During a security assessment, you discover that a piece of manufacturing equipment is running an operating system version whose vendor ended support three years ago. The equipment cannot be upgraded or replaced for at least 18 months due to production contracts. Which of the following actions would BEST reduce the likelihood that attackers can exploit the unsupported OS while it remains in service?
Require complex password rotation for all users of the corporate email platform.
Replace the facility's perimeter firewall with a next-generation model that performs TLS inspection.
Place the equipment in a dedicated network segment secured by an internal firewall that permits only essential traffic and monitor the segment for anomalies.
Enable automatic operating system updates from the vendor's public repository.
Because the device will not receive security patches, the most effective short-term mitigation is to reduce its exposure. Isolating the equipment in its own network segment protected by strict firewall rules limits inbound and outbound traffic to only the protocols it truly needs and allows security monitoring to detect misuse. The other options either cannot be implemented (no vendor updates), address unrelated controls (email password policy), or improve the perimeter without directly reducing the unsupported host's attack surface.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does 'vendor-supported' mean in the context of IT equipment?
Open an interactive chat with Bash
Why does the lack of updates make a system more vulnerable to attacks?
Open an interactive chat with Bash
What strategies can security teams use to handle unsupported equipment?