CompTIA CASP+ (CAS-004) — Question 298

A security team performed an external attack surface analysis and discovered the following issues on a group of application servers:

• The majority of the systems have end-of-life operating systems.
• The latest patches that are available are over two years old.
• The systems are considered mission critical for client support.
• The proprietary software running on the systems is not compatible with newer versions of the operating system.
• Server outages would negatively affect quarterly revenue projections.

Which of the following would allow the security team to immediately mitigate the risks inherent to this situation?

Answer options

• A. Implement a WAF between the application servers and the external perimeter.
• B. Contact the vendor for the proprietary software and negotiate a new maintenance contract.
• C. Document the application servers as being end of life and define a target date for decommission.
• D. Isolate the servers from the internet and configure an internal ACL, only allowing to authorized employees.

Correct answer: D

Explanation

The correct answer is D because isolating the servers from the internet immediately reduces exposure to external threats. Options A and B do not provide immediate risk mitigation, and option C does not address the current vulnerability of the systems.