nerdexam
CompTIA

CAS-003 · Question #260

A security policy states that all applications on the network must have a password length of eight characters. There are three legacy applications on the network that cannot meet this policy. One syst

The correct answer is D. Provide a business justification for a risk exception. The Exception Request must include: A description of the non-compliance. The anticipated length of non-compliance (2-year maximum). The proposed assessment of risk associated with non-compliance. The proposed plan for managing the risk associated with non- compliance. The propose

Risk Management

Question

A security policy states that all applications on the network must have a password length of eight characters. There are three legacy applications on the network that cannot meet this policy. One system will be upgraded in six months, and two are not expected to be upgraded or removed from the network. Which of the following processes should be followed?

Options

  • AEstablish a risk matrix
  • BInherit the risk for six months
  • CProvide a business justification to avoid the risk
  • DProvide a business justification for a risk exception

How the community answered

(59 responses)
  • A
    12% (7)
  • B
    7% (4)
  • C
    3% (2)
  • D
    78% (46)

Explanation

The Exception Request must include: A description of the non-compliance. The anticipated length of non-compliance (2-year maximum). The proposed assessment of risk associated with non-compliance. The proposed plan for managing the risk associated with non- compliance. The proposed metrics for evaluating the success of risk management (if risk is significant). The proposed review date to evaluate progress toward compliance. An endorsement of the request by the appropriate Information Trustee (VP or Dean).

Topics

#risk exception#legacy systems#security policy#risk acceptance

Community Discussion

No community discussion yet for this question.

Full CAS-003 Practice