CompTIA
CAS-002 · Question #855
CAS-002 Question #855: Real Exam Question with Answer & Explanation
The correct answer is C: Configure the systems to ensure only necessary applications are able to run. SCADA systems that cannot be patched require compensating controls - application whitelisting prevents unauthorized software from executing regardless of unpatched vulnerabilities.
Question
An organization has several production critical SCADA supervisory systems that cannot follow the normal 30-day patching policy. Which of the following BEST maximizes the protection of these systems from malicious software?
Options
- AConfigure a firewall with deep packet inspection that restricts traffic to the systems
- BConfigure a separate zone for the systems and restrict access to known ports
- CConfigure the systems to ensure only necessary applications are able to run
- DConfigure the host firewall to ensure only the necessary applications have listening ports
Explanation
SCADA systems that cannot be patched require compensating controls - application whitelisting prevents unauthorized software from executing regardless of unpatched vulnerabilities.
Common mistakes.
- A. Deep packet inspection mitigates network-borne threats but cannot prevent malware that arrives via allowed traffic channels, removable media, or compromised legitimate processes.
- B. Network segmentation reduces the attack surface but does not prevent malicious software from executing once it reaches the isolated system through any permitted vector.
- D. A host firewall controls inbound and outbound network connections on specific ports but does not restrict which applications or processes are permitted to execute on the host.
Concept tested. Application whitelisting as compensating control for unpatched ICS/SCADA
Reference. https://www.nist.gov/publications/guide-industrial-control-systems-ics-security
Community Discussion
No community discussion yet for this question.