CompTIA SecurityX (CAS-005) — Question 40

A security analyst identified a vulnerable and deprecated runtime engine that Is supporting a public-facing banking application. The developers anticipate the transition to modern development environments will take at least a month. Which of the following controls would best mitigate the risk without interrupting the service during the transition?

Answer options

• A. Shutting down the systems until the code is ready
• B. Uninstalling the impacted runtime engine
• C. Selectively blocking traffic on the affected port
• D. Configuring IPS and WAF with signatures

Correct answer: D

Explanation

Configuring IPS and WAF with signatures is the best option as it enhances security by actively monitoring and filtering malicious traffic, thus protecting the application during the transition. Shutting down the systems or uninstalling the runtime engine would cause service interruptions, and selectively blocking traffic may not effectively address all security vulnerabilities.