During a security assessment of an electrical substation, you discover that the SCADA control LAN is bridged to the corporate network through an unmanaged switch and that PLCs exchange unauthenticated Modbus/TCP traffic in clear text. To address the OT security principles of network segmentation and least functionality while introducing minimal latency to real-time control traffic, what should you recommend first?
Configure 802.1X port-based authentication on every PLC and HMI in the control network.
Enable SNMPv3 on the existing switch to secure its management interface and monitor configuration changes.
Deploy an industrial firewall that performs protocol-aware filtering between the corporate network and the SCADA control network.
Install host-based intrusion detection agents directly on each PLC to monitor traffic locally.
Separating the business (IT) and control (OT) networks is a foundational practice in OT security frameworks such as the Purdue Model and NIST SP 800-82. An industrially-hardened firewall that performs deep packet inspection for industrial protocols (for example, Modbus/TCP) enforces strict segmentation and filters unauthorized commands before they reach PLCs, yet adds negligible latency when properly tuned. 802.1X is rarely supported on legacy PLCs and does not create a security zone boundary. Host-based IDS or antivirus agents are typically unsupported on embedded controllers and do not solve the flat-network problem. Securing SNMP on the switch protects management traffic only; it does not prevent lateral movement between IT and OT networks.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the Purdue Model in OT security?
Open an interactive chat with Bash
How does an industrial firewall perform protocol-aware filtering?
Open an interactive chat with Bash
Why is Modbus/TCP traffic a security concern?
Open an interactive chat with Bash
What is Modbus/TCP and why is it relevant in OT security?
Open an interactive chat with Bash
What is the Purdue Model and how does it improve OT security?
Open an interactive chat with Bash
Why is an unmanaged switch a risk in an OT environment?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Mobile Platform, IoT, and OT Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .