Industrial Cybersecurity Essentials Course Final Exam Answers

Industrial Cybersecurity Essentials Course Final Exam Answers

Industrial Cybersecurity Essentials Course Final Exam Answers provide a comprehensive overview of the core principles required to protect industrial control systems (ICS), operational technology (OT), and critical infrastructure from modern cyber threats. This exam evaluates understanding of key concepts such as the differences between IT and OT security, common attack vectors targeting industrial environments, risk assessment methodologies, and the application of international standards and best practices to ensure the safety, reliability, and resilience of industrial systems.

1. To strengthen national critical infrastructure against cyber threats, countries have established dedicated cybersecurity agencies. Which strategy would most effectively support the establishment of dedicated cybersecurity agencies?

  • Develop centralized platforms to monitor infrastructure cybersecurity across sectors.
  • Increase investment in localized threat detection capabilities within national agencies.
  • Promote collaboration between public agencies, private sector operators, and international partners.
  • Enhance training programs within national agencies to build specialized cybersecurity expertise.

2. Match each “V” characteristic of Big Data to its correct description.

  • Velocity ==> The rate at which data is generated and the need for infrastructure to handle data streaming and immediate responses.
  • Volume ==> The amount of data being transported and stored, with projections estimating growth to 180 zettabytes by 2025.
  • Veracity ==> The process of ensuring data accuracy and preventing errors, such as dealing with false contact information from on-line sign-ups.
  • Variety ==> The type of data, which often includes unstructured data and may require significant processing before analysis.

3. What are three recommended best practices for safeguarding hosts against malware? (Choose three.)

  • Developing and enforcing a patch management policy.
  • Allowing direct internet access when necessary.
  • Implementing strong password policies and changing default passwords.
  • Removing unused Windows components, protocols, services, and applications.
  • Installing a faster CPU.
  • Using outdated software for compatibility reasons.
  • Adding more RAM.

4. Match the physical security measure to its corresponding category.

  • Locked server rooms ==> Secure areas
  • RFID tags on equipment ==> Asset tracking
  • High-security locks on doors ==> Physical locks
  • Alarm systems ==> Emergency systems
  • HVAC monitoring and control ==> Environmental controls
  • Key cards or biometric scanners ==> Access control systems

5. Match the critical infrastructure sector to the description.

  • Transportation Systems Sector ==> This sector provides essential services that enable the movement of goods, people, and services, including aviation, rail, highway, maritime, and public transit systems.
  • Communications Sector ==> This sector encompasses the infrastructure that supports the communication networks, including satellites, telephone, and internet services.
  • Energy Sector ==> This sector involves the generation, transmission, and distribution of electricity, oil, and natural gas, which are crucial for the operation of nearly all other critical infrastructure sectors.
  • Water and Wastewater Systems Sector ==> This sector is responsible for the infrastructure that supplies clean drinking water and safely removes and treats wastewater.
  • Healthcare and Public Health Sector ==> This sector ensures the provision of medical care, emergency services, and the safeguarding of public health.

6. In addition to meeting regulatory requirements, how should organizations manage cybersecurity-related contractual obligations to minimize business risk?

  • Focus on regulatory compliance first and address contractual obligations only when/if conflicts arise.
  • Apply a standard set of internal security controls to all contracts, regardless of customer requirements.
  • Track and comply with customer-specific security requirements alongside regulatory mandates.
  • Limit contractual obligations by negotiating fewer security-related clauses in supply chain agreements.

7. Why are IACS networks key targets for attackers?

  • They are easy to access and manipulate.
  • They have a critical role in managing infrastructure and potential for disruptions.
  • They often contain valuable company data.
  • They have yet to become key targets for attackers; the focus remains on consumer data.

8. What are three options that amateurs or skilled threat actors use to initiate a cyber attack from outside an organization? (Choose three.)

  • mishandle confidential data
  • exploit vulnerabilities in the network
  • facilitate outside attacks by connecting infected USB media to the organization’s computer system
  • invite malware into the organization’s network by clicking on malicious emails or websites
  • threaten the operations of internal servers or network infrastructure devices
  • gain unauthorized access to computing devices
  • use social engineering to gain unauthorized access to organizational data

9. What are the two primary purposes of attack frameworks in cybersecurity? (Choose two.)

  • To provide a checklist for system administrators to secure their systems against all known vulnerabilities.
  • To offer an approach to understanding the methods used by cyber attackers to breach systems.
  • To automate the process of hacking into systems for educational purposes.
  • To serve as legal guidelines for prosecuting cyber-attackers.
  • To create more effective rules for hiring new employees.

10. Which strategy most effectively supports an organization’s defense against OSINT-based reconnaissance activities?

  • Prioritize patching the high-value systems to avoid unnecessary downtime.
  • Establish employee training programs focused on preventing information leaks.
  • Limit the use of strong authentication to systems with public access.
  • As regular practice, delay publication of company updates to reduce visibility.

11. What best describes the purpose of the MITRE ATT&CK framework?

  • It serves as a comprehensive legal guideline for prosecuting cybercriminals internationally.
  • It is primarily used to automate the cybersecurity defenses of financial institutions.
  • It categorizes tactics, techniques, and procedures (TTPs) attackers use.
  • It focuses exclusively on protecting personal data, ignoring other cybersecurity threats.

12. What type of malware is known for its ability to replicate and spread from one computer to another, operating independently without needing a host program or user participation after the initial infection?

  • worm
  • Trojan Horse
  • spyware
  • ransomware

13. Which three statements identify the roles and responsibilities assigned to different groups involved in cybersecurity efforts for IACS, according to ISA/IEC 62443? (Choose three.)

  • Asset owners are primarily responsible for physical security and environmental controls.
  • Component suppliers are responsible for secure system designs and integrating security features into products.
  • Asset owners manage security policies and compliance.
  • System integrators focus on secure system designs and ensuring they meet the requirements of asset owners.
  • Component suppliers ensure their products meet specified security standards and requirements.
  • Asset owners are responsible for the training and awareness programs for all staff on cybersecurity.
  • System integrators are solely responsible for incident response and recovery.

14. What is the purpose of the ISA/IEC 62443 series of standards, developed by the International Electrotechnical Commission (IEC)?

  • development of consumer electronics interfaces
  • security of Industrial Automation and Control Systems
  • international shipping and logistics standards
  • creation of international financial reporting standards and polices

15. Match the IEC standard to the focus of the standard.

  • IEC 62443 ==> the security of Industrial Automation and Control Systems
  • IEC 62850 ==> the safety of electrical and electronic systems in machinery
  • IEC 62351 ==> the security of power control centers and data communications

16. What additional element falls outside the Seven Foundational Requirements (FRs) of ISA/IEC 62443 for effectively safeguarding industrial control systems?

  • restricting system access to authorized individuals only
  • ensuring rapid recovery of systems post-attack
  • mandating biometric security measures for all users
  • protecting systems from unauthorized access

17. What are the five recognized Industrial IoT network security standards?

  • IEC, CISA, IEEE, ENISA, NERC-CIP
  • ANSI, CISA, IEEE, Wi-Fi Alliance, Bluetooth SIG
  • IEC, IEEE, OWASP, ISO 9001, Wi-Fi Alliance
  • IEC, IEEE, NERC-CIP, Bluetooth SIG, Wi-Fi Alliance
  • ENISA, OWASP, ISO 9001, NERC-CIP, Bluetooth SIG

18. What is the relationship between security policy documents, standards, guidelines, and procedure documents in the cybersecurity framework for an organization?

  • Security policy documents are less important than standards, guidelines, and procedures because they are infrequently used.
  • Standards, guidelines, and procedure documents are optional, whereas all employees must legally follow security policy documents.
  • Security policy documents provide a high-level overview, while standards, guidelines, and procedure documents detail how to implement these policies.
  • Security policy documents, standards, guidelines, and procedure documents are interchangeable terms for the same types of documents and regulations.

19. What is a major security risk associated with using weak passwords on IoT application portals?

  • improved user accessibility and convenience for managing IoT devices
  • increased efficiency of the IoT devices due to less encryption overhead
  • exposure to unauthorized access, leading to potential data loss or control system takeover
  • enhanced security posture through easy recovery of forgotten passwords and more encryption overhead

20. What services does the U.S. Cybersecurity and Infrastructure Security Agency (CISA) offer to help improve cybersecurity for individuals and organizations?

  • free cybersecurity services and tools
  • paid cybersecurity compliance certification
  • subscription-based advanced threat detection tools
  • private cyber threat intelligence sharing for elite members

21. What is an implementation procedure that will help mitigate wireless connection vulnerabilities?

  • enabling open wireless guest access
  • inadequate authentication mechanisms
  • strong encryption methods for data transmission
  • poor data protection between clients and access points

22. What is the standard procedure when a security hole is found due to a vulnerability analysis of a vendor network?

  • Keep the vulnerability secret to avoid any potential risks.
  • Immediately inform the public to prevent widespread exploitation.
  • Give the vendor a predetermined time to fix the issue before public disclosure.
  • Only inform the affected customers and no one else, keeping it strictly confidential.

23. Which three Industrial Automation and Control System (IACS) components are most vulnerable to cybersecurity threats? (Choose three.)

  • HMIs
  • PLCs
  • network routers
  • SCADA systems
  • Ethernet switches
  • enterprise firewalls

24. What makes IoT devices particularly vulnerable to physical security threats?

  • Many operate in secure, well-monitored environments.
  • All IoT devices have built-in physical tamper-proof measures.
  • They are frequently left unattended in inaccessible locations.
  • They are often equipped with the latest security software and programs.

25. What situations occur that may result in vulnerabilities in industrial IoT networks?

  • strong password policies
  • regularly updated software
  • flaws, misconfigurations, or poor administration of networks
  • use of advanced encryption techniques, malware protection, and security policies

26. What is the focus of the risk assessment guidance provided by NIST SP 800-82 in the context of Industrial Automation and Control Systems (IACS)?

  • enhancing encryption protocols for data security
  • improving system bandwidth and communication speeds
  • identifying and managing risks specific to OT environments, with a focus on system availability and safety
  • managing financial risks associated with cybersecurity programs, with a focus on cost-management risks for businesses

27. Which CVSS metric group contains metrics set by end users?

  • Base metric group
  • Temporal metric group
  • Extended metric group
  • Environmental metric group

28. Which three processes are essential steps in a comprehensive risk assessment approach for cybersecurity in industrial environments? (Choose three.)

  • Threat identification
  • Vulnerability assessment
  • Marketing strategies
  • Asset identification and valuation
  • Market research for new products
  • Engagement strategies for social media

29. Which components are commonly included in an IACS data flow diagram (DFD)?

  • local applications, OT network gateways, and control applications
  • physical security measures and fire suppression systems
  • network firewalls, intrusion detection systems, and virtual private networks
  • user training programs and documentation for operational procedures

30. Which three questions are typically addressed during a risk assessment process? (Choose three.)

  • When will the attacks occur and why?
  • What vulnerabilities can threat actors exploit?
  • Who are the threat actors who want to attack us?
  • What is the budget for our cybersecurity program?
  • What technologies can we adopt to boost productivity?
  • How would the organization be affected by successful attacks?

31. What is the primary focus of Industrial Automation and Control Systems (IACS)?

  • ensuring financial transactions are secure
  • managing cloud-based services for remote access
  • controlling physical processes such as power generation and manufacturing
  • improving network bandwidth and communication speed to enhance protection

32. What is the purpose of the Base Metric Group in the Common Vulnerability Scoring System (CVSS)?

  • to assess the environmental impacts of vulnerabilities over time
  • to evaluate the characteristics of vulnerabilities that remain constant
  • to categorize vulnerabilities based on user feedback and public opinion
  • to provide scores that vary based on the organization’s internal policies

33. When data, such as a software patch, is transferred from the enterprise zone to the IDMZ in an industrial network, what is the primary function of the proxy within the IDMZ?

  • It automatically forwards all data to the industrial zone without a thorough inspection.
  • It modifies the software patch to improve compatibility with industrial systems.
  • It allows all data to bypass the IDMZ and reach the industrial systems directly.
  • It captures the data transfer and inspects files for malware or malicious elements before forwarding the data.

34. Why is the availability of network services, in the industrial zone and IDMZ, crucial for operations in the cell/area zone?

  • Applications in the industrial zone and IDMZ must remain available to prevent disruptions in the cell/area zone.
  • The industrial zone’s services are less important than those in the enterprise zone.
  • Network outages in the industrial zone and IDMZ have no impact on real-time communications in the cell/area zone.
  • Applications in the cell/area zone do not rely on the industrial zone for their functionality.

35. What is a recommended security best practice for VLANs?

  • Assign all ports on a switch to VLAN 1 for easier management.
  • Use unencrypted Telnet sessions for remote management of the VLAN.
  • Allow all VLANs to communicate without routing for easier, quicker access.
  • Disable unused switch ports and ensure no ports are assigned to VLAN 1.

36. Which statement describes the concept of “zones and conduits” as introduced by IEC 62443?

  • Zones are areas with no defined borders, while conduits represent physical movement of people between them.
  • Conduits represent all devices within a zone, and zones are the channels that define communication between conduits.
  • Zones represent a collection of all assets in an industrial network, and conduits define physical barriers between them.
  • A zone is a group of assets with similar security requirements and a conduit defines allowed communication between zones.

37. How does packet filtering help maintain network security between different zones in an (IACS) environment?

  • It encrypts all data transmitted between zones to prevent unauthorized access.
  • It analyzes the content of each data packet to detect malware in the network traffic.
  • It examines packet header information and allows only permitted traffic, blocking or logging unauthorized traffic between zones.
  • It replaces firewalls and VPNs, providing the sole means of protecting communication and unauthorized traffic between different zones.

38. What two tools rely on baselines to trigger alerts when anomalous network behavior occurs? (Choose two.)

  • DMZ
  • SIEM
  • VRF-Lite
  • IDS
  • VLAN
  • Cisco Trusses

39. In network security monitoring, how does characterizing normal network behavior help in detecting potential security threats?

  • It ensures all data flowing within the network is encrypted to prevent unauthorized access.
  • It allows network administrators to block all traffic not explicitly approved, ensuring no unauthorized traffic passes through.
  • It prevents all external systems from communicating with internal assets, guaranteeing that only internal traffic is allowed.
  • It establishes a baseline of typical network activity, making it easier to detect deviations that may indicate malicious activity.

40. What is the primary purpose of access control systems in an organization?

  • to monitor employee productivity and performance
  • to replace the need for physical security measures entirely
  • to manage access to specific resources based on specific conditions
  • to enhance the speed and security measures of network connections

41. Which statement correctly distinguishes between the two basic types of VPNs?

  • Site-to-site VPNs connect individual devices to a network, while remote-access VPNs link multiple networks together.
  • Both site-to-site and remote-access VPNs are used solely for connecting devices within the same local area network (LAN).
  • Site-to-site VPNs connect multiple networks securely over the internet, while remote-access VPNs allow individual users to securely connect to a remote network.
  • Remote-access VPNs are primarily used for connecting entire networks, whereas site-to-site VPNs allow individual users to securely access a network from a remote location.

42. What is a critical security measure for accessing the management plane of IACS networks?

  • using secured protocols for remote access and allow unrestricted access on-site
  • limiting management plane access to physical on-site personnel only
  • implementing multi-factor authentication and strict role-based access control
  • allowing any user unrestricted access to secure channels within the organization

43. What is the correct sequence of process in an access control system?

  • Identification, Authentication, Auditing and Logging, Authorization
  • Authentication, Authorization, Identification, Auditing and Logging
  • Identification, Authorization, Authentication, Auditing and Logging
  • Identification, Authentication, Authorization, Auditing and Logging

44. Which three are examples of physical access control mechanisms commonly used to secure critical industrial facilities? (Choose three.)

  • keycards
  • firewalls
  • biometric readers
  • security personnel
  • encryption protocols
  • intrusion detection software
  • virtual private networks

45. Because of implemented security controls, a user can only access a server with FTP. Which AAA component accomplishes this?

  • accessibility
  • accounting
  • auditing
  • authentication
  • authorization

46. Match the security measure to its description.

  • Regular Auditing ==> Involves reviewing logs and access patterns to identify security weaknesses and ensure compliance.
  • Access Control Lists (ACLs) ==> Ensures that access is granted based on specific attributes such as user role and time of access.
  • Strong Password Policies ==> Define what resources users can access and what actions they can perform.
  • Multi-Factor Authentication (MFA) ==> Requires users to present multiple forms of verification before granting access.
  • Encryption ==> Protects data in transit by converting it into a coded format to prevent unauthorized access.

47. Match the hardening practice for PACs to the description.

  • AAA for Industrial Applications ==> Verifies the identity of users and their access permissions.
  • Physical Procedures ==> Implements access restrictions to control panels and requires physical keys for configuration changes.
  • Change management with Disaster Recovery ==> Employs software to monitor PAC assets, ensuring version control and real-time auditing.
  • Use secure coding practices ==> Follows coding best practices and uses vulnerability scanners to ensure secure software development.

48. Which statement describes the primary benefit of turning off unused services and disconnecting inactive devices in industrial environments?

  • It increases the overall speed of the network by freeing up bandwidth.
  • It simplifies network management by reducing the number of devices to monitor.
  • It reduces the attack surface and helps prevent security vulnerabilities by eliminating idle systems.
  • It allows for more efficient use of all internal network resources and enhances overall device performance.

49. What is the importance of tools and platforms such as: Siemens SINEC NMS, Rockwell Automation FactoryTalk Asset Center and Honeywell Experion PKS?

  • They produce and release upgrades to firmware for devices created by their respective organizations.
  • They are regulatory organizations that check IACS networks for adherence to security policies.
  • They are automated firmware management tools used to streamline tracking and updating of device firmware.
  • They automatically monitor all devices created by their organizations for unauthorized access and security health.

50. What is the primary goal of network hardening in industrial automation and control systems (IACS)?

  • To eliminate the need for any security measures in IACS networks.
  • To increase the speed of network communications by minimizing security protocols.
  • To secure communication infrastructure against cyber threats and maintain production integrity.
  • To simplify the network structure by reducing the number of connected devices and eliminating unnecessary components to enhance manageability.

51. Which statement describes a key issue that contributes to the vulnerability of legacy systems in sectors such as energy, manufacturing, smart cities, and transportation?

  • Legacy systems face minimal risk in connected networks as they were built for maximum resilience to cyber threats.
  • Legacy systems were designed with modern security controls in mind and are easily patched to meet current standards.
  • Legacy systems often cannot be readily patched or upgraded to support modern security controls, making them vulnerable.
  • Legacy systems are primarily at risk from outdated hardware, but software upgrades usually resolve most security concerns.

52. Why is it important that events in the management and data planes do not impact the control plane in an industrial network?

  • To avoid increasing bandwidth usage in the data plane.
  • To maintain network stability and prevent events like DoS attacks.
  • To ensure that network configurations remain intact during updates.
  • To prevent unauthorized access to management plane resources.

53. Match the type of network device hardening to the description.

  • Controller Hardening ==> Applies change management and restrictive access procedures to industrial IoT network controllers.
  • Network Device Hardening ==> Implements best practices for the security and survivability of industrial switches, routers, and firewalls.
  • Computer Hardening ==> Applies security best practices to industrial IoT PCs, including patch management, antivirus, and removal of unused applications.

54. Industrial OT networks behave differently from traditional enterprise IT networks. Which of the following statements best reflects how OT network monitoring should be approached?

  • Passive monitoring through SPAN ports or network taps allows security teams to observe predictable OT traffic patterns without disrupting critical operations.
  • OT networks require aggressive active scanning to detect real-time threats before they impact production.
  • Because OT traffic is encrypted and random, traditional IDS tools are the best way to monitor these environments.
  • The best way to monitor OT networks is by limiting all external communications and disabling unused ports on endpoint devices.

55. ElectraNova uses Zero Trust principles to secure access across its distributed workforce. According to the “Users and Devices” pillar of architecture, which of the following practices best reflects this approach?

  • Allowing employees to skip multifactor authentication when connecting from recognized IP addresses during business hours.
  • Granting access only when both the user and their device meet security policy requirements in real time.
  • Temporarily elevating contractor privileges during system updates to ensure operational continuity.
  • Using internal subnet controls to restrict device access based on physical network location.

56. Scenario: During a late-night login attempt, a remote employee passes multifactor authentication and uses a compliant, encrypted laptop. However, their activity logs show no prior access to the requested engineering database, and their certificate has not yet been validated by the public key infrastructure (PKI). What outcome should be expected?

  • Access is blocked or delayed while the Policy Engine consults multiple sources before granting access.
  • Access is granted because the device is encrypted and the user passed MFA.
  • Access is routed through the firewall for secondary scanning and then approved.
  • Access is immediately denied by the SIEM system because there is no previously established activity history.

57. Scenario: A user with valid credentials successfully logs in from a country they’ve never visited, using a recently patched device. However, the IP address they’re using is flagged by threat intelligence as being linked to ransomware attacks. According to ZTA, how does the Policy Engine respond to this situation?

  • It evaluates multiple data sources to assign a risk score and determine access dynamically.
  • It forwards the login attempt to the IT help desk for manual approval.
  • It permits access since the credentials and device are valid and have recently been updated.
  • It blocks access based solely on the flagged IP address.

58. According to the NIST definition, what distinguishes a Zero Trust Architecture (ZTA) from the broader concept of Zero Trust (ZT)?

  • ZTA refers only to cloud security configurations, while ZT includes all cybersecurity policies.
  • ZTA focuses on network segmentation, while ZT emphasizes endpoint encryption.
  • ZTA applies Zero Trust principles to an enterprise’s architecture, including workflows, components, and access policies.
  • ZTA enforces trust through physical isolation, while ZT relies on virtual perimeter controls.

59. As ElectraNova integrates its IT and OT networks to support data-driven manufacturing, which of the following cybersecurity risks becomes more prominent due to legacy OT systems?

  • Decreased physical safety compliance at manufacturing facilities
  • Increased likelihood of insider threats from within the IT department
  • Exposure of previously isolated systems to malware and remote cyberattacks
  • Greater reliance on predictive maintenance algorithms for system updates

60. Scenario: Leila, a remote controls engineer based in Spain, attempts to access ElectraNova’s predictive maintenance dashboard, which relies on live sensor data from robotic arms in the Detroit factory. Her device is company-issued, up to date, and encrypted. She uses MFA to log in from her home office. According to ZTA, which of the following best describes the correct sequence of how her access request is processed?

  • The dashboard grants access as soon as Leila passes MFA, knowing she is a trusted user.
  • The system checks the network firewall settings at the Detroit facility and routes her through the public cloud.
  • The PEP intercepts her request, sends it to the PDP for evaluation, and enforces the access decision.
  • Her login request is forwarded to Detroit’s operations team for manual review due to geographic separation.

61. What three security measures would effectively deal with access-related attacks in a network environment? (Choose three.)

  • Use static configuration of switch ports and disabling port mode auto negotiation.
  • Allow unauthorized users to connect their personal devices to the network for convenience.
  • Disable native VLANs to reduce security risks.
  • Implement policies to prevent rogue wireless access points and unauthorized end-host systems from connecting to the network.
  • Install high-definition surveillance cameras.
  • Use the same complex password across all departments.
  • Allow personal wireless APs to attach to the network as long as they are verified as employees.

62. What technique do threat actors employ that involves manipulating individuals into divulging confidential information or performing certain actions, often by exploiting human psychology and weaknesses?

  • malware
  • phishing
  • ransomware
  • social engineering

63. What benefits do frameworks like MITRE ATT&CK and the Cyber Kill Chain offer to organizations in the context of cybersecurity?

  • They provide detailed legal documentation required for prosecuting cybercriminals.
  • They enable organizations to focus solely on advanced persistent threats, ignoring other cyber threats and potential attacks.
  • They assist in predicting, detecting, and responding to attacks on critical infrastructure, thereby strengthening defenses.   
  • They are used to automate cybersecurity defenses without human intervention.

64. Match the cyber attack stage with the correct description.

  • Impact ==> The threat actor manipulates or disrupts industrial processes, potentially causing operational downtime, equipment damage, or physical harm.
  • Inhibit Response Function ==> The threat actor attempts to prevent safety, protection, quality assurance, and operator intervention functions from responding to a failure, hazard, or unsafe state.  
  • Collection ==> Sensitive data, such as operational configurations or system processes, is gathered for exfiltration or future attacks.
  • Lateral Movement ==> The threat actor moves through the ICS environment, accessing other devices or systems to deepen their control or cause further damage.  
  • Command and Control (C2) ==> The threat actor establishes communication with a remote server to control the compromised systems, controllers, and platforms that have access to your ICS environment.
  • Impair Process Control ==> The threat actor tries to manipulate, disable, or damage physical control processes.  

65. What type of infiltration method allows attackers to quietly capture two-step verification SMS messages sent to users in a Man-in-the-Mobile (MITMO) attack?

  • On-Path attack
  • DoS
  • Botnet
  • Pretexting

66. What are the three key elements that form the foundation of the NIST cyber security framework? (Choose three.)

  • Core
  • Implementation Tiers
  • Security Measures
  • Development Phases
  • Profiles
  • Integration Points
  • User Interface

67. Why are ethical considerations especially crucial in the realm of industrial cybersecurity?

  • Decisions can impact public safety, environmental integrity, and national security.
  • Ethical considerations help in reducing the overall cost of industrial cybersecurity measures.
  • Decisions ensure that the cybersecurity measures are only implemented in high-risk environments.
  • Ethical considerations allow for the use of any necessary means to protect critical infrastructure, regardless of the implications.

68. A threat actor has used malicious commands to trick the database into returning unauthorized records and other data. Which web front-end vulnerability is the threat actor exploiting?

  • SQL injections
  • broken authentication
  • cross-site scripting
  • security misconfiguration

69. What three functions are performed by endpoints in an IIoT environment? (Choose three.)

  • directly managing production line changes
  • initiating preventive maintenance protocols
  • executing complex data analysis independently
  • monitoring environmental conditions in real-time
  • serving as the primary interface for user interaction
  • sending operational data to central analytics platforms

70. What is the purpose of trust boundaries in systems architecture?

  • To define areas where the level of trust between entities is consistently the same.
  • To indicate sections of the network where the levels of trust are different in the data flow.
  • To limit the number of users who can access the system architecture.
  • To represent the physical locations of servers and devices in the network.

71. Which DFD symbol represents data output from sensing, actuating, traffic forwarding, analysis, and control systems?

  • process
  • data flow
  • data store
  • external entity

72. How might a network traffic analyzer like Wireshark help engineers investigate a malfunctioning assembly line robot?

  • It can modify the robot’s programming to correct the malfunction directly.
  • It automatically blocks any traffic that seems suspicious or abnormal without human intervention.
  • It encrypts the network traffic between the robot’s controller and PLC to prevent unauthorized access.
  • It allows engineers to capture and analyze the data packets between the robot’s controller and the PLC to identify irregular or abnormal traffic.

73. In an industrial network, what is the primary role of an Industrial Demilitarized Zone (IDMZ)?

  • to provide direct access between the internet and the industrial network without any security provided
  • to isolate the industrial network from the enterprise network and monitor traffic between the networks
  • to provide unlimited access to public-facing services such as web servers
  • to allow unrestricted communication between the enterprise and industrial networks

74. Match the NAC processes to the descriptions.

  • Authentication ==> The NAC system verifies the device’s authorization to connect to the network, using methods like passwords or digital certificates.
  • Continuous monitoring ==> The NAC system monitors the device after access is granted, ensuring on-going compliance and taking action if the device becomes non-compliant.
  • Network access determination ==> The NAC system determines if the device is allowed full access, restricted access, or denied access to the network.
  • End-point compliance ==> The NAC system checks if the device meets security requirements, such as up-to-date antivirus software and active firewalls.

75. What control method is an example of logical access control commonly used to protect digital systems and data in industrial environments?

  • surveillance cameras
  • role-based access control (RBAC)
  • multiple biometric scanners for room entry
  • firewalls

76. What is an advantage of using a remote database for managing AAA information on networking devices?

  • It allows for individual management of usernames and passwords on each device.
  • It centralizes device configuration and management.
  • It eliminates the need for user roles and privileges.
  • It provides centralized user management and simplifies device configuration.

77. What method is used to secure programmable automation controllers (PAC) used in industrial IoT networks?

  • Restricting physical access to authorized personnel, to ensure only those with permissions can interact with the PAC.
  • Utilizing PACs, with factory default settings, for security and functionality without additional configuration.
  • Utilizing consumer-grade network devices that lack advanced security features to connect PACs to the internet.
  • Installing the Accounting feature of AAA to continuously monitor PAC assets and real-time auditing of user actions.

78. Which statement describes the primary benefit of implementing cryptographic authentication mechanisms in IT-OT systems, particularly with DNP3 communication?

  • It minimizes the need for any security protocols in industrial networks.
  • It allows devices to communicate faster by reducing encryption overhead.
  • It verifies both devices and commands before communication, preventing unauthorized access and replay attacks.
  • It simplifies network configuration by requiring fewer security settings and reducing the complexity involved in managing access controls for different devices.

79. Which of the following best explains how ElectraNova’s “Network as a Sensor” strategy enhances visibility and security across its industrial operations?

  • It replaces the need for user authentication and antivirus software in production zones.
  • It avoids collecting metadata, focusing only on encrypted payload inspection.
  • It uses existing infrastructure to collect flow telemetry and analyze normal behavior patterns without installing extra hardware.
  • It isolates all factory zones completely from the network to prevent data leakage.

80. Scenario: At 2 AM, a maintenance technician in Mumbai attempts to access a wind turbine controller located in Denmark, using a personal tablet over public WiFi. According to ZTA, what component is responsible for evaluating this access request, and what does it consider in making its decision?

  • The Policy Enforcement Point (PEP), which checks the tablet’s MAC address and grants access if it matches a trusted list.
  • The firewall, which verifies whether the IP address of the coffee shop is blacklisted before allowing traffic.
  • The Policy Decision Point (PDP), which analyzes identity, device health, location, time, and other risk indicators to determine access.
  • The network switch, which decides based on traffic patterns and usage quotas from the last session.