Certified Information Systems Security Professional (CISSP) — Question 368

In supervisory control and data acquisition (SCADA) systems, which of the following controls can be used to reduce device exposure to malware?

Answer options

• A. Disallow untested code in the execution space of the SCADA device.
• B. Disable all command line interfaces.
• C. Disable Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) port 138 and 139 on the SCADA device.
• D. Prohibit the use of unsecure scripting languages.

Correct answer: A

Explanation

The correct answer is A because allowing untested code to execute can introduce vulnerabilities that malware can exploit. Options B, C, and D, while they may enhance security, do not directly address the core issue of unverified code execution which is critical in protecting SCADA devices from malware.