CompTIA CySA+ (CS0-002) — Question 102

An information security analyst observes anomalous behavior on the SCADA devices in a power plant. This behavior results in the industrial generators overheating and destabilizing the power supply. Which of the following would BEST identify potential indicators of compromise?

Answer options

• A. Use Burp Suite to capture packets to the SCADA device’s IP.
• B. Use tcpdump to capture packets from the SCADA device IP.
• C. Use Wireshark to capture packets between SCADA devices and the management system.
• D. Use Nmap to capture packets from the management system to the SCADA devices.

Correct answer: C

Explanation

The correct answer is C because Wireshark allows for detailed analysis of packet data between SCADA devices and the management system, which can reveal anomalies indicative of compromise. Options A and B focus on capturing traffic to or from the SCADA device, but do not provide the comprehensive overview of interactions that Wireshark does. Option D incorrectly suggests capturing packets in the opposite direction, which would be less effective for identifying issues related to the SCADA system.