An organization disabled unneeded services and placed a firewall in front of a business-critical legacy system.
Which of the following best describes the actions taken by the organization?
A . Exception
B . Segmentation
C . Risk transfer
D . Compensating controls
Answer: D
Explanation:
Compensating controls are alternative security measures that are implemented when the primary controls are not feasible, cost-effective, or sufficient to mitigate the risk. In this case, the organization used compensating controls to protect the legacy system from potential attacks by disabling unneeded services and placing a firewall in front of it. This reduced the attack surface and the likelihood of exploitation.
Reference: Official CompTIA Security+ Study Guide (SY0-701), page 29
Security Controls – CompTIA Security+ SY0-701 – 1.1 1
Latest SY0-701 Dumps Valid Version with 77 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund