During a penetration test you confirm that the client's public Nginx/PHP-FPM server is still susceptible to CVE-2019-11043 remote code execution. Change-control policy prohibits patching for another two weeks. According to web-server patch management best practice, which compensating control should you propose to most effectively reduce exploitation risk during the delay?
Move the web server behind a NAT device so its real IP address is not directly reachable
Deploy a WAF rule set that virtually patches the vulnerability by rejecting requests matching the CVE-2019-11043 exploit pattern
Increase the PHP memory_limit and other resource thresholds so the exploit cannot exhaust buffers
Enable gzip and brotli compression modules to reduce response size and shrink the attack surface
When an organization cannot immediately apply a vendor patch, patch-management guidance recommends a compensating control that blocks the attack vector until normal maintenance can occur. Deploying a virtual patch in a web application firewall (WAF) allows security teams to write rules that detect and drop the specific malicious request pattern used in CVE-2019-11043, closing the window of exposure without altering the production host. The other options do not remediate the underlying vulnerability: raising PHP's memory limit or enabling compression does nothing to stop the crafted request, and simply placing the server behind NAT keeps the service public while leaving it vulnerable.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is CVE-2019-11043?
Open an interactive chat with Bash
What is a Web Application Firewall (WAF)?
Open an interactive chat with Bash
Why is patch management important for web servers?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Web Application Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .