ExamTopics Logo
Mail Us[email protected]
Menu
Isc Discussions
exam questions

Exam CISSP All Questions

View all questions & answers for the CISSP exam
Go to Exam

Exam CISSP topic 1 question 125 discussion

Actual exam question from ISC's CISSP
Question #: 125
Topic #: 1
[All CISSP Questions]

The Industrial Control System (ICS) Computer Emergency Response Team (CERT) has released an alert regarding ICS-focused malware specifically propagating through Windows-based business networks. Technicians at a local water utility note that their dams, canals, and locks controlled by an internal Supervisory
Control and Data Acquisition (SCADA) system have been malfunctioning. A digital forensics professional is consulted in the Incident Response (IR) and recovery.
Which of the following is the MOST challenging aspect of this investigation?

  • A. Group policy implementation
  • B. SCADA network latency
  • C. Physical access to the system
  • D. Volatility of data
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by dev46 at Sept. 23, 2022, 1:56 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Tuhaar
4 weeks ago
Selected Answer: D
malware lives in RAM (volatile memory). Hence this is the clue to choose option D.
upvoted 2 times
...
KJ44
1 month, 3 weeks ago
Selected Answer: D
A primary issue in forensics for SCADA systems is data retrieval from volatile memory and network devices. Moreover, legacy systems may not provide long-term logs due to limited memory architectures. OSTI.GOV
upvoted 2 times
...
deeden
4 months, 3 weeks ago
Selected Answer: D
Volatility of data is the most challenging aspect of this investigation. In an ICS environment, data is often overwritten or erased quickly, especially in operational systems. This makes it extremely difficult to recover critical evidence and reconstruct the attack timeline. Additionally, the nature of SCADA systems, with real-time control and monitoring, often involves large volumes of data, making the collection and analysis process even more complex. The other options are challenges, but they are generally more manageable with appropriate tools and techniques.
upvoted 1 times
...
133db51
9 months ago
Electric generation falls under NERC/FERC - its physical access as they have to go to site and then be escorted due to lack of clearances.
upvoted 1 times
...
homeysl
9 months, 2 weeks ago
Selected Answer: C
SCADA and OT are typically on a air-gapped networks.
upvoted 1 times
...
hoho2000
9 months, 2 weeks ago
Selected Answer: C
Ans C. It mentions Locks are malfunction. There is no indication the malware is volatile. IF D is the ans than all malware investigations first concern will be volatility.
upvoted 2 times
...
gjimenezf
11 months, 2 weeks ago
Selected Answer: C
Scada systems usually are not open to the internet, you need physical access to the office were the SCADA is installed, if the expert don't live in the neighborhood this will be a big challenge.
upvoted 1 times
...
YesPlease
1 year ago
Selected Answer: D
Answer D) Volatility of data https://www.osti.gov/servlets/purl/1493135
upvoted 3 times
deeden
4 months, 3 weeks ago
Thank you for providing reference.
upvoted 1 times
...
...
Soleandheel
1 year ago
A. Configuration item
upvoted 1 times
...
AMANSUNAR
1 year, 1 month ago
Selected Answer: C
Physical access to the Supervisory Control and Data Acquisition (SCADA) system can be a significant challenge. SCADA systems are critical infrastructure components, and gaining physical access to them may involve logistical and security challenges. Physical access allows an attacker to directly manipulate or compromise the hardware, which can have severe consequences for the operation of the water utility's dams, canals, and locks.
upvoted 1 times
...
MShaaban
1 year, 4 months ago
I was voting for D but came this question in my head. What would make the SCADA data volatile if logs are stored on external servers. Capturing the logs won’t be hard. Physical access though would be harder, which makes C more challenging.
upvoted 2 times
...
Bach1968
1 year, 5 months ago
Selected Answer: C
n the given scenario, the most challenging aspect of the investigation is likely to be "Physical access to the system" (option C). Physical access to the SCADA system can be challenging because these systems are often located in critical infrastructure environments and are subject to strict physical security controls. Gaining authorized access to the system requires coordination with the appropriate personnel, adherence to security protocols, and potentially overcoming physical barriers and safeguards.
upvoted 1 times
...
HughJassole
1 year, 6 months ago
D. There is no need to access a dam to look at its data; the data is centrally in the SCADA system. The issue with these systems is data volatility. http://www.people.vcu.edu/~iahmed3/publications/ieee_computer_2012.pdf
upvoted 2 times
gjimenezf
11 months, 2 weeks ago
but you need to access the SCADA system that usually is installed on premises and without internet access for security
upvoted 1 times
...
...
dmo_d
1 year, 7 months ago
Selected Answer: C
C is correct. The key characteristic of SCADA systems are that they are distributed over a wide area. Data volatility would come next. But if forensics fails to collect data because the systems are not physically accessible there is no data which causes concerns to volatility.
upvoted 1 times
...
BennyMao
1 year, 7 months ago
Selected Answer: C
Since the SCADA controls dams, canals, and locks, most likely these devices and related sensors are scattered across wide area, many of which may not be easily accessible.
upvoted 1 times
...
Dee83
1 year, 11 months ago
D. Volatility of data The most challenging aspect of this investigation would likely be D. Volatility of data. This is because digital forensics professionals need to collect evidence in a way that preserves the integrity of the data and doesn't alter it. In the case of ICS-focused malware, data can be volatile and can change or be deleted quickly, making it difficult to collect and analyze evidence. Additionally, SCADA systems have their own specific protocols and technologies, which can make data collection and analysis more complex.
upvoted 2 times
jackdryan
1 year, 7 months ago
D is correct
upvoted 2 times
...
...
oudmaster
2 years ago
Design of SCADA is not provided in the question, and it can be all centralized setup in one physical location. So I excluded answer C. ! I think D is correct
upvoted 2 times
Marzie
1 year, 8 months ago
Its telling you about "internal" SCADA systems at Dams etc being impacted. Given that the forensics would need to be done on-site I think its very much leading us to answer C as being the primary issue here
upvoted 1 times
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago