ISC2 CISSP Practice Question

The correct answer is limited potential impact if the vulnerable application is compromised. Isolation, through methods like network segmentation, creates boundaries around the vulnerable application, restricting what systems it can connect to and what resources it can access. This containment strategy means that if the application is compromised due to unpatched vulnerabilities, the attacker's ability to move laterally to other systems is severely limited.

Preventing the exploitation of vulnerable cryptographic libraries within the application is not achieved through isolation alone. Isolation contains the impact of an exploitation but does not prevent the exploitation of vulnerabilities within the application itself. The application remains vulnerable; isolation just limits the damage.

Providing automatic patch management for the underlying operating system is not directly related to application isolation. While isolated environments might allow for separate patching schedules, isolation itself does not provide automatic patch management capabilities and would not resolve patching issues for the legacy application itself.

Creating an audit trail of all interactions with the legacy application may be a feature implemented alongside isolation, but it is a detective control, not the primary benefit of the isolation itself. Audit trails help identify when breaches occur but do not limit the impact of a compromise, which is the primary preventive and corrective benefit of isolation.