CompTIA CASP+ (CAS-003) — Question 184

Due to a recent acquisition, the security team must find a way to secure several legacy applications. During a review of the applications, the following issues are documented:
✑ The applications are considered mission-critical.
✑ The applications are written in code languages not currently supported by the development staff.
✑ Security updates and patches will not be made available for the applications.
✑ Username and passwords do not meet corporate standards.
✑ The data contained within the applications includes both PII and PHI.
✑ The applications communicate using TLS 1.0.
✑ Only internal users access the applications.
Which of the following should be utilized to reduce the risk associated with these applications and their current architecture?

Answer options

• A. Update the company policies to reflect the current state of the applications so they are not out of compliance.
• B. Create a group policy to enforce password complexity and username requirements.
• C. Use network segmentation to isolate the applications and control access.
• D. Move the applications to virtual servers that meet the password and account standards.

Correct answer: D

Explanation

The correct answer is D because moving the applications to virtual servers that meet the required password and account standards directly addresses the compliance issues and enhances security. Options A and B do not directly mitigate the risks associated with the legacy applications, while C, although beneficial, does not resolve the fundamental issues related to password standards and application management.