CompTIA Security+ (SY0-701) — Question 5

Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?

Answer options

• A. Compensating control
• B. Network segmentation
• C. Transfer of risk
• D. SNMP traps

Correct answer: A

Explanation

The correct answer is A, as a compensating control is a security measure that is put in place to mitigate risk when the primary control is not feasible. Options B and C do not accurately describe the scenario, as network segmentation involves dividing networks into smaller parts and transfer of risk relates to shifting responsibility, neither of which apply here. D, SNMP traps, are notifications sent about network events, unrelated to the firewall configuration described.