The word "legacy" should inform that this action is compensating.

D. Compensating controls The actions taken by the organization—disabling unneeded services and placing a firewall in front of a business-critical legacy system—are examples of compensating controls. Compensating controls are security measures that are implemented to mitigate risk when the primary controls are not feasible or sufficient. In this case, since the legacy system might have inherent vulnerabilities that cannot be fully addressed, the organization has implemented additional controls to reduce the risk. Therefore, the correct answer is: D. Compensating controls

The actions taken by the organization best describe D. Compensating controls. These measures are implemented to mitigate potential risks associated with the legacy system, ensuring its security despite inherent vulnerabilities.

best describes the "actions taken"?? Segmentation is the action taken by the organisation to have Compensating controls. B is the corect answer. Hope that helps.

It is a business critical legacy system - i would go with D Dompensationg controls

Compensating controls are alternative measures implemented to mitigate the risk of a vulnerability when the primary controls cannot be applied. In this scenario, the organization has: Disabled unneeded services: This reduces the attack surface of the legacy system, limiting potential vulnerabilities. Placed a firewall in front of the system: This provides an additional layer of security, controlling and monitoring the traffic to and from the legacy system.

D - Compensating controls