Certified in Risk and Information Systems Control (CRISC) — Question 537

A legacy application used for a critical business function relies on software that has reached the end of extended support. Which of the following is the MOST effective control to manage this application?

Answer options

• A. Increase the frequency of regular system and data backups.
• B. Segment the application within the existing network.
• C. Apply patches for a newer version of the application.
• D. Subscribe to threat intelligence to monitor external attacks.

Correct answer: B

Explanation

Isolating the application within the network helps mitigate risks from vulnerabilities since it reduces exposure to potential attacks. Increasing backup frequency (A) does not address the lack of support; applying patches (C) may not be possible if the software is no longer supported; and subscribing to threat intelligence (D) provides information but does not directly manage the application itself.