Eccouncil ICS-SCADA ICS/SCADA Cyber Security Exam Practice Test

Page: 1 / 14
Total 75 questions
Question 1

Which of the following ports are used for communications in Modbus TCP?



Answer : D

Modbus TCP is a variant of the Modbus family of simple, networked protocols aimed at industrial automation applications. Unlike the original Modbus protocol, which runs over serial links, Modbus TCP runs over TCP/IP networks.

Port 502 is the standard TCP port used for Modbus TCP communications. This port is designated for Modbus messages encapsulated in a TCP/IP wrapper, facilitating communication between Modbus devices and management systems over an IP network.

Knowing the correct port number is crucial for network configuration, security settings, and troubleshooting communications within a Modbus-enabled ICS/SCADA environment.

Reference

Modbus Organization, 'MODBUS Application Protocol Specification V1.1b3'.

'Modbus TCP/IP -- A Comprehensive Network protocol,' by Schneider Electric.


Question 2

Which of the IPsec headers contains the Security Parameters Index (SPI)?



Answer : B

IPsec uses two main protocols to secure network communications: Authentication Header (AH) and Encapsulating Security Payload (ESP).

Both AH and ESP use a Security Parameters Index (SPI), which is a critical component of their headers. The SPI is a unique identifier that enables the receiver to select the correct security association for processing incoming packets.

AH provides authentication and integrity, while ESP provides confidentiality, in addition to authentication and integrity. Both protocols use the SPI to manage these functions securely.

Reference

'IPsec Security Architecture,' RFC 4302 (AH) and RFC 4303 (ESP).

'IPsec Explained,' by Juniper Networks.


Question 3

Which of the following is the stance on risk that by default allows traffic with a default permit approach?



Answer : D

In network security, the stance on managing and assessing risk can vary widely depending on the security policies of an organization.

A 'Permissive' stance, often referred to as a default permit approach, allows all traffic unless it has been specifically blocked. This approach can be easier to manage from a usability standpoint but is less secure as it potentially allows unwanted or malicious traffic unless explicitly filtered.

This is in contrast to a more restrictive policy, which denies all traffic unless it has been explicitly permitted, typically seen in more secure environments.

Reference

'Network Security Basics,' by Cisco Systems.

'Understanding Firewall Policies,' by Fortinet.


Question 4

How many IPsec modes are there?



Answer : D

IPsec (Internet Protocol Security) primarily operates in two modes: Transport mode and Tunnel mode.

Transport mode: Encrypts only the payload of each packet, leaving the header untouched. This mode is typically used for end-to-end communication between two systems.

Tunnel mode: Encrypts both the payload and the header of each IP packet, which is then encapsulated into a new IP packet with a new header. Tunnel mode is often used for network-to-network communications (e.g., between two gateways) or between a remote client and a gateway.

Reference

'Security Architecture for the Internet Protocol,' RFC 4301.

'IPsec Modes of Operation,' by Internet Engineering Task Force (IETF).


Question 5

Which of the following is considered the best way to counter packet monitoring for a switch?



Answer : D

Port mirroring (also known as SPAN - Switched Port Analyzer) is considered one of the best ways to counter packet monitoring on a switch. This technique involves copying traffic from one or more switch ports (or an entire VLAN) to another port where the monitoring device is connected. Port mirroring allows administrators to monitor network traffic in a non-intrusive way, as it does not affect network performance and is transparent to users and endpoints on the network. Reference:

Cisco Systems, 'Catalyst Switched Port Analyzer (SPAN) Configuration Example'.


Question 6

Which of the following steps is used to reveal the IP addressing?



Answer : D

Enumeration is a step in the information-gathering phase of a penetration test or cyber attack where an attacker actively engages with the target to extract detailed information, including IP addressing.

Enumeration: During enumeration, the attacker interacts with network services to gather information such as user accounts, network shares, and IP addresses.

Techniques: Common techniques include using tools like Nmap, Netcat, and Nessus to scan for open ports, services, and to identify the IP addresses in use.

Purpose: The goal is to map the network's structure, find potential entry points, and understand the layout of the target environment.

Because enumeration involves discovering detailed information including IP addresses, it is the correct answer.

Reference

'Enumeration in Ethical Hacking,' GeeksforGeeks, Enumeration.

'Network Enumeration,' Wikipedia, Network Enumeration.


Question 7

What type of protocol is considered connection-oriented?



Answer : B

TCP (Transmission Control Protocol) is a connection-oriented protocol used in the majority of internet communications.

Connection-oriented protocols like TCP require a connection to be established between the communicating devices before data is transmitted. This ensures reliable and ordered delivery of data.

TCP manages this by establishing a handshake mechanism (TCP three-way handshake) to set up the connection prior to transmitting data and properly terminating the connection once the communication session has completed.

Reference

'TCP/IP Illustrated, Volume 1: The Protocols' by W. Richard Stevens.

Postel, J., 'Transmission Control Protocol,' RFC 793.


Page:    1 / 14   
Total 75 questions