ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam PT0-001 All Questions

View all questions & answers for the PT0-001 exam
Go to Exam

Exam PT0-001 topic 1 question 5 discussion

Actual exam question from CompTIA's PT0-001
Question #: 5
Topic #: 1
[All PT0-001 Questions]

Which of the following BEST describes some significant security weaknesses with an ICS, such as those used in electrical utility facilities, natural gas facilities, dams, and nuclear facilities?

  • A. ICS vendors are slow to implement adequate security controls.
  • B. ICS staff are not adequately trained to perform basic duties.
  • C. There is a scarcity of replacement equipment for critical devices.
  • D. There is a lack of compliance for ICS facilities.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by phatboy at Dec. 9, 2019, 1:24 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
phatboy
Highly Voted 5 years, 4 months ago
I think the answer should be A.
upvoted 10 times
who__cares123456789___
4 years, 3 months ago
Don't see how adequate security controls are the purview of vendors. A quick c/p of "ICS security problems" into google shows many papers and sites describing how credential mgmt is subpar, networks arent segregrated, etc...I say eliminate A as vendors are not responsible for controls...then elim D as these places are burdened with massive compliance regulations and elim C since there is absolutely no reason to believe equipment is scarce ....you are left with but 1 answer
upvoted 1 times
...
...
mr_robot
Highly Voted 5 years ago
I would go for A. - "On average, vendors take a rather long time to fix vulnerabilities (more than six months) Elimination of some vulnerabilities—measured by time from vendor notification to release of a patch—can take more than two years. For end users, such protracted responses increase the risk of exploitation of device vulnerabilities." https://www.ptsecurity.com/ww-en/analytics/ics-vulnerabilities-2019/
upvoted 6 times
...
kloug
Most Recent 2 years, 2 months ago
aaaaaaaaaa
upvoted 1 times
...
miabe
2 years, 9 months ago
Selected Answer: A
looks good to me
upvoted 1 times
...
nataldogomes
3 years, 1 month ago
Selected Answer: A
I think the answer is the letter A.
upvoted 2 times
...
Cybersec1989
3 years, 7 months ago
Even D1960 says Answer is A pls people :)
upvoted 1 times
9SH4
3 years, 6 months ago
Have you taken the test already?
upvoted 1 times
...
...
phish7827
3 years, 8 months ago
I would say "A" after reading the following. The highest percentage of vulnerabilities identified in ICS product assessments continues to be improper input validation by ICS code. Poor access controls—credentials management and security configuration—were the second most common security weakness identified in new ICS software in 2009–2010. Authentication weaknesses follow in third place. However, vulnerabilities reported from the previous CSSP ICS product assessments include more patch management problems than the more recent findings. https://us-cert.cisa.gov/sites/default/files/recommended_practices/DHS_Common_Cybersecurity_Vulnerabilities_ICS_2010.pdf
upvoted 2 times
...
americaman80
3 years, 11 months ago
"The highest percentage of vulnerabilities identified in ICS product assessments continues to be improper input validation by ICS code. Poor access controls—credentials management and security configuration—were the second most common security weakness identified in new ICS software in 2009–2010. Authentication weaknesses follow in third place. However, vulnerabilities reported from the previous CSSP ICS product assessment." https://us-cert.cisa.gov/sites/default/files/recommended_practices/DHS_Common_Cybersecurity_Vulnerabilities_ICS_2010.pdf
upvoted 2 times
...
nakres64
4 years ago
"Many ICSs were established years before security standards were established, and as a result, are considerably outdated." Correct answer seems to be A.
upvoted 1 times
...
bigwilly69
4 years, 4 months ago
is this even up for debate? it is obviously a.
upvoted 2 times
...
boboloboli
4 years, 7 months ago
I would agree that is is B. The BEST answer is almost always training and the human factor when it comes to security. The slow implementation could be caused by inadequate training.
upvoted 3 times
Acidscars
4 years, 4 months ago
It doesn't really mention that. It says "perform basic duties"; not specifically referring to security but their job in general. It's heavily implying they are truly incompetent employees in every aspect. In my experience people working in those type of fields are very siloed and really know their job role well.
upvoted 3 times
TheThreatGuy
4 years, 3 months ago
Agree. And the issue isn't with the employees anyway. It's with the ICS vendor.... Answer is A.
upvoted 2 times
...
...
...
jon34thna
5 years, 2 months ago
I think its A also.
upvoted 3 times
...
D1960
5 years, 2 months ago
I also think the answer should be A
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago