nerdexam
(ISC)2

CISSP · Question #1044

Which of the following security objectives for industrial control systems (ICS) can be adapted to securing any Internet of Things (IoT) system?

The correct answer is D. Protect individual components from exploitation. This question tests understanding of which ICS security objective is most universally applicable to IoT environments given their shared architectural characteristics.

Submitted by sofia.br· Mar 5, 2026Security Architecture and Engineering

Question

Which of the following security objectives for industrial control systems (ICS) can be adapted to securing any Internet of Things (IoT) system?

Options

  • APrevent unauthorized modification of data.
  • BRestore the system after an incident.
  • CDetect security events and incidents.
  • DProtect individual components from exploitation

How the community answered

(29 responses)
  • A
    31% (9)
  • B
    7% (2)
  • C
    17% (5)
  • D
    45% (13)

Why each option

This question tests understanding of which ICS security objective is most universally applicable to IoT environments given their shared architectural characteristics.

APrevent unauthorized modification of data.

Preventing unauthorized data modification (integrity) is a critical ICS goal but is not uniquely adaptable to all IoT systems, as many IoT devices prioritize availability and confidentiality over data integrity depending on their function.

BRestore the system after an incident.

System restoration after an incident is an ICS-specific resilience objective tied to operational continuity of critical infrastructure, and while relevant, it is more of a recovery process than a broadly adaptable security design principle for general IoT systems.

CDetect security events and incidents.

Detecting security events and incidents requires monitoring infrastructure and analytical capabilities that many constrained IoT devices lack the processing power or connectivity to support, making this objective less universally adaptable across all IoT deployments.

DProtect individual components from exploitationCorrect

Protecting individual components from exploitation is the most transferable ICS objective to IoT because both environments consist of numerous distributed, resource-constrained physical devices that may run outdated firmware, lack encryption, and have limited patching capabilities. In IoT systems, just as in ICS, the attack surface is largely defined by the vulnerability of individual endpoints (sensors, actuators, controllers), making component-level hardening the foundational security strategy. This principle applies regardless of the specific IoT domain, whether industrial, consumer, or medical.

Concept tested: ICS security objectives applicability to IoT systems

Source: https://www.nist.gov/system/files/documents/2021/10/05/final_nistir_8228.pdf

Topics

#ICS security#IoT security#component protection#embedded systems

Community Discussion

No community discussion yet for this question.

Full CISSP Practice