Question: Temporarily deactivating some monitoring processes, even if supported by an acceptance of operational risk, may not be acceptable to the information security manager if:
A.) it implies compliance risks.
B.) short-term impact cannot be determineD.)
C.) it violates industry security practices.
D.) changes in the roles matrix cannot be detecteD.)

Download pdf (with explanations) edition of this exam.