CompTIA CASP+ (CAS-004) — Question 318

A security engineer at a manufacturing facility is trying to determine whether any of the OT devices are susceptible to a recently announced vulnerability. Which of the following is the best way for the engineer to detect exploitable vulnerabilities?

Answer options

• A. Utilize a passive vulnerability scanner on the network.
• B. Compare deployed equipment to the CVE disclosure.
• C. Perform threat hunting on the OT segment.
• D. Review software inventory for vulnerable versions.

Correct answer: B

Explanation

The best approach is to compare the deployed equipment to the CVE disclosure, as it provides a direct reference to known vulnerabilities associated with specific devices. While passive vulnerability scanning and threat hunting may yield insights, they do not directly confirm vulnerabilities. Reviewing software inventory is also useful but does not target the specific equipment in question.