exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam

Exam CAS-004 topic 1 question 421 discussion

Actual exam question from CompTIA's CAS-004
Question #: 421
Topic #: 1
[All CAS-004 Questions]

A security engineer at a manufacturing facility is trying to determine whether any of the OT devices are susceptible to a recently announced vulnerability. Which of the following is the best way for the engineer to detect exploitable vulnerabilities?

  • A. Utilize a passive vulnerability scanner on the network.
  • B. Compare deployed equipment to the CVE disclosure.
  • C. Perform threat hunting on the OT segment.
  • D. Review software inventory for vulnerable versions.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
grelaman
Highly Voted 5 months, 2 weeks ago
Selected Answer: B
When a new vulnerability is announced, it is typically documented in a CVE (Common Vulnerabilities and Exposures) entry. It is the most direct and effective method to determine if any Operational Technology (OT) devices in the manufacturing facility are susceptible. By meticulously comparing the organization's inventory of deployed equipment (including hardware models and software versions) against the details provided in the CVE, the security engineer can accurately identify which devices are vulnerable and require remediation. Why Not D: Option D focuses solely on software versions and might overlook hardware-specific vulnerabilities or configurations mentioned in the CVE.
upvoted 5 times
...
Steel16
Most Recent 1 week, 2 days ago
Selected Answer: B
o B. Compare deployed equipment to the CVE disclosure: A CVE (Common Vulnerabilities and Exploits) is a database that tracks publicly known security vulnerabilities. By comparing the serial numbers or model numbers of deployed OT devices to the CVE database, the engineer can determine if any of their devices are susceptible to the recently announced vulnerability. This method is efficient and accurate, as it provides a direct match between the device and the reported vulnerability.
upvoted 1 times
Steel16
1 week, 2 days ago
o A. Utilize a passive vulnerability scanner on the network: While passive scanning can be useful for identifying vulnerabilities in general, it might not be suitable for OT environments. OT devices are often sensitive and can be adversely affected by scanning. Additionally, passive scanners may not provide detailed information about specific vulnerabilities or their exploitability.
upvoted 1 times
...
...
Bright07
1 month, 3 weeks ago
Selected Answer: B
When a vulnerability is announced, especially one that affects operational technology (OT) devices, it's crucial to determine whether any of the devices in the environment are susceptible to it. Comparing the deployed equipment (i.e., the OT devices in use) against the CVE (Common Vulnerabilities and Exposures) disclosure will allow the engineer to see if any of the specific devices or systems are affected by the announced vulnerability. This process typically involves reviewing the CVE details, which include information about which devices, software, or versions are impacted. This method directly links the vulnerability to the assets in the environment, making it the most targeted and efficient approach for determining susceptibility to the vulnerability.
upvoted 2 times
...
3c12b86
2 months, 1 week ago
Selected Answer: A
Operational Technology (OT) environments prioritize availability, safety, and system uptime. Active scanning or intrusive methods can disrupt sensitive OT devices. A passive vulnerability scanner observes network traffic without interacting directly with devices, which makes it a safer method to identify vulnerabilities in OT environments. It detects exploitable vulnerabilities by analyzing protocol metadata, device information, and communication patterns.
upvoted 2 times
...
Bright07
3 months ago
Selected Answer: B
When trying to assess the vulnerability of OT devices to a recently announced vulnerability, the most direct method is to compare the deployed equipment (including models, versions, and firmware) against the specific details of the CVE (Common Vulnerabilities and Exposures) disclosure. A CVE disclosure will typically include critical information such as the affected product versions, potential attack vectors, and available mitigation strategies. By directly matching the OT devices against this information, the security engineer can quickly identify if any devices are at risk of exploitation. NOT D. Review software inventory for vulnerable versions: While reviewing the software inventory is useful for tracking what software is running on OT devices, CVE disclosures often list specific vulnerabilities in both hardware and firmware of devices, not just software. Additionally, many OT devices use proprietary or custom software and may not be listed in a typical software inventory.
upvoted 2 times
...
23169fd
8 months ago
Selected Answer: A
Non-intrusive: It monitors network traffic without actively probing devices, thus avoiding potential disruptions to critical OT operations. Effective: Identifies vulnerabilities by analyzing existing data flows and configurations. Recommended: Aligned with best practices for OT environments, as outlined by NIST and the SANS Institute
upvoted 2 times
...
MacherGaming
8 months, 1 week ago
Selected Answer: D
D - Review software inventory for vulnerable versions: This is going to tell you exactly what vulnerabilities could impact which systems. Passive Scanning isn't going to work for all OT devices mainly because they aren't always communicating and/or may not respond to scanner probes.
upvoted 3 times
...
isaphiltrick
8 months, 1 week ago
Selected Answer: A
Passive vulnerability scanning is the best approach for detecting vulnerabilities in Operational Technology (OT) devices without disrupting their operation. OT environments are typically sensitive to disruptions, and active scanning methods can potentially interfere with the devices' functions. A passive scanner monitors the network traffic and detects vulnerabilities by analyzing the data without sending intrusive probes, ensuring the stability and safety of the OT devices.
upvoted 2 times
...
cf13076
10 months, 4 weeks ago
Selected Answer: D
I apologize for the oversight. Let's attempt another response. D. Review software inventory for vulnerable versions. Reviewing the software inventory for vulnerable versions can help the security engineer identify any OT devices that are running software versions known to have vulnerabilities. By checking the software versions against known vulnerability databases, the engineer can determine if any devices are susceptible to the recently announced vulnerability and take appropriate action to address the issue.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago