CompTIA Security Plus Mock Test Q459

After a company has standardized to a single operating system, not all servers are immune to a well-known OS vulnerability. Which of the following solutions would mitigate this issue?

A. Host based firewall
B. Initial baseline configurations
C. Discretionary access control
D. Patch management system

Correct Answer: D
Section: Compliance and Operational Security

Explanation:
A patch is an update to a system. Sometimes a patch adds new functionality; in other cases, it corrects a bug in the software. Patch Management can thus be used to fix security problems discovered within the OS thus negating a known OS vulnerability.

Incorrect Answers:
A: A host-based firewall can be used to guard against attacks and malware, and in the question you are required to mitigate a server-vulnerability after the OS has been standardized on all servers.
B: Initial baseline configurations are concerned with security posturing which means the representation of a secure state.
C: Discretionary Access Control is as a flexible access method regarding access to information.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 57, 151, 221, 222
http://www.computerweekly.com/feature/Microsoft-patch-management-tools