Exam SY0-601 topic 1 question 740 discussion

Time is not sufficient and the end is coming to an end. the best is acceptance..

Risk Acceptance is the only one listed in the objectives. I get the logic with A that some people mentioned. However, risk tolerance is nowhere to be found in the objectives. I'm going with Risk acceptance and chalking it up to another shit CompTia question.

risk tolerance refers to an organization's or individual's willingness to accept and manage various levels of risk associated with information technology (IT) and cybersecurity. It involves assessing the potential impact of risks and determining the acceptable level of risk exposure for achieving business objectives while safeguarding assets and data. Risk acceptance refers to a deliberate decision made by an organization or individual to acknowledge and tolerate a certain level of risk without taking specific actions to mitigate it. This approach is typically chosen when the cost or effort required to reduce the risk is deemed to outweigh the potential impact of the risk itself. It's a strategic decision made after weighing the potential consequences against the resources available for risk mitigation.

Again, I'm tempted to go against the grain, but tbh I'm just hoping I don't see this question at all on the exam. In my opinion, it's the answer choices that makes it garbage rather than the question itself. The fact that acceptance, tolerance, and appetite are all listed drives me nuts. Would love y'all's take on this. CompTIA defines Risk Acceptance as tolerance. Section 19A: "Risk acceptance (or tolerance) means that no countermeasures are put in place either because the level of risk does not justify the cost or because there will be unavoidable delay before the countermeasures are deployed." CompTIA defines Risk Appetite as broader in scope, and since the company is trying to meet and end-of-year business goal with this app deployment, I am leaning towards appetite as the answer. Section 19A: "Risk appetite is a strategic assessment of what level of residual risk is tolerable. Risk appetite is broad in scope. Where risk acceptance has the scope of a single system, risk appetite has a project- or institution-wide scope."

the company did not take any action yet. so it is risk tolerance

The security engineer's response indicates a decision not to proceed due to cybersecurity concerns despite pressure to meet a business goal. This aligns closely with the concept of "Risk tolerance," which refers to an organization's willingness to accept the level of risk associated with a particular activity or decision. So, the BEST description of the security engineer's response is: A. Risk tolerance

Given the security engineer's determination that the time for due diligence is insufficient from a cybersecurity perspective, the most accurate description of their response would be A. Risk tolerance. Their assessment indicates a lower tolerance for risk in terms of cybersecurity. They recognize that the allocated time isn't adequate to ensure proper cybersecurity measures, suggesting a reluctance to proceed without sufficient assurance of security. This aligns more closely with the concept of risk tolerance, indicating their unwillingness to take on the associated risks due to time constraints.

I'm going to say he chose Risk Tolerance. It doesn't say that he chose to proceed. He felt that the application's deadline doesn't fall within the Risk Tolerance threshold.