CompTIA CASP+ (CAS-004) — Question 346

A security analyst identified a vulnerable and deprecated runtime engine that is supporting a public-facing banking application. The developers anticipate the transition to modern development environments will take at least a month. Which of the following controls would best mitigate the risk without interrupting the service during the transition?

Answer options

• A. Shutting down the systems until the code is ready
• B. Uninstalling the impacted runtime engine
• C. Selectively blocking traffic on the affected port
• D. Configuring IPS and WAF with signatures

Correct answer: D

Explanation

The correct answer is D because configuring IPS and WAF with signatures can help detect and block malicious traffic without requiring service downtime. Options A and B would disrupt the service, and C would not provide adequate protection against threats to the application.