SY0-701 Question #633: Real Exam Question with Answer & Explanation

Question

An alert references attacks associated with a zero-day exploit. An analyst places a bastion host in the network to reduce the risk of the exploit. Which of the following types of controls is the analyst implementing?

Options

• ACompensating
• BDetective
• COperational
• DPhysical

Explanation

Compensating is correct because a compensating control is a workaround or alternative measure used when the primary or ideal control cannot be applied - here, the zero-day has no patch yet, so the analyst implements a bastion host to reduce exposure in the meantime rather than fixing the root vulnerability.

Detective (B) is wrong because detective controls identify or alert on incidents after or during occurrence (e.g., IDS, logs); a bastion host actively restricts access rather than detecting threats.

Operational (C) is wrong because operational controls refer to day-to-day procedures and policies carried out by people (e.g., security awareness training, incident response procedures), not technical infrastructure placements.

Physical (D) is wrong because physical controls involve tangible, real-world barriers (e.g., locks, fences, badge readers) - a bastion host is a logical/technical control, not a physical one.

Memory tip: Think of compensating controls as the security equivalent of a "workaround" - when you can't fix the real problem (no patch for a zero-day), you compensate by reducing the attack surface another way. If the question describes a substitute measure used because the ideal fix isn't available, it's almost always compensating.

No community discussion yet for this question.