ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-005 All Questions

View all questions & answers for the CAS-005 exam
Go to Exam

Exam CAS-005 topic 1 question 54 discussion

Actual exam question from CompTIA's CAS-005
Question #: 54
Topic #: 1
[All CAS-005 Questions]

The principal security analyst for a global manufacturer is investigating a security incident related to abnormal behavior in the ICS network. A controller was restarted as part of the troubleshooting process, and the following issue was identified when the controller was restarted:
SECURE BOOT FAILED:
FIRMWARE MISMATCH EXPECTED UXFDC479 ACTUAL 0x79F31B
During the investigation, this modified firmware version was identified on several other controllers at the site. The official vendor firmware versions do not have this checksum. Which of the following stages of the MITRE ATT&CK framework for ICS includes this technique?

  • A. Evasion
  • B. Persistence
  • C. Collection
  • D. Lateral movement
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by vicbersong at April 29, 2025, 9:12 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
vicbersong
1 week, 1 day ago
Selected Answer: B
✅ B. Persistence 🔍 Explanation: The MITRE ATT&CK for ICS (Industrial Control Systems) framework includes tactics and techniques tailored to ICS environments. In this scenario: The firmware of controllers was modified with a non-official version (evidenced by the checksum mismatch). This suggests an attacker modified the firmware to maintain long-term access or influence over the system. This behavior aligns with the Persistence tactic — which involves techniques that allow the adversary to maintain their foothold in the ICS environment even after reboots or disconnections. ❌ Why the other options are incorrect: A. Evasion: Involves avoiding detection. While custom firmware might help evade detection, the main purpose here is continued access, not stealth. C. Collection: Involves gathering information, such as process data or credentials — not modifying firmware. D. Lateral Movement: Involves moving between systems to expand access — this scenario is more about establishing a foothold, not expanding access.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago