CompTIA Security+ (SY0-601) — Question 144

A company’s security team received notice of a critical vulnerability affecting a high-profile device within the web infrastructure. The vendor patch was just made available online but has not yet been regression tested in development environments. In the interim, firewall rules were implemented to reduce the access to the interface affected by the vulnerability. Which of the following controls does this scenario describe?

Answer options

• A. Deterrent
• B. Compensating
• C. Detective
• D. Preventive

Correct answer: B

Explanation

The correct answer is B, Compensating, as the implemented firewall rules serve as an alternative measure to mitigate the risk until the patch can be properly tested. Deterrent controls aim to discourage attacks, Detective controls identify incidents, and Preventive controls are designed to stop incidents from occurring, none of which accurately describe the temporary mitigation in this scenario.