Exam SY0-601 topic 1 question 272 discussion

compensating control, also called an alternative control

Compensating control looks to be correct here. Open to correction however A compensating control, also called an alternative control, is a mechanism that is put in place to satisfy the requirement for a security measure that is deemed too difficult or impractical to implement at the present time.

if compensated, then no need in patch?

Compensating controls are designed to provide an equivalent level of protection or to compensate for the absence or failure of the primary control. They are typically implemented until the primary control can be fully implemented or restored.

A compensating control is a security measure or countermeasure that is implemented as an alternative or substitute when the primary control is not feasible or effective. In this case, the primary control would be the vendor patch, which is not yet regression tested in development environments. To mitigate the risk posed by the critical vulnerability in the high-profile device, the security team has implemented firewall rules to restrict access to the vulnerable interface. This compensating control helps reduce the exposure and potential impact of the vulnerability until the vendor patch can be properly tested and implemented.

while you are still testing out the patch, firewall rules were implemented to reduce access to the interface affected by the vulnerability. - hence this is a compensating control.