An organization discovers a vulnerability in their web server software. The vendor has released a patch, but the organization cannot apply it immediately due to compatibility issues with a legacy application. What is the BEST temporary course of action?

Answer options:

Accept the risk and do nothing.

Take the server offline.

Implement a compensating control, such as a Web Application Firewall (WAF) rule to block exploits targeting that vulnerability.

Rewrite the legacy application immediately.

How to approach this question

Look for the 'Compensating Control' concept.

Full Answer

C.Implement a compensating control, such as a Web Application Firewall (WAF) rule to block exploits targeting that vulnerability.✓ Correct

When a patch cannot be applied immediately, a compensating control is required to mitigate the risk. A Web Application Firewall (WAF) can often be configured to block the specific traffic patterns associated with the exploit (virtual patching).

Common mistakes

Choosing extreme options like 'Shutdown' or 'Do nothing'.

Question 41 All questions Question 43

Practice the full CPA ISC Practice Exam 3

82 questions · hints · full answers · grading

More questions from this exam

Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud-based s...Medium Q02During a review of a client's cloud governance structure, an auditor notes that the client uses a...Medium Q03An auditor is evaluating the 'Processing Integrity' principle for a financial institution's loan ...Hard Q04A company uses a batch processing system to update inventory records overnight. The 'Grandfather-...Hard Q05During a walkthrough of the change management process, an auditor observes that the 'Developer' r...Medium

View all 82 questions →