A company's policy dictates that critical security patches should be applied within 72 hours of release. However, the latest patch for a critical vulnerability causes compatibility issues with a business-critical application. As a result, the patch cannot be immediately deployed. In the interim, which compensating control should the cybersecurity analyst recommend for inclusion in the vulnerability management report to mitigate the risk?
Implement increased log monitoring on affected systems to detect any anomaly or intrusion attempt.
Enforce a temporary policy to change all users' passwords to a more complex set that exceeds current standard requirements.
Conduct an immediate training session for users on phishing prevention and safe internet browsing habits.
Adjust network configurations to isolate the affected systems into a separate, restricted network zone.
Isolating the affected systems into a separate network zone reduces the lateral movement possibilities for potential attackers, and limits the exposure of the unpatched vulnerability to a controlled environment until the compatibility issues can be resolved and the patch can be safely applied. Training users does not mitigate the risk of exploitation for a specific technical vulnerability. Increased log monitoring can provide improved detection capabilities but does not prevent exploitation of an unpatched vulnerability. Password alteration is a general security measure but does not provide a direct compensating control for a patch-related issue.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are compensating controls?
Open an interactive chat with Bash
Why is isolating systems into a separate network zone effective?
Open an interactive chat with Bash
What could be the drawbacks of relying solely on increased log monitoring?