Eccouncil ICS/SCADA Cyber Security Exam Practice Test

Page: 1 / 14
Total 75 questions
Question 1

Which of the following is NOT ICS specific malware?



Answer : C

Code Red is not ICS specific malware; it was a famous worm that targeted computers running Microsoft's IIS web server. Unlike Flame, Havex, and Stuxnet, which were specifically designed to target industrial control systems or perform espionage related to ICS environments, Code Red was aimed at exploiting vulnerabilities in internet-facing software to perform denial-of-service attacks and other malicious activities. Reference:

CERT Coordination Center, 'Code Red Worm Exploiting Buffer Overflow In IIS Indexing Service DLL'.


Question 2

What is a vulnerability called that is released before a patch comes out?



Answer : C

A vulnerability that is exploited before the vendor has issued a patch or even before the vulnerability is known to the vendor is referred to as a 'zero-day' vulnerability. The term 'zero-day' refers to the number of days the software vendor has had to address and patch the vulnerability since it was made public---zero, in this case. Reference:

Symantec Security Response, 'Zero Day Initiative'.


Question 3

Which publication from NIST provides guidance on Industrial Control Systems?



Answer : B

NIST Special Publication 800-82, 'Guide to Industrial Control Systems (ICS) Security,' provides guidance on securing industrial control systems, including SCADA systems, distributed control systems (DCS), and other control system configurations such as programmable logic controllers (PLC). It offers practices and recommendations for protecting and securing ICS systems against disruptions, malicious activities, and other threats to their integrity and availability. Reference:

National Institute of Standards and Technology (NIST), 'Guide to Industrial Control Systems (ICS) Security'.


Question 4

How many firewalls are there in the most common ICS/SCADA architecture?



Answer : D

The most common ICS/SCADA architecture typically includes two firewalls. This dual firewall configuration often involves one firewall placed between the enterprise network and the ICS/SCADA network, and another between the ICS/SCADA network and the plant floor devices. This arrangement, known as a 'demilitarized zone' (DMZ) between the two firewalls, adds an additional layer of security to help isolate and protect sensitive operational technology (OT) environments from threats originating from IT networks. Reference:

National Institute of Standards and Technology (NIST), 'Guide to Industrial Control Systems (ICS) Security'.


Question 5

Which of the options in the netstat command show the routing table?



Answer : C

The netstat command is a versatile networking tool used for various network-related information-gathering tasks, including displaying all network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.

The specific option -r with the netstat command is used to display the routing table.

This information is critical for troubleshooting network issues and understanding how data is routed through a network, identifying possible points of failure or security vulnerabilities.

Reference

'Linux Network Administrator's Guide,' by O'Reilly Media.

Man pages for netstat in UNIX/Linux distributions.


Question 6

What type of protocol is considered connection-oriented?



Answer : B

TCP (Transmission Control Protocol) is a connection-oriented protocol used in the majority of internet communications.

Connection-oriented protocols like TCP require a connection to be established between the communicating devices before data is transmitted. This ensures reliable and ordered delivery of data.

TCP manages this by establishing a handshake mechanism (TCP three-way handshake) to set up the connection prior to transmitting data and properly terminating the connection once the communication session has completed.

Reference

'TCP/IP Illustrated, Volume 1: The Protocols' by W. Richard Stevens.

Postel, J., 'Transmission Control Protocol,' RFC 793.


Question 7

Which of the following are required functions of information management?



Answer : A

Information management within the context of network security involves several critical functions that ensure data is correctly handled for security operations. These functions include:

Normalization: This process standardizes data formats from various sources to a common format, making it easier to analyze systematically.

Correlation: This function identifies relationships between disparate pieces of data, helping to identify patterns or potential security incidents.

Data enrichment: Adds context to the collected data, enhancing the information with additional details, such as threat intelligence.

All these functions are essential to effective information management in security systems, allowing for more accurate monitoring and faster response to potential threats.

Reference

'Data Enrichment and Correlation in SIEM Systems,' Security Information Management Best Practices.

'Normalization Techniques for Security Data,' Journal of Network Security.


Page:    1 / 14   
Total 75 questions