JavaScript isn't enabled in your browser, so this file can't be opened. Enable and reload.
Assessing the Cybersecurity of New or Existing IACS Systems (IC33)
Knowledge Check
Sign in to Google
to save your progress.
Learn more
* Indicates required question
1. Which of the following are considered an IACS asset?
*
A PLC
An HMI computer
An operator
All of the above
2. Which of the following is the “expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with a particular consequence”?
*
Risk
Vulnerability
Threat source
Consequence
3. Which of the following is a “flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's integrity or security policy”?
*
Risk
Vulnerability
Threat source
Consequence
4. What are the three main phases of the IACS Cybersecurity Lifecycle?
*
Assess, operate, maintain
Design, implement, maintain
Assess, develop & implement, maintain
Design, operate, maintain
5. Which is the correct formula for cyber risk?
*
Risk = Threat x Asset x Consequence
Risk = Threat x Vulnerability x Cost
Risk = Threat Agent x Threat x Vulnerability
Risk = Threat x Vulnerability x Consequence
6. What type of vulnerability assessment technique involves attempting to exploit a vulnerability?
*
Passive vulnerability assessment
Active vulnerability assessment
Gap assessment
Penetration test
7. Which of the following is a benefit of performing an IACS cyber risk assessment?
*
Being able to better prioritize cybersecurity activities and resources
Being able to identify the root cause of an incident
Being better prepared to respond to a cybersecurity incident
Being better prepared to apply patches
8. What is a threat source?
*
A weakness that can be exploited to compromise a system
A person or object that can manifest a threat
A measure of the likelihood that an attack will be successful
The undesirable result of an incident
9. Which of the following is the term for the undesirable result of an incident?
*
Threat source
Vulnerability
Consequence
Threat actor
10. Which of the following are types of vulnerability assessments?
*
Gap assessment, passive vulnerability assessment, penetration testing
Gap assessment, system hardening, penetration testing
Active vulnerability assessment, patch management, penetration testing
Passive vulnerability assessment, penetration testing, threat modeling
11. “Countermeasures” in cyber security are measures taken to:
*
Eliminate system penetration by outsiders
Confuse perimeter intrusion detectors
Reduce the system’s risk of loss from vulnerabilities and threats
Eliminate the risk of an inside attacker taking over a computer network
12. One-way safety is different from security in industrial plants is that:
*
Safety considers the effects of malicious actions, not just the causes
The field of safety encompasses the field of security
Safety concerns itself with human error and the natural causes of accidents, while security may involve malicious behavior
Safety concerns itself with malicious behavior, while security may involve human error and the natural causes of accidents
13. Which option are correct Foundational Requirements (FR) of the ISA/IEC-62443-3-3?
*
Authentication and Authorization (AA), Use Control (UC), System Integrity (SI)
System Integrity (SI), Data Confidentiality (DC), Security Level (SL)
Timely Response to Events (TRE), Restrict Data Flow (RDF), Use Control (UC)
System Robustness (SR), Data Confidentiality (DC), Identification and Authentication Control (IAC)
14. The standard ISA 62443-3-2 belongs in which tier/group of the ISA 99 committee work products?
*
Component
System
General
Policies & Procedures
15. The desired level of security for a system is known as?
*
Capability Security Level
Target Security Level
Target Protection Level
Achieved Security Level
16. What are the main type of intrusion detection systems?
*
Perimeter Intrusion Detection & Network Intrusion Detection
Host Intrusion Detection & Network Intrusion Detection
Host Intrusion Detection & Intrusion Prevention Systems
Intrusion Prevention / Network Intrusion Detection
17. What type of assessment uses tools to discover devices and vulnerabilities of IACS?
*
Penetration testing
Active assessment
Passive assessment
GAP assessment
18. Which of the following is the correct formula for Cyber Risk Reduction Factor (CRRF)?
*
CRRF = Unmitigated Risk / Tolerable Risk
CRRF = Mitigated Risk / Tolerable Risk
CRRF= Tolerable Risk / Unmitigated Risk
CRRF= Tolerable Risk / Mitigated Risk
19. What type of assessment may include reviewing documents, system walk-thru, traffic analysis, or ARP tables?
*
Active assessment
Passive assessment
GAP assessment
Vulnerability assessment
20. Which is the Security Level of protecting against intentional violation using sophisticated means with moderate resources, IACS specific skills and moderate motivation?
*
SL 1
SL 2
SL 3
SL 4
Submit
Clear form
This form was created inside of International Society of Automation.
Report Abuse
Forms