A cybersecurity analyst at a financial institution has discovered a critical vulnerability in their online banking application that could be exploited to gain unauthorized access to customer accounts. The analyst recommends mitigating the threat by applying a security patch that has been released by the software vendor. However, due to operational constraints, the patch cannot be applied for another two weeks. What should the analyst do in the interim to mitigate the risk?
You selected this option
Upgrade the operating system of the servers hosting the application.
You selected this option
Terminate the online banking service until the patch can be applied.
You selected this option
Implement additional monitoring and apply temporary fixes.
You selected this option
Notify customers and advise them to change their passwords.
Implementing compensating controls is a key strategy when a security patch cannot be immediately applied. Compensating controls can include measures such as additional monitoring, network segmentation, or applying temporary fixes to minimize the risk until the patch can be applied. This mitigates the immediate threat while planning for the permanent solution. Other answers, like upgrading the operating system or terminating the online banking service, are not practical interim steps and do not adequately address mitigation in the context of delayed patching.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are compensating controls?
Open an interactive chat with Bash
Why is additional monitoring important when a vulnerability is discovered?
Open an interactive chat with Bash
What temporary fixes can be applied to mitigate risks until a patch is available?