CompTIA CySA+ CS0-003 Practice Question
Your organization employs a proprietary industrial control system (ICS) in its manufacturing process. There are known vulnerabilities for which no patches exist due to the out-of-support nature of the system. As a cybersecurity analyst preparing a vulnerability management report, how should you classify this issue taking into account the inhibitors to remediation?
Indicate that no action is needed while accepting all inherent risks because the system is proprietary.
Advise the immediate discontinuation of the proprietary system until a patch is available.
Recommend implementing compensating controls to minimize the risk posed by the vulnerabilities.
Suggest waiting for a vendor-supplied patch as the sole course of action.