CAS-002 · Question #48
CAS-002 Question #48: Real Exam Question with Answer & Explanation
The correct answer is A: Develop a network traffic baseline for each of the physical security systems.. Developing a network traffic baseline for each physical security system is the correct approach for determining NEW threats. A baseline establishes what normal, legitimate traffic looks like for each system (e.g., typical IP addresses, ports, protocols, data volumes, and timing).
Question
Options
- ADevelop a network traffic baseline for each of the physical security systems.
- BAir gap the physical security networks from the administrative and operational networks.
- CRequire separate non-VLANed networks and NIPS for each physical security system
- DHave the Network Operations Center (NOC) review logs and create a CERT to respond to
Explanation
Developing a network traffic baseline for each physical security system is the correct approach for determining NEW threats. A baseline establishes what normal, legitimate traffic looks like for each system (e.g., typical IP addresses, ports, protocols, data volumes, and timing). Once a baseline exists, any deviation from it - unusual connection sources, unexpected protocols, spikes in traffic - can be flagged as a potential threat or anomaly, enabling proactive threat detection. Option B (air gapping) is an isolation control that prevents connectivity but does not help identify new threats. Option C (separate VLANs and NIPS) is a prevention/detection infrastructure but doesn't specifically address baselining to identify new unknown threats. Option D (NOC log review and CERT) is a reactive incident response capability, not a threat identification methodology.
Community Discussion
No community discussion yet for this question.