CompTIA CySA+ (CS0-002) — Question 339

After detecting possible malicious external scanning, an internal vulnerability scan was performed, and a critical server was found with an outdated version of
JBoss. A legacy application that is running depends on that version of JBoss. Which of the following actions should be taken FIRST to prevent server compromise and business disruption at the same time?

Answer options

• A. Make a backup of the server and update the JBoss server that is running on it.
• B. Contact the vendor for the legacy application and request an updated version.
• C. Create a proper DMZ for outdated components and segregate the JBoss server.
• D. Apply virtualization over the server, using the new platform to provide the JBoss service for the legacy application as an external service.

Correct answer: C

Explanation

Creating a DMZ to isolate the outdated JBoss server helps to prevent potential external threats while allowing the legacy application to continue functioning without immediate disruption. Backing up the server and upgrading it may lead to downtime, while contacting the vendor or applying virtualization are secondary steps that do not address the immediate risk of compromise.