During a recent investigation, an auditor discovered that an engineer’s compromised workstation was
being used to connect to SCADA systems while the engineer was not logged in. The engineer is
responsible for administering the SCADA systems and cannot be blocked from connecting to them. The
SCADA systems cannot be modified without vendor approval which requires months of testing.
Which of the following is MOST likely to protect the SCADA systems from misuse?

A.
Update anti-virus definitions on SCADA systems

B.
Audit accounts on the SCADA systems

C.
Install a firewall on the SCADA network

D.
Deploy NIPS at the edge of the SCADA network

Explanation:
A supervisory control and data acquisition (SCADA) system is an industrial control system (ICS) that is used
to control infrastructure processes, facility-based processes, or industrial processes.
A network-based IPS (NIPS) is an intrusion detection and prevention system that scans network traffic in
real time against a database of attack signatures. It is useful for detecting and responding to networkbased attacks originating from outside the organization.
Incorrect Answers:
A: Antivirus software is used to protect systems against viruses, which are a form of malicious code
designed to spread from one system to another, consuming network resources.B: Auditing accounts on the SCADA system will not likely to protect the SCADA systems as the
compromised workstation is being used to connect to the SCADA systems while the engineer is not
logged in.
C: A firewall protects a system from attack by filtering network traffic to and from the system. It can be
used to block ports and protocols but this would prevent the administrator from access the SCADA
system.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 117, 157