CompTIA CASP+ (CAS-003) — Question 154

A manufacturing company recently recovered from an attack on its ICS devices. It has since reduced the attack surface by isolating the affected components. The company now wants to implement detection capabilities. It is considering a system that is based on machine learning. Which of the following features would BEST describe the driver to adopt such nascent technology over mainstream commercial IDSs?

Answer options

• A. Trains on normal behavior and identifies deviations therefrom
• B. Identifies and triggers upon known bad signatures and behaviors
• C. Classifies traffic based on logical protocols and messaging formats
• D. Automatically reconfigures ICS devices based on observed behavior

Correct answer: A

Explanation

The correct answer, A, highlights the ability of machine learning systems to learn normal behavior patterns and detect deviations, which is essential for identifying new and unknown threats. Options B and C focus on known signatures and traffic classification, which are characteristics of traditional IDSs rather than innovative machine learning approaches. Option D suggests automation that is not a primary feature of machine learning detection capabilities.