Alex is responsible for his organization’s vulnerability management program. A recent vulnerability scan shows that IoT devices that are used for building automation are vulnerable to a known issue with their built-in web server. After reviewing the manufacturer’s website, Alex is unable to find an updated operating system or software update. He chooses to move the IoT devices to a protected VLAN and require a jump server to access them. What vulnerability remediation option has he used?

Question

Accepted Answer

Correct Answer: A. A compensating control. Explanation: Alex has used a compensating control because he cannot remediate the underlying vulnerability. This reduces the risk by preventing the devices from being available on the network to untrusted devices and users. He cannot patch, no insurance was purchased, and no exemption was granted or registered.

Answer Options

Explanation