CompTIA Security+ Question F-3

When considering a vendor-specific vulnerability in critical industrial control systems which of the following techniques supports availability?

A. Deploying identical application firewalls at the border
B. Incorporating diversity into redundant design
C. Enforcing application white lists on the support workstations
D. Ensuring the systems’ anti-virus definitions are up-to-date

Answer: B

Explanation:
If you know there is a vulnerability that is specific to one vendor, you can improve availability by implementing multiple systems that include at least one system from a different vendor and so is not affected by the vulnerability.