nerdexam
CompTIA

SY0-301 · Question #888

When considering a vendor-specific vulnerability in critical industrial control systems which of the following techniques supports availability?

The correct answer is B. Incorporating diversity into redundant design. If all redundant systems come from the same vendor and share the same vulnerability, a single exploit can take down every node simultaneously - defeating the purpose of redundancy. By incorporating diversity (using different vendors, hardware models, or software versions in the r

Security architecture

Question

When considering a vendor-specific vulnerability in critical industrial control systems which of the following techniques supports availability?

Options

  • ADeploying identical application firewalls at the border
  • BIncorporating diversity into redundant design
  • CEnforcing application white lists on the support workstations
  • DEnsuring the systems' anti-virus definitions are up-to-date

How the community answered

(26 responses)
  • A
    15% (4)
  • B
    73% (19)
  • C
    4% (1)
  • D
    8% (2)

Explanation

If all redundant systems come from the same vendor and share the same vulnerability, a single exploit can take down every node simultaneously - defeating the purpose of redundancy. By incorporating diversity (using different vendors, hardware models, or software versions in the redundant design), a vendor-specific vulnerability can only impact one portion of the infrastructure, keeping the rest operational and supporting availability. Identical application firewalls at the border would all share the same weakness. Application whitelisting and up-to-date AV definitions are good general controls but do not directly address the systemic risk posed by a shared vendor-specific flaw across all redundant systems.

Topics

#ICS#availability#redundancy#system diversity

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice