CompTIA Security+ (SY0-501) — Question 82

An organization has several production-critical SCADA supervisory systems that cannot follow the normal 30- day patching policy.
Which of the following BEST maximizes the protection of these systems from malicious software?

Answer options

• A. Configure a firewall with deep packet inspection that restricts traffic to the systems.
• B. Configure a separate zone for the systems and restrict access to known ports.
• C. Configure the systems to ensure only necessary applications are able to run.
• D. Configure the host firewall to ensure only the necessary applications have listening ports

Correct answer: C

Explanation

The correct answer, C, is effective because ensuring that only necessary applications can run minimizes the attack surface and prevents unauthorized software from executing. Options A and B enhance security but do not directly limit application execution. Option D adds a layer of control over listening ports, but it still does not restrict what applications can run, which is crucial for protecting SCADA systems.