Examice

Exam SY0-601 All QuestionsBrowse all questions from this exam

Question 794

A municipality implements an IoT device discovery scanner and finds a legacy controller for a critical internal utility SCADA service that is running firmware with multiple vulnerabilities. Unfortunately, the controller cannot be upgraded, and a replacement for it is not available for at least a year. Which of the following is the best action to take to mitigate the risk posed by this controller in the meantime?

Isolate the controller from the rest of the network and constrain connectivity.

Remove the controller from the network altogether.

Quarantine the controller in a VLAN used for device patching from the internet.

Configure the internet firewall to deny any internet access to or from the controller.

Correct Answer: A

Given that the legacy controller for the critical SCADA service cannot be upgraded and no replacement is available for a year, the best action is to isolate the controller from the rest of the network and constrain its connectivity. This minimizes the attack surface and reduces the risk of potential vulnerabilities affecting other parts of the network. This approach keeps the critical service operational while mitigating security risks.

Discussion

salah112Option: A

A. Isolate the controller from the rest of the network and constrain connectivity. Given that the legacy controller cannot be upgraded, and a replacement is not available for at least a year, the best action to mitigate the risk posed by this controller is to isolate it from the rest of the network and constrain its connectivity. This approach minimizes the potential attack surface and limits the impact of vulnerabilities in the controller.

Gigi42Option: A

This question is similar to Q #815, where there was a legacy device with no support that had many vulnerabilities. Everyone chose Screened subnet and very few chose air gap. In this scenario, it pretty much says the same thing: legacy device with vulnerabilities, and now everyone is saying isolate. Isolate = Air gap

shady23Option: A

Isolate the controller from the rest of the network and constrain connectivity.

russianOption: A

I first thought its C but its definitely A, no reason to quarantine it in a VLAN.

ganymedeOption: A

A. Isolate the controller from the rest of the network and constrain connectivity.

johnabayotOption: A

A. This is an effective way to protect the legacy controller and the SCADA system until a replacement is available.

Hs1208Option: A

A. Isolate the controller from the rest of the network and constrain connectivity. This helps minimize the potential impact of the vulnerabilities on the overall network security.