CompTIA CASP+ (CAS-002) — Question 1

An organization has several production critical SCADA supervisory systems that cannot follow the normal 30-day patching policy. Which of the following BEST maximizes the protection of these systems from malicious software?

Answer options

• A. Configure a firewall with deep packet inspection that restricts traffic to the systems
• B. Configure a separate zone for the systems and restrict access to known ports
• C. Configure the systems to ensure only necessary applications are able to run
• D. Configure the host firewall to ensure only the necessary applications have listening ports

Correct answer: C

Explanation

The correct answer, C, is right because restricting the execution of applications to only those that are necessary minimizes the attack surface for malicious software. Options A and B, while useful, do not directly limit the applications that can run, leaving other vulnerabilities exposed. Option D focuses on network access but does not address the running processes on the systems themselves.