During a containment-and-eradication effort, a cybersecurity analyst discovers an unpatched remote-code-execution flaw on a production web server that cannot be fixed for two weeks because of vendor testing requirements. To keep the service online, the analyst places the server behind a reverse proxy that filters malicious requests and enables heightened log monitoring. What is the primary purpose of implementing these compensating controls at this stage?
Collect forensic artifacts for possible legal action
Return the server to its approved baseline configuration
Temporarily reduce risk until the vulnerable component can be fully remediated
Initiate a post-incident review to capture lessons learned
Compensating controls are alternative safeguards that provide an equivalent level of protection when the ideal corrective action-such as patching or re-imaging-cannot be performed immediately. By adding a filtering reverse proxy and enhanced monitoring, the analyst temporarily lowers the likelihood and impact of exploitation until the vendor patch can be applied. A post-incident review occurs after recovery, baseline re-establishment is part of bringing the system back to normal operations, and forensic collection supports evidence preservation, not interim risk reduction.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are compensating controls in cybersecurity?
Open an interactive chat with Bash
Why might compensating controls be necessary during incident response?
Open an interactive chat with Bash
How do compensating controls differ from permanent solutions?