ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-501 All Questions

View all questions & answers for the SY0-501 exam
Go to Exam

Exam SY0-501 topic 1 question 950 discussion

Actual exam question from CompTIA's SY0-501
Question #: 950
Topic #: 1
[All SY0-501 Questions]

A recent audit uncovered a key finding regarding the use of a specific encryption standard in a web application that is used to communicate with business customers. Due to the technical limitations of its customers, the company is unable to upgrade the encryption standard. Which of the following types of controls should be used to reduce the risk created by this scenario?

  • A. Physical
  • B. Detective
  • C. Preventive
  • D. Compensating
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by idoIL at Dec. 2, 2020, 8:34 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
herotaj100
1 year, 11 months ago
Selected Answer: D
Compensating: A security measure that takes on risk mitigation when a primary control fails or cannot completely meet expectations. (From Comptia Security+ Guide)
upvoted 1 times
...
SophyQueenCR82
2 years, 1 month ago
d- A compensating control, also called an alternative control, is a mechanism that is put in place to satisfy the requirement for a security measure that is deemed too difficult or impractical to implement at the present time.
upvoted 1 times
...
ethan_21
4 years, 2 months ago
compensating controls—Security controls that are alternative controls used when a primary security control is not feasible.
upvoted 4 times
...
exiledwl
4 years, 4 months ago
Even if you can't update the encryption method aren't there other preventive controls that you can use? The questions is asking what 'control is best at reducing risk' not 'reducing the IMPACT of the risk' which is why I'd argue that the answer might not be compensating. Hopefully someone comes through and can shed some more light on this
upvoted 1 times
who__cares123456789___
4 years, 3 months ago
You cant do a lot of "prevention" when it comes specifically to their end not being able to handle competent encryption. So we must compensate. I understand where you are coming from. Think of it like this...The CEO says "those bastards and their legacy machines are causing us to downgrade our encryption!! what are we doing about that?" We really cant prevent anything in the given context, but we can "make up" for it with other controls! We find a way to compensate!
upvoted 9 times
...
...
idoIL
4 years, 4 months ago
way not B?
upvoted 1 times
idoIL
4 years, 4 months ago
D is better :)
upvoted 1 times
...
MikeDuB
4 years, 4 months ago
"Company is unable to upgrade to the encryption standard", because you're unable to mitigate the risk, you have to do something that will "make up" for the missed chance to increase security. Which means compensating to me
upvoted 6 times
...
thefakecargo
4 years ago
no bro
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago