CompTIA
CAS-003 · Question #894
CAS-003 Question #894: Real Exam Question with Answer & Explanation
The correct answer is D: Network-based intrusion detection systems. For legacy SCADA systems where endpoint agents cannot be installed, a network-based intrusion detection system provides continuous, passive threat monitoring without requiring modification to the legacy devices.
Question
A legacy SCADA system is m place in a manufacturing facility to ensure proper facility operations. Recent industry reports made available to the security team state similar legacy systems are being used as part of an attack chain in the same industry market. Due to the age of these devices security control options are limited. Which of the following would BEST provide continuous monitoring for these threats?
Options
- AFull packet captures and log analysis
- BPassive vulnerability scanners
- CRed-team threat hunting
- DNetwork-based intrusion detection systems
Explanation
For legacy SCADA systems where endpoint agents cannot be installed, a network-based intrusion detection system provides continuous, passive threat monitoring without requiring modification to the legacy devices.
Common mistakes.
- A. Full packet capture and log analysis are forensic and investigative tools that require significant storage and human analysis - they do not provide automated, real-time continuous threat detection.
- B. Passive vulnerability scanners identify configuration weaknesses and unpatched software but do not detect active intrusion attempts or ongoing attack activity in real time.
- C. Red-team threat hunting is a periodic, human-driven adversarial simulation exercise and does not provide continuous automated monitoring of live network threats.
Concept tested. Continuous monitoring for legacy ICS/SCADA systems
Reference. https://www.cisa.gov/sites/default/files/publications/Cyber_Threats_to_OT.pdf
Community Discussion
No community discussion yet for this question.