An IS auditor is reviewing an industrial control system (ICS) that uses older unsupported technology in the scope of an upcoming audit. What should the auditor consider the MOST significant concern?
A.
Technical specifications are not documented.
B.
Disaster recovery plans (DRPs) are not in place.
C.
Attack vectors are evolving for industrial control systems.
D.
There is a greater risk of system exploitation.
System exploitation is not the only risk, other risks can be system failure or misconfigurations.
System exploitation can be compensated by isolating the system network or using IPS, but if system fails or misconfigured, it can`t be restored without a DRP.
B. Disaster recovery plans (DRPs) are not in place.
disaster recovery plans (DRPs) not in place, is also a concern, but it is not the most significant concern in this scenario because it is possible to develop DRPs even if the technology is unsupported.
option C directly addresses the evolving nature of attack vectors for industrial control systems, which is crucial for understanding the specific security risks posed by outdated technology in the ICS environment.
Greetings to all,
i bring you good news today. Those of you who are into IT and wanna venture into cybersecurity and having difficulties to study and how to go through are hereby advice to get directories from the global certification support center.
They orientate you on how to get and pass certifications with lots of ease making you competent and master in the field.
Reach them using the site globalcertcenter.org
Good luck
My answer is D - there is a greater risk of system exploitation. As technology becomes unsupported, it is more vulnerable to exploitation, since new vulnerabilities are not being addressed. This could lead to a system breach or other major issues.
When a system is no longer supported, it means that there are no more updates or patches available to address any security vulnerabilities that may be discovered. This leaves the system open to exploitation by attackers, who can take advantage of the system's weaknesses to gain unauthorized access, disrupt operations, or steal sensitive information
Possibility of increased system exploitation could be the concern of the organisation mainly, lack of DRP is a concern for auditor which the auditor should report.
According to SANS Institute, consequences of modern ICS cyber-attacks on an even grander scale can include:
• Large power grid blackouts in large cities and entire regions
• Failure of critical manufacturing equipment
• Massive business financial losses
• Paralysis of smart city emergency infrastructure in large municipalities
• Injury of plant workers
• Serious environmental damage
So, option D is the correct answer.
upvoted 4 times
...
This section is not available anymore. Please use the main Exam Page.CISA Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
A_Salem
Highly Voted 3 years, 6 months ago3008
1 year, 11 months agoRS66
Most Recent 9 months, 3 weeks agoa84n
1 year agoYejide03
1 year, 2 months agodecieredavidolo
1 year, 7 months agospar2kle
1 year, 7 months ago3008
1 year, 11 months agoDeeplaxmi
2 years, 7 months agoBlackGarlic
3 years, 1 month ago