ISC2 CISSP Practice Question

The correct answer is limited potential impact if the vulnerable application is compromised. Isolation creates boundaries around the vulnerable application, restricting what systems it can connect to and what resources it can access. This containment strategy means that if the application is compromised due to unpatched vulnerabilities, the attacker's ability to move laterally to other systems is limited.

Preventing the exploitation of vulnerable cryptographic libraries within the application is not achieved through isolation alone. Isolation contains the impact of an exploitation but doesn't prevent the exploitation of vulnerabilities within the application itself. The application remains vulnerable; isolation just limits the damage.

Providing automatic patch management for the underlying operating system is not directly related to application isolation. While isolated environments might allow for separate patching schedules, isolation itself doesn't provide automatic patch management capabilities and wouldn't resolve patching issues for the legacy application itself.

Creating an audit trail of all interactions with the legacy application may be a feature implemented alongside isolation, but it's a detective control rather than a preventive one. Audit trails help identify when breaches occur but don't limit the impact of a compromise, which is the primary security benefit of isolation.