CompTIA Security Plus Mock Test Q846

When considering a vendor-specific vulnerability in critical industrial control systems which of the following techniques supports availability?

A. Deploying identical application firewalls at the border
B. Incorporating diversity into redundant design
C. Enforcing application white lists on the support workstations
D. Ensuring the systems’ anti-virus definitions are up-to-date

Correct Answer: B
Section: Application, Data and Host Security

If you know there is a vulnerability that is specific to one vendor, you can improve availability by implementing multiple systems that include at least one system from a different vendor
and so is not affected by the vulnerability.

Incorrect Answers:
A: An application firewall is a form of firewall which controls input, output, and/or access from, to, or by an application or service. It operates by monitoring and potentially blocking the
input, output, or system service calls which do not meet the configured policy of the firewall. We don’t know what the vulnerability is but it’s unlikely that a firewall will prevent the
vulnerability or ensure availability.
C: Application whitelisting is a form of application security which prevents any software from running on a system unless it is included on a preapproved exception list. It does not
prevent vendor-specific vulnerability already inherent in the application, nor does it ensure availability.
D. Antivirus software is used to protect systems against viruses, which are a form of malicious code designed to spread from one system to another, consuming network resources.
Ensuring the systems’ anti-virus definitions are up-to-date is always a good idea. However, a vendor specific vulnerability is usually not caused by a virus.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 161-162, 340