An organization has their ICS operations and networking equipment installed in the Purdue model level 3. Where should the SIEM for this equipment be placed in relation to the existing Level 3 devices?
AOn a different subnet in Level 3
BOn a management subnet in Level 4
COn a management subnet in Level 2
DOn the same subnet in Level 3
Which of the following is typically performed during the Recovery phase of incident response?
AUpdating the organization's security policies to prevent future breaches.
BPatching and configuring systems to meet established secure configuration standards.
CFinding the root cause or vector used by the attacker to gain entry and maintain access.
DMaking a forensic image of the system(s) involved in the incident.
What is an output of a Business Impact Analysis?
ADetermining the maximum time that systems can be offline
BPrioritizing the business's processes
CCalculating the financial impact of a technology failure
DUnderstanding all of the business's technology functions
Which of the following devices would indicate an enforcement boundary?
AAn application with a login screen
BA workstation with antivirus
CA router with ACLs
DA switch with VLANs
Question 6
ICS Components & Architecture
0
Question 7
Hardening & Protecting Endpoints
Question 8
Protocols, Communications, & Compromises
Question 9
PERA Level 0 & 1 Technology Overview and Compromise
Question 10
Hardening & Protecting Endpoints
Question 11
ICS Overview & Concepts
Question 12
ICS Overview & Concepts
Question 13
Hardening & Protecting Endpoints
Question 14
Risk Based Disaster Recovery & Incident Response
Question 15
ICS Overview & Concepts
Question 16
ICS Overview & Concepts
Question 17
ICS Overview & Concepts
Question 18
Intelligence Gathering & Threat Modeling
Question 19
PERA Level 0 & 1 Technology Overview and Compromise
Question 20
Hardening & Protecting Endpoints
Question 21
Hardening & Protecting Endpoints
Question 22
Intelligence Gathering & Threat Modeling
Question 23
ICS Overview & Concepts
Question 24
Hardening & Protecting Endpoints
Question 25
PERA Level 2 & 3 Technology Overview and Compromise
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ad
Want a break from the ads?
Become a Supporter and enjoy a completely ad-free experience, plus unlock Learn Mode, Exam Mode, AstroTutor AI, and more.
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Which of the following devices is most likely to be in the same level as an HMI workstation that interfaces with a PLC?
AVariable speed drive
BProgrammable logic controller
CData historian
DRemote terminal unit
What is a recommended practice for securing historians and databases whose purpose is to feed data back into the control processes?
AAudit both successful and failed login attempts to databases
BFacilitate auditing by placing historians and databases in the same DMZ
CUse a dedicated domain admin user account to manage databases
DUse reliable network protocols like HTTP for remote management
An attacker crafts an email that will send a user to the following site if they click a link in the message. What else is necessary for this type of attack to work? hmi.giac.org/disconnect?sensor=812
AThe attacker must obtain a session cookie from an authorized HMI user
BThe user clicking the link must be an administrator on the network
CThe user must be authenticated to the HMI interface before clicking the link
DThe attacker must enclose the URL parameter with <script> tags to run the code
An attacker has a goal of obtaining information stored in an ICS. Why might the attacker focus his efforts on the operating system rather than the ICS application?
AOrganizations generally do not define a role or responsibility for dealing with operating systems, leaving them neglected and vulnerable
BThe operating system will have fewer vulnerabilities than the ICS application
CThe ICS is more likely to have vendor-provided security hardening guidance than the operating system will
DControl of the operating system offers access to applications running on it
For application-aware firewalls filtering traffic between trust zones, which of the following policies should be applied to a packet that doesn't match an existing rule?
ADefault alert
BDefault deny
CApplication deny list
DApplication allow list
What kind of data could be found on a historian?
AInformation needed for billing customers
BInformation for supervising lower-level controllers in real-time
CDiagrams depicting an overview of the process
DRuntime libraries that software programs use
Which type of process is used to manufacture fuels, chemicals, and plastics?
ADiscrete
BBatch
CContinuous
In the context of ICS the process of fuzzing a device is described as which of the following?
ABrute force password attacks against default accounts
BLaunching all known exploits at the device in a randomized sequence
CProviding invalid, unexpected, or random data as inputs
DMonitoring device performance in varying power conditions
EMonitoring device performance in harsh environmental conditions
Which of the following is part of the Respond function of the NIST CSF (cybersecurity framework)?
ADiscovering malicious activity on the network using multiple sensors
BPerforming forensics analysis on a system and eradicating malware
CRestoring from backup a system that had been compromised
DLimiting user access to only those network resources necessary for them to do their jobs
Which of the following is located in user mode of a typical real-time OS, but in kernel mode of a typical standard OS?
AInterprocess communication
BVirtual memory
CDevice drivers
DProcess scheduling
Which type of process performs an action on a set quantity of material at one station before moving it to the next station for another action to be performed on it?
ABatch
BHybrid
CContinuous
DDiscrete
Which type of process is described below?
Ten barrels of hot water is moved from the hot liquor tank to the mash tun.
500 kg of milled grist is added to the mash tun.
The mixture is maintained for 60 minutes before being drained to the boil kettle.
ABatch
BDiscrete
CContinuous
DDistributed
What approach can an organization use to make sure that high consequence, low probability risks are considered during risk analysis?
APrioritize risks based on impact
BGive frequency a higher weight
CPrioritize risks based on mitigation cost
DGive likelihood a higher weight
Which of the following can an attacker gain by obtaining PLC logic project files for a SCADA system?
AData regarding personnel and hiring practices
BDetails about the network architecture
CInformation about operational firewall rulesets
DSchedule of vendor product releases
What mechanism could help defeat an attacker's attempt to hide evidence of his/her actions on the target system?
AAttack surface analysis
BApplication allow lists
CSandboxing
DCentralized logging
Which control helps prevent threats to Integrity?
AFirewall egress filtering
BLogging IDS alerts
CCentralized LDAP authentication
DImplementing digital signatures
Which resource includes a standardized categorization of common software vulnerabilities?
ACWE
BCVSS
CCSC
DCIP
How are general purpose Programmable Logic Controllers (PLC) different than smart field devices?
ASmart field devices cannot be controlled centrally from a management server
BProgrammable Logic Controllers are usually microcontroller-based
CProgrammable Logic Controllers have a more limited purpose and function
DSmart field devices contain their own control logic that cannot be changed
An administrator wants to script the deployment of a security policy, over the network, to a group of workstations not managed by Active Directory. What tool could be used to accomplish this task?
Asecedit.exe
Bsecpol.msc
Cgpedit.msc
A brewer uses a local HMI to communicate with a controller that opens a pump to move the wort from the boil kettle to the fermentor. What level of the Purdue model would the controller be considered?
