What is a common mitigation for legacy systems lacking patches?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Prepare for the Security Operations Exam with targeted practice questions. Enhance your understanding with detailed explanations and tips to successfully pass your exam!

Multiple Choice

What is a common mitigation for legacy systems lacking patches?

Explanation:
Isolating unpatched legacy systems from the network is a common mitigation because it directly reduces the attack surface and limits what an attacker can reach or do if a vulnerability is present. When patches aren’t available or a system is past its supported life, placing it in a tightly controlled network segment with strict access rules restricts traffic to only what’s truly necessary. This containment helps prevent exploitation from spreading laterally and minimizes potential impact, making it a practical compensating control in such scenarios. Other options don’t provide the same protective effect. Upgrading hardware might help performance or compatibility in some cases, but it doesn’t address the underlying vulnerability if the software isn’t patched. Exposing the system to the Internet would dramatically increase risk, not mitigate it. Disabling logging removes essential visibility into incidents, making it harder to detect and respond to any breach.

Isolating unpatched legacy systems from the network is a common mitigation because it directly reduces the attack surface and limits what an attacker can reach or do if a vulnerability is present. When patches aren’t available or a system is past its supported life, placing it in a tightly controlled network segment with strict access rules restricts traffic to only what’s truly necessary. This containment helps prevent exploitation from spreading laterally and minimizes potential impact, making it a practical compensating control in such scenarios.

Other options don’t provide the same protective effect. Upgrading hardware might help performance or compatibility in some cases, but it doesn’t address the underlying vulnerability if the software isn’t patched. Exposing the system to the Internet would dramatically increase risk, not mitigate it. Disabling logging removes essential visibility into incidents, making it harder to detect and respond to any breach.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy