Question 30
Main Page
Your department recommends accepting a risk due to low business impact. What must happen before final approval?
A. Update the password policy
B. Formal risk acceptance documentation
C. Consult with all third-party vendors
D. Purchase a new SIEM tool
Answer: B. Formal risk acceptance documentation
Risk acceptance must be a documented and approved decision to show due diligence and organizational accountability.