ExamTopics Logo
Mail Us[email protected]
Menu
Isc Discussions
exam questions

Exam CISSP All Questions

View all questions & answers for the CISSP exam
Go to Exam

Exam CISSP topic 1 question 284 discussion

Actual exam question from ISC's CISSP
Question #: 284
Topic #: 1
[All CISSP Questions]

In supervisory control and data acquisition (SCADA) systems, which of the following controls can be used to reduce device exposure to malware?

  • A. Disallow untested code in the execution space of the SCADA device.
  • B. Disable all command line interfaces.
  • C. Disable Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) port 138 and 139 on the SCADA device.
  • D. Prohibit the use of unsecure scripting languages.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by CuteRabbit168 at Sept. 26, 2022, 7:05 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
JAckThePip
Highly Voted 1 year, 10 months ago
Answer A "They are a critical tool to keep untested or untrusted code from affecting processes, and in limiting the spread of malware and exploits targeting known and unknown vulnerabilities." https://claroty.com/team82/research/target-dcs-finding-fixing-critical-bugs-in-honeywell-experion-pks
upvoted 6 times
jackdryan
1 year, 3 months ago
A is correct
upvoted 2 times
...
...
CuteRabbit168
Highly Voted 1 year, 11 months ago
Selected Answer: A
A would be the appropriate answer.
upvoted 5 times
...
ayadmawla
Most Recent 4 weeks, 1 day ago
Selected Answer: B
Answer B makes more sense. See: https://levelblue.com/blogs/security-essentials/10-strategies-to-fortify-scada-system-security Disable line command interface allows users to interact with and manage scada systems and typically used for advanced diagnostics, configuration, and troubleshooting from a serial port.
upvoted 1 times
...
TheManiac
3 months ago
Selected Answer: A
Answer is A. D means secure scripting languages are harmless :)
upvoted 2 times
...
Soleandheel
8 months, 1 week ago
A. Disallow untested code in the execution space of the SCADA device. This control involves ensuring that only authorized and tested code is allowed to execute on the SCADA device. By disallowing untested code, the risk of malware or unauthorized code execution is reduced, helping to maintain the integrity and security of the SCADA system.
upvoted 2 times
...
HughJassole
1 year, 2 months ago
It seems that D is the only realistic answer. I couldn't locate a specific answer, but how can you know if software is untested? A doesn't sound right, seems like D is the most realistic. https://www.isysl.net/how-stop-malware-attacks-scada-systems
upvoted 1 times
...
Dee83
1 year, 7 months ago
A. Disallow untested code in the execution space of the SCADA device. SCADA systems are used to control and monitor industrial processes, and they can be vulnerable to malware attacks. One way to reduce device exposure to malware is to disallow untested code in the execution space of the SCADA device. This can be done by only allowing signed or approved code to run on the device, and by implementing access controls to prevent unauthorized code from being loaded onto the device. Additionally, it is important to regularly update and patch the system, monitor the network for any suspicious activity and have a incident response plan in place.
upvoted 2 times
...
rajkamal0
1 year, 8 months ago
Selected Answer: A
A is the best answer.
upvoted 2 times
...
DracoL
1 year, 10 months ago
Selected Answer: C
NIST SP 800-82 Rev. 2 has a variety of recommendations for ICS security, but we highlight some of the most important ones here: • Apply a risk management process to ICS. • Segment the network to place IDS/IPS at the subnet boundaries. • Disable unneeded ports and services on all ICS devices. • Implement least privilege through the ICS. • Use encryption wherever feasible. • Ensure there is a process for patch management. • Monitor audit trails regularly. SCADA is part of ICS (Industry Control System)
upvoted 1 times
[Removed]
1 year, 10 months ago
How does C even make sense when ports 138 and 139 are used by NetBIOS?
upvoted 1 times
RVoigt
1 year, 7 months ago
Disabling the use and support of NetBIOS can help to mitigate an attacker's ability to: poison and spoof responses, obtain a user's hashed credentials, inspect web traffic, etc. Using a command called NBSTAT (link below), an attacker can discover computer names, IP addresses, NetBIOS names, Windows Internet Name Service (WINS) names, session information and user IDs. This information can be used to mount focussed attacks on administrative accounts.
upvoted 1 times
...
Jamati
1 year, 9 months ago
It makes sense coz SCADA doesn't use them so should not be open in the 1st place.
upvoted 1 times
RVoigt
1 year, 7 months ago
CISSP Official Study Guide - "Generally, typical security management and hardening process can be applied to ICS, DCS, PLC, and SCADA systems to improve on whatever security is or isn't present in the device from the manufacturer. Common important security controls include isolating networks limiting access physically and logically, restricting code to only application, and logging all activity."
upvoted 1 times
RVoigt
1 year, 6 months ago
however, " restricting code to only application" does lean to A
upvoted 1 times
...
...
...
RVoigt
1 year, 7 months ago
It makes sense because SCADA attacks come over over the network.
upvoted 1 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago