In my opinion you have to exclude the 2 conditions in which you would accept the risk: normally an attacker's cost higher than the possible gain and an organization loss under a certain threshold. So in options 1 and 2 you cannot accept the risk (=unacceptable).
Inviato da iPhone
Il giorno 28/nov/2013, alle ore 02:04, Uday Kiran <[hidden email]> ha scritto:
Hi, I have some ambiguity on the below question, I had selected B as an answer however the answer is A, I don't understand how it can anyone pls explain.