Final answer:
Compensating controls are measures put in place to mitigate the risk of a vulnerability when it cannot be directly eliminated. The correct answer is C.
Step-by-step explanation:
The remediation practice that refers to measures put in place to mitigate the risk of a vulnerability when the team cannot directly eliminate it is compensating controls. Compensating controls are alternative security measures that are implemented to compensate for the inability to completely eliminate a vulnerability. These controls provide an additional layer of protection and help reduce the potential impact of the vulnerability.
When a direct fix to a vulnerability is not possible, a software team can use compensating controls to mitigate the risk. These controls do not eliminate the problem but reduce the impact and likelihood of exploitation.
When a software team finds company's confidential data on the internet and cannot directly eliminate the vulnerability, the remediation practice they should consider is known as compensating controls. These are measures put in place to mitigate the risk of a vulnerability when a direct fix is not feasible. This practice includes operational improvements, development of new methods, and continuous adaptation to address the needs and conditions of the security landscape. Although these controls do not necessarily eliminate the risk entirely, they help in reducing the impact and likelihood of exploitation, much like a mitigation plan that aims to manage a persistent problem through sustained efforts.