Certified Ethical Hacker (CEH v12) — Question 152

As a cybersecurity analyst at IoT Defend, you are working with a large utility company that uses Industrial Control Systems (ICS) in its operational technology (OT) environment. The company has recently integrated IoT devices into this environment to enable remote monitoring and control. They want to ensure these devices do not become a weak link in their security posture. To identify potential vulnerabilities in the IoT devices, which of the following actions should you recommend as the first step?

Answer options

• A. Use stronger encryption algorithms for data transmission between IoT devices.
• B. Implement network segmentation to isolate IoT devices from the rest of the network.
• C. Conduct a vulnerability assessment specifically for the IoT devices.
• D. Install the latest antivirus software on each IoT device.

Correct answer: C

Explanation

The correct answer is C because conducting a vulnerability assessment is essential to identify specific weaknesses and risks associated with the IoT devices. Options A and B are preventive measures that do not directly identify vulnerabilities, while option D focuses on malware protection rather than assessing vulnerabilities.