Exam CAS-004 topic 1 question 159 discussion

C is the correct answer. Here's why: SCADA systems are used to monitor and control industrial processes, such as those used in electricity generation. Disabling the safety instrumented system and deploying ransomware on the engineering workstation could prevent the engineers from properly maintaining the SCADA equipment, potentially leading to operational issues and disruptions. It is not likely that a turbine would overheat and cause physical harm (option A) as a result of this attack. The engineers may need to go to the historian (option B) to retrieve historical data for troubleshooting purposes, but this would not be a direct consequence of the attack. Data would not be exfiltrated through the data diodes (option D) as a result of this attack, as data diodes are unidirectional network connections that prevent data from being transmitted in the opposite direction. Data diodes are often used to isolate critical systems from external networks in order to prevent data exfiltration.

The answer can't be C because SCADA is part of the OT environment and there are firewalls back to back separating these systems from the IT environment. all the hacker can do is exfiltrate the data that comes from the OT to the IT through the data diodes.

While ransomware could hinder SCADA system maintenance, the primary concern here is the immediate risk posed by the disabled SIS.

Ans A. The most likely consequence is that with the safety systems disabled, and engineers unable to monitor or intervene due to ransomware on the workstation, a critical system like a turbine might overheat. Without safety controls in place, the turbine might continue operating under unsafe conditions, leading to physical damage or harm.

I believe the answer is A. #1 in security is to prevent human harm.

I'm going with A. If the safety instrumented system is disabled, then that would mean you would not receive warnings or anything for hazard mitigation. If the engineers workstation is disabled due to ransomware then yes, the scada equipment could not be maintained, however that is not an immediate problem because you could use the historian logs, which is not a real time solution but it is there and you could still take care of the equipment, just slower. The data diodes are unidirectional and there are two firewalls between environments so the data will not flow back from ot to it. Which means that we have a visibility issue into immediate real time issues. which brings me back to a turbine over heating and causing harm. It might take a while to get the information that there is an issue with equipment due to safety systems being down and scada not being able to be used. I'm going with A.

A - Safety Consequence B - Not Relevant C - SCADA separated from Corporate D - Security Consequence of RaaS, data exfiltration.

Possible physical damage and harm trumps any other issues..

Physical harm from the disabled temperature sensor is paramount compared to any cyber vuln

Taking test tomorrow and changing to A as the question reads " disabled the safety instrumented system."

A. is answer. Disabled safety instrumented system. Consequence is inability to address and maintain functioning of turbines.

SCADA systems are one the most important systems when it comes to water, energy, and electrical plants. These systems rely on providing realtime data and control to other system throughout the plant. If they are not working properly, more sever cases than a turbine exploding can happen. If the SCADA system is interfered with, yes it can lead to this. So A should be out of the question. This environment you wont to focus on SCADA, DAHS, and any Industrial Control Systems

A is the correct answer as they safety system was disabled. The engineering station was ranswomwared to make it difficult for engineers to reprogram the system as the tools to do that is most likely installed on the engineering station

A. A turbine would overheat and cause physical harm. The disabling of the safety instrumented system poses a direct threat to the physical components of the electricity-generation site. The other options either are less direct consequences of the described attack or are more secure by design (e.g., data diodes).

C = Interruption to service Ransomware is primarily used to keep organizations from completing operations, losing $$. The Diodes would make it challenging to exfiltrate data, and the back-to-back firewalls should have controls to prevent the exfiltration of a large amount of data as a secondary technical measure. Q never states how the workstation was compromised but it could be infected from other means (Trojan via removable media, engineer hybrid workstation) coming from an external network sounds more difficult with the current security setup. Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)

Ruling out D because data diodes only allow for secure one-way data transfer..data cannot exfiltrated this way.

Why not A? safety system is disabled, and it's electricity-generating place. what is turbine go super hot and no safety system detects its temperature? I think it might go overheat and burn down the place?!