Exam SY0-501 topic 1 question 620 discussion

This question was on the test. Jan 24, 2020. As GMO has mentioned, updates and patches for these systems are not regularly provided, so I also agree with option A and picked option A at the test as well.

ANS is A Difficulty in patching and update management No matter how much work a manufacturer puts into creating secure hardware and software for its IoT-ready product, new vulnerabilities will inevitably be discovered at some point in the future. Updates are therefore needed to keep IoT devices secure and should be applied as soon as they are released. Yet, the nature and use of IoT devices don’t always make them easy to update regularly — if at all. Think about sensors spread across hundreds of acres of farmland. Or IoT devices on a factory floor that cannot be taken offline for updates without hugely impacting production. Worse still, even where patches can be applied regularly, there’s often no means for the user to rollback changes to the last known good state in the event that an update leads to software corruption or instability.

after a vulnerability has been discovered

Difficult-to-update firmware is really a risk related to IoT devices. CompTIA : Some automation products often use vendor-specific software and networking protocols. As with embedded devices, security features can be poorly documented, and patch management/security response processes of vendors can be inadequate. But this is not the greatest risk. The GREATEST risk, in my opinion, is their integration with more critical systems. IoT devices need to measure all kinds of things, including temperature, light levels, humidity, pressure, proximity, motion, gas/chemicals/smoke, heart/breathing rates, and so on. These are implemented as thermocouples/thermistors, infrared detectors, inductive, photoelectric, and capacitative cells, accelerometers, gyroscopes, and more. So, when you have an IoT device that will show you the wrong temperature, once you could be informed that your building was burned

Read all the comments and most suggesting A here but everyone missed "after a vulnerability has been discovered". Just because of this I will go with B

A or B. Really hard to choose. I would go for 'A' since the question said it is GREATEST ongoing risk. I can just stop tight integration with other devices but updates and patches is an ongoing risk.

What does "Tight integration to existing systems" mean? That is extremely vague.

here are many instances of applications and devices (peripheraldevices especially) that remain on sale with serious known vulnerabilities in firmwareor drivers and no prospect of vendor supportfor a fix. The problem is also noticeablein consumer-grade networking appliances and in the Internet of Things (IoT). So i think its A. There will be difficulty in firmware updates.

Jan 24, 2020 why we always see this date no one take exam after this date ??

Both A and B are viable. Word play here makes it a 50/50. Honestly, whoever greenlights these questions needs their heads examining.

Many embedded systems use low-cost firmware chips and the vendor never produces updates to fix security problems or only produces updates for a relatively short product cycle (while the device could remain in operational use for much longer). Many embedded systems require manual updates, which are perceived as too time-consuming for a security department with other priorities to perform. Vulnerability can be used to get access to other interconnected systems, however..

Many embedded systems use low-cost firmware chips and the vendor never produces updates to fix security problems or only produces updates for a relatively short product cycle (while the device could remain in operational use for much longer). Many embedded systems require manual updates, which are perceived as too time-consuming for a security department with other priorities to perform.

Folks, just remember the Mirai case (mentioned previous questions) where exploited IoTs (cameras) used to crash systems via DDoS. I guess this will help us to make a judgement fair enough.

Question says after vulnerability has been identified, meaning its either they have seen that the system is vulnerable to attacks also, which is the greatest security risk in my opinion but after that what is the next risk, answer should be B

The risk is in tightly intergrating an unpatchable device into the system. So B is the correct answer.

I think it should be A. https://techbeacon.com/security/iot-devices-are-hard-patch-heres-why-how

the answer B.. if you have many IoT in a house connected to Alexa or Google and those failed. the whole thing will fail. a light bulb can be a IoT, i dont need that needs much patching. "Alexa turn off the lights" if Alexa doesnt work, the whole system is broken so "tight integration": seems good to me.