CompTIA Security+ (SY0-601) — Question 71

Which of the following is the MOST effective control against zero-day vulnerabilities?

Answer options

• A. Network segmentation
• B. Patch management
• C. Intrusion prevention system
• D. Multiple vulnerability scanners

Correct answer: A

Explanation

Network segmentation is the most effective control against zero-day vulnerabilities because it limits the attack surface and contains breaches within specific segments of the network. Patch management, while important, may not address vulnerabilities that have not yet been discovered. Intrusion prevention systems and multiple vulnerability scanners can help identify and block threats, but they are not foolproof against unknown zero-day exploits.