A cybersecurity analyst at a financial institution has discovered a critical vulnerability in their online banking application that could be exploited to gain unauthorized access to customer accounts. The analyst recommends mitigating the threat by applying a security patch that has been released by the software vendor. However, due to operational constraints, the patch cannot be applied for another two weeks. What should the analyst do in the interim to mitigate the risk?
Notify customers and advise them to change their passwords.
Upgrade the operating system of the servers hosting the application.
Implement additional monitoring and apply temporary fixes.
Terminate the online banking service until the patch can be applied.
Implementing compensating controls is a key strategy when a security patch cannot be immediately applied. Compensating controls can include measures such as additional monitoring, network segmentation, or applying temporary fixes to minimize the risk until the patch can be applied. This mitigates the immediate threat while planning for the permanent solution. Other answers, like upgrading the operating system or terminating the online banking service, are not practical interim steps and do not adequately address mitigation in the context of delayed patching.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are compensating controls?
Open an interactive chat with Bash
Why is additional monitoring important when a vulnerability is discovered?
Open an interactive chat with Bash
What temporary fixes can be applied to mitigate risks until a patch is available?