CompTIA Security+ (SY0-601) — Question 530

In a rush to meet an end-of-year business goal, the IT department was told to implement a new business application. The security engineer reviews the attributes of the application and decides the time needed to perform due diligence is insufficient from a cybersecurity perspective. Which of the following BEST describes the security engineer's response?

Answer options

• A. Risk tolerance
• B. Risk acceptance
• C. Risk importance
• D. Risk appetite

Correct answer: B

Explanation

The correct answer is 'Risk acceptance' because the security engineer acknowledges that the risks associated with the application cannot be mitigated due to time constraints and decides to accept those risks. 'Risk tolerance' refers to the level of risk an organization is willing to bear, while 'Risk importance' is not a standard term in risk management, and 'Risk appetite' describes the amount of risk an organization is willing to pursue, which is not directly relevant to this scenario.