CompTIA Security Plus Mock Test Q843

During a recent investigation, an auditor discovered that an engineer’s compromised workstation was being used to connect to SCADA systems while the engineer was not logged in. The engineer is responsible for administering the SCADA systems and cannot be blocked from connecting to them. The SCADA systems cannot be modified without vendor approval which requires months of testing. Which of the following is MOST likely to protect the SCADA systems from misuse?

A. Update anti-virus definitions on SCADA systems
B. Audit accounts on the SCADA systems
C. Install a firewall on the SCADA network
D. Deploy NIPS at the edge of the SCADA network


Correct Answer: D
Section: Application, Data and Host Security

Explanation:
A supervisory control and data acquisition (SCADA) system is an industrial control system (ICS) that is used to control infrastructure processes, facility-based processes, or industrial
processes.
A network-based IPS (NIPS) is an intrusion detection and prevention system that scans network traffic in real time against a database of attack signatures. It is useful for detecting and
responding to network-based attacks originating from outside the organization.

Incorrect Answers:
A: Antivirus software is used to protect systems against viruses, which are a form of malicious code designed to spread from one system to another, consuming network resources.
B: Auditing accounts on the SCADA system will not likely to protect the SCADA systems as the compromised workstation is being used to connect to the SCADA systems while the
engineer is not logged in.
C: A firewall protects a system from attack by filtering network traffic to and from the system. It can be used to block ports and protocols but this would prevent the administrator from
access the SCADA system.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 117, 157