Due to a recent acquisition, the security team must find a way to secure several legacy applications.
During a review of the applications, the following issues are documented:
– The applications are considered mission-critical.
– The applications are written in code languages not currently supported by the development staff.
– Security updates and patches will not be made available for the applications.
– Username and passwords do not meet corporate standards.
– The data contained within the applications includes both PII and PHI.
– The applications communicate using TLS 1.0.
– Only internal users access the applications.
Which of the following should be utilized to reduce the risk associated with these applications and their current architecture?
A . Update the company policies to reflect the current state of the applications so they are not out of compliance.
B . Create a group policy to enforce password complexity and username requirements.
C . Use network segmentation to isolate the applications and control access.
D . Move the applications to virtual servers that meet the password and account standards.
Answer: D
Leave a Reply