CompTIA PenTest+ (PT0-002) — Question 154

A penetration tester who is performing an engagement notices a specific host is vulnerable to EternalBlue. Which of the following would BEST protect against this vulnerability?

Answer options

• A. Network segmentation
• B. Key rotation
• C. Encrypted passwords
• D. Patch management

Correct answer: D

Explanation

The best way to protect against the EternalBlue vulnerability is through Patch management, as it involves applying the necessary updates to mitigate this specific exploit. Network segmentation can help limit exposure, but it does not directly address the vulnerability itself. Key rotation and encrypted passwords are unrelated to this specific vulnerability.