Certified Information Systems Security Professional (CISSP) — Question 399

A security professional can BEST mitigate the risk of using a Commercial Off-The-Shelf (COTS) solution by deploying the application with which of the following controls in place?

Answer options

• A. Network segmentation
• B. Blacklisting application
• C. Whitelisting application
• D. Hardened configuration

Correct answer: D

Explanation

Implementing a hardened configuration is crucial as it strengthens the application against vulnerabilities by minimizing potential attack surfaces. Network segmentation can help contain breaches but does not directly secure the application itself, while blacklisting and whitelisting applications focus on controlling access rather than securing the application configuration.