Question 181
Main Page
A senior executive wants to bypass multi-factor authentication for convenience. What should the CISO do?
A. Approve the exception silently
B. Disable MFA for all executives
C. Explain the risk and escalate if necessary to governance authority
D. Enable MFA but reduce its complexity
Answer: Explain the risk and escalate if necessary to governance authority
The CISO must advocate for consistent controls and involve governance if security exceptions pose undue risk.