CompTIA CASP+ (CAS-003) — Question 49

A government organization operates and maintains several ICS environments. The categorization of one of the ICS environments led to a moderate baseline. The organization has complied a set of applicable security controls based on this categorization.
Given that this is a unique environment, which of the following should the organization do NEXT to determine if other security controls should be considered?

Answer options

• A. Check for any relevant or required overlays.
• B. Review enhancements within the current control set.
• C. Modify to a high-baseline set of controls.
• D. Perform continuous monitoring.

Correct answer: C

Explanation

The correct answer is C because moving to a high-baseline set of controls allows the organization to ensure stronger security measures are in place, which is crucial for unique environments. Options A and B are less relevant as they focus on reviewing existing controls rather than enhancing security. Option D, while important, is a part of ongoing assessment rather than an initial step to consider additional controls.