ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam PT1-002 All Questions

View all questions & answers for the PT1-002 exam
Go to Exam

Exam PT1-002 topic 1 question 4 discussion

Actual exam question from CompTIA's PT1-002
Question #: 4
Topic #: 1
[All PT1-002 Questions]

A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet. Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid?

  • A. PLCs will not act upon commands injected over the network.
  • B. Supervisors and controllers are on a separate virtual network by default.
  • C. Controllers will not validate the origin of commands.
  • D. Supervisory systems will detect a malicious injection of code/commands.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Davar39 at Jan. 7, 2022, 1:23 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Schmittinger
1 year, 2 months ago
Selected Answer: C
Somebody hast connected them to maage them remote.
upvoted 1 times
behkaa
1 year, 1 month ago
hi, did you write PTO-002 ? Is there a difference ?
upvoted 1 times
...
...
rootlikegroot
2 years, 11 months ago
Guys can you please detail why C is the correct answer?
upvoted 1 times
TheITStudent
2 years, 11 months ago
PLC is a programmable logic controller. These are essentially maleable devices in that they can be controlled/manipulated/coded/programed to do whatever you need them to do for a business. They most likely lack ability to self-regulate/correct. This usually is the role of a security/network engineer. If one is able to send code to one of these devices, more likely than not, it will be accepted unless compensating controls have been put in place by an admin. this is my best guess. C makes the most sense to me for these reasons.
upvoted 4 times
...
NotAHackerJustYet
2 years, 4 months ago
The correct answer is C because it is most likely that the controllers will not validate the origin of commands. This means that the controllers may not be able to detect malicious injections of code/commands. The other options are not as likely to be valid assumptions. Option A is not valid because PLCs might act upon commands injected over the network. Option B is not valid because it is possible that supervisors and controllers may not be on a separate virtual network. Option D is not valid because it is not likely that the supervisory systems will detect a malicious injection of code/commands.
upvoted 3 times
...
...
Cyber_Judy
3 years ago
Selected Answer: C
C - agreed.
upvoted 2 times
...
Cyber_Judy
3 years ago
C - probably so.
upvoted 1 times
...
Davar39
3 years, 5 months ago
Seems correct.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel