CompTIA Security+ SY0-601 – Question143

A recent audit cited a risk involving numerous low-criticality vulnerabilities created by a web application using a
third-party library. The development staff state there are still customers using the application even though it is
end of life and it would be a substantial burden to update the application for compatibility with more secure
libraries. Which of the following would be the MOST prudent course of action?


A.
Accept the risk if there is a clear road map for timely decommission.
B. Deny the risk due to the end-of-life status of the application.
C. Use containerization to segment the application from other applications to eliminate the risk.
D. Outsource the application to a third-party developer group.

Correct Answer: C