CompTIA Security+ (SY0-601) — Question 623

A municipality implements an IoT device discovery scanner and finds a legacy controller for a critical internal utility SCADA service that is running firmware with multiple vulnerabilities. Unfortunately, the controller cannot be upgraded, and a replacement for it is not available for at least a year. Which of the following is the best action to take to mitigate the risk posed by this controller in the meantime?

Answer options

• A. Isolate the controller from the rest of the network and constrain connectivity.
• B. Remove the controller from the network altogether.
• C. Quarantine the controller in a VLAN used for device patching from the internet.
• D. Configure the internet firewall to deny any internet access to or from the controller.

Correct answer: A

Explanation

Isolating the controller from the rest of the network is the best option because it limits the potential attack surface and prevents any vulnerabilities from affecting other systems. Removing the controller may not be feasible if it is critical for operations, while quarantining it in a VLAN does not provide the same level of isolation. Configuring the firewall to deny internet access is helpful, but without network isolation, the controller could still be compromised by other internal threats.