An organization relies on a widely used component that exhibits potential overflow issues. The developers have not detected an active exploit, but the security team wants to reduce the chance of problems while maintaining current operations. Which measure provides the most effective risk reduction?
Depend on monitoring solutions that notice suspicious usage signatures
Implement an allow listing approach that restricts usage by unapproved processes
Upgrade to the vendor’s latest release and validate patches in a controlled setting
Upgrading to the vendor’s latest release and then validating patches in a controlled setting addresses the known flaw while preserving existing functionality. Stopping usage may break key operations and does not ensure a proper fix. An allow listing approach limits which processes can access the component but still leaves the flaw in place. Monitoring unusual activity may detect suspicious events, but it does not address the fundamental weakness.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a buffer overflow, and why is it a concern?
Open an interactive chat with Bash
Why is upgrading to the latest vendor patch often the best risk mitigation strategy?
Open an interactive chat with Bash
What is the difference between allow listing and monitoring solutions in risk management?