3d • 🙋♂️ CISSP
CISSP Practice Question (Domain 1: Security & Risk Management / Risk Acceptance)
A business unit requests an exception to bypass multifactor authentication for a legacy system that cannot support it without a costly upgrade.
The system processes sensitive but non-regulated data, and no active exploits are known.
What should the security manager do FIRST?
A. Deny the request and mandate immediate MFA implementation
B. Perform a risk assessment and formally document risk acceptance
C. Approve the exception indefinitely due to technical limitations
D. Compensate by increasing network monitoring without documentation
0
13 comments
CISSP Practice Question (Domain 1: Security & Risk Management / Risk Acceptance)
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+36
2
+31
3
+28
4
+26
5
+26
Powered by