Common QA Flashcards
What is the primary function of a firewall?
a. Block all internet traffic
b. Detect network intrusions
c. Filter network traffic
d. Authenticate users
c. Filter network traffic
Inter-network connection device that restricts data communication traffic between two connected networks is called a(n) . a. IDS b. Firewall c. Router d. Anti-virus software
b. Firewall
The process of securing a system by reducing its attack surface is known as
a. Threat Modeling
b. System Hardening
c. Intrusion Detection
d. Whitelisting
b. System Hardening
Policies, procedures and technical controls that govern the use of system resources are known as a. Data Flow Controls b. System Integrity Controls c. Access Controls d. System Hardening Controls
c. Access Controls
Which of the following is an objective of cybersecurity acceptance testing?
a. Verification of cybersecurity specifications
b. Root cause analysis
c. Cyber risk determination
d. Verification of system functionality
a. Verification of cybersecurity specifications
What are the three main phases of the IACS Cybersecurity Lifecycle?
a. Assess, Develop & Mitigate, Maintain
b. Design, Implement, Maintain
c. Assess, Develop & Implement, Maintain
d. Design, Mitigate, Maintain
c. Assess, Develop & Implement, Maintain
Which of the following is the correct risk equation?
a. Risk = Threat x Asset x Consequence
b. Risk = Threat x Vulnerability x Cost
c. Risk = Threat Agent x Threat x Vulnerability
d. Risk = Threat x Vulnerability x Consequence
d. Risk = Threat x Vulnerability x Consequence
The desired level of security for a system is known as?
a. Target Security Level
b. Achieved Security Level
c. Capability Security Level
d. Protection Level
a. Target Security Level
Which of the following is the correct formula for Cyber Risk Reduction Factor (CRRF)?
a. CRRF = Unmitigated Risk / Tolerable Risk
b. CRRF = Mitigated Risk / Tolerable Risk
c. CRRF = Tolerable Risk / Unmitigated Risk
d. CRRF = Tolerable Risk / Mitigated Risk
a. CRRF = Unmitigated Risk / Tolerable Risk
An Intrusion Detection System (IDS) is an example of what method of treating risk?
a. Detect
b. Deter
c. Defend
d. Defeat
a. Detect
A security service system that monitors and analyzes system events for the purpose of
finding, and providing real-time or near real-time warning of attempts to access system
resources in an unauthorized manner is called a(n) .
a. IDS
b. Firewall
c. Router
d. Anti-virus software
a. IDS
What is the name of the firewall feature that analyzes protocols at the application
layer to identify malicious or malformed packets?
a. Stateful inspection
b. Deep packet inspection
c. Packet filter
d. Layer 3 check
B. Deep packet inspection
A three-tier network segmentation design that prevents direct communication between
the enterprise network and the process control network by creating a buffer is also
known as a(a) .
a. Zones and conduits
b. Perimeter firewall
c. ICS firewall
d. DMZ
d. DMZ
Which of the following represents the recommended process of firewall planning and
implementation?
a. Plan, Configure, Test, Deploy, Manage
b. Plan, Configure, Deploy, Test, Manage
c. Plan, Deploy, Manage, Test, Configure
d. Design, Configure, Test, Deploy, Document
a. Plan, Configure, Test, Deploy, Manage
What are the main types of intrusion detection systems?
a. Perimeter Intrusion Detection & Network Intrusion Detection
b. Host Intrusion Detection & Network Intrusion Detection
c. Host Intrusion Detection & Intrusion Prevention Systems
d. Intrusion Prevention & Network Intrusion Detection
b. Host Intrusion Detection & Network Intrusion Detection
What is the desired outcome of the Initiate a CSMS program activity?
a. Conceptual diagrams that show how an AD forest can be attacked
b. Obtain leadership commitment, support, and funding
c. Identify software agents used by threat agents to propagate attacks
d. Conduct periodic IACS conformance audits
b. Obtain leadership commitment, support, and funding
Which of the following is NOT a network device hardening best practice?
a. Install latest firmware updates
b. Shut down unused physical interfaces
c. Enable logging, collect logs (e.g. Syslog) and review regularly
d. Use Telnet for remote management
d. Use Telnet for remote management
Which of the following is an example of dual-factor authentication?
a. Username and password
b. Digital certificate and smart card
c. Fingerprint and retinal signature
d. Fingerprint and smart card
d. Fingerprint and smart card
A network that uses a public telecommunication infrastructure such as the Internet to
provide remote networks or computers with secure access to another network is known as
a(an) .
a. VLAN
b. VSAT
c. VPN
d. VNC
c. VPN
If a virus shuts down an industrial network by overloading the Ethernet switches
which basic information security property is affected?
a. Integrity
b. Confidentiality
c. Availability
d. Reliability
c. Availability
Which three basic properties are the building blocks of cyber security?
a) Authorization, Identification, and Integrity (AII)
b) Confidentiality, Integrity and Availability (CIA)
c) Authorization, Reliability and Integrity (ARI)
d) Confidentiality, Integrity and Authorization (CIA)
b) Confidentiality, Integrity and Availability (CIA)
What is the biggest security problem if business networks connect directly to industrial control
systems?
a) Too many business users requesting data will slow control system operation to a crawl,
endangering the security of processes.
b) Unauthorized business users, outsiders and malware can penetrate critical industrial control
systems and upset critical processes.
c) Production workers will change data in business systems given the opportunity
d) Cybersecurity insurance will increase in cost
b) Unauthorized business users, outsiders and malware can penetrate critical industrial control
systems and upset critical processes.
“Countermeasures” in cyber security are measures taken to:
a) Eliminate system penetration by outsiders
b) Confuse perimeter intrusion detectors
c) Reduce the system’s risk of loss from vulnerabilities and threats
d) Eliminate the risk of an inside attacker taking over a computer network
c) Reduce the system’s risk of loss from vulnerabilities and threats
Why would a company issue security policies for industrial networks?
a) To let outside intruders know the consequences of their actions.
b) To clearly establish which department “owns” the network
c) To guide a company’s cybersecurity department on how to catch security violations.
d) To communicate the responsibilities of users, management, IT staff for company security.
d) To communicate the responsibilities of users, management, IT staff for company security.
A key factor for the success of a cyber security program is:
a) Security policy, objectives and activities that reflect business objectives.
b) Strict rules that forbid interconnection of control system to business systems.
c) The latest in security technologies.
d) The latest in hardware technologies.
a) Security policy, objectives and activities that reflect business objectives.
One way safety is different from security in industrial plants is that:
a) Safety considers the effects of malicious actions, not just the causes.
b) The field of safety encompasses the field of security.
c) Safety concerns itself with human error and the natural causes of accidents, while security
may involve malicious behavior.
d) Safety concerns itself with malicious behavior, while security may involve human error and the
natural causes of accidents.
c) Safety concerns itself with human error and the natural causes of accidents, while security
may involve malicious behavior.
Which of the following documents are IT Security standards?
a) IEC 61850
b) ISO 27001:2013
c) ISA 95
d) ISA 84
b) ISO 27001:2013
Which of the following are control system security standards?
a) COBIT 5
b) ISO/IEC 15408:2009
c) ISA/IEC 62443
d) ISO 27001:2013
c) ISA/IEC 62443
The standard ISA 62443-2-1 belongs in which tier/group of the ISA 99 committee work products? a) Component b) System c) General d) Policies & Procedures
d) Policies & Procedures
Which of the following is NOT generally considerered to be a requirement of industrial control systems? a) Real-time performance b) High availability c) Frequent updates d) HSE considerations
c) Frequent updates
Which formula is correct?
a) Risk = Threat x Asset x Consequence
b) Risk = Threat x Vulnerability x Cost
c) Risk = Threat x Likelihood x Vulnerability
d) Risk = Threat x Vulnerability x Consequence
d) Risk = Threat x Vulnerability x Consequence
Which of the following would NOT be considered a countermeasure?
a) Replay
b) Access Controls
c) Encryption
d) Intrusion Detection
a) Replay
A logical grouping of physical, informational, and application assets sharing common security
requirements is called a(n) __________________
a) Security model
b) Asset model
c) Conduit
d) Zone
d) Zone
Which of the following is Layer 4 in the ISO OSI/Reference Model?
a) Session
b) Network
c) Transport
d) Data
c) Transport
Which one of the following can best perform a network routing function?
a) Layer 1 hub
b) Layer 2 network interface card
c) Layer 3 switch
d) Layer 4 user datagram protocol
c) Layer 3 switch
TCP is a ___________ protocol
a) Connection based
b) Layer 3
c) Send and forget
d) Layer 7
a) Connection based
In IPv4 which protocol resolves IP addresses into MAC addresses?
a) ICMP
b) TCP
c) IP
d) ARP
d) ARP
What is Microsoft’s normal scheduled release day for security patches?
a) When critical patches available
b) The first Monday of the month
c) The first Friday of the month
d) The second Tuesday of the month
d) The second Tuesday of the month
What is the purpose of Windows Server Update Services (WSUS)?
a) Deploy the latest Microsoft Hyper-V product updates
b) Distribution of Microsoft Software Update Services
c) Deploy the latest Microsoft product updates and hotfixes
d) Distribution of Windows Software Unified Server
c) Deploy the latest Microsoft product updates and hotfixes
What is the primary function of a firewall?
a) Block all internet traffic
b) Detect network intrusions
c) Filters network traffic
d) Authenticate users
c) Filters network traffic
What is the first step in the High-Level Risk Assessment?
a) Identify Threats
b) Identify Critical Assets and Consequences
c) Define Methodology for Identifying Risks
d) Analyze Threats
c) Define Methodology for Identifying Risks
What is the desired outcome of the Initiate a CSMS program activity?
a) Conceptual diagrams that show how an AD forest can be attacked
b) Obtain leadership commitment, support, and funding
c) Identify software agents used by threat agents to propagate attacks
d) Select and implement countermeasures
b) Obtain leadership commitment, support, and funding
How many security assurance levels (SAL) does ISCI offer?
a) One
b) Two
c) Three
d) Four
d) Four
Which of the following is one of the three certifications offered by ISCI?
a) Functional Security Assessment (FSA)
b) Evaluation Assurance Level (EAL) assessment
c) Security Development Life Cycle Assessment (SDLA)
d) System Robustness Testing (SRT)
c) Security Development Life Cycle Assessment (SDLA)
What are the three main phases of the ISA/IEC 62443 Cybersecurity Lifecycle?
a) Assess, Develop and Implement, Maintain
b) Assess, Integrate, Maintain
c) Analyze, Develop and Implement, Maintain
d) Analyze, Integrate, Maintain
a) Assess, Develop and Implement, Maintain
What are the layers of TCP/IP model ?
Application, Host to Host, Internet and Network Access
Ensuring that the sender of a message or contact cannot later deny sending the message or contract is known as which of the following ?
Nonrepudiation
Which of the following is non compulsory ?
Guidelines
A digital signature uses asymmetric key encryption to achieve which of the following
Nonrepudiation and Authentication
IPSec provides which of the following two kids of operation
Transport mode and tunnel mode
One way safety is different from security in industrial plan is that
Safety concerns itself with human error and the natural cause of accidents, while security may involve malicious
Which of the following is true A. A zone may be considered untrusted B. Zones may be defined physically C. A zone may be considered trusted D. All the above
D. All the above
What is Microsoft normal scheduled release day for security updates
The second Tuesday of the month
Which of the following documents are IT security standards ? A. ISO/IEC 15408 B. ISO/IEC 27001 C. NIST 800-53 D. All the above
D. All the above
A key factor for the success of the cyber security program is
Security policy objectives and activities that reflect business objective
Which of the following are control system security A. NERC CIP B. NIST 800-82 C. ISA/IEC 62443 D. All the obove
D. All the above
Which organization bridges the gap between 62443 standard and their implementation ? A. NIST B. IEC C. ENISA D. ISCI
A. NIST
System Robustness testing includes which of the following? A. FUZZ TESTING B. NETWORK TRAFFIC LOAD TESTING C. VULNERABILITY TESTING D. ALL THE ABOVE
D. All the above
