A manufacturing facility relies on a 15-year-old programmable logic controller (PLC) that runs an unsupported operating system. The vendor no longer issues security patches, and shutting the controller down for replacement is not feasible for at least two more years. Which of the following mitigation strategies would provide the MOST effective protection for the PLC while allowing production to continue?
Enable automatic operating-system updates on the PLC so it receives any future patches immediately.
Disable unused services on the corporate file server to reduce the number of open ports.
Configure the core router to log and store all traffic to and from the PLC for later forensic analysis.
Place the PLC and its HMI on an isolated VLAN protected by a firewall that permits only the required traffic.
Because no patches are available, the best approach is to minimize exposure by isolating the PLC from the rest of the network. Placing the controller and its HMI on a dedicated, firewall-protected segment limits traffic to only the required protocols and hosts, greatly reducing the attack surface. The other options either cannot be implemented (automatic updates), do not meaningfully reduce exposure (increased logging), or are irrelevant to the PLC's risk (hardening a file server).
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why don't older systems receive modern security patches?
Open an interactive chat with Bash
What are some examples of specialized defenses for older systems?
Open an interactive chat with Bash
What risks do unpatched legacy systems pose to an organization?