A security consultant has been asked to recommend a secure network design that would:• Permit an existing OPC server to communicate with a new Modbus server that is controlling electrical relays. Limit operational disruptions. Due to the limitations within the Modbus protocol, which of the following configurations should the security engineer recommend as part of the solution?

A security consultant has been asked to recommend a secure n

A security consultant has been asked to recommend a secure n - CompTIA CAS-005

Question

A security consultant has been asked to recommend a secure network design that would:• Permit an existing OPC server to communicate with a new Modbus server that is controlling electrical relays.

Limit operational disruptions.

Due to the limitations within the Modbus protocol, which of the following configurations should the security engineer recommend as part of the solution?

Answers

Restrict inbound traffic so that only the OPC server is permitted to reach the Modbus server on port 135.
Restrict outbound traffic so that only the OPC server is permitted to reach the Modbus server on port 102.
Restrict outbound traffic so that only the OPC server is permitted to reach the Modbus server on port 5000.
correct

Restrict inbound traffic so that only the OPC server is permitted to reach the Modbus server on port 502.

Explanation

The correct answer is: D. Restrict inbound traffic so that only the OPC server is permitted to reach the Modbus server on port 502.

The Modbus protocol uses port 502 for communication. To securely enable communication between the OPC server and the Modbus server while minimizing operational disruptions, the security consultant should:

Restrict inbound traffic: Configure firewall rules to allow only traffic from the OPC server to reach the Modbus server on port 502. This ensures that no unauthorized devices or systems can connect to the Modbus server.
Limit operational disruptions: This configuration allows necessary communication while protecting the Modbus server from potential unauthorized access or attacks.

Why the other options are incorrect:

Restrict inbound traffic so that only the OPC server is permitted to reach the Modbus server on port 135:

Incorrect: Port 135 is associated with Microsoft RPC (Remote Procedure Call) and is not relevant to Modbus communication.

Restrict outbound traffic so that only the OPC server is permitted to reach the Modbus server on port 102:

Incorrect: Port 102 is used by Siemens S7 communications, not Modbus. Furthermore, restricting outbound traffic does not address the need for secure inbound communication to the Modbus server.

Restrict outbound traffic so that only the OPC server is permitted to reach the Modbus server on port 5000:

Incorrect: Port 5000 is not used by the Modbus protocol. Additionally, focusing on outbound traffic does not protect the Modbus server as effectively as restricting inbound traffic.

View Full Course Content Try our Free Questions

No Payment Cards Needed

CompTIA SecurityX CAS-005 exam

Normally $60

$45/month

Subjects Included

CompTIA SecurityX CAS-005

Additional Features

Over 300 Practice Questions with Answers
Quizzes in every Lesson Provided
Detailed Analysis of Questions with Answers and Explanations
Detailed Notes with Chapters, Topics & Lessons
24/7 Live chat support
24/7 WhatsApp support
One Full Month Access

Get Started

View Other Pricing Plans

CompTIA Prep

CompTIA Cloud+ CV0-004

Start Course Prep

CompTIA Prep

CompTIA Server+ SK0-005

Start Course Prep

Easy way to pass your test within a week with prepsaret

You don’t need one month to study and pass your test.
With Prepsaret, it takes you a few days to grasp all the concepts needed to pass your exams

View Courses Offered