medium
Single Answer
0Kendra's vulnerability management team has discovered that Internet of Things (IoT) devices deployed a few years ago to monitor temperatures for critical refrigerated equipment are vulnerable to a new attack. After reviewing the issue, her team has discovered that the devices are no longer supported and that the manufacturer has gone out of business. They suggest moving the devices to an isolated network to help protect them. What type of control has Kendra's team suggested?
Answer Options
A
A corrective control
B
A compensating control
C
A confidentiality control
D
A coordinated control
Correct Answer: B
Explanation
A compensating control helps to mitigate a risk due to an exception to a security policy. Here, the devices cannot be patched or fixed but are important to the operations of the organization. Moving them to a protected network will help compensate for the lack of patching. Since no security issues have occurred, this is not a corrective control. Confidentiality and coordinated controls are not control types for the Security+ exam.