Which of the following is correct when discussing session management and exception management?
1) Session management manages sessions between the web application and the users.
2) Exception management is when a decision is made not to apply a certain internal cybersecurity policy based on functional or strategic factors.
3) Risk acceptance is similar to exception management.
4) None of the above are correct.
5) All of the above are correct.