CompTIA PenTest+ (PT0-001) — Question 143

During a vulnerability assessment, the security consultant finds an XP legacy system that is running a critical business function. Which of the following mitigations is BEST for the consultant to conduct?

Answer options

• A. Update to the latest Microsoft Windows OS.
• B. Put the machine behind the WAF.
• C. Segment the machine from the main network.
• D. Disconnect the machine.

Correct answer: B

Explanation

The best option is to put the machine behind the WAF, as it provides an additional layer of security for the legacy system while still allowing it to function. Updating to the latest Microsoft Windows OS is not feasible for an XP system, disconnecting the machine would halt operations, and segmenting it does not offer the same level of protection against threats.