Due to a recent acquisition, the security team must find a way to secure several legacy applications. During a review of the applications, the following issues are documented:
The applications are considered mission-critical.
The applications are written in code languages not currently supported by the development staff.
Security updates and patches will not be made available for the applications.
Username and passwords do not meet corporate standards.
The data contained within the applications includes both PII and PHI.
The applications communicate using TLS 1.0. Only internal users access the applications.
Which of the following should be utilized to reduce the risk associated with these applications and their current architecture?
A. Update the company policies to reflect the current state of the applications so they are not out of compliance.
B. Create a group policy to enforce password complexity and username requirements.
C. Use network segmentation to isolate the applications and control access.
D. Move the applications to virtual servers that meet the password and account standards.
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
I also think C.
Maybe I am overthinking but the answer can’t be D.
Because the “applications communicate using TLS 1.0”, it seems to imply that the applications are web-based. Assuming the applications are web-based, access to them is not controlled by the servers on which they run. For example, we cannot access the servers hosting this site, yet we can still post comments.
Answer A is to lower the security requirements and ignore the issue
Answer B would not address all of the issues and might break the applications
Who posts the answers?
I think C as well.
Strongly considering C. Because the access is for internal use only, it is not necessary to move said applications, just set up a perimeter.