Free Isaca CCOA Actual Exam Questions - Question 10 Discussion

Maybe C again. Operational tech usually involves lots of legacy gear that’s not just old but also complicated to maintain or upgrade. That mix makes it more prone to bugs and exploits compared to just old Ethernet or wireless devices. Plus, mainframe tech is old but usually well-locked down and managed tightly. So the age and complexity combo really points to operational technology being the weakest link here.

This feels like it’s about tech that’s both old and complex, so I’d say C since operational tech tends to be legacy systems that are tough to patch. C.

C/D? Both operational technology and wireless devices can be tricky—operational tech often uses old, hard-to-update systems, making it a cyber risk. Wireless tech can have outdated security too, especially with older protocols. But considering “age and complexity,” operational technology usually involves legacy hardware and software that's not just old but also complex to manage, which ups its vulnerability more than wireless, which is often replaced or updated faster. So I'd go with C.

Maybe D, since wireless devices often have outdated protocols making them easy targets.

C definitely makes the most sense here. Operational technology tends to run legacy systems that aren’t easily patched or replaced, so they stay vulnerable for longer. Plus, the complexity of integrating old and new tech raises risks that simpler devices like Ethernet or wireless don’t usually face. Mainframe tech is old but generally well-protected and less complex, so it feels less vulnerable overall.

It’s C because operational technology combines outdated systems with complex setups, making it tougher to secure and maintain compared to the more regularly updated wireless or Ethernet gear.

Maybe D could be considered because wireless devices often have a mix of old protocols and increasing complexity with new standards, leading to security flaws. But overall, D doesn’t usually have the legacy system issues that OT faces. So, I still think C is more vulnerable since operational tech rarely gets full updates and has a patchwork of old and new systems, making it a bigger target.

Makes sense to rule out A and D since Ethernet and wireless tech get updated often. B feels too narrow. C stands out because operational tech often lags on patches and mixes old with complex. So C it is.

B imo since mainframes are old but less complex than OT, so maybe less vulnerable overall.

Option C seems like a strong contender since operational technology often involves legacy systems that haven’t been updated much and can be complex. But I’m not sure if the question is focusing on physical vulnerability or security risks due to software and firmware. Does the question clarify which kind of vulnerability it means? Also, are we assuming all devices are in active use, or could some older mainframe tech also be a risk?