CompTIA Updated CAS-005 Exam Questions and Answers by sapphire

To secure the Operational Technology (OT) environment based on the given requirements, the best approach is to implement a bastion host inthe OT network. The bastion host serves as a secure entry point for remote access, allowing third-party vendors to connect while being monitored by security tools. Using a dedicated update server for workstations ensures that security updates are applied in a controlled manner without direct internet access.

Implementing security and quality checks in a CI/CD pipeline ensures that:

Container images are scanned for vulnerabilities beforedeployment.

Version control is enforced, preventing unauthorized changes.

Hashes validate image integrity.

Other options:

A (Configuring ACLs on mesh networks) improves access control but does not ensure scanning.

C (Audits on container images) detect changes but do not enforce best practices.

D (Pulling from a vendor repository) does not ensure vulnerability scanning.

A Configuration Management Database (CMDB) provides the best foundation for identifying which specific assets are affected by a given vulnerability. A CMDB maintains detailed information about the IT environment, including hardware, software, configurations, and relationships between assets. This comprehensive view allows organizations to quickly identify and address vulnerabilities affecting specific assets.

Microsegmentation is a critical strategy within Zero Trust architecture that enhances context-aware access systems by dividing the network into smaller, isolated segments. This reduces the attack surface and limits lateral movement of attackers within the network. It ensures that even if one segment is compromised, the attacker cannot easily access other segments. This granular approach to network security is essential for enforcing strict access controls and monitoring within Zero Trust environments.