nerdexam
ExamsPT0-001Questions#3
CompTIA

PT0-001 · Question #3

PT0-001 Question #3: Real Exam Question with Answer & Explanation

The correct answer is B: ICS staff are not adequately trained to perform basic duties.. A significant ICS security weakness is that operational staff are trained in process control but lack cybersecurity knowledge, creating a major human-factor vulnerability.

Question

Which of the following BEST describes some significant security weaknesses with an ICS, such as those used in electrical utility facilities, natural gas facilities, dams, and nuclear facilities?

Options

  • AICS vendors are slow to implement adequate security controls.
  • BICS staff are not adequately trained to perform basic duties.
  • CThere is a scarcity of replacement equipment for critical devices.
  • DThere is a lack of compliance for ICS facilities.

Explanation

A significant ICS security weakness is that operational staff are trained in process control but lack cybersecurity knowledge, creating a major human-factor vulnerability.

Common mistakes.

  • A. While vendor patch cycles can be slow, this describes a supply chain and patch management challenge rather than an intrinsic operational security weakness within the ICS facility itself.
  • C. Scarcity of replacement equipment is a resilience and continuity-of-operations concern, not a cybersecurity weakness that attackers directly exploit.
  • D. Critical ICS sectors such as electricity generation are subject to established compliance frameworks like NERC CIP, so a blanket claim of lacking compliance is inaccurate as a primary weakness.

Concept tested. ICS operational staff cybersecurity awareness gaps

Reference. https://www.cisa.gov/topics/industrial-control-systems

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full PT0-001 Practice