During a routine security assessment, a cybersecurity analyst identifies that a critical internal application server, which is due for a compliance audit, is susceptible to a recently disclosed vulnerability. The patch for this vulnerability is scheduled for release after the audit date. Which mitigation technique provides the MOST secure approach to satisfy audit requirements without causing extended downtime for the server?
Implement a virtual patch via a Web Application Firewall to protect against the vulnerability.
Enforce full encryption of communications to and from the server.
Temporarily shift traffic to a standby server until the official patch can be applied.
Disable unnecessary services running on the server to reduce the attack surface.
Implementing a virtual patch through a Web Application Firewall (WAF) addresses the identified vulnerability by creating custom rules that mitigate the threat. This approach allows the server to remain operational and compliant without the official patch. Shifting traffic to a standby server is disruptive and may not be prepared for audit compliance. Disabling unnecessary services is generally good practice but does not address the specific vulnerability. Encrypting server communications, while beneficial for data protection, does not mitigate an application-level vulnerability.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a virtual patch and how does it work?
Open an interactive chat with Bash
What is a Web Application Firewall (WAF) and why is it important?
Open an interactive chat with Bash
What are some common vulnerabilities that a WAF can protect against?