A security engineer is concerned about the threat of sidecha

A security engineer is concerned about the threat of sidecha - CompTIA CAS-005

Question

A security engineer is concerned about the threat of side-channel attacks. The company experienced a past attack that degraded parts of a SCADA system, causing a fluctuation to 20,000rpm from its normal operating range. As a result, the part deteriorated more quickly than the mean time to failure. A further investigation revealed the attacker was able to determine the acceptable rpm range, and the malware would then fluctuate the rpm until the part failed. Which of the following solutions would be BEST to prevent a side-channel attack in the future?

Answers

Installing online hardware sensors
correct

Air gapping important ICS and machines
Implementing a HIDS
Installing a SIEM agent on the endpoint

Explanation

The correct answer is: B. Air gapping important ICS and machines

Side-channel attacks exploit indirect information leaks from systems (e.g., timing, power consumption, or electromagnetic emissions) to infer sensitive data or disrupt operations. In this scenario, the attacker was able to determine the acceptable rpm range of a SCADA (Supervisory Control and Data Acquisition) system, likely through indirect observation or by compromising the system.

Air gapping, which involves isolating critical systems from any network connectivity (including the internet and other external networks), is the most effective defense against side-channel attacks targeting Industrial Control Systems (ICS) or SCADA environments. It ensures that attackers cannot remotely access or gather data from these critical systems.

Why the other options are incorrect:

Installing online hardware sensors:

Incorrect: Online sensors monitor system behavior and can detect anomalies but do not prevent side-channel attacks or isolate the system from external threats.

Implementing a HIDS (Host-based Intrusion Detection System):

Incorrect: A HIDS monitors for signs of compromise or malicious behavior on individual systems. However, it cannot prevent the exploitation of side-channel vulnerabilities or block remote access to SCADA systems.

Installing a SIEM agent on the endpoint:

Incorrect: A SIEM agent collects and analyzes logs for detecting threats but does not prevent side-channel attacks or block unauthorized access to SCADA systems.

View Full Course Content Try our Free Questions

No Payment Cards Needed

CompTIA SecurityX CAS-005 exam

Normally $60

$45/month

Subjects Included

CompTIA SecurityX CAS-005

Additional Features

Over 300 Practice Questions with Answers
Quizzes in every Lesson Provided
Detailed Analysis of Questions with Answers and Explanations
Detailed Notes with Chapters, Topics & Lessons
24/7 Live chat support
24/7 WhatsApp support
One Full Month Access

Get Started

View Other Pricing Plans

CompTIA Prep

CompTIA Cloud+ CV0-004

Start Course Prep

CompTIA Prep

CompTIA Server+ SK0-005

Start Course Prep

Easy way to pass your test within a week with prepsaret

You don’t need one month to study and pass your test.
With Prepsaret, it takes you a few days to grasp all the concepts needed to pass your exams

View Courses Offered