A security analyst discovers that a critical server in the finance department is running a legacy application that is incompatible with the latest security patches. The vendor has gone out of business, and the application cannot be updated. The system must remain online to support critical business functions. Which of the following would be the MOST effective compensating control to implement in this situation?
Re-image the server from a known-good backup to ensure its integrity.
Isolate the server onto a dedicated, highly restricted network segment with enhanced monitoring.
Implement a legal hold on all data stored on the server.
Schedule monthly vulnerability scans for the server to monitor for new exploits.
The correct answer is to isolate the server onto a dedicated, highly restricted network segment with enhanced monitoring. A compensating control is an alternative measure used to provide a comparable level of security when a primary control is not feasible. Since the server cannot be patched, isolating it (network segmentation) reduces its attack surface, while enhanced monitoring helps detect any attempts to exploit the unpatched vulnerabilities.
Scheduling monthly vulnerability scans is a detective control that would confirm the vulnerability still exists but does not provide continuous protection. Re-imaging the server from a backup is a recovery step but does not fix the underlying vulnerability. A legal hold is a process related to data preservation for legal purposes and does not mitigate the technical risk.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Can you provide examples of compensating controls in incident response?
Open an interactive chat with Bash
What scenarios require compensating controls instead of primary controls?
Open an interactive chat with Bash
How do compensating controls differ from corrective and detective controls?