CompTIA Security+ (SY0-701) — Question 469

An alert references attacks associated with a zero-day exploit. An analyst places a bastion host in the network to reduce the risk of the exploit. Which of the following types of controls is the analyst implementing?

Answer options

• A. Compensating
• B. Detective
• C. Operational
• D. Physical

Correct answer: A

Explanation

The analyst is implementing a compensating control by introducing a bastion host to mitigate the risk associated with the zero-day exploit. Compensating controls are alternative measures put in place to fulfill a security requirement when the primary control is not feasible. The other options, such as detective, operational, and physical controls, do not address the proactive risk reduction needed in this scenario.