During a security assessment of a gas-pipeline compressor station you discover that Level 2 HMI workstations are cabled directly to the enterprise LAN, with no intervening security device. According to the Purdue Enterprise Reference Architecture and widely accepted guidance such as NIST SP 800-82 and ISA/IEC 62443, which control should be implemented first to bring the design back in line with best practice?
Replace all Modbus/TCP traffic on Level 0 with Ethernet/IP to eliminate clear-text protocols.
Introduce an industrial DMZ (Level 3.5) protected by stateful firewalls between the enterprise LAN and the OT network.
Move the HMI servers to Level 4 so they can share resources with business applications.
Enable secure SNMPv3 monitoring on every Level 1 PLC to improve device visibility.
Best practice calls for isolating the operational-technology network (Levels 0-3) from the enterprise network (Level 4) by inserting an industrial demilitarized zone-often referred to as Level 3.5-protected by stateful firewalls. This creates a buffer that strictly mediates and inspects any traffic that must pass between business IT assets and real-time control devices. Merely enabling SNMPv3, relocating HMIs to the IT zone, or changing field-bus protocols does not address the fundamental lack of network separation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an industrial DMZ (Level 3.5) in the Purdue Model?
Open an interactive chat with Bash
What is the purpose of the Purdue Enterprise Reference Architecture in cybersecurity?
Open an interactive chat with Bash
Why is stateful firewall protection important in an industrial DMZ?
Open an interactive chat with Bash
What is the Purdue Enterprise Reference Architecture?
Open an interactive chat with Bash
Why is a stateful firewall important in an industrial DMZ?
Open an interactive chat with Bash
What role does NIST SP 800-82 play in industrial network security?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Mobile Platform, IoT, and OT Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .