CompTIA CASP+ Practice Test

Disable ads (and more) with a membership for a one time $2.99 payment

Enhance your CompTIA CASP+ exam readiness with our comprehensive quizzes. Sharpen your skills with detailed flashcards and multiple choice questions, each with hints and in-depth explanations. Prepare effectively for this challenging exam!

Start Multiple Choice Practice Test
Start Flash Cards

Practice this question and more.

If an organization has legacy applications that cannot comply with a password length policy, what should be done?

  1. Remove the legacy applications from the network

  2. Implement multi-factor authentication on these applications

  3. Provide a business justification for a risk exception

  4. Upgrade all applications immediately

The correct answer is: Provide a business justification for a risk exception

In situations where an organization faces challenges with legacy applications that cannot meet modern security policies, providing a business justification for a risk exception is a practical approach. This option allows the organization to acknowledge the limitations of the legacy systems while simultaneously assessing and documenting the associated risks. This process involves evaluating the potential vulnerabilities posed by the inability of these applications to comply with the password length policy, followed by outlining the rationale for accepting those risks based on business needs, operational impact, or resource constraints. By formalizing the exception, the organization can maintain compliance with regulatory and internal standards while developing a plan for future upgrades or integrations that better align with security best practices. This path also encourages the organization to prioritize legacy systems for review or improvement in the future, driving the intent to eventually mitigate identified risks through better technology without disrupting business operations immediately.

More Questions Like This