemented. Inherent risk refers to the risk that exists before any controls or mitigations have been applied. In this case, since the CAPTCHA system has not been implemented yet, the risk associated with attackers employing automated systems to purchase the video cards is still at its inherent level.

D is the correct answer

I was confused a little about why residual but the risk that someone can by pass the bot catcher is possible also, if the buyer decides to buy them by authenticating manually the risk still remain so is not mitigated but you have residual risk now.