CompTIA CySA+ (CS0-003) — Question 133

A company has a primary control in place to restrict access to a sensitive database. However, the company discovered an authentication vulnerability that could bypass this control. Which of the following is the best compensating control?

Answer options

• A. Running regular penetration tests to identify and address new vulnerabilities.
• B. Conducting regular security awareness training of employees to prevent social engineering attacks.
• C. Deploying an additional layer of access controls to verify authorized individuals.
• D. Implementing intrusion detection software to alert security teams of unauthorized access attempts

Correct answer: C

Explanation

The correct answer is C because adding an extra layer of access controls directly addresses the vulnerability by ensuring that only verified individuals can access the sensitive database. Options A and D, while useful for identifying and responding to threats, do not prevent access themselves. Option B improves employee awareness but does not address the technical vulnerability in the authentication process.