IsacaIsaca
CRISC · Question #154
CRISC Question #154: Real Exam Question with Answer & Explanation
The correct answer is D: The timeliness of attack recognition. The timeliness of attack recognition is paramount for successful incident response, as prompt detection allows for quicker containment and minimized damage.
Submitted by mike_84· Apr 18, 2026Risk Response and Reporting
Question
Which of the following is MOST important for successful incident response?
Options
- AThe quantity of data logged by the attack control tools
- BBlocking the attack route immediately
- CThe ability to trace the source of the attack
- DThe timeliness of attack recognition
Explanation
The timeliness of attack recognition is paramount for successful incident response, as prompt detection allows for quicker containment and minimized damage.
Common mistakes.
- A. While data logging is essential for investigation, the quantity alone doesn't guarantee success; timely analysis and action on relevant data are more critical than sheer volume.
- B. Blocking the attack route is a critical containment step in incident response, but it can only occur after the attack has been recognized, making recognition a prerequisite.
- C. Tracing the attack source is important for forensic analysis and preventing future incidents, but it is typically performed after initial containment and eradication, and is not the most immediate factor for successful response to an ongoing attack.
Concept tested. Incident response key factors
Reference. https://www.nist.gov/privacy-framework/nist-sp-800-61-rev2-computer-security-incident-handling-guide
Topics
#Incident Response#Threat Detection#Attack Recognition#Timeliness
Community Discussion
No community discussion yet for this question.