Weekend Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Question # 4

Why is OPC Classic considered firewall unfriendly?

Available Choices (select all choices that are correct)

A.

OPC Classic uses DCOM, which dynamically assigns any port between 1024 and 65535.

B.

OPC Classic is allowed to use only port 80.

C.

OPC Classic works with control devices from different manufacturers.

D.

OPC Classic is an obsolete communication standard.

Full Access
Question # 5

Multiuser accounts and shared passwords inherently carry which of the followinq risks?

Available Choices (select all choices that are correct)

A.

Privilege escalation

B.

Buffer overflow

C.

Unauthorized access

D.

Race conditions

Full Access
Question # 6

Which analysis method is MOST frequently used as an input to a security risk assessment?

Available Choices (select all choices that are correct)

A.

Failure Mode and Effects Analysis

B.

Job Safety Analysis(JSA)

C.

Process Hazard Analysis (PHA)

D.

System Safety Analysis(SSA)

Full Access
Question # 7

Which is the PRIMARY responsibility of the network layer of the Open Systems Interconnection (OSI) model?

Available Choices (select all choices that are correct)

A.

Forwards packets, including routing through intermediate routers

B.

Gives transparent transfer of data between end users

C.

Provides the rules for framing, converting electrical signals to data

D.

Handles the physics of getting a message from one device to another

Full Access
Question # 8

Which of the following is a cause for the increase in attacks on IACS?

Available Choices (select all choices that are correct)

A.

Use of proprietary communications protocols

B.

The move away from commercial off the shelf (COTS) systems, protocols, and networks

C.

Knowledge of exploits and tools readily available on the Internet

D.

Fewer personnel with system knowledge having access to IACS

Full Access
Question # 9

Using the risk matrix below, what is the risk of a medium likelihood event with high consequence?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 10

What are the three main components of the ISASecure Integrated Threat Analysis (ITA) Program?

Available Choices (select all choices that are correct)

A.

Software development security assurance, functional security assessment, and communications robustness testing

B.

Software robustness security testing, functional software assessment assurance, and essential security functionality assessment

C.

Communications robustness testing, functional security assurance, and software robustness communications

D.

Communication speed, disaster recovery, and essential security functionality assessment

Full Access
Question # 11

How many element qroups are in the "Addressinq Risk" CSMS cateqorv?

Available Choices (select all choices that are correct)

A.

2

B.

3

C.

4

D.

5

Full Access
Question # 12

Which policies and procedures publication is titled Patch Manaqement in the IACS Environment?

Available Choices (select all choices that are correct)

A.

ISA-TR62443-2-3

B.

ISA-TR62443-1-4

C.

ISA-62443-3-3

D.

ISA-62443-4-2

Full Access
Question # 13

Which statement is TRUE reqardinq application of patches in an IACS environment?

Available Choices (select all choices that are correct)

A.

Patches should be applied as soon as they are available.

B.

Patches should be applied within one month of availability.

C.

Patches never should be applied in an IACS environment.

D.

Patches should be applied based on the organization's risk assessment.

Full Access
Question # 14

Which of the following is an industry sector-specific standard?

Available Choices (select all choices that are correct)

A.

ISA-62443 (EC 62443)

B.

NIST SP800-82

C.

API 1164

D.

D. ISO 27001

Full Access
Question # 15

What is defined as the hardware and software components of an IACS?

Available Choices (select all choices that are correct)

A.

COTS software and hardware

B.

Electronic security

C.

Control system

D.

Cybersecuritv

Full Access
Question # 16

Which is a role of the application layer?

Available Choices (select all choices that are correct)

A.

Includes protocols specific to network applications such as email, file transfer, and reading data registers in a PLC

B.

Includes user applications specific to network applications such as email, file transfer, and reading data registers in a PLC

C.

Provides the mechanism for opening, closing, and managing a session between end-user application processes

D.

Delivers and formats information, possibly with encryption and security

Full Access
Question # 17

Which of the following is an activity that should trigger a review of the CSMS?

Available Choices (select all choices that are correct)

A.

Budgeting

B.

New technical controls

C.

Organizational restructuring

D.

Security incident exposing previously unknown risk.

Full Access
Question # 18

Which activity is part of establishing policy, organization, and awareness?

Available Choices (select all choices that are correct)

A.

Communicate policies.

B.

Establish the risk tolerance.

C.

Identify detailed vulnerabilities.

D.

Implement countermeasures.

Full Access
Question # 19

Which organization manages the ISASecure conformance certification program?

Available Choices (select all choices that are correct)

A.

American Society for Industrial Security

B.

Automation Federation

C.

National Institute of Standards and Technology

D.

Security Compliance Institute

Full Access
Question # 20

Which of the following is a recommended default rule for IACS firewalls?

Available Choices (select all choices that are correct)

A.

Allow all traffic by default.

B.

Allow IACS devices to access the Internet.

C.

Allow traffic directly from the IACS network to the enterprise network.

D.

Block all traffic by default.

Full Access
Question # 21

Which of the following ISA-99 (IEC 62443) Reference Model levels is named correctly?

Available Choices (select all choices that are correct)

A.

Level 1: Supervisory Control

B.

Level 2: Quality Control

C.

Level 3: Operations Management

D.

Level 4: Process

Full Access
Question # 22

Electronic security, as defined in ANSI/ISA-99.00.01:2007. includes which of the following?

Available Choices (select all choices that are correct)

A.

Security guidelines for the proper configuration of IACS computers and operating systems

B.

Computers, networks, operating systems, applications, and other programmable configurable components of the system

C.

Personnel, policies, and procedures related to the security of computers, networks. PLCs, and other programmable configurable components of the system

D.

Security guidelines for the proper configuration of IACS PLCs and other programmable configurable components of the system

Full Access
Question # 23

Which of the following is the BEST reason for periodic audits?

Available Choices (select all choices that are correct)

A.

To confirm audit procedures

B.

To meet regulations

C.

To validate that security policies and procedures are performing

D.

To adhere to a published or approved schedule

Full Access
Question # 24

What is the FIRST step required in implementing ISO 27001?

Available Choices (select all choices that are correct)

A.

Create a security management organization.

B.

Define an information security policy.

C.

Implement strict security controls.

D.

Perform a security risk assessment.

Full Access
Question # 25

In an IACS system, a typical security conduit consists of which of the following assets?

Available Choices (select all choices that are correct)

A.

Controllers, sensors, transmitters, and final control elements

B.

Wiring, routers, switches, and network management devices

C.

Ferrous, thickwall, and threaded conduit including raceways

D.

Power lines, cabinet enclosures, and protective grounds

Full Access
Question # 26

Which is the BEST practice when establishing security zones?

Available Choices (select all choices that are correct)

A.

Security zones should contain assets that share common security requirements.

B.

Security zones should align with physical network segments.

C.

Assets within the same logical communication network should be in the same security zone.

D.

All components in a large or complex system should be in the same security zone.

Full Access