During a recent investigation, an auditor discovered that an engineer’s compromised workstation was being
used to connect to SCADA systems while the engineer was not logged in. The engineer is responsible for
administering the SCADA systems and cannot be blocked from connecting to them. The SCADA systems
cannot be modified without vendor approval which requires months of testing.
Which of the following is MOST likely to protect the SCADA systems from misuse?

A.
Update anti-virus definitions on SCADA systems

B.
Audit accounts on the SCADA systems

C.
Install a firewall on the SCADA network

D.
Deploy NIPS at the edge of the SCADA network

Explanation:
A supervisory control and data acquisition (SCADA) system is an industrial control system (ICS) that is used tocontrol infrastructure processes, facility-based processes, or industrial processes.
A network-based IPS (NIPS) is an intrusion detection and prevention system that scans network traffic in real
time against a database of attack signatures. It is useful for detecting and responding to network-based attacks
originating from outside the organization.