CompTIA CySA+ (CS0-003) — Question 57

The security analyst received the monthly vulnerability report. The following findings were included in the report:

• Five of the systems only required a reboot to finalize the patch application
• Two of the servers are running outdated operating systems and cannot be patched

The analyst determines that the only way to ensure these servers cannot be compromised is to isolate them. Which of the following approaches will best minimize the risk of the outdated servers being compromised?

Answer options

• A. Compensating controls
• B. Due diligence
• C. Maintenance windows
• D. Passive discovery

Correct answer: A

Explanation

Compensating controls are measures put in place to reduce risk when traditional controls cannot be applied, such as isolating outdated servers to prevent attacks. Options B, C, and D do not directly address the immediate risk posed by the outdated servers, making them less effective in this scenario.