Exam CAS-004 topic 1 question 130 discussion

Manufacturing involves ICS, which widely uses DNP3

DNP3 is a common communication protocol used in industrial control systems. Ensuring that only DNP3 traffic is present on ports designated for DNP3 is crucial for maintaining the integrity and security of the network.

DNP3 is widely used in SCADA systems and ICS for communication between control systems and devices. One of the significant threats in this context is the potential for malicious actors to send non-DNP3 traffic over ports designated for DNP3 communication. This could indicate an attempt to exploit vulnerabilities, inject malicious payloads, or conduct unauthorized activities.

If you read the question, the security architect is designing the solution to monitor traffic. The security architect is trying to prevent attacks against the ICS network itself. Ideally, remote connections into ICS should pass through the demilitarized zone (DMZ) between the IT and OT segments. Firewalls, authentication services, jump servers, and file servers all play crucial roles in conducting these connections securely. So C would be the correct answer?

Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)

B. here is why direct from the Official Comptia Handbook: Modbus The components of an ICS network are often described as an operational technology (OT) network, in contrast to an IT network, comprised of server and client computing devices. Communications within an OT network are supported by a network application protocol such as Modbus. The communication protocol gives control servers and SCADA hosts the ability to query and change the configuration of each PLC. Modbus was originally designed as a serial protocol (Modbus RTU) running over a fieldbus network but has been adapted to use Ethernet and TCP/IP as well. Other protocols include EtherNet/IP, a variant of the Common Industrial Protocol (CIP), Distributed Network Protocol (DNP3), and Siemens S7comms.

Packets that are the wrong size or length can be an indication of a variety of different types of attacks, including denial of service (DoS) attacks, which aim to disrupt the availability of a network or service by flooding it with traffic. By monitoring for packets that are the wrong size or length, the security architect can identify and prevent these types of attacks from being successful. Use of any non-DNP3 communication on a DNP3 port, multiple solicited responses over time, and the application of an unsupported encryption algorithm may all be indicators of potential security issues, but they are not necessarily threats to the network itself.

The security architect should focus on preventing any non-DNP3 communication on a DNP3 port as this could be an indication of a malicious attack. By monitoring traffic and blocking any non-DNP3 communication, the security architect can reduce the risk of an attack. Answer is B

answer B Makes more sense to me. Manufacturing company meaning it will be using DNP3. Manufacturing company meaning it will be using DNP3. The DNP3 standard was designed for remote communication in utilities The DNP3 standard was designed for remote communication in utilities

https://en.wikipedia.org/wiki/DNP3