I some how miss stoneface lol but i shall carry his logic, "Key Words peeps"

In the old test the answer was B. https://www.examtopics.com/discussions/comptia/view/74664-exam-sy0-601-topic-1-question-316-discussion/

B. A risk register residual risks

A risk register is a comprehensive document listing known information about risks such as the risk owner. It typically includes risk scores along with recommended security controls to reduce the risk scores

C - Risk register is related to projects. While Business Impact Analysis covers the business as a whole which includes processes, systems, the basis for a disaster recovery plan. Risk Register https://www.professormesser.com/security-plus/sy0-601/sy0-601-video/risk-analysis/ Business Impact Analysis https://www.professormesser.com/security-plus/sy0-601/sy0-601-video/business-impact-analysis-4/

A risk register is a document that contains ranked and ordered information on the likelihood and potential impact of various risks that may affect business processes and systems. It typically includes information on both threats and vulnerabilities and assesses the risk to the organization. The risk register also highlights the effectiveness of existing controls (mitigating controls) in reducing the impact or likelihood of the identified risks. It serves as a key tool for risk management and helps organizations prioritize and manage risks effectively.

The document that is most likely to contain ranked and ordered information on the likelihood and potential impact of catastrophic events that may affect business processes and systems, while also highlighting the residual risks that need to be managed after mitigating controls have been implemented is a risk register. A risk register is a comprehensive document that identifies and assesses potential risks to a business, ranks them in order of severity, and provides information on how to mitigate and manage those risks. It typically includes a risk assessment matrix that ranks risks based on their likelihood and potential impact, as well as information on the controls and safeguards in place to manage those risks. While other documents such as a business impact analysis, asset value register, and disaster recovery plan may provide useful information related to risk management and business continuity, a risk register is specifically designed to provide ranked and ordered information on potential risks and residual risks that need to be managed after mitigating controls have been implemented. Therefore, a risk register is the most likely document to contain the information described in the question.

A risk register is a document that provides a systematic and structured approach to identifying, assessing, and managing risks to an organization. It typically includes information on the likelihood and potential impact of identified risks, as well as the controls in place to mitigate them. Risk registers can be used to rank and order risks based on their potential impact, allowing organizations to prioritize their risk management efforts.

While the other options may contain information on risks and their impact on business processes and systems, they are not specifically designed to prioritize risks and manage residual risks after implementing controls. For example, an RTO report may focus on recovery time objectives, while a business impact analysis may focus on identifying critical business processes and their dependencies. An asset value register may provide information on the value of an organization's assets but may not prioritize risks. A disaster recovery plan may provide guidance on how to recover from a catastrophic event but may not prioritize risks or manage residual risks.

A business impact analysis (BIA) is used to identify and assess the potential effects of an interruption to critical business operations. It contains ranked and ordered information on the likelihood and potential impact of catastrophic events that may affect business processes and systems, while also highlighting the residual risks that need to be managed after mitigating controls have been implemented. A risk register is an important tool used to identify, analyze, and document risks associated with a particular project or activity. It helps to keep track of all the risks encountered or anticipated during the project's lifetime. However, it does not contain ranked and ordered information on the likelihood and potential impact of catastrophic events or highlight residual risks that need to be managed.

The answer is Risk Register. To start with, Business impact analysis is a systematic process while Risk Rigeister is a DOCUMENT that contains everything described in the question

I´d go with risk matrix, but guess what...CompTIA does not have that answer -.- So the risk register is the next best thing to use.

Risk Register

on the spot

Risk assessments analyze potential threats and their likelihood of happening, a business impact analysis explains the effects of particular disasters and their severity.

Business impact analysis (BIA) is the process of performing risk assessment on business tasks and processes rather than on assets. The purpose of BIA is to determine the risks to business processes, set criticality prioritization, and begin the design protective and recovery solutions.

A risk register is a document that records all of your organisation's identified risks, the likelihood and consequences of a risk occurring, the actions you are taking to reduce those risks and who is responsible for managing them