CompTIA CySA+ (CS0-001) — Question 53

A new zero-day vulnerability was discovered within a basic screen capture app, which is used throughout the environment. Two days after discovering the vulnerability, the manufacturer of the software has not announced a remediation or if there will be a fix for this newly discovered vulnerability. The vulnerable application is not uniquely critical, but it is used occasionally by the management and executive management teams. The vulnerability allows remote code execution to gain privileged access to the system. Which of the following is the BEST course of action to mitigate this threat?

Answer options

• A. Work with the manufacturer to determine the time frame for the fix.
• B. Block the vulnerable application traffic at the firewall and disable the application services on each computer.
• C. Remove the application and replace it with a similar non-vulnerable application.
• D. Communicate with the end users that the application should not be used until the manufacturer has resolved the vulnerability.

Correct answer: D

Explanation

The best course of action is to communicate with end users that they should refrain from using the application until the manufacturer resolves the vulnerability, as this minimizes risk in the short term. Working with the manufacturer (A) could take longer without immediate action for users; blocking traffic (B) may disrupt necessary functions; and removing the application (C) may not be feasible if no suitable alternative exists.