Module 1 – 1.6.2 Introduction to Industrial Cybersecurity Quiz Exam Answers

Module 1 – 1.6.2 Introduction to Industrial Cybersecurity Quiz Exam Answers

The Module 1 – 1.6.2 Introduction to Industrial Cybersecurity Quiz Exam Answers provides learners with accurate and structured solutions to the essential topics introduced in the first module of Industrial Cybersecurity. This section covers the foundational concepts of Operational Technology (OT), Industrial Control Systems (ICS), SCADA architectures, and the unique cybersecurity challenges faced in industrial environments. These answers help students reinforce key ideas such as the differences between IT and OT, common industrial threats, safety and reliability principles, and basic defense strategies used to protect critical infrastructure systems.

1. What statement describes the relationship between cyberattacks and cyber exploits?

  • Cyberattacks are high-level malicious actions aimed at achieving specific objectives, while cyber exploits are the techniques to find and take advantages of vulnerabilities to carry out these attacks.
  • Cyberattacks are only related to financial loss, while cyber exploits are concerned with reputational damage and infrastructure disruption.
  • Cyberattacks are the specific techniques used to gain unauthorized access and destroy system hardware, while cyber exploits are the overall malicious actions aimed at disrupting systems.
  • Cyber exploits are broad, general threats that impact various types of systems, whereas cyberattacks are targeted at specific vulnerabilities.

Cyberattacks are the high-level malicious actions aimed at achieving specific objectives, while cyber exploits are the techniques to find vulnerabilities used to carry out these attacks.

2. What statement describes the scope of physical security?

  • Physical security involves protecting building sites and equipment from various threats, including theft, vandalism, natural disasters, and accidental damage.
  • Physical security is concerned with the appropriate protection of secure information and software from unauthorized access by intruders outside of the building.
  • Physical security is limited to ensuring reliable power supplies and climate control within a building.
  • Physical security focuses on protecting digital data from cyberattacks.

Physical security has a large scope and involves protecting building sites and equipment from various threats, including theft, vandalism, natural disasters, and accidental damage. Physical security also includes ensuring reliable power supplies and climate control within a building.

3. What are three recommended best practices for safeguarding hosts against malware? (Choose three.)

  • Removing unused Windows components, protocols, services, and applications.
  • Adding more RAM.
  • Implementing strong password policies and changing default passwords.
  • Installing a faster CPU.
  • Allowing direct internet access when necessary.
  • Using outdated software for compatibility reasons.
  • Developing and enforcing a patch management policy.

A patch management policy is crucial for keeping systems updated and protected against known vulnerabilities. Implementing strong password policies and changing default passwords helps prevent unauthorized access and strengthens security. Removing unused software components, protocols, services, and applications reduces the attack surface and minimizes potential vulnerabilities.

4. What three security measures would effectively deal with access-related attacks in a network environment? (Choose three.)

  • Disable native VLANs to reduce security risks.
  • Use the same complex password across all departments.
  • Allow personal wireless APs to attach to the network as long as they are verified as employees.
  • Allow unauthorized users to connect their personal devices to the network for convenience.
  • Use static configuration of switch ports and disabling port mode auto negotiation.
  • Install high-definition surveillance cameras.
  • Implement policies to prevent rogue wireless access points and unauthorized end-host systems from connecting to the network.

Using static configuration of switch ports and disabling port mode auto negotiation helps to harden the network by reducing the risk of unauthorized access through port manipulation and misconfiguration. Disabling native VLANs can help mitigate VLAN hopping attacks and enhance network security by preventing unauthorized access through VLAN misconfigurations. Preventing rogue wireless access points and unauthorized end-host systems from connecting to the network helps to secure the network by blocking unauthorized devices and access points.

5. A state-sponsored hacker has developed a malware framework and carried out cyberattacks on industrial automation and control systems (IACS) and SCADA devices. What is the primary goal of the state-sponsored hacker?

  • to gain persistent access and sabotage mission-critical operations of liquefied natural gas and electric power organizations
  • to cause a fault in PLCs and compromise engineering workstations
  • to exploit a command-injection vulnerability in power companies, allowing access to modify sensitive information or to perform other harmful actions against the server
  • to encrypt hard drives and delete data

A state-sponsored hacker has developed a malware framework that permits persistent access to IACS and SCADA devices. The malware tools enable hackers to discover vulnerable industrial control devices to compromise and control the devices once access has been gained. The intent of the hacker was to sabotage mission-critical operations of liquefied natural gas (LNG) and electric power organizations.

6. Match the critical infrastructure sector to the description.

  • Water and Wastewater Systems Sector ==> This sector is responsible for the infrastructure that supplies clean drinking water and safely removes and treats wastewater.
  • Healthcare and Public Health Sector ==> This sector ensures the provision of medical care, emergency services, and the safeguarding of public health.
  • Communications Sector ==> This sector encompasses the infrastructure that supports the communication networks, including satellites, telephone, and internet services.
  • Transportation Systems Sector ==> This sector provides essential services that enable the movement of goods, people, and services, including aviation, rail, highway, maritime, and public transit systems.
  • Energy Sector ==> This sector involves the generation, transmission, and distribution of electricity, oil, and natural gas, which are crucial for the operation of nearly all other critical infrastructure sectors.

7. To strengthen national critical infrastructure against cyber threats, countries have established dedicated cybersecurity agencies. Which strategy would most effectively support the establishment of dedicated cybersecurity agencies?

  • Increase investment in localized threat detection capabilities within national agencies.
  • Promote collaboration between public agencies, private sector operators, and international partners.
  • Develop centralized platforms to monitor infrastructure cybersecurity across sectors.
  • Enhance training programs within national agencies to build specialized cybersecurity expertise.

While all options support aspects of infrastructure protection, collaboration across public, private, and international stakeholders is the most comprehensive and effective approach. Agencies like CISA, NCSC, and ENISA exemplify this by facilitating intelligence sharing, coordinated responses, and collective defense strategies to strengthen national and global cybersecurity readiness.

8. NovaChem Industries is expanding its industrial operations into three new international markets. To align its cybersecurity practices with global expectations, the company’s security leadership wants to adopt a framework that will ensure consistency across sites while meeting diverse regulatory expectations. The cybersecurity manager proposes selecting a foundational international standard that will provide broad recognition and interoperability across various countries, while still allowing room to adapt to local requirements.

Which action best supports NovaChem Industries’ goal of building a globally recognized and adaptable cybersecurity program?

  • Defer cybersecurity standard adoption until specific regional mandates are officially issued.
  • Use a custom, internal framework that can be rapidly adjusted to local regulations.
  • Adopt ISO/IEC 27001 to establish an internationally accepted information security management system.
  • Focus on national cybersecurity requirements for each country of operation.

ISO/IEC 27001 is a globally accepted framework used across industries and countries, making it an ideal foundation for organizations operating internationally. It supports alignment with a wide range of regulatory expectations while providing a strong, adaptable structure for information security.

9. When an organization is subject to multiple cybersecurity or privacy regulations that address the same requirement, which approach ensures the best comprehensive compliance?

  • Align internal policies with the regulation that is most widely adopted across regions.
  • Comply with the strictest requirement among the applicable regulations.
  • Implement an average-level control that balances the differences among all requirements.
  • Prioritize the standard that offers the most flexibility for business operations.

The best approach is to follow the Principle of the Strictest Standard, which ensures the organization meets the most demanding requirement across all applicable regulations. This reduces compliance risk and ensures the organization satisfies legal obligations in every jurisdiction, such as adopting GDPR’s 72-hour breach notification timeframe even if local laws are less stringent.

10. Match scenario to the description of the cybersecurity vulnerability it illustrates.

  • Security vulnerabilities in connected medical devices ==> A two-year survey by Scott Erven revealed significant security vulnerabilities in various connected medical devices, such as drug infusion pumps and Bluetooth-enabled defibrillators, highlighting the risks of IT and OT convergence in healthcare.
  • Pacemaker firmware update to patch RF vulnerabilities ==> The FDA approved a software update to address a security flaw in implantable cardiac pacemakers. This flaw made the devices vulnerable to remote attacks over radio frequency, potentially endangering patient lives.
  • Converged IIoT networks with standalone devices ==> Historically, IIoT networks often consist of standalone devices that require manual readings and lack real-time integration, which creates challenges in achieving comprehensive cybersecurity.

11. What are three common vulnerabilities found in Industrial Automation and Control Systems (IACS) networks and devices? (Choose three.)

  • comprehensive OT user training and cybersecurity measures
  • fragile TCP/IP stack and weak authentication mechanisms
  • lack of intrusion detection and prevention systems (IDS/IPS) and inadequate network monitoring
  • robust physical security and well-regulated hardware and software standards
  • legacy systems running unpatched operating systems
  • unauthorized usage of HMI systems for personal internet activities

Common vulnerabilities in IACS networks and devices include:

  • Protocols: Fragile TCP/IP stack: Network Mapper, ping sweep scans
  • Access: Absent or weak authentication, no switch port security, no physical obstacles for access to equipment or facilities
  • Bad design: flat unsegmented networks
  • Windows-based industrial automation servers: Uninstalled patches and vulnerabilities in legacy versions
  • Unnecessary services running on servers or IACS devices: FTP, HTTP, Telnet, ICMP, etc.
  • Access accounting: Limited audit and limited monitoring of industrial automation device access
  • User training: Unauthorized usage of HMI and industrial automation systems for internet access to download movies and music
  • Lack of IT-OT skills crossover: No experience with industrial automation systems and network usage; too many blind spots

12. What is a significant risk associated with vulnerabilities in connected IACS devices?

  • manipulation, interruption, or disabling of vital processes, resulting in injury or death
  • increased operational costs due to the need for more cabling
  • improved flexibility and agility in network configuration due to wireless technologies
  • enhanced visibility of the OT network for the Chief Information Security Officer (CISO)

Vulnerabilities in connected IACS devices can lead to serious consequences such as the manipulation or disabling of vital processes that could result in injury or death.

13. Which three examples represent logical network access control measures for protecting the edge of an IIoT network? (Choose three.)

  • Firewalls
  • Access Control Lists (ACL)
  • IEEE 802.1X authentication
  • Departmental badge readers
  • Surveillance cameras
  • Power Backup Systems

IEEE 802.1X is a network access control protocol used for authenticating devices trying to connect to the network. Access Control Lists (ACLs) and Firewalls are used to manage and restrict network traffic based on defined rules, making them a logical network access control measure.

14. What three data types are considered traditional data, typically generated and maintained by organizations? (Choose three.)

  • transactional data
  • healthcare records
  • social media engagement metrics
  • intellectual property
  • financial data
  • weather data
  • customer feedback

Social media engagement metrics, healthcare records, customer feedback, and weather data are typically not considered traditional data.

15. What is a primary security concern for Industrial Automation and Control Systems (IACS) when integrating with IT networks?

  • The ability to quickly patch and upgrade legacy hardware and software systems.
  • The implementation of modern cybersecurity protocols in legacy systems.
  • Availability and integrity of IACS applications due to the high cost of downtime.
  • Confidentiality of the data transmitted between IT and OT networks.

The main security concerns for IACS applications are availability and integrity as opposed to traditional IT environments which emphasize confidentiality and availability.