CompTIA CASP+ (CAS-003) — Question 10
A recent penetration test identified that a web server has a major vulnerability. The web server hosts a critical shipping application for the company and requires
99.99% availability. Attempts to fix the vulnerability would likely break the application. The shipping application is due to be replaced in the next three months.
Which of the following would BEST secure the web server until the replacement web server is ready?
Answer options
- A. Patch management
- B. Antivirus
- C. Application firewall
- D. Spam filters
- E. HIDS
Correct answer: C
Explanation
The best way to secure the web server in this scenario is to use an Application firewall, as it can help filter and monitor traffic to the web application, providing a layer of security against exploits. Patch management may introduce changes that could disrupt the application, while antivirus, spam filters, and HIDS are not specifically designed to protect web applications from vulnerabilities.