CompTIA CASP+ (CAS-004) — Question 37

A high-severity vulnerability was found on a web application and introduced to the enterprise. The vulnerability could allow an unauthorized user to utilize an open- source library to view privileged user information. The enterprise is unwilling to accept the risk, but the developers cannot fix the issue right away.
Which of the following should be implemented to reduce the risk to an acceptable level until the issue can be fixed?

Answer options

• A. Scan the code with a static code analyzer, change privileged user passwords, and provide security training.
• B. Change privileged usernames, review the OS logs, and deploy hardware tokens.
• C. Implement MFA, review the application logs, and deploy a WAF.
• D. Deploy a VPN, configure an official open-source library repository, and perform a full application review for vulnerabilities.

Correct answer: C

Explanation

Implementing MFA (Multi-Factor Authentication) adds an extra layer of security that can protect privileged user information even if vulnerabilities are present. Reviewing application logs helps identify any unauthorized access attempts, while deploying a WAF (Web Application Firewall) can help block malicious traffic targeting the web application. The other options do not provide the same level of immediate risk mitigation necessary for a high-severity vulnerability.