CAS-001 · Question #94
CAS-001 Question #94: Real Exam Question with Answer & Explanation
The correct answer is D: Deploy an ACL that restricts access from the corporate network to the manufacturing SCADA systems.. The root cause of the incident was lateral movement from an untrusted vendor device on the corporate network to the manufacturing SCADA systems. An ACL (Access Control List) that restricts traffic from the corporate network to SCADA systems enforces network segmentation, directly
Question
Options
- ADisable remote access capabilities on manufacturing SCADA systems.
- BRequire a NIPS for all communications to and from manufacturing SCADA systems.
- CAdd anti-virus and client firewall capabilities to the manufacturing SCADA systems.
- DDeploy an ACL that restricts access from the corporate network to the manufacturing SCADA systems.
Explanation
The root cause of the incident was lateral movement from an untrusted vendor device on the corporate network to the manufacturing SCADA systems. An ACL (Access Control List) that restricts traffic from the corporate network to SCADA systems enforces network segmentation, directly eliminating this attack path. Option A (disabling remote access) is overly restrictive and does not address local network lateral movement. Option B (NIPS) can detect but may not prevent lateral movement and does not segment the network. Option C (AV on SCADA) is often impractical as SCADA/ICS systems run legacy OS versions incompatible with modern AV, and it still does not prevent network-level access. Network segmentation via ACLs is the most targeted and practical control.
Community Discussion
No community discussion yet for this question.