Exam SY0-701 topic 1 question 188 discussion

C, compensating.

Chatgpt said D. Preventive : ( , and when ever i see legacy i chose compensating :(

there have been multiple questions with legacy items being compensated for with segmentation. this is no different. I am going with C.

Compensating controls provide alternative measures to mitigate risk when the primary control is not feasible. If the legacy server cannot be patched or upgraded, segmenting it into a private network acts as a compensating control by restricting access and reducing the risk posed by its vulnerabilities.

Segmentation of a critical legacy server into a private network is a compensating control because it addresses security risks when the legacy system cannot be updated or secured using standard measures, like patches or modern preventive controls.

D. Preventive

Preventive because we aint compensating anything!! Nothing mentioned In the question to compensate!

D. Preventive Preventive controls are designed to stop or mitigate unwanted actions or events before they happen. By segmenting a critical legacy server into a private network, the organization is aiming to prevent unauthorized access and potential threats, thus isolating the server from the broader network and reducing the risk of compromise.

C, Compensating

The correct answer is C. Compensating. When a critical legacy server is segmented into a private network, the security control being used is likely **compensating**. This is because the legacy server may not support modern security features, and network segmentation is implemented as a workaround to mitigate risks and protect it from external threats. A compensating control is used to achieve a level of security equivalent to the one required when it is not possible to implement the primary control. The other options: - A. Deterrent is designed to discourage malicious actions, such as warning signs or legal warnings. - B. Corrective is aimed at fixing issues after an incident has occurred. - D. Preventive is used to stop attacks from happening in the first place, but in this case, segmentation is compensating for the server's inherent vulnerabilities. Thus, network segmentation is a "compensating" control.

D. Preventive

The most likely security control being used when a critical legacy server is segmented into a private network is: C. Compensating A compensating control is implemented when the primary control (such as patching or updating a legacy server) is not feasible. Segmenting the legacy server into a private network is a compensating control because it mitigates risk by limiting the server's exposure without requiring changes to the server itself, which might not be possible due to its legacy status.

Segmenting a critical legacy server into a private network is a preventive security control. It helps to protect the server from unauthorized access and potential attacks by isolating it from the rest of the network, thereby reducing the risk of security breaches. Preventive controls are designed to stop security incidents before they occur.

compensating, because the best preventative action is to remove the server altogether. You are mitigating the risk by segmenting a vulnerable legacy server.

D. Preventive

Agree to D. Preventive Segmenting a critical legacy server into a private network is a preventive measure designed to reduce the risk of unauthorized access and protect sensitive data by controlling traffic to and from the server.

Preventive controls: These controls are designed to prevent security incidents from occurring in the first place. By segmenting the critical legacy server into a private network, the organization is taking steps to prevent unauthorized access or attacks on that system. Compensating controls: Compensating controls are used to mitigate the risks associated with other security controls that are not in place or are ineffective. While segmentation could be considered a compensating control in some cases, it's primarily a preventive control in this scenario.