CompTIA CySA+ (CS0-002) — Question 180

Which of the following weaknesses associated with common SCADA systems are the MOST critical for organizations to address architecturally within their networks? (Choose two.)

Answer options

• A. Boot processes that are neither measured nor attested
• B. Legacy and unpatchable systems software
• C. Unnecessary open ports and protocols
• D. No OS kernel mandatory access controls
• E. Unauthenticated commands
• F. Insecure filesystem permissions

Correct answer: B, C

Explanation

Option B is critical because legacy systems often cannot be updated, leaving them vulnerable to attacks. Option C is also essential since unnecessary open ports can create entry points for cyber threats, while the other options, while important, do not pose as immediate a risk to the integrity and security of SCADA systems.