An organization discovers a critical vulnerability on a public-facing database server. Extensive regression testing means the vendor patch cannot be applied for two weeks, and taking the server offline is not an option. Which of the following actions would BEST serve as a compensating control until the patch can be applied?
Configure the network firewall to allow database connections only from authorized application servers.
Postpone routine database backups to free resources for testing.
Run a new vulnerability scan against the server to confirm the finding.
Perform a full operating-system upgrade to the latest major version.
Configuring the firewall to restrict database traffic to only authorized application servers limits exposure of the vulnerable service and provides an equivalent layer of protection until the vendor patch can be tested and installed. This is the essence of a compensating control-an alternative safeguard that mitigates risk when the primary fix (patching) is temporarily unavailable. Re-scanning the host or delaying backups does not directly reduce the attack surface, and a major operating-system upgrade could introduce new issues without specifically addressing the flaw.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a compensating control in cybersecurity?
Open an interactive chat with Bash
Why is restricting database traffic to authorized application servers effective?
Open an interactive chat with Bash
Why are the other options not effective compensating controls?