Isaca Certified in Risk and Information Systems Control CRISC Question # 536 Topic 54 Discussion

CRISC Exam Topic 54 Question 536 Discussion:

Question #: 536

Topic #: 54

Which of the following is the MOST useful information an organization can obtain from external sources about emerging threats?

Solutions for eradicating emerging threats

Cost to mitigate the risk resulting from threats

Indicators for detecting the presence of threatsl)

Source and identity of attackers

Get Premium CRISC Questions

Explanation

•External sources of emerging threats are sources that provide information about the latest cyberattacks, hacking techniques, malware, and vulnerabilities that can affect an organization’s IT systems and data. Examples of external sources are security blogs, forums, newsletters, reports, and alerts from reputable organizations such as ISACA, Imperva, Aura, and BitSight123.

•The most useful information an organization can obtain from external sources is the indicators for detecting the presence of threats. Indicators are observable signs or patterns that can help identify, prevent, or mitigate cyberattacks. Examples of indicators are IP addresses, domain names, file hashes, network traffic, system logs, and user behavior4.

•Indicators for detecting the presence of threats are more useful than the other options because they can help an organization to:

oMonitor and analyze its IT environment for any suspicious or malicious activity

oRespond quickly and effectively to any potential or actual incidents

oReduce the impact and damage of cyberattacks

oImprove its security posture and resilience

•Solutions for eradicating emerging threats are not the most useful information because they may not be applicable or effective for every organization, depending on its specific context, needs,and resources. Moreover, solutions may not be available or known for some new or sophisticated threats.

•Cost to mitigate the risk resulting from threats is not the most useful information because it does not help an organization to identify or prevent cyberattacks. Cost is only one factor to consider when deciding how to manage IT risk, and it may not reflect the true value or impact of the threats.

•Source and identity of attackers are not the most useful information because they may not be relevant or accurate for every organization. Source and identity of attackers are often difficult to trace or verify, and they may not affect the organization’s risk level or response strategy.

References =

•Risk and Information Systems Control Study Manual, 7th Edition, ISACA, 2020, Chapter 2: IT Risk Assessment, Section 2.3: Risk Identification, pp. 83-84

•Risk and Information Systems Control Review Questions, Answers & Explanations Database, 12 Month Subscription, ISACA, 2020, Question ID: 100000

Actual exam question for Isaca CRISC exam by Zara67531 at Jun 1, 2026, 12:44:27 PM

Contribute your Thoughts:

Chosen Answer: A B C D
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Summer Certification Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: force70

Isaca Certified in Risk and Information Systems Control CRISC Question # 536 Topic 54 Discussion

Isaca Certified in Risk and Information Systems Control CRISC Question # 536 Topic 54 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Summer Certification Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: force70

Isaca Certified in Risk and Information Systems Control CRISC Question # 536 Topic 54 Discussion

Isaca Certified in Risk and Information Systems Control CRISC Question # 536 Topic 54 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Awaiting moderator approval