CompTIA CASP+ (CAS-003) — Question 41

An architect was recently hired by a power utility to increase the security posture of the company's power generation and distribution sites. Upon review, the architect identifies legacy hardware with highly vulnerable and unsupported software driving critical operations. These systems must exchange data with each other, be highly synchronized, and pull from the Internet time sources. Which of the following architectural decisions would BEST reduce the likelihood of a successful attack without harming operational capability? (Choose two.)

Answer options

• A. Isolate the systems on their own network
• B. Install a firewall and IDS between systems and the LAN
• C. Employ own stratum-0 and stratum-1 NTP servers
• D. Upgrade the software on critical systems
• E. Configure the systems to use government-hosted NTP servers

Correct answer: B, E

Explanation

Option B is correct because installing a firewall and IDS adds a layer of security that can help detect and prevent attacks while maintaining operational capability. Option E is also correct as using government-hosted NTP servers can enhance time synchronization security. Options A, C, and D are less effective because they do not address the immediate security concerns as directly as B and E.