Exam GICSP Topic 1 Question 69 Discussion

Actual exam question for GIAC's GICSP exam
Question #: 69
Topic #: 1
An organization wants to use Active Directory to manage systems within its Business and Control system networks. Which of the following is the recommended security practice?

Suggested Answer: D Vote an answer

The recommended best practice is to use a shared Active Directory domain while deploying a Read-Only Domain Controller (RODC) within the Control system network (D). This approach:
Enables centralized management and authentication consistent with the business network Limits the risk of domain controller compromise in the Control network because RODCs do not store sensitive password information and restrict changes Balances security and operational efficiency by isolating sensitive environments while still leveraging AD's capabilities Options A and C increase complexity or risk by fully separating domains or controllers, while B reduces manageability by mixing domain and workgroup systems.
GICSP highlights RODCs as a means to secure domain services in ICS environments where full domain controllers pose a security risk.
Reference:
GICSP Official Study Guide, Domain: ICS Security Governance & Compliance Microsoft Active Directory Best Practices (Referenced in GICSP) GICSP Training on Identity Management and Network Segmentation

by Cornell at Feb 22, 2026, 04:55 PM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

0
0
0
10