CompTIA CySA+ (CS0-001) — Question 13
Which of the following remediation strategies are MOST effective in reducing the risk of a network-based compromise of embedded ICS? (Choose two.)
Answer options
- A. Patching
- B. NIDS
- C. Segmentation
- D. Disabling unused services
- E. Firewalling
Correct answer: C, D
Explanation
Segmentation limits the exposure of ICS systems to potential attacks by isolating them from other parts of the network, while disabling unused services reduces the attack surface by eliminating unnecessary entry points. The other options, while useful, do not provide the same level of risk reduction in the context of embedded ICS.