Free CompTIA Security+ SY0-701 Practice Question
In an organization's risk management framework, when might an exemption be most appropriately granted?
Whenever a key stakeholder dislikes the constraints imposed by a certain policy or standard
When there is insufficient budget to implement any security measures and all risks need to be accepted
When compliance with a security policy or control is either not feasible or not cost-effective relative to the reduction in risk it would bring
As a habitual practice for lower-priority systems to minimize the effort spent on security
This question's topic:
CompTIA Security+ SY0-701 /
Security Program Management and Oversight
SAVE $49