CompTIA CASP+ (CAS-004) — Question 164

A server in a manufacturing environment is running an end-of-life operating system. The vulnerability management team is recommending that the server be upgraded to a supported operating system, but the ICS software running on the server is not compatible with modem operating systems. Which of the following compensating controls should be implemented to BEST protect the server?

Answer options

• A. Application allow list
• B. Antivirus
• C. HIPS
• D. Host-based firewall

Correct answer: A

Explanation

Implementing an application allow list is the best option because it ensures that only approved applications can run on the server, thus minimizing the risk of exploitation. Antivirus software, HIPS, and host-based firewalls provide some level of protection, but they do not specifically address the compatibility issue with the outdated OS and may not be sufficient alone to secure the server against vulnerabilities.