CompTIA SecurityX (CAS-005) — Question 38

A web application server is running a legacy operating system with an unpatched RCE vulnerability. The server cannot be upgraded until the corresponding application code is changed. Which of the following compensating controls would best prevent successful exploitation?

Answer options

• A. Segmentation
• B. CASB
• C. HIPS
• D. UEBA

Correct answer: A

Explanation

Segmentation is the most effective compensating control in this scenario, as it can isolate the vulnerable server from the rest of the network, limiting the potential for exploitation. The other options, such as CASB, HIPS, and UEBA, may provide additional security measures but do not directly address the immediate risk of the unpatched RCE vulnerability as effectively as segmentation does.