CompTIA CASP CAS-004 Reddit Questions

Immutable infrastructure through containers ensures that the deployed systems remain consistent and resistant to drift. Any changes require rebuilding and redeploying containers, eliminating configuration inconsistencies. This aligns with CASP+ objective 2.2, which emphasizes implementing scalable, secure system configurations.

________________________________________

Avoiding the risk by shutting down the application and migrating to a supported, alternative platform is the most effective option based on the provided scenario. The application is non-critical, provides no revenue, and replacing it has a nominal cost, making risk avoidance the ideal choice. This aligns with the CASP+ objective of implementing risk strategies (1.3) and emphasizes prioritizing cost-effective and practical solutions over maintaining deprecated or vulnerable systems.

________________________________________

The protocol described is Modbus, which is a commonly used industrial protocol that lacks built-in authentication and security features. Modbus operates in a client/server model and can be implemented over RTU (Remote Terminal Unit) or TCP/IP for communication between devices. The other protocols mentioned either have different characteristics or are used in different contexts (such as Profinet for industrial automation, Zigbee for wireless IoT devices, and Z-Wave for home automation). CASP+ identifies Modbus as a critical protocol in industrial environments that lacks security and requires additional protective measures.

Signed applications ensure the integrity of the application by verifying that the source code has not been tampered with. Digital signatures provide a cryptographic guarantee that the software is exactly as the developer released it.