An energy company is required to report the average pressure of natural gas used over the past quarter. A PLC sends data to a historian server that creates the required reports.
Which of the following historian server locations will allow the business to get the required reports in an ׀׀¢ and IT environment?
A screened subnet, also known as a Demilitarized Zone (DMZ), is a network segment that provides a secure intermediary layer between the IT and OT environments. By placing the historian server in the screened subnet, it allows for controlled and secure communication between the two environments. This setup minimizes security risks, as it prevents direct access between the IT and OT networks while enabling the historian server to collect data from the PLCs and provide the necessary reports to the IT environment.
D. Screen subnet is the standard used when creating a gap between networks A & B = VPN's are secure but IT to OT environment is backwards. because you DON'T want outside access to OT env. C = is close because you need to allow the traffic, but you need to find a way to secure it via segmentation (TAXII Server, Guacamole, DMZ) Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)
D. Use a screened subnet between the ׀׀¢ and IT environments. A screened subnet (also known as a DMZ) is a network segment that is isolated from both the internal network and the internet by firewalls. It allows for secure communication between different networks, such as the ׀׀¢ and IT environments, while providing an additional layer of protection. By placing the historian server in the screened subnet, it can receive data from the PLCs in the ׀׀¢ environment, and the IT environment can retrieve the reports without compromising security. This is the best option to allow for secure communication between the two environments.
why not D?
D. Use a screened subnet between the OT and IT environments. A screened subnet, also known as a demilitarized zone (DMZ), provides a secure area between the OT and IT environments that can be used to allow communication between the two environments while maintaining security. By placing the historian server in the screened subnet, the energy company can allow data to be transferred between the PLCs in the OT environment and the IT environment, while also ensuring that the OT environment is isolated from the internet and other external threats.
agree with D. screened subnet seems logical and secure. a good way to separate the IT and OT networks
In order to allow the business to get the required reports in an IT and OT environment, it would be best to use a screened subnet between the OT and IT environments. This would allow for controlled access between the two environments and protect against unauthorized access or attacks. Option D is the correct answer. Option A and B can introduce security risks to both environments and Option C would not be the best approach for maintaining a secure and separate IT and OT environment.
Answer C . You would want communication to start in OT environment and send it up through levels to IT.
A seems incorrect. It's worded to sound like there's a VPN server somewhere in the OT environment, which is backwards. The PLC data would be getting forwarded to the IT environment, not vice versa.
...and you wouldn't host a VPN server outside the IT environment.
A screened subnet, also known as a Demilitarized Zone (DMZ), acts as an intermediary network that separates the ICS and IT environments. This approach ensures that data can be securely transferred between the two environments without direct exposure. The historian server can be placed in the DMZ, allowing it to collect data from the ICS environment and generate reports accessible from the IT environment. This setup minimizes risk and maintains a robust security posture by ensuring that neither environment has direct access to the other.