CRISC IT Risk Identification • Timed 20 Questions
This is a timed practice session. You have 20 minutes to answer 20 questions — approximately 1 minute per question, matching real CRISC exam pace. Answer every question before time expires.
Time remaining
20:00
Exam-pace drill
Allow 1 minute per question. On the real CRISC exam you have approximately 72 seconds per question — this session trains you to maintain that pace under pressure.
A company recently experienced a data breach due to an unpatched vulnerability in a public-facing web application. During the post-incident review, the IT risk manager notes that the vulnerability was identified by the vulnerability scanner six months ago but was not remediated because the patch required a critical database server restart. Which of the following is the BEST risk treatment decision to prevent a recurrence?