During a vulnerability assessment, it is discovered that a critical server running a legacy system cannot be patched immediately due to dependencies on outdated software. Which of the following BEST describes a compensating control that can be implemented to mitigate the risk?
Increase logging and monitoring to detect any exploit attempts.
Disable unused services on the legacy server.
Implement a firewall rule to block specific attack vectors targeting the vulnerability.
Conduct routine vulnerability scans to detect potential threats.
A compensating control for mitigating the risk posed by an unpatchable legacy system should involve measures that provide security equivalent to the original fix. Implementing a firewall rule to block specific attack vectors helps limit exposure to vulnerabilities while a more permanent solution is being developed. Although routine vulnerability scanning is important, it does not directly mitigate the specific identified vulnerability. Disabling unused services improves security but may not address the specific vulnerability. Increasing logging and monitoring is valuable but is more of a detective control rather than a preventive one.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are compensating controls?
Open an interactive chat with Bash
What specific attack vectors should be blocked by a firewall for a legacy system?
Open an interactive chat with Bash
How does increasing logging and monitoring help in a vulnerability assessment?