CRISC • Practice Test 5
Free CRISC practice test — 10 questions with explanations. Set 5. No signup required.
Refer to the exhibit. An organization has identified vulnerabilities on a critical server. The risk owner has limited resources and can remediate only one finding this quarter. Based on the information provided, which approach is the most appropriate risk assessment decision?
Refer to the exhibit. Vulnerability Scan Report (excerpt): Host: 10.10.50.100 Port: 443 (HTTPS) Finding: SSL/TLS certificate uses SHA-1 signature algorithm (CVE-2015-7575) Severity: Medium Remediation: Replace certificate with SHA-256 or higher. Host: 10.10.50.100 Port: 22 (SSH) Finding: OpenSSH version 7.2 is vulnerable to CVE-2016-6515 (DoS) Severity: Low Remediation: Upgrade to OpenSSH 7.3 or later.