Exam SY0-501 topic 1 question 406 discussion

I think it should be B since you isolate the network. usually for ScADA you want to isolate the network.

I’ve had a good look into this one and I believe the given answer A is correct. Some quotes off google: Quote 1 “Two things must be done to avoid attacks which exploit weaknesses in SCADA protocols. First, verify that a command is coming from a valid master/source. Second, ensure all requests are correct and do not endanger the plant’s safety.” Quote 2 “These critical systems are largely based on legacy SCADA... Many of these products are decades old and were never designed with security in mind. The good news is that there is an effective and easy-to-deploy solution to this security crisis. Using an advanced technology called “Deep Packet Inspection” (DPI), SCADA-aware firewalls offer fine-grained control of control system traffic.” There is even a book written about answer A: https://www.belden.com/resources/knowledge/other/dpi-tk-lp

The question stated "protection of SCADA systems from malicious software", it is not protecting from "external threats", it is against [software], hence C makes sense.

It should c

"You make sure there are firewalls protecting the access, and that the proper access controls are in place so that you can be assured that only the people who need access to these SCADA systems will be the only ones to ever touch it." https://www.professormesser.com/security-plus/sy0-401/embedded-system-security/ Comes from Prof messer on Embedded System security. I think it is A because of this and it doesn't note any other applications be able to run cause i don't think SCADA can even run any applications besides its embedded OS. Still though many are saying C.

C. whitelisting of apps

I think C is correct. If you restrict the application that can run on the system (whitelist), the malware will not be able to run even if it can be delivered into the system

SCADA is a physically separated network and accessible with a jump box,VPN or RTU. A firewall can restrict all other traffic to know ports because a jump box uses and HMI or corporate can connect through VPN or at regional remote locations through RTU remote terminal unit as the corporate network is separated from the SCADA. Again with SCADA think regional size a refinery linked to a chemical plant connected to an oil rig in the gulf. At each location there is a type of SCADA an ICS industrial control system this is what process operators use to monitor sensors for example in a refinery that will shut down dangerous processes if they occur. There linked through the SCADA network. Applications would only be used to access data servers compiling production statistics and historical data accessed by the internal corporate network through VPN. That’s why A is correct and a firewall can logically separate systems within the SCADA, deny or allow ports and applications accessible only within the SCADA.

Same question from exam topic with different answer https://www.examtopics.com/discussions/comptia/view/11674-exam-cas-002-topic-6-question-73-discussion/

lIMITING THE APPLICATIONS TO JUST THE NECESSARY APPLICATIONS FURTHER STRENGTHENS SECURITY. IF PATCHES CAN NOT BE MANAGE PER POLICY OF 30 DAYS, THEN THE NEXT APPROACH IS TO LIMIT THE RISK BY LIMITING THE APPLICATIONS THAT RUN ON THE SYSTEM

A If the critical SCADA systems do not always have the latest patches then they are vulnerable to attack in any zone on any port unless either air-gapped else a firewall is there and configured to protect them. A host firewall wouldn’t be as effective as a firewall on the network where the SCADA systems reside. In any of the above answers they would remain vulnerable, but perhaps least vulnerable with a network firewall protecting them.

several production-critical SCADA It needs to communicate, best answer to this is packet inspection

https://www.energy.gov/sites/prod/files/oeprod/DocumentsandMedia/21_Steps_-_SCADA.pdf Up near the top of the list to better protect SCADA is the line that states to limit the applications. There is no mention of firewall. So the best answer is C.

C: for me - all others permit some form of access to SCADA

I have seen C chosen as well as D and I am struggling also to clarify this. I have sifted through Gibson's book to see if anything specifically refers to this. This is what I found. He says, "while SCADA systems operate within their own network, it’s common to ensure that they are isolated from any other network. This physical isolation significantly reduces risks to the SCADA system. If an attacker can’t reach it from the Internet, it is much more difficult to attack it. However, if the system is connected to the internal network, it’s possible for an attacker to gain access to internal computers, and then access any resource on the internal network. " So I'm sort of wondering now if the default answer is correct since it mentions this directly, but I can see how the others make sense as well. The one thing that makes me doubt this is that most SCADA systems are already assumed to be independent at the get go.

Many sources are suggesting the answer is C, I'm really not sure myself.

should be C