Programmable Logic Controllers (PLCs) in Operational Technology (OT) environments commonly useLadder Logic, a graphical programming language resembling electrical relay logic diagrams. It's the most relevant for PLCs due to its widespread use in industrial automation.
Option A:Ladder Logic is the standard for PLC programming, making it the best choice.
Option B:Rust is modern and secure but not typically used for PLCs.
Option C:C is used in some embedded systems but less common for PLCs.
Option D:Python is versatile but not native to PLC programming.
Option E:Java is rare in PLC contexts.
Reference:CompTIA SecurityX CAS-005 Domain 2: Security Architecture - OT Security and Secure Coding.

The error message " NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM " indicates that the web browser is rejecting the certificate because it uses a weak signature algorithm. This commonly happens with self-signed certificates, which often use outdated or insecure algorithms.
Why Discontinue Self-Signed Certificates?
Security Compliance: Modern browsers enforce strict security standards and may reject certificates that do not comply with these standards.
Trusted Certificates: Using certificates from a trusted Certificate Authority (CA) ensures compliance with security standards and is less likely to be flagged as insecure.
Weak Signature Algorithm: Self-signed certificates might use weak algorithms like MD5 or SHA-1, which are considered insecure.
Other options do not address the specific cause of the certificate error:
A). Rewriting legacy web functions: Does not address the certificate issue.
B). Disabling deprecated ciphers: Useful for improving security but not related to the certificate error.
C). Blocking non-essential ports: This is unrelated to the issue of certificate validation.
References:
CompTIA SecurityX Study Guide
" Managing SSL/TLS Certificates, " OWASP
" Best Practices for Certificate Management, " NIST Special Publication 800-57

SecurityX CAS-005 exam content emphasizes integrating security into the SDLC and using automated tools to identify vulnerabilities early.
* Software dependency management solutions track and analyze libraries and components for known vulnerabilities before deployment, using vulnerability databases such as NVD or OSS Index.
* IAST scanning still requires the application to be running and may detect issues later.
* WAF policies help block attacks in production but do not prevent vulnerable code from being deployed.
* SIEM monitoring is reactive and identifies issues after they occur.By detecting vulnerable dependencies early, software dependency management solutions prevent late-stage deployment delays and reduce security risk.

The most appropriate solution for the systems engineer to deploy is SELinux (Security-Enhanced Linux).
Here's why:
Mandatory Access Control (MAC): SELinux enforces MAC policies, ensuring that only authorized users and processes can access specific resources. This helps in preventing unauthorized reading and modification of data and programs.
Access Vector Cache: SELinux utilizes an access vector cache (AVC) to improve performance. The AVC caches access decisions, reducing the need for repetitive policy lookups and thus improving system efficiency.
Security Mechanisms: SELinux provides a robust framework to enforce security policies and prevent bypassing of application security mechanisms. It controls access based on defined policies, ensuring that security measures are consistently applied.
Privilege Escalation and Process Interference: SELinux limits the ability of processes to escalate privileges and interfere with each other by enforcing strict access controls. This containment helps in isolating processes and minimizing the risk of privilege escalation attacks.
References:
CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
NSA's Guide to the Secure Configuration of Red Hat Enterprise Linux 5 (SELinux) NIST Special Publication 800-53: Security and Privacy Controls for Information Systems and Organizations

The most likely driver for approving additional network security budget is that the audit revealed that the existing architecture contained security controls that could be easily bypassed. This indicates fundamental weaknesses in defense-in-depth and suggests that attackers could gain access to sensitive systems or data despite the presence of controls.
Option A (unused budgets) is not a strategic reason for approving security investment. Option B (compliance reports requested by customers) may influence investment in compliance initiatives, but it does not explain the need for an in-depth defense architecture. Option D (PCI DSS low score) is a compliance-specific issue but would not, on its own, drive a broad architectural budget approval unless PCI was the only focus.
Security audits often uncover systemic flaws-such as flat networks, insufficient segmentation, or single points of failure-that create the conditions for bypassing controls. Addressing these issues requires rearchitecting the environment, introducing layered defenses, and strengthening monitoring capabilities, all of which demand significant budget. Thus, option C aligns with the decision to invest in robust defense-in-depth strategies.