Exam SC-100 topic 1 question 24 discussion

From MCRA slide 17 (OT): "Many well-established IT security best practices like software patching aren’t practical or fully effective in an OT environment, so they can only be selectively applied (or have a limited security effect). Basic security hygiene for OT starts with network isolation (including good maintenance/**monitoring** of that isolation boundaries), **threat monitoring**, and carefully managing vendor access risk."

In some legacy environments where modern authentication protocols are unavailable such as operational technology (OT), network controls may be used exclusively.  - Slide 61, MCRA Slide 17 - OT - Safety/Integrity/Availability Hardware Age: 50-100 years (mechanical + electronic overlay) Warranty length: up to 30-50 years Protocols: Industry Specific (often bridged to IP networks) Security Hygiene: Isolation, threat monitoring, managing vendor access risk, (patching rarely)

Answer correct based on slide 60 of the MCRA passive collection) – provides data gathering with passive traffic monitoring to avoid disruption of OT and IIoT operations. This passive approach is critical because active scanning can slow or disrupt business operations (potentially altering sensitive physical operation timing or potentially crashing older OT computer systems). Security Hygiene - threat monitoring

I continue with this options based on MCRA slides... A is someting performance reducing progress so option D is more reliable and option B since question says "which security methodolgy"

On Exam 8 Apr 2024 scored 764

D. Passive Traffic Monitoring: Passive traffic monitoring involves observing network traffic without actively scanning or disrupting devices. This approach aligns with Zero Trust principles by allowing you to gain insights into the behavior of devices without introducing potential risks associated with active scanning. It helps in understanding the normal traffic patterns and identifying anomalies or suspicious activities without impacting the operation of OT and IoT devices. B. Threat Monitoring: Threat monitoring is essential for actively monitoring and analyzing security events to detect and respond to potential threats. Implementing threat monitoring aligns with Zero Trust principles by continuously assessing the security posture of OT and IoT devices. This proactive approach enables the identification of security incidents and allows for timely responses to mitigate risks, all while minimizing disruptions to business operations.

MCRA Slide 65 "Apply zero trust principles to securing OT and industrial IoT environments" : Security Hygiene: Multi-factor authentication (MFA), patching, threat monitoring, antimalware

"The solution must minimize the risk of disrupting business operations." patching is absolutely not non-disruptive

what is mcra slide mentioned in comments how do i find it

BD is correct

BD is the answer. OT Security hygiene is different because these systems frequently weren’t built with modern threats and protocols in mind (and often rely on ‘end of life’ software). Many well-established IT security best practices like software patching aren’t practical or fully effective in an OT environment, so they can only be selectively applied (or have a limited security effect). Basic security hygiene for OT starts with network isolation (including good maintenance/monitoring of that isolation boundaries), threat monitoring, and carefully managing vendor access risk.

BD right

B and D seem most suitable here, both are mentioned on slide 17 of MCRA. It doesn't look like C - Software patching is a valid answer. Look at slide 17 of MCRA it states "Many well-established IT security best practices like software patching aren’t practical or fully effective in an OT environment, so they can only be selectively applied (or have a limited security effect). ", so this confirms it isn't practical, so it can't be "best practice".

I would go with threat monitoring and patching (rarely, according to MCRA, but there is nothing about passive traffic monitoring)

ChatGTP: The two security methodologies that should be included in the recommendation for applying Zero Trust principles to OT and IoT devices based on the MCRA while minimizing the risk of disrupting business operations are: B. Threat monitoring: Continuous monitoring and analysis of network traffic, system logs, and other data sources can help detect and respond to threats and attacks targeting OT and IoT devices. Threat monitoring can help identify indicators of compromise (IoCs) and provide early warning of potential security incidents. D. Passive traffic monitoring: Passive traffic monitoring involves monitoring network traffic without actively sending packets or generating traffic. This approach can help minimize the risk of disrupting business operations while still providing visibility into network activity and potential security incidents. Passive traffic monitoring can also help identify anomalies and suspicious activity that may indicate a security threat.

Adapt processes to Operational Technology (OT) - Adjust your tools and processes to the constraints of OT environments as you integrate them. These environments prioritize safety and often have older systems which don't have patches available and may crash from an active scan. Focusing on approaches like passive network detections for threats and isolation of systems is often the best approach. https://learn.microsoft.com/en-us/training/modules/use-microsoft-cybersecurity-reference-architecture-azure-security-benchmarks/3-recommend-for-protecting-from-insider-external-attacks