Risk acceptance of an exception to a security control would MOST likely be justified when: A. the end-user license agreement has expired. B. automation cannot be applied to the control. C. the control is difficult to enforce in practice. D. business benefits exceed the loss exposure. Suggested Answer: D This question is in CRISC exam For getting Risk and Information Systems Control Certificate Disclaimers: The website is not related to, affiliated with, endorsed or authorized by ISACA. The website does not contain actual questions and answers from ISACA's Certification Exams. Trademarks, certification & product names are used for reference only and belong to ISACA.
Please login or Register to submit your answer