Compensating Controls — CompTIA CySA+ (CS0-003) Practice Questions
Compensating controls are alternative security measures put in place when a primary control cannot be applied, often due to technical, operational, or financial constraints. The CySA+ exam tests how analysts identify situations requiring compensating controls, such as systems that cannot be patched immediately, and how to select controls that adequately reduce residual risk. Examples include network segmentation, enhanced monitoring, multi-factor authentication overlays, or application-layer firewalls applied in front of a vulnerable service. Understanding compensating controls is critical for analysts who must balance security requirements against real-world constraints without leaving the organization unacceptably exposed.
Free questions on compensating controls
A security analyst is prioritizing vulnerabilities for remediation. A critical vulnerability affects a legacy system that is scheduled for decommissioning in 6 months. How should this be handled?
Free question · medium · full answer + explanation
During a vulnerability assessment, a security analyst discovers that a legacy application is running on port 8080 with a known critical CVE that has no patch available. What should be the analyst's FIRST course of action?
Free question · medium · full answer + explanation
More compensating controls questions in the full bank
- How should you handle vulnerabilities with no patches? Unlock answer & explanation →
- An analyst discovers that threat actors are using a newly discovered zero-day vulnerability actively in attacks. The organization's systems are potentially vulnerable. Which response is most appropriate? Unlock answer & explanation →
- How should you handle vulnerabilities that cannot be immediately patched? Unlock answer & explanation →