Your organization relies on a legacy system that cannot be easily replaced or upgraded due to its critical role in business operations. A new vulnerability has been discovered in this system, and immediate patching is not feasible. Which of the following actions should be prioritized to best address the vulnerability?
Disconnect the system from the network and cease all operations until a patch is available.
Implement compensating controls specifically designed to mitigate the risk associated with the vulnerability.
Ignore the vulnerability, accepting the risk due to the system's critical business function.
Plan an immediate upgrade of the system despite the associated business process interruption risks.
Implementing compensating controls is the correct approach when dealing with vulnerabilities in legacy systems where patching is not immediately feasible. Compensating controls are security measures that are put in place to reduce the risk of a vulnerability when standard mitigation techniques (like patching) cannot be applied. The incorrect answers involve actions that either do not directly address the vulnerability at hand or are less feasible options due to the nature of legacy systems.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are compensating controls?
Open an interactive chat with Bash
Why might patching a legacy system be challenging?
Open an interactive chat with Bash
What risks are associated with ignoring a vulnerability?