The exam frequently tests default credentials in two different target contexts β IoT devices and network infrastructure. Both are commonly compromised via unchanged defaults. Know the distinction: for IoT, the primary compensating control after defaults is VLAN segmentation; for network infrastructure, the primary ongoing control is checking manufacturer advisories for rare but important firmware updates.
The exam tests SCADA/ICS and RTOS as distinct concepts. The key discriminators: SCADA is about large-scale industrial process control where compromise causes physical infrastructure damage; RTOS is about deterministic timing requirements in safety-critical systems where timing failures cause immediate physical consequences. Both require isolation, but for different reasons β SCADA for consequence containment, RTOS for timing protection.
Embedded systems are a special case the exam tests: purpose-built hardware with firmware-embedded OS, often with no update mechanism. The key hardening fact is that when patching is not possible, the defense moves to the network level. Segmentation + firewall = the compensating control. If the exam describes a device that cannot be patched and asks how to protect it, the answer is network isolation, not endpoint security.
The exam frequently presents a cloud breach scenario and asks what should have been in place. The cloud management workstation and the four cloud hardening pillars (secure workstation, least privilege, EDR, C2C backup) appear as a set. Know each pillar and what threat it addresses β questions often describe one being missing and ask what the consequence is or what should be added.