Cyber Security Exam


One (1) RCEP / ACEC Certified Professional Development Hour (PDH) will be provided upon successful completion of an exam following the webcast.

Air Date: Thursday, June 13, 2013

You must get 8 of 10 questions correct to pass the exam. You may retake the exam if necessary. You will be notified whether you passed or failed automatically after taking the exam. Upon passing the exam, you will be able to download the completion certificate immediately.


Cyber Security

Full Name *
Street Address *
City *
State *
Zip Code *
E-mail Address *
Telephone Number *
Company Name/Organization *
Exam Question 1 *

What is the current situation in relation to cyber threats against industrial control systems? (Select the best answer)

Threats were growing, but improved defenses have reduced attack possibilities
Hackers don’t attack industrial systems because they’re too difficult to access via the Internet
Hackers can sometimes break in, but have no idea how to understand industrial networks
Industrial devices are soft targets for hackers, and can be compromised if invaders can break through
Exam Question 2 *

What is the greatest concern associated with control system security?

Loss of personal identifiable information (PII)
Potential loss of life (PLL)
Loss of revenue
Loss of productivity
Exam Question 3 *

What are specific information targets by an attacker?  (Select all that apply)

A. Type of control hardware and failure thresholds
B. Control logic master stop conditions
C. Configured communication protocols
D. Incident and operational response plans

A & B
A, B & C
C & D
A, B, C & D
Exam Question 4 *

What is social engineering? (Select all that apply)

A. Gathering information about a specific target by interrogating individuals who have access to those networks in a social situation
B. Enticing individuals to open or download attachments that contain malware
C. Pretending to be a trusted colleague or from the target’s IT department to cause an individual to change a password or create some other point of entry
D. Planting a keystroke logger on the target’s computer to capture logins and passwords

A, B & C
A, B, C & D
B & C
A & C
Exam Question 5 *

What type of information can be passively collected and helpful to an adversary attempting to social engineer you? (Select all that apply)

A. Vendor documentation
B. Device configurations
C. Government licensures and registrations
D. User groups

A & D
A, B, C, & D
A, C & D
B & C
Exam Question 6 *

What can we do to protect ourselves? (Select all that apply)

A. Identify critical cyber assets to protect and their communications
B. Nothing, give up
C. Perform combined engineering, physical security and cyber security analysis
D. Enable protective measures, monitor and respond to threats

B & C
A, C & D
C
C & D
Exam Question 7 *

What are the two types of general attack categories? (Select all that apply)

A. Making assets less valuable to the owner
B. Making assets more valuable to the attacker
C. Making assets less valuable to the attacker
D. Making assets more valuable to the owner

A & B
A
B & C
C
Exam Question 8 *

The first step in securing a control system environment is to identify the critical cyber assets and necessary communications. These cyber assets are used for which of the following?  (Select all that apply)

A. Safety operations
B. Normal and emergency process control operations
C. Human resources
D. Real-time and near-real-time control

B, C & D
A, C & D
A, B & D
C & D
Exam Question 9 *

Control system cyber assets such as PLCs, PACs and terminal units may require passwords to authenticate. How should these passwords be handled? (Select all that apply)

A. Change vendor default passwords
B. Review CERT announcements and inquire with the vendor regarding backdoor or static accounts hardcoded in to the cyber asset
C. Do nothing, control system cyber assets passwords are secure by default
D. Use passwords that are easy to remember or if complex write them down and store them physically next to the device

A
C
A & B
B & D
Exam Question 10 *

Cyber security is only one part of the security model. What two other general categories of security controls should complement each other? (Select all that apply)

A. Physical security
B. Operational security
C. Monitoring and response
D. Security by Obscurity

A & B
C
A, B & C
B & C