An organization ' s vulnerability management team is reviewing the following output from a scan...

The best answer is C. Upgrade to a manufacturer-supported operating system . The end-of-life operating system is the highest-priority foundational issue because it affects the overall security posture of the host. An unsupported OS no longer receives vendor security updates, which increases exposure across the entire system, including services and libraries running on it. From a SecurityX perspective, vulnerability management and asset lifecycle issues are part of security operations and enterprise resilience. Resolving the unsupported platform first addresses the broadest root problem. CompTIA’s SecurityX exam coverage includes security operations, vulnerability management activities, and proper hardware/software asset management as core skills.

Why the other options are weaker as the first step:

A adds a compensating control but leaves the unsupported server in place. B may be appropriate later, but the prompt does not indicate the database service is the primary exposed weakness. D disabling FTP would remove an insecure service and is a good hardening step, but it still leaves the system on an unsupported operating system with broader unpatched risk. The first action should address the most systemic weakness, which is the end-of-life OS.