CRISC Question #12: Real Exam Question with Answer & Explanation

The correct answer is C: Evaluate permanent fixes such as patches and upgrades. To best mitigate ongoing operating system vulnerabilities, organizations should proactively evaluate and apply permanent fixes like patches and upgrades.

Submitted by zhang_li· Apr 18, 2026Risk Response and Reporting

Question

Which of the following would BEST mitigate the ongoing risk associated with operating system (OS) vulnerabilities?

Options

ATemporarily mitigate the OS vulnerabilities
BDocument and implement a patching process
CEvaluate permanent fixes such as patches and upgrades
DIdentify the vulnerabilities and applicable OS patches

Explanation

To best mitigate ongoing operating system vulnerabilities, organizations should proactively evaluate and apply permanent fixes like patches and upgrades.

Common mistakes.

A. Temporarily mitigating OS vulnerabilities provides only short-term protection and does not address the ongoing nature of the risk or the underlying cause.
B. Documenting and implementing a patching process establishes the framework for mitigation but does not, by itself, perform the direct technical action of evaluating and applying the fixes that reduce the vulnerability.
D. Identifying vulnerabilities and applicable patches is a crucial preliminary step but does not constitute mitigation; it merely informs the subsequent actions needed to reduce the risk.

Concept tested. OS Vulnerability Remediation

Reference. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-40r3.pdf

Topics

#OS vulnerability management#Risk mitigation strategies#Patching and upgrades#Ongoing risk management

Community Discussion

No community discussion yet for this question.

Full CRISC Practice Browse All CRISC Questions