A manufacturing facility relies on a 15-year-old programmable logic controller (PLC) that runs an unsupported operating system. The vendor no longer issues security patches, and shutting the controller down for replacement is not feasible for at least two more years. Which of the following mitigation strategies would provide the MOST effective protection for the PLC while allowing production to continue?
Place the PLC and its HMI on an isolated VLAN protected by a firewall that permits only the required traffic.
Enable automatic operating-system updates on the PLC so it receives any future patches immediately.
Disable unused services on the corporate file server to reduce the number of open ports.
Configure the core router to log and store all traffic to and from the PLC for later forensic analysis.
Because no patches are available, the best approach is to minimize exposure by isolating the PLC from the rest of the network. Placing the controller and its HMI on a dedicated, firewall-protected segment limits traffic to only the required protocols and hosts, greatly reducing the attack surface. The other options either cannot be implemented (automatic updates), do not meaningfully reduce exposure (increased logging), or are irrelevant to the PLC's risk (hardening a file server).
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a VLAN, and why is it used for network isolation?
Open an interactive chat with Bash
How does a firewall protect a PLC in this scenario?
Open an interactive chat with Bash
What are the risks of running unsupported operating systems like the one on this PLC?