CompTIA Updated SY0-701 Exam Questions and Answers by cyrus

Risk tolerance determines how much risk an organization is willing to accept before taking action. Security+ SY0-701 highlights risk tolerance as a primary factor in prioritizing remediation because different organizations evaluate threats differently depending on regulatory, financial, and operational pressures.

A low-tolerance organization may remediate even low-severity vulnerabilities quickly, while a high-tolerance organization may delay action on anything below critical severity.

Reporting impact to executives (A) does not influence risk priority. Open-source information (C) helps identify vulnerabilities but does not dictate remediation priority. The source of the risk report (D) is irrelevant; the severity and tolerance matter more.

Thus, the correct answer is B: The overall organizational risk tolerance.

The most important security concern when using legacy systems is the lack of vendor support. Without support from the vendor, systems may not receive critical security patches and updates, leaving them vulnerable to exploitation. This lack of support can result in increased risk of security breaches, as vulnerabilities discovered in the software may never be addressed.

References = CompTIA Security+ SY0-701 study materials, particularly in the context of risk management and the challenges posed by legacy systems​​.

A strong authentication policy should enforcepassword length(e.g., minimum of 12-16 characters) andcomplexity(mix of uppercase, lowercase, numbers, and symbols). These measures significantlyreduce the risk of brute-force attacks.

Least privilege (C)relates to access control, not authentication policies.

Something you have (D)andbiometrics (F)pertain to multi-factor authentication (MFA) but are not password policy requirements.