cybersecurity Flashcards

Question 1

Q

Remember that before any assessment

Answer

A

you should define the scope of the project. the scope include what is included in the assessment

Question 2

Q

In the scope always remember to

What are the four parts in defining the scope?

Answer

A

Identify Requirement
Specify which devices are involved.
select method of collecting data.
documentation.

Question 3

Q

Key Component of Project scope include

Answer

A

System description
System architecture diagram
network Diagram
Asset inventory
criticality assessment
Documentation of data flow.

Remember! complete and detailed scope leads to more valuable assessment.

Question 4

Q

Why conduct CVA

Answer

A

CVA meant to identify, classify, and define security Vulnerabilities. this is very critical step into in evaluating CYBER RISK!

Question 5

Q

CVA includes

Answer

A

Critical step into evaluating cyber risk!
-Evaluating the IACS design, implementation, configuration, implementation, and management,
Determine the adequacy of security measure and identify deficiencies.

Question 6

Q

When selecting an assessment type

Answer

A

Be aware of cost and Risk to the system. Also consider the benefits gained when running assessment.

Question 7

Q

Remember that

Those are Cybersecurity Vulnerability Assessment types

Answer

A

Gap assessment least invasive and provide and it provide comparison to standards, it involves interviews, peers, site walk.
Passive is used for reviewing arp tables, packet captures,
Active uses tools to scan network and ports.
Pen test include it exploit known and unknown vuln.

Question 8

Q

Benefit of cyber security risk assessment

Answer

A

Determine order of priority and what needs to be processed first.
Define threats, Vulnerability and consequences, - this is time consuming and it involves subject natter experts. this will help us to determine countermeasures.
Design and apply counter countermeasures to reduce risk.
prioritize of activity and resources.
evaluate countermeasure for effectiveness vs complexity.
ROI is also important. is the Assessment worth our time?

Question 9

Q

Cybersecurity Risk assessment process 62443-3-2

Answer

A

System under consideration. Section 4.1
High level risk assessment Section 4.2 * Involve safety teams. * this level will determine the Security Level target where you want to be.
partition into zones and conduits Section 4.3
perform detailed risk assessment for each zone and conduit Section 5.0
Document Security Requirement Assumption. * CRS document. Section 4.4

Question 10

Q

Detailed risk assessment process. Section 5.0 under IEC62443-3-2

Answer

A

as per the standard it is defined under section 5-
the standard explain the input which is the requirement for each zone and conduit. the middle is the requirement and the output is the results.

the list is
5.1 identify threat
5.2 identify vulnerabilities
5.3 determine consequences and impact.
5.4 determine likelihood.
5.5 calculate unmitigated cyber security risk
5.6 determine security level target.
5.7 consider exaiting countermeasures,
5.8 reevaluate likelihood and impact
5.9 calculate residual risk
5.10 all risk mitigated or below tolerable risk.
5.11 apply additional cybersecurity measure.
5.12 document results

Question 11

Q

Documentation

Answer

A

You need to document to prove what you did.

Document should be:
- Revised,
- Amended,
- Reviewed and,
- Approved.

Document should be under controlled Scheme.

Question 12

Q

You need to document all the reports. Documents include

Documents in general provide support, findings, and recommendations.

Answer

A

Gap assessment reports
Vulnerability reports
Risk assessment Reports.
Zone and conduit diagrams.
CRS document.

Question 13

Q

Difference between Vulnerability Assessment and Penetration Testing

Answer

A

VA include identify, classify, and define weaknesses and report on discoveries.

PEN test include exploit to gain access.

Question 14

Q

Which key concept in the scope details all the element of the system?

Answer

A

Asset Inventory

Question 15

Q

Why partition the system under consideration into zones and conduits?

Answer

A

To ensure best possible protection.

Question 16

Q

Chapter 2 Conceptual Design

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Answer

A

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Learn about the CRRF
Identify the four T’s of managing risk
Explain the 5 D’s of treating risk?
Explain the elements of developing a security strategy
Develop Cyber security plan.

Question 17

Q

Conceptual Design have key components that needs to be address so you can provide conceptual design specifications. those key components are

Answer

A

1 - Interpret risk assessment results.
2 - Mitigate results 4Ts or mitigating risk using the 4T’s
3 - Treat Risk using the 5Ds
4 - Develop Security Strategy
5 - Prepare conceptual design specification.

Lets dive to each one.

Question 18

Q

1- Interpreting Risk assessment Results- this includes. this should be included in any good risk risk assessment. if those are addressed correctly in the Risk assessment then things will be easier.

Answer

A

Risk Profile
Highest Severity Consequences.
Threat/Vuln leading to the highest risk. * This step require a lot of research.
Target Security Levels.
Recommendation.

SL-T should be established for each zone. this depends on CRRF. it is based on risk matrix and risk tolerance.

Question 19

Q

Risk Profile is?

Answer

A

it is like a heat map that shows unmittigated risk and the risk level. some companies may have this in place or needs to build one.

Question 20

Q

SL-T is defined in how many levels?

Answer

A

5 levels.
Level 0 - no requirement
Level 1 - Protection against casual
Level 2 - Protection against intentional with low resource
Level 3 - Protection again intentional with high skills and moderate skills
Level 4 - Protection against intentional attacks with high skills and high motivation.

Question 21

Q

Security Level Target (SL-T) should be provided for each zone and conduit. also remember that

Answer

A

SL-T depends directly on CRRF the risk reduction Factor.

Question 22

Q

CRRF

Answer

A

is a measure of the degree of acceptable level. or the risk reduction required to achieve tolerable risk.

CRRF = to unmitigated risk / tolerable risk

Question 23

Q

You need to establish a relation between the SLT- and the CRRF. this should be based upon

Answer

A

Organization Risk Matrix and Risk tolerance.

Question 24

Q

Security Level targets are explained under

Answer

A

Annex A of IEC62443-3-3 Security Level Vectors.

Question 25

Q

2- step 2 in the design phase is managing risk. this can be divided using the?

Answer

A

Four T’s which include
- Tolerate Risk - Accept Risk
- Transfer Risk - Insurance 3rd party
- Terminate Risk -
- Treat Risk- reduce it to acceptable level by implementing countermeasure.

Question 26

Q

3- step 3 of the design is treating the risk 5Ds

used in neuclar wopeon and air forces.

TTLNF

Answer

A

Deter - is the farthest from assets such as camera fence.
Detect - cameras, security personnel.
Delay - honey pot, locks to delay attacks
Deny
Defeat - security personal response to apprehend

Question 27

Q

Deter

Answer

A

objective is to deter attackers from attempting to breach

Question 28

Q

detect

Answer

A

objective to monitor large area to accurately detect unauthorized access and respond on time .

Question 29

Q

Delay

Answer

A

The objective of delay an active intrusion to force intruder to stop and allow security to respond

Question 30

Q

Deny

Answer

A

is keep unauthorized person out and let authorized people in

Question 31

Q

Defeat

Answer

A

Objective is to defeat intrusion by apprehending intruder. often involve law enforcement.

Question 32

Q

There is always differences between physical and cybersecurity policies. IEC62443-2-1 recommend that:

Answer

A

You need security policies and procedures established for both physical and cyber.

at least one or more physical security perimeters shall be in place to protect assets.

Question 33

Q

when applying security protection using the 5D’s remember

Answer

A

this should be done for each zone and conduit. it should also use
- risk assessment results
- target security level
- Cybersecurity requirment specifications. CRS

Question 34

Q

Deter options are

Answer

A

Policies and Procedures
Warning Banners.
Obscurity

Question 35

Q

Detect options are

Answer

A

IDS
SIEM
Anti-Virus software
Firewalls
Emails and URL filtering
Train personnel to be aware of scams

Question 36

Q

Delay attacks options are

Answer

A

Security Hardening
Patching
Encryption
Network segmentation
Access Controls
Honey Pot Systems.

Question 37

Q

Deny Options are

Answer

A

Deny unauthorized users and software’s from access the system.
- Firewall
- Whitelisting
- Intrusion Prevention Systems
- Access Controls

Question 38

Q

Defeat the attackers. retain forensic evidence

Answer

A

eradicate the intruder or malicious software and restore the system to normal.

Malware Removal tools
Policies and Procedures
Intrusion Prevention.

Question 39

Q

4- Develop a Security Strategy - remember the order.

Answer

A

Identify Zones and conduits
Review Risk assessment - this is for each zone and conduit.
Establish Target security Level
Identify Physical and cyber access points.
Develop 5D physical and cyber strategy for each zone and conduit.

Question 40

Q

5- prepare conceptual design specification

Answer

A

this can include:
- Document security countermeasure to achieve target security level
- Scope of work
- conceptual system architecture
- budget cost and schedule estimate.

Question 41

Q

Chapter 3

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Answer

A

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

This chapter is focused on
- Project Management related to design
- System and Software Development Life Cycle
- Function and Security Requirement for the Design.
- Choose technology for the Design
-

Question 42

Q

design and implementation of countermeasure should always treated as

Answer

A

-Should be treated as a project
- Project Management is required
- With proper lifecycle, plan, and implement phase.
- Should always assign a project manager

Question 43

Q

what are some of the elements for good project plan?

Answer

A

Clear goal of the Project
Define the scope of work - Beware of scope creep
list all deliverable to assign resources correctly
quality criteria - and setting expectation
determine stakeholders and get them involved and updated.
Understand the budget for the project.
establish milestone to keep project manageable.
tolerance should be set for each milestone.
address dependencies
identify risk
Schedule
Dependencies

Question 44

Q

Software Process

Answer

A

is a set of related activities that leads to the production of software product.

Question 45

Q

System/Software Lifecycle

Answer

A

Software specification ( requirement analysis)
Software Design
software implementation - Coding
software validation - Testing
software evaluation - Maintenance and Further Development

Question 46

Q

the phase necessary to develop and maintain software system are called

Answer

A

Data Structure.

Question 47

Q

Security Requirement

Answer

A

You must secure you security countermeasures.

Question 48

Q

Normally security countermeasures are installed with?

Answer

A

insufficient Security - example.
- IP camera with default
- firewall with telnet enabled.
- servers with weak and not security in place .

Question 49

Q

Countermeasures details include

Answer

A

Environment
User Characteristic
Assumption
Constrains
Dependencies

Question 50

Q

Countermeasure Requirement include

Answer

A

Functional
Usability
performance
Data Management
Standards
Security

Question 51

Q

Security requirement is divided into - cyber security requirement specification

Answer

A

Environmental/ External Dependencies such as - supply chain - testing - protection and health and safety
Risk Assessment and control requirement.
Regulatory and Industrial standard requirement
Access Control requirement
Data integrity and Confidential Requirement
Communication and Data flow requirement
security event monitoring tools

Question 52

Q

each security requirement there is a set of one or more design element that will be produced. those elements includes

Answer

A

Architecture Diagrams.
Data flow charts
Design Specification
Use Cases
Business Process Diagrams.
Configuration Screens.

Question 53

Q

Elements of good DESIGN SPECIFICATION include

Answer

A

Introduction
Project Scope
System Design
Component and process Design
Data Design
User Display and output.
Reports
System Files.
Prototype description
prototype test procedure. analysis.
Special notes
Project Extension.

Question 54

Q

Good element of project management

Answer

A

Goal of project
Scope of work
Deliverable
-Quality criteria
Stakeholder.
Budget.
Schedule
Risk
Tolerance
Milestone
Task/duties/ responsibilities.

Question 55

Q

what is Firewall?

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Answer

A

device or hardware/software controls the flow of traffic between network devices. Firewall filter communications allow authorized and deny unauthorized.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Question 56

Q

firewall type are divided into two types

Answer

A

Network Based hardware
Host Based software

Question 57

Q

Network Firewall are typically

Answer

A

Hardware appliance that filter traffic between one or more devices.

Question 58

Q

Threat modeling firewall

Answer

A

it is more than firewall and they do more than just checking inbound and outbound.

Question 59

Q

Classes of network firewalls are

Answer

A

Packet filter
Stateful Inspection firewall
Deep packet inspection

Question 60

Q

To have good defense in depth strategy you will need to add to network firewall.

Answer

A

adding Host based firewall will provide defense in depth approach. normally those firewalls are software based and they reside in the host they are protecting. PROVIDE GRANULAR PROTECTION…

Question 61

Q

Host BASED FIREWALLS

Answer

A

Part of the operation system
they perform logging.
Limit outbound traffic to prevent infection.
can be configured to perform - Addresses based and application based inspection.
Act as Intrusion Prevention System - detect attack and take action to thwart.

Question 62

Q

Personal firewalls (Host based)

Answer

A

provide extra protection.
they reside on the host they are protecting.
## monitor incoming/outgoing network traffic.

Question 63

Q

Packet filter

Answer

A

the basic model of all
- based on source/Des mac and IP address.
- based on states of flag - SYNC- FIN - ACK - INIATED- CLOSED - ESTABLISHED
- it is the core and can be found in routers and it is called ACCESS LIST
- based on directives.
- it doesn’t not care about content - PAYLOAD not important.

Question 64

Q

Statuful INSEPCTION

Answer

A

track the states of the packet and block packets that deviate from the state.
it does that inspection by evaluate the TCP values.
- those firewall check the status and port number.
firewalls normally check the TCP sequence number to reject not legit traffic.
- If you have nat- the rule set first checked then 3 hand-shake is completed.

Answer 65

A

Connection establish
termination
USAGE

Answer 66

A

it adds basic intrusion detection technology that analyze protocols to IDENTIFY MALESIOUS CODES and MALFORMED PACKETS

it can allow. deny based on specific attribute.

IT CAN BLOCK FUNCTIONS based on protocol function 9 for example write code tcp Modbus)
it can also block .exe

Answer 67

A

Switch filter only to the MAC address
Firewall packet filter based on MAC and IP address
Packet filter uses MAC and IP and also Session. TCP/UPD
Deep packet inspection add to that the Applications and payload.

Answer 68

A

you should never connect corporate network to control system. there must be a firewall to have defense in depth.

Answer 69

A

it is recommended to have DMZ in the network to act as a buffer between the Control System and the Enterprise.

Answer 70

A

you should always have one firewall for each main controller. so that when a layer gets compromised the other firewall will protect it.

Answer 71

A

Plan identifying all requirement to select the product.
Install and Configure this includes installing configuring and firewall rules.
Test test configuration to validate functionality, performance, scalability.
Deploy - deploy firewalls.
Manage -

Answer 72

A

you should think about the architecture. future expansion, technology used, so many much more.

Answer 73

A

think about install - device, software, hardware, patch update.
think about configure user/account - policy/rule/ access list/ comments changes,
think about greenfield installations.
policy is very important for firewall implementation in this phase. and CRTICIAL .

Answer 74

A

test connectivity, rule sets, application, logging, performance, features like vpn

Answer 75

A

Deploy - notify parties when making change, have change management plan, backup, plan .,

Answer 76

A

manage this include maintaining policies, patching, review logs, audit, management,

Answer 77

A

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Answer 78

A

to detect unattempted to break to the system. the allow admins to respond to minor security issues before they became security incidents

Answer 79

A

NIDS and HIDS

Answer 80

A

-Anomaly is based on behavior
- pre defined rules based on signatures

Answer 81

A

in general it does not block traffic. also it is normally places in strategic place to monitor all traffic

Out of band meaning they get the information from port mirror
Inline meaning its part of the network and traffic passes through it.

Answer 82

A

is meant to detect single host. its normally an agent installed in the host machines. it will detect and use the pop up screen, sometimes it send to the central collector.

Answer 83

A

Log analysis
Event coloration
Integrity checking
Policy enforcement
Rootkit detection
Alerting.

Answer 84

A

they have
- broad scope where HIDs have narrower scope
- near real time response - respond right away
- bandwidth depend - HIDS not much traffic requirement
- high false positive rate where HIDS is low false positive
- required hardware where HIDS does not require hardware.

Answer 85

A

Using distributed deployment strategy.
Install NIDS at zone entry points.

always enhance those implementation with SCADA signatures.

Answer 86

A

process of securing systems by reducing their surface attack. Reducing the attack surface!!!

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Answer 87

A

HOW TO REDUCE THE ATTACK SURFACE???
- Remove unnessassry softwares only install what you need.
- remove unneeded user accounts. no need to add user accounts.
- Strengthen access control - dont use the default
- disable unneeded services. do not enable all services.
- install security patches. - patches comes with security enhancement. use them!

Answer 88

A

Basically any configurable device can be hardened. PLC, VDF, switches, gateways, PLC, software

Answer 89

A

NIST SP800-123
Microsoft security guide
CIS security benchmark
DISA STIGs - defense information system Agency security technical implementation guide.

Answer 90

A

Patches to update OS - patches comes with secure enhancement.
Remove and disable services. - services not required always.
Configure access control - least privilege - only allow what you need.
Configure user os authentication - Authentication should always be enabled.
Install additional security controls. - make sure you include everything.
Test the security of OS - check the OS system.

Answer 91

A

Recommendation for technical controls created by lots of professionals.
- accepted by governments.
- used by IT professionals.
- DE FACTO
basically CIS security have benchmarks for all the different systems.

Answer 92

A

because its extremely difficult to manage those manually.

Answer 93

A

Active Directory
Microsoft Windows Security Compliance Manager
DISA - Defense Information System Security.

Answer 94

A

it is free tool that have the benchmark of the best practice confguration.
- ready to deploy and test and test policies.
- import configuration from active directory and backup local group policy.

Answer 95

A

security compliance toolkit in june 2017

Answer 96

A

Gold master support - pre build to save time.
configure standalone machines.
update security guides.
compare to industry best practice.

Answer 97

A

ENHANCED MITIGATION EXPERIENCE TOOLKIT

Answer 98

A

is an enhancement to windows operation system that stops broad classes of malware from executing.

Answer 99

A

provide addtional protection to vulnrabile un-patched software.
- require little configuration and maintenance.
- offer centralized admin and logging.
- Audit only” mode for compatibility testing.

Answer 100

A

System wide
Application specifics.
Advanced.

Answer 101

A

Data execution prevention: this prevent damage and virus to your computer. some attacks uses memory and this will prevent it.
Address Space Layout Randomization. ASLR this prevent shellcode from execution, it does this by offset location in memory.
Structured Exception Handler Overwrites (SEHOP) guard against stack overflows by using code 32bit to prevent attacks.

Answer 102

A

HEAP Spray arbitrary code execution. taking advantage of the heap.
EAF - Export Address table Access filtering.

Answer 103

A

Deep Hooks - provide protections for critical APIs and low level APIs. used by top level.
ANTI DETOURS - Shellcode techniques for evasion of hooks by execution. -
Banned function - is for additional APIs blocked and detected.

Answer 104

A

System Wide Mitigation - DEP, ASLR, SEHOP
Advanced Mitigation - Deep hooks, Anti Detours, Banned function.
Application - everything else including HEAP and EFR.

Answer 105

A

sometimes the devices are PLC, HMI, MOTOR, Driver,

always check with NISA, ISA, Vendors might have some hardening procedures for their devices.

Answer 106

A

Disable remote device changes.
install vendor firmware
check with hash always.
shutdown unused interfaces.
disable unused protocols.
-enable logging.
disable services.
restrict remote access.
protect IACS with industrial firewall.
change default passwords.

Answer 107

A

You should always look into the network and not only end devices.
examples are firewalls, routers, switches, etc.

Answer 108

A

Management - manage traffic send to IOS. such as application, ssh, protocol, SNMP
Control - maintain things like OSPF, PGP, paramount to the network.
Data - forward traffic through the network.

Answer 109

A

Install firmware update.
compare hashes
shutdown unused physical interfaces.
enable logging
shutdown unneeded services.
restrict remote management
use SNMP3
change and encrypt passwords.

Answer 110

A

it is basically controlling the access … this is basically all the policies and procedures and technical controls that govern the use of system resource.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Answer 111

A

ensures system is only accessable by authorized users. accounts, processes.

Answer 112

A

ESTABLISHING
ACTIVATING
Modifying
Reviewing
Disabling
Removing accounts.

Answer 113

A

Separation of duties
Least privilege
Unsuccessful login attempts
System use notification
Session locking
Session termination
Concurrent session control

Answer 114

A

Servers/ workstation operation system
Application HMI Engineering
Data bases
Network Components
and most devices.

Answer 115

A

ISA/IEC 62443-2-1 establisihing
ISA/IEC 62443-3-2 security requirement
NIST 800.53 security and privacy for federal
NIST 800-82 guide to industrial control system
public safety canada TR12-002
US department of homland security.

Answer 116

A

Develop an access control policy to logical and physical rules. you decide how granular it can be.
Employ multiple authentication methods
Segregate data with high sensitivity and business consequence from other
Make use of central identity and access.
Establish separates IACS domains.
Use organization OU to partition resources and functional units.

-

Answer 117

A

something you know - password and pin
something you have card, token usb
and somewhere you are - fingerpring and retinal signtures.

Answer 118

A

LAN WAN TCP
mODEM OVER PUBLIC telephone service
modem to non windows devices.

this come with good benefits to oiperation but huge risk since people can access it.

Answer 119

A

-large variety of control system architectures.
- different type of needs for remote users.
- technology limitation
- service limitation
- different IT policies.
- regulatory limitation
- vendor requirement.

Answer 120

A

Center of protection of national infrastructure.
North American electrical reliability corporation (NERC)
public safety of Canada.

Answer 121

A

maintenance
operators
system support.
business partners.
supply chain
field technician
customers.
service providers.

Answer 122

A

telephone services. POTS ISDN and Dialup
Wireless such as settalite 802.11, mocrowave, 900
WAN such as T1 E1, DSL, framerelay, ATM, MPLS
remote access servers such as my pc, log me in, teamviewer,.
VPN
terminal services.
desktop virtualization citrix,

Answer 123

A

the list is long but here are the main ones.

type and quantity of users requiring access.
IACS assets that require access
threats and possible attack vectors.
SL-T for each accessible remote asset.
regulatory and policy restriction
technology and vendor restriction.
budget.
Available services.
duration of remote access.

Answer 124

A

a network device equipped with enhanced security features knows as SSL Secure Socket layer.

Answer 125

A

SSL Secure Socket Layer.

Answer 126

A

also VPN does not limit the ptotocols.

Answer 127

A

IPSec internet protocol security
SSL/TLS Secure socket layer/ transport layer security
DTLS - Datagram Transport Layer Security
MPPE - Microsoft point to point encryption
SSTP - Secure Socket tunneling protocol.

Answer 128

A

Two endpoints of a VPN are intermediary devices that passes traffic from trusted network to another trusted network using untrusted link.

Answer 129

A

it has a host computing device at one point and the other point is intermediate device - for protection, always add VPN gateway with DMZ.

Answer 130

A

it is the evolution for of the traditional firewalls. it comes with so many enhancement and different VPN technology.

Answer 131

A

Only approved laptop for remote access.
provide secure bootable images.
require and enforce 3rd party with remote access.
provide separate authentication mechanism for internal and external.
change port number to different port numbers.

-

Answer 132

A

disable split tunnel in the VPN
Monitor and log ID, Time,
provide mechanism for on demand access and termination.
restrict access to special machines.
-force vpn traffic after a firewall and IDS after its unencrypted.

Answer 133

A

only read access when possible.
limit data exchange with seplaier and customers.
employee and vendor remote maintenance.
FULL ACCESS IS business decision that needs to be addressed by management. IT IS NOT RECOMMENDED FOR REMOTE ACCESS in IACS.

Answer 134

A

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Answer 135

A

FAT at the vendor location
SAT at the customer location before going live. and before functional test.

Answer 136

A

First: Verification of Cybersecurity Specifications.
Second: Cybersecurity Robustness Testing.

Answer 137

A

Weaknesses of the system. basically try to break into it.

Answer 138

A

this step is to verify that specification and policies are met with the operation of the system.

Answer 139

A

ISA/IEC62443-2-4
ISA secure
DHS

Answer 140

A

Select different vendors for testing than the designers.
Define system under test
Develop a verification and test plan
Verify cybersecurity configuration settings.
Perform robustness settings
Document the results.

Answer 141

A

CAT configuration Assessment tool. - benchmark the configuration of the system to the CIS benchmark.
RAT is Router assessment tool - this tool assess routers/ configuration Cisco.
NESSUS- Audit operation systems.

Answer 142

A

you should always have one firewall for each main controller. so that when a layer gets compromised the other firewall will protect it.

Answer 143

A

You should think about the architecture. future expansion, technology used, so many much more.

Brainscape's Knowledge GenomeTM

cybersecurity Flashcards

Brainscape's Knowledge Genome^TM