CRISC • Practice Test 12
Free CRISC practice test — 15 questions with explanations. Set 12. No signup required.
Based on the exhibit, which risk should be treated first according to the risk rating?
Refer to the exhibit. ``` Risk Register Extract: Risk ID | Asset | Vulnerability | Threat | Current Control | Likelihood | Impact | Risk Level R001 | WebApp | SQLi in login | Attacker | WAF | 3 | 5 | 15 R002 | DB Server | Weak password | Insider | Password policy | 2 | 4 | 8 R003 | Firewall | Misconfigured rule | External | Change management | 4 | 3 | 12 ``` Risk Rating Matrix: Likelihood (1-5) x Impact (1-5) = Risk Level (1-25). Thresholds: Low (1-6), Medium (7-12), High (13-25).