Eccouncil ICS-SCADA ICS/SCADA Cyber Security Exam Practice Test

Answer : D

A Virtual Private Network (VPN) typically requires two Security Associations (SAs) for a secure communication session. One SA is used for inbound traffic, and the other for outbound traffic.

In the context of IPsec, which is often used to secure VPN connections, these two SAs facilitate the bidirectional secure exchange of packets in a VPN tunnel.

Each SA uniquely defines how traffic should be securely processed, including the encryption and authentication mechanisms. This ensures that data sent in one direction is handled independently from data sent in the opposite direction, maintaining the integrity and confidentiality of both communication streams.

Reference

'Understanding IPSec VPNs,' by Cisco Systems.

'IPsec Security Associations,' RFC 4301, Security Architecture for the Internet Protocol.

Answer : C

In ICS/SCADA systems, the highest priority typically is Availability, due to the critical nature of the services and infrastructures they support. These systems often control vital processes in industries like energy, water treatment, and manufacturing. Any downtime can lead to significant disruptions, safety hazards, or economic losses. Thus, ensuring that systems are operational and accessible is a primary security focus in the context of ICS/SCADA security. Reference:

National Institute of Standards and Technology (NIST), 'Guide to Industrial Control Systems (ICS) Security'.

Answer : D

TCP flags are used in the header of TCP segments to control the flow of data and to indicate the status of a connection. Valid TCP flags include:

FIN: Finish, used to terminate the connection.

PSH: Push, instructs the receiver to pass the data to the application immediately.

URG: Urgent, indicates that the data contained in the segment should be processed urgently.

RST: Reset, abruptly terminates the connection upon error or other conditions.

SYN: Synchronize, used during the initial handshake to establish a connection. These flags are integral to managing the state and flow of TCP connections. Reference:

Douglas E. Comer, 'Internetworking with TCP/IP Vol.1: Principles, Protocols, and Architecture'.

Answer : B

LACNIC, the Latin American and Caribbean Internet Addresses Registry, is the regional internet registry (RIR) responsible for allocating and administering IP addresses and Autonomous System Numbers (ASNs) in Latin America and the Caribbean.

Function: LACNIC manages the distribution of internet number resources (IP addresses and ASNs) in its region, maintaining the registry of domain owners and other related information.

Coverage: The organization covers over 30 countries in Latin America and the Caribbean, including countries like Brazil, Argentina, Chile, and Mexico.

Services: LACNIC provides a range of services including IP address allocation, ASN allocation, reverse DNS, and policy development for internet resource management in its region.

Given this role, LACNIC is the correct answer for the registrar that contains information for domain owners in Latin America.

Reference

'About LACNIC,' LACNIC, LACNIC Overview.

'Regional Internet Registries,' Wikipedia, Regional Internet Registries.

Answer : A, B

The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity.

The temporal score in CVSS adjusts the base score of a vulnerability based on factors that change over time, such as the availability of exploits or the existence of patches.

The temporal score includes:

Remediation Level

Report Confidence

Attack Vector and User Interaction are part of the base score, not the temporal score, as they describe the fundamental characteristics of the vulnerability and do not typically change over time.

Reference

Common Vulnerability Scoring System v3.1: Specification Document.

'Understanding CVSS,' by FIRST (Forum of Incident Response and Security Teams).

Answer : A

Information management within the context of network security involves several critical functions that ensure data is correctly handled for security operations. These functions include:

Normalization: This process standardizes data formats from various sources to a common format, making it easier to analyze systematically.

Correlation: This function identifies relationships between disparate pieces of data, helping to identify patterns or potential security incidents.

Data enrichment: Adds context to the collected data, enhancing the information with additional details, such as threat intelligence.

All these functions are essential to effective information management in security systems, allowing for more accurate monitoring and faster response to potential threats.

Reference

'Data Enrichment and Correlation in SIEM Systems,' Security Information Management Best Practices.

'Normalization Techniques for Security Data,' Journal of Network Security.

Answer : D

Ingress filtering is a method used in network security to ensure that incoming packets are allowed or blocked based on a set of security rules.

This type of filtering is often implemented at the boundaries of networks to prevent unwanted or harmful traffic from entering a more secure internal network.

The term 'ingress' refers to traffic that is entering a network boundary, whereas 'egress' refers to traffic exiting a network.

Reference

Cisco Networking Academy Program: Network Security.

'Understanding Ingress and Egress Filtering,' Network Security Guidelines, TechNet.