CompTIA CySA+ (CS0-003) — Question 247

A manufacturing company’s assembly line machinery only functions on an end-of-life OS. Consequently, no patches exist for several highly exploitable OS vulnerabilities. Which of the following is the best mitigating control to reduce the risk of these current conditions?

Answer options

• A. Enforce strict network segmentation to isolate vulnerable systems from the production network.
• B. Increase the system resources for vulnerable devices to prevent denial of service.
• C. Perform penetration testing to verify the exploitability of these vulnerabilities.
• D. Develop in-house patches to address these vulnerabilities.

Correct answer: A

Explanation

Enforcing strict network segmentation is the best mitigating control because it effectively isolates vulnerable systems, reducing the risk of exploitation from other parts of the network. Increasing system resources does not address the vulnerabilities, while penetration testing only identifies issues without offering a solution. Developing in-house patches is risky and may not be reliable, especially for unsupported OS vulnerabilities.