Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Isc Discussions

Exam CISSP topic 1 question 125 discussion

Actual exam question from ISC's CISSP
Question #: 125
Topic #: 1
[All CISSP Questions]

The Industrial Control System (ICS) Computer Emergency Response Team (CERT) has released an alert regarding ICS-focused malware specifically propagating through Windows-based business networks. Technicians at a local water utility note that their dams, canals, and locks controlled by an internal Supervisory
Control and Data Acquisition (SCADA) system have been malfunctioning. A digital forensics professional is consulted in the Incident Response (IR) and recovery.
Which of the following is the MOST challenging aspect of this investigation?

  • A. Group policy implementation
  • B. SCADA network latency
  • C. Physical access to the system
  • D. Volatility of data
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by dev46 at Sept. 23, 2022, 1:56 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
133db51
1 month ago
Electric generation falls under NERC/FERC - its physical access as they have to go to site and then be escorted due to lack of clearances.
upvoted 1 times
...
homeysl
1 month, 1 week ago
Selected Answer: C
SCADA and OT are typically on a air-gapped networks.
upvoted 1 times
...
hoho2000
1 month, 2 weeks ago
Selected Answer: C
Ans C. It mentions Locks are malfunction. There is no indication the malware is volatile. IF D is the ans than all malware investigations first concern will be volatility.
upvoted 2 times
...
gjimenezf
3 months, 2 weeks ago
Selected Answer: C
Scada systems usually are not open to the internet, you need physical access to the office were the SCADA is installed, if the expert don't live in the neighborhood this will be a big challenge.
upvoted 1 times
...
YesPlease
4 months, 2 weeks ago
Selected Answer: D
Answer D) Volatility of data https://www.osti.gov/servlets/purl/1493135
upvoted 1 times
...
Soleandheel
4 months, 3 weeks ago
A. Configuration item
upvoted 1 times
...
AMANSUNAR
5 months, 1 week ago
Selected Answer: C
Physical access to the Supervisory Control and Data Acquisition (SCADA) system can be a significant challenge. SCADA systems are critical infrastructure components, and gaining physical access to them may involve logistical and security challenges. Physical access allows an attacker to directly manipulate or compromise the hardware, which can have severe consequences for the operation of the water utility's dams, canals, and locks.
upvoted 1 times
...
MShaaban
8 months, 3 weeks ago
I was voting for D but came this question in my head. What would make the SCADA data volatile if logs are stored on external servers. Capturing the logs won’t be hard. Physical access though would be harder, which makes C more challenging.
upvoted 2 times
...
Bach1968
9 months, 3 weeks ago
Selected Answer: C
n the given scenario, the most challenging aspect of the investigation is likely to be "Physical access to the system" (option C). Physical access to the SCADA system can be challenging because these systems are often located in critical infrastructure environments and are subject to strict physical security controls. Gaining authorized access to the system requires coordination with the appropriate personnel, adherence to security protocols, and potentially overcoming physical barriers and safeguards.
upvoted 1 times
...
HughJassole
10 months, 1 week ago
D. There is no need to access a dam to look at its data; the data is centrally in the SCADA system. The issue with these systems is data volatility. http://www.people.vcu.edu/~iahmed3/publications/ieee_computer_2012.pdf
upvoted 2 times
gjimenezf
3 months, 2 weeks ago
but you need to access the SCADA system that usually is installed on premises and without internet access for security
upvoted 1 times
...
...
dmo_d
11 months, 2 weeks ago
Selected Answer: C
C is correct. The key characteristic of SCADA systems are that they are distributed over a wide area. Data volatility would come next. But if forensics fails to collect data because the systems are not physically accessible there is no data which causes concerns to volatility.
upvoted 1 times
...
BennyMao
11 months, 3 weeks ago
Selected Answer: C
Since the SCADA controls dams, canals, and locks, most likely these devices and related sensors are scattered across wide area, many of which may not be easily accessible.
upvoted 1 times
...
Dee83
1 year, 3 months ago
D. Volatility of data The most challenging aspect of this investigation would likely be D. Volatility of data. This is because digital forensics professionals need to collect evidence in a way that preserves the integrity of the data and doesn't alter it. In the case of ICS-focused malware, data can be volatile and can change or be deleted quickly, making it difficult to collect and analyze evidence. Additionally, SCADA systems have their own specific protocols and technologies, which can make data collection and analysis more complex.
upvoted 2 times
jackdryan
11 months, 3 weeks ago
D is correct
upvoted 2 times
...
...
oudmaster
1 year, 4 months ago
Design of SCADA is not provided in the question, and it can be all centralized setup in one physical location. So I excluded answer C. ! I think D is correct
upvoted 2 times
Marzie
1 year ago
Its telling you about "internal" SCADA systems at Dams etc being impacted. Given that the forensics would need to be done on-site I think its very much leading us to answer C as being the primary issue here
upvoted 1 times
...
...
rootic
1 year, 6 months ago
Selected Answer: D
Agree with D.
upvoted 2 times
...
explorer3
1 year, 6 months ago
Selected Answer: D
Option D http://www.people.vcu.edu/~iahmed3/publications/ieee_computer_2012.pdf Because volatile data changes continuously on a running system, capturing live data presents two key challenges for forensic investigators. 1. Early data acquisition after an incident 2. Digital evidence validity.
upvoted 3 times
explorer3
1 year, 6 months ago
http://www.people.vcu.edu/~iahmed3/publications/ieee_computer_2012.pdf
upvoted 2 times
...
...
rc7
1 year, 6 months ago
Option D would slightly be better based on the question mentioning "ICS-focused malware specifically propagating". One can make the argument for either option C or option D. For option C typically, SCADA systems are isolated and physical access to the systems are challenging. For option D, the Forensic investigator is called in to investigate malfunctioning systems with the propagating malware where the volatility of data is challenging.
upvoted 1 times
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel