A company is in the process of implementing a vulnerability management program. Which of the following scanning methods should be implemented to minimize the risk of OT/ICS devices malfunctioning due to the vulnerability identification process?
OT/ICS (Operational Technology and Industrial Control Systems) are probably really important, so taking it down due to scanning is a bad idea. Passive scanning is the least invasive and is just collecting the packets, but not performing additional analysis on it, which reduces the work capacity on the systems. I referenced the Sybex 003 study guide by Mike Chapple and Reidl. Page 82
Passive monitoring relies on capturing information about the network as traffic passes a
location on a network link.... Unlike active and router-based monitoring, passive monitoring does not add additional traffic to the network. It also performs after-the- fact analysis, since packets must be captured and analyzed, rather than being recorded in real time as they are sent.
Correct.
Passive scanning involves monitoring network traffic to identify vulnerabilities without actively probing or interacting with the devices. This method is relatively non-intrusive and can provide valuable information without directly affecting the systems.
However, it's important to note that passive scanning might not identify all vulnerabilities, so a combination of passive scanning and periodic credentialed scanning might be a balanced approach to ensure accurate vulnerability assessment while minimizing disruption.
I vote agent-based scanning because only IT services can host them. Passive scanning is good for discovery but might not be effective for vulnerability management. OT/ICS will probably be safe on a separate network, preferably air-gap and well planned audit and vulnerability assessment.
Well actually the question stated that they're in the process of implementing vulnerability management, so host and port discovery sounds like a good way to start. I'd change my answer to B in that regard.
OT/ICS (Operational Technology and Industrial Control Systems) are probably really important, so taking it down due to scanning is a bad idea. Passive scanning is the least invasive and is just collecting the packets, but not performing additional analysis on it, which reduces the work capacity on the systems. I referenced the Sybex 003 study guide by Mike Chapple and Reidl. Page 82
Passive monitoring relies on capturing information about the network as traffic passes a
location on a network link.... Unlike active and router-based monitoring, passive monitoring does not add additional traffic to the network. It also performs after-the- fact analysis, since packets must be captured and analyzed, rather than being recorded in real time as they are sent.
upvoted 2 times
...
This section is not available anymore. Please use the main Exam Page.CS0-003 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
[Removed]
Highly Voted 7 months agokmordalv
Highly Voted 10 months agodeeden
Most Recent 6 months, 4 weeks agodeeden
6 months, 4 weeks ago[Removed]
7 months ago