ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam
Go to Exam

Exam CAS-004 topic 1 question 363 discussion

Actual exam question from CompTIA's CAS-004
Question #: 363
Topic #: 1
[All CAS-004 Questions]

The principal security analyst for a global manufacturer is investigating a security incident related to abnormal behavior in the ICS network. A controller was restarted as part of the troubleshooting process, and the following issue was identified when the controller was restarted:

SECURE BOOT FAILED:
FIRMWARE MISMATCH EXPECTED 0xFDC479 ACTUAL 0x79F31B

During the investigation, this modified firmware version was identified on several other controllers at the site. The official vendor firmware versions do not have this checksum. Which of the following stages of the MITRE ATT&CK framework for ICS includes this technique?

  • A. Evasion
  • B. Persistence
  • C. Collection
  • D. Lateral movement
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by CXSSP at Sept. 25, 2023, 4:02 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
zielony4242
Highly Voted 1 year, 6 months ago
Selected Answer: B
https://attack.mitre.org/tactics/TA0110/
upvoted 6 times
...
CXSSP
Highly Voted 1 year, 7 months ago
Selected Answer: B
The given scenario involves a modified firmware version on controllers in an ICS network. This indicates an intrusion that has tampered with the firmware, which falls under the category of "Persistence" in the MITRE ATT&CK framework for ICS. Therefore, the correct option is: B. Persistence
upvoted 5 times
...
152deff
Most Recent 6 months, 3 weeks ago
Selected Answer: D
"...this modified firmware version was identified on several other controllers at the site..."
upvoted 1 times
...
saucehozz
1 year ago
Selected Answer: B
Persistence: https://attack.mitre.org/techniques/T0857/
upvoted 3 times
...
DWtriple0
1 year, 4 months ago
Selected Answer: D
I think there is a case for the answer being D, lateral movement. The attackers have not just obtained persistence on one controller but on several controllers. They have moved past simple persistence.
upvoted 2 times
fac161f
7 months, 2 weeks ago
I agree
upvoted 1 times
...
...
OdinAtlasSteel
1 year, 6 months ago
Selected Answer: B
B. Persistence
upvoted 2 times
...
32d799a
1 year, 6 months ago
Selected Answer: B
The described technique involves modifying the firmware of an ICS (Industrial Control System) controller. By altering the firmware on these devices, attackers can ensure that their malicious activities or changes to the system are sustained even after the device restarts.
upvoted 3 times
...
Ariel235788
1 year, 7 months ago
Selected Answer: B
B. Persistence. Explanation: In the context of the MITRE ATT&CK framework, the "Persistence" stage involves techniques used by attackers to maintain their presence in a compromised environment over an extended period. One way to achieve persistence in ICS environments is by modifying firmware or configurations in such a way that the malicious changes persist even after system restarts or updates.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago