CompTIA CySA+ (CS0-003) — Question 196

After a recent vulnerability report for a server is presented, a business must decide whether to secure the company’s web-based storefront or shut it down. The developer is not able to fix the zero-day vulnerability because a patch does not exist yet. Which of the following is the best option for the business?

Answer options

• A. Limit the API request for new transactions until a patch exists.
• B. Take the storefront offline until a patch exists.
• C. Identify the degrading functionality.
• D. Put a WAF in front of the storefront.

Correct answer: D

Explanation

The best option is to put a WAF in front of the storefront, as it can help mitigate risks from the vulnerability by filtering and monitoring HTTP traffic. Limiting API requests and taking the storefront offline can hinder business operations without addressing the security issue effectively. Identifying degrading functionality does not provide a solution to the vulnerability itself.