Your organization has detected a critical vulnerability in a legacy database system. A patch is available but applying it could significantly degrade query performance, potentially impacting business operations. What should be your primary consideration when advising on whether to apply the patch?
Applying the patch to address the security risk while evaluating performance impact
Relying on compensating controls to mitigate the vulnerability without applying the patch
Assessing the business impact and considering compensating controls
Disregarding the patch because of the system performance impact
The primary consideration should be the potential business impact of degraded functionality versus the risk posed by the vulnerability. If the vulnerability is critical and poses a high risk, compensating controls might be needed to address the performance issue post-patch. Balancing security with operational impact is essential. Other options like ignoring the patch or relying on compensating controls alone are not advisable without performing a comprehensive risk assessment.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are compensating controls?
Open an interactive chat with Bash
How do we assess the business impact of applying a patch?
Open an interactive chat with Bash
Why is balancing security and operational impact critical?