CompTIA
CAS-002 · Question #294
CAS-002 Question #294: Real Exam Question with Answer & Explanation
The correct answer is C: Infected USB device. Air-gapped SCADA networks bypass network-based attack vectors, making physical media the primary threat. An infected USB device is the most realistic way to introduce malware into an isolated environment.
Question
A security administrator is investigating the compromise of a SCADA network that is not physically connected to any other network. Which of the following is the MOST likely cause of the compromise?
Options
- AOutdated antivirus definitions
- BInsecure wireless
- CInfected USB device
- DSQL injection
Explanation
Air-gapped SCADA networks bypass network-based attack vectors, making physical media the primary threat. An infected USB device is the most realistic way to introduce malware into an isolated environment.
Common mistakes.
- A. Outdated antivirus definitions describe a vulnerability, not an attack vector - they do not explain how the compromise initially occurred on an air-gapped network.
- B. Insecure wireless would effectively break the air gap, making it a network connection rather than a scenario consistent with a network 'not physically connected to any other network.'
- D. SQL injection requires network connectivity to a database-facing application and cannot be executed against a system with no external network connections.
Concept tested. Air-gapped network attack vectors via removable media
Reference. https://csrc.nist.gov/publications/detail/sp/800-82/rev-2/final
Community Discussion
No community discussion yet for this question.