Which of the following BEST reduces the security risks introduced when running systems that have expired vendor support and lack an immediate replacement?
We are asked to REDUCE risk.
A. Implement proper network access restrictions. - This more or less reduces risk by limiting who has access to the legacy system.
B. Initiate a bug bounty program. - We dont need that, since its a legacy system, which we havent developed. We most likely cannot patch this anyway.
C. Classify the system as shadow IT. - Irrelevant to the question.
D. Increase the frequency of vulnerability scans. - As in B, us knowing that issues exist, wont help us much, since we cannot patch the system.
Implementing proper network access restrictions helps to reduce the security risks associated with running systems that have expired vendor support and lack an immediate replacement. By restricting network access, unauthorized parties are less likely to exploit vulnerabilities in the unsupported systems. This is a proactive approach to limit potential risks until a more permanent solution can be implemented.
Implementing proper network access restrictions is the best option to reduce the security risks introduced by running systems that have expired vendor support and lack an immediate replacement. By limiting the network access of these systems, you can minimize their exposure to potential threats from the internet or unauthorized users. This reduces the attack surface and helps mitigate the risk of security breaches and vulnerabilities.
D. Increase the frequency of vulnerability scans would be the BEST option to reduce the security risks introduced when running systems that have expired vendor support and lack an immediate replacement.
When vendor support for a system has expired, it is no longer receiving security updates or patches from the vendor. This leaves the system vulnerable to known and unknown vulnerabilities. Increasing the frequency of vulnerability scans allows for the identification and remediation of any vulnerabilities that may be present. By identifying vulnerabilities earlier, the organization can take action to minimize the risk of exploitation.
I would agree except that if you do identify a new vulnerability you cannot remediate it so increasing the scans will only increase the risks that you must accept and do nothing to mitigate them.
Maybe it's my lack of imagination, but I can't think of a case where you wouldn't Implement proper network access restrictions by default even on a system with vendor support still active and can be immediately replaced.
I would say D - as system is not changing role, and in ANY use case, network access should be minimized (or at least planned for system) - so if i don't want to change device role, just reduce risk, I would go with more scans.
Unfortunately that doesn't reduce the risk, they can still attack, and the scans will only detect that attack not reduce the probability of chance of it happening. I choose A.
Prevent the computer from connecting to the internet where the bad guys are
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.SY0-601 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Ranaer
Highly Voted 2 years, 3 months agoJakalan7
Highly Voted 2 years, 7 months agoPapee
2 years, 6 months ago03allen
2 years, 5 months agoProtract8593
Most Recent 1 year, 9 months agoApplebeesWaiter1122
1 year, 9 months agomosher21
2 years agomonzie
2 years, 1 month agoConfuzed
2 years agoTinyTrexArmz
2 years, 3 months agomick1
2 years, 5 months agoKingDrew
2 years, 3 months agoJossie_C
2 years, 6 months ago