CompTIA CySA+ (CS0-001) — Question 155

A security analyst is conducting a vulnerability assessment of older SCADA devices on the corporate network. Which of the following compensating controls is likely to prevent the scans from providing value?

Answer options

• A. Access control list network segmentation that prevents access to the SCADA devices inside the network.
• B. Detailed and tested firewall rules that effectively prevent outside access of the SCADA devices.
• C. Implementation of a VLAN that allows all devices on the network to see all SCADA devices on the network.
• D. SCADA systems configured with "˜SCADA SUPPORT'=ENABLE

Correct answer: B

Explanation

The correct answer is B because effective firewall rules can block unwanted external access to SCADA devices, hence preventing scans from being successful. Option A would also restrict access, but not necessarily the scans' value directly. Option C allows visibility of SCADA devices, which could increase the risk of scans being effective, while option D does not address access control or scanning limitations.