CompTIA Security+ SY0-701 Practice Question
In an organization's risk management framework, when might an exemption be most appropriately granted?
When there is insufficient budget to implement any security measures and all risks need to be accepted
Whenever a key stakeholder dislikes the constraints imposed by a certain policy or standard
As a habitual practice for lower-priority systems to minimize the effort spent on security
When compliance with a security policy or control is either not feasible or not cost-effective relative to the reduction in risk it would bring