An organization is in the process of integrating its operational technology and information technology areas. As part of the integration, some of the cultural aspects it would like to see include more efficient use of resources during change windows, better protection of critical infrastructure, and the ability to respond to incidents. The following observations have been identified:
• The ICS supplier has specified that any software installed will result in lack of support.
• There is no documented trust boundary defined between the SCADA and corporate networks.
• Operational technology staff have to manage the SCADA equipment via the engineering workstation.
• There is a lack of understanding of what is within the SCADA network.
Which of the following capabilities would BEST improve the security position?
A. VNC, router, and HIPS
B. SIEM, VPH, and firewall
C. Proxy, VPN, and WAF
D. IDS, NAC, and log monitoring
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
In the All-in-One exam guide on page 200 under “critical infrastructure” is written:
Always protect the SCADA systems from other networks with a firewall.
So firewall must be in the correct answer and so its B
VPH is the virus that causes warts. Sound like a trick.
in D wanted to say “log monitoring is good/not good enough and SIEM is better” 😀
Requests
1. We want better resource usage during change windows
2. Better protection of critical infrastructure
3. Ability to respond to incidents.
Observations
1. Industrial control systems support do not allow any new software
2. No trust boundary between Scada and corporate networks
3. Operation Tech staff have to manage the SCADA equipment via engineering workstation
4. Lack of understanding of Scada Network
Technologies – Pick 3
VNC – Provides ability to respond possibly, requires VNC server software on a machine though.
Router – Not sure why this is here.
HIPS –
SIEM – Would help with knowing more about the network and protecting the network.
VPH – Could this mean VPN? If so this would be great.
Firewall – Would improve network as there is no documented boundary between networks.
Proxy – Not sure what kind of proxy this is specifying.
VPN – Good, would possibly need this for access.
WAF – No web application is relevant here.
IDS – Sure.
NAC –
Log Monitoring
Anyway my choice is B.
Anyone else? Hard question.
I agree with B because in other possible answers there are always at least one irrelevant thing that makes the whole thing incorrect:
A – there’s HIPS (and it’s said that any software installed will void the warranty/kill the support)
B – all seems good and relevant
C – WAF is completely unnecessary
D – Log monitoring is not good, but SIEM (in answer B) is better 🙂