Scribd
Upload
2K views6 pages

Test - Post Curso IC32 - Respuestas

The document contains questions and multiple choice answers about cybersecurity topics such as the basic properties of cybersecurity, countermeasures, security policies for industrial networks, factors for successful cybersecurity programs, differences between safety and security for industrial plants, IT and control system security standards, risk formulas, and layers of the OSI model. It covers concepts like logical groupings called zones, firewall functions, steps in risk assessment and cybersecurity lifecycle models.

Uploaded by

cayu8138
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
2K views6 pages

Test - Post Curso IC32 - Respuestas

The document contains questions and multiple choice answers about cybersecurity topics such as the basic properties of cybersecurity, countermeasures, security policies for industrial networks, factors for successful cybersecurity programs, differences between safety and security for industrial plants, IT and control system security standards, risk formulas, and layers of the OSI model. It covers concepts like logical groupings called zones, firewall functions, steps in risk assessment and cybersecurity lifecycle models.

Uploaded by

cayu8138
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Respuestas

4.Which three basic properties are the building blocks of cyber security?

(4 Points)
Authorization, Identification, and Integrity (AII)

Confidentiality, Integrity and Availability (CIA)

Authorization, Reliability and Integrity (ARI)

Confidentiality, Integrity and Authorization (CIA)

5.“Countermeasures” in cyber security are measures taken to


_____________________________.

(4 Points)
Eliminate system penetration by outsiders

Confuse perimeter intrusion detectors

Reduce the system’s risk of loss from vulnerabilities and threats

Eliminate the risk of an inside attacker taking over a computer network

6.Why would a company issue security policies for industrial networks?

(4 Points)
To let outside intruders know the consequences of their actions.

To clearly establish which department “owns” the network

To guide a company’s cybersecurity department on how to catch security violations.

To communicate the responsibilities of users, management, IT staff for company security.

7.A key factor for the success of a cyber security program is


____________________________.
(4 Points)
Security policy, objectives and activities that reflect business rationale and objectives.

Strict rules that forbid interconnection of control system to business systems.

The latest in security technologies.

The latest in hardware technologies.

8.Safety is different from security in industrial plants is that


___________________________.

(4 Points)
Safety considers the effects of malicious actions, not just the causes.

The field of safety encompasses the field of security.

Safety concerns itself with human error and the natural causes of accidents, while security may
involve malicious behavior.

Safety concerns itself with malicious behavior, while security may involve human error and the
natural causes of accidents.

9.Which of the following documents are IT Security standards?

(4 Points)
IEC 61850

ISO 27001:2013

ISA 95

ISA 84

10.Which of the following are control system security standards?

(4 Points)
COBIT 5

ISO/IEC 15408:2009

ISA/IEC 62443

ISO 27001:2013

11.The standard ISA 62443-2-1 belongs in which tier/group of the ISA 99 committee
work products?
(4 Points)
Component

System

General

Policies & Procedures

12.Which of the following is NOT generally considerered to be a requirement of


industrial control systems?

(4 Points)
Real-time performance

High availability

Frequent updates

HSE considerations

13.Which formula is correct?

(4 Points)
Risk = Threat x Asset x Consequence

Risk = Threat x Vulnerability x Cost

Risk = Threat x Likelihood x Vulnerability

Risk = Threat x Vulnerability x Consequence

14.Which of the following would NOT be considered a countermeasure?

(4 Points)
Replay

Access Controls

Encryption

Intrusion Detection

15.A logical grouping of physical, informational, and application assets sharing


common security requirements is called a(n) __________________

(4 Points)
Security model

Asset model

Conduit

Zone

16.Which of the following is Layer 4 in the ISO OSI/Reference Model?

(4 Points)
Session

Network

Transport

Data

17.Which one of the following can best perform a network subnet routing function?

(4 Points)
Layer 1 hub

Layer 2 network interface card

Layer 3 switch

Layer 4 user datagram protocol

18.TCP is a ___________ protocol

(4 Points)
Connection based

Layer 3

Send and forget

Layer 7

19.In IPv4 which protocol resolves IP addresses into MAC addresses?

(4 Points)
ICMP

TCP

IP
ARP

20.What is Microsoft’s normal scheduled release day for security patches?

(4 Points)
When critical patches available

The first Monday of the month

The first Friday of the month

The second Tuesday of the month

21.What is the purpose of Windows Server Update Services (WSUS)?

(4 Points)
Deploy the latest Microsoft Hyper-V product updates

Distribution of Microsoft Software Update Services

Deploy the latest Microsoft product updates and hotfixes

Distribution of Windows Software Unified Server

22.What is the primary function of a firewall?

(4 Points)
Block all internet traffic

Detect network intrusions

Filters network traffic

Authenticate users

23.What is the first step in the High-Level Risk Assessment?

(4 Points)
Identify Threats

Identify Critical Assets and Consequences

Define Methodology for Identifying Risks

Analyze Threats

24.What is the desired outcome of the Initiate a CSMS program activity?

(4 Points)
Conceptual diagrams that show how an AD forest can be attacked

Obtain leadership commitment, support, and funding

Identify software agents used by threat agents to propagate attacks

Select and implement countermeasures

25.Which organization bridges the gap between 62443 standards and their
implementation?

(4 Points)
National Institute of Standards and Technology (NIST)

International Electrotechnical Commission (IEC)

European Union Agency for Network and Information Security (ENISA)

ISA Security Compliance Institute (ISCI)

26.System Robustness Testing includes which of the following?

(4 Points)
Fuzz testing

Network traffic load testing

Vulnerability scanning

All the above

27.What are the three main phases of the ISA/IEC 62443 Cybersecurity Lifecycle?

(4 Points)
Assess, Develop and Implement, Maintain

Assess, Integrate, Maintain

Analyze, Develop and Implement, Maintain

Analyze, Integrate, Maintain

You might also like