Cyber Security Assessed Learning Exam


Video 1 - Tech Review

Question 1 *

As described in the video, what vulnerability has been identified in the ZTE handheld device’s operating system? Choose the best answer.

Unnecessary network ports and services
Third-party modified and malicious firmware
Hard coded user credentials (username and password)
Insecure device default configurations
Question 2 *

What is the name of the hardware described in the video that can monitor software defined wireless frequencies?

HSRP
USRP
VRRP
IRDP
Question 3 *

Hardware hacking can lead to the modification of trustworthy physical devices creating an unknown backdoor to an environment. What device was inserted in to a mouse in the video?

Teensyduino
Arduino
AVR Raven USB
Ubertooth-One
Question 4 *

Embedded devices with additional communication capabilities and I/O may be directly built in to sensors and actuators. What example was provided in the video?

A USB configuration tool’s files becoming exposed for the wireless relay module
IORelay’s access provided through their cloud administrative control interface
A wind turbine’s wireless communication to the rotor pitch system
PLCs and/or PACs with built-in 802.11 wireless communications

Video 2 - Common Exposures

Question 1 *

Why is it important to erase data from cyber assets after decommissioning them?

The data on the cyber asset may be confidential
Data on the cyber asset can be used to learn how the environment operates
Data on the cyber asset can be used to understand incident response procedures
All of the above
Question 2 *

Wireless communications cannot be physically seen by intruders and is natively secure.

True
False
Question 3 *

Access to structured cabling could allow an individual to perform what type of attack? (Select the best answer)

Man in the middle (MitM)
Social engineering
Buffer overflow
All of the above
Question 4 *

Baselining the control systems cyber assets and their configurations should be performed to learn about connected cyber assets, enabled ports and services, active configurations and user accounts.

True
False
Question 5 *

Security zones can be defined using which of the following criteria:

Geographic location
People using the systems
Type of use of the systems
All of the above
Question 6 *

Security event logs may be used for what purposes? 

A. Base-lining configurations and communications

B. Forensic evidence

C. Identifying events of interest to investigate

D. Restricting access

B, C, and D
A, B, and D
A, C, and D
A, B, and C

Video 3 - Understanding OSINT

Question 1 *

What website service is specifically designed to provide information about cyber asset devices and/or services located on the Internet similar to NMAP (Network Mapping) results?

Google
ShodanHQ
Ninjadb
Yahoo
Question 2 *

What type of information can passively collected and helpful to an adversary attempting to social engineer you? 

A. Vendor documentation

B. Device configurations

C. Government licensures and registrations 

D. User Groups 

A, B, and D
B, C, and D
A, B, C, and D
A, B, and C
Question 3 *

Open source intelligence can be gained from vendor literature, conferences, user forums, asset owner documentation, and supporting consulting companies. What should you do to protect your environment? (Select the best answer)

Require user accounts for information
Review policies
Classify and restrict access and storage of information

Video 4 - Control System Security

Question 1 *

What is the greatest concern associated with control system security?

Loss of personal identifiable information (PII)
Potential loss of life (PLL)
Loss of revenue
Loss of productivity
Question 2 *

What are specific information targets by an attacker?

A. Type of control hardware and failure thresholds

B. Control logic master stop conditions

C. Configured communication protcols

D. Incident and operation response plans

C and D
A, B, C, and D
A, C, and D
B and C
Question 3 *

What can we do to protect ourselves?

A. Identify critical cyber assets to protect and their communications

B. Nothing, give up

C. Perform combined engineering, physical security and cyber security analysis 

D. Enable protective measures, monitor and respond to threats

A and C
A, B, and D
B, C and D
A, C, and D
Question 4 *

What are the two types of general attack categories?

A. Masking assets less valuable to the owner

B. Making assets more valuable to the attacker

C. Making assets less valuable to the attacker

D. Making assets more valuable to the owner

A and B
B and D
A and C
C and D

Video 5 - Communications Attack Example

Question 1 *

What tool was used to perform the Man in the middle (MitM) ARP spoofing attack?

Ettercap
NMAP
Ethereal
Iptables
Question 2 *

What software is a protocol analyzer that can interpret the bits communicating back and forth between the PLC and HMI?

Ettercap
NMAP
Wireshark
IPTables
Question 3 *

If the data was captured between the HMI and PLC during an active MitM attack as shown in the example how could the attack be identified?

TCP Retransmissions will be displayed in a black label
TCP Resets will be displayed in a red label
This type of attack cannot be identified
UDP traffic with a green label
Question 4 *

What penetrating testing platform (operating system) was used to demonstrate the attack?

Trackback
Backtrack
Backwards
Auditor
Question 5 *

ARP spoofing attacks notify and alter electronic communication devices table of what type of address?

IP to DNS address (DNS name table)
MAC to IP address (MAC address table)
MAC to DNS address
Street address

Video 6 - Defense Techniques, Part 1

Question 1 *

What security model is commonly recommended to protect assets?

Security by obscurity
Defense in depth
Question 2 *

Protecting assets of different usage patterns in separate security areas is also called

Security by obscurity
Security zones, enclaves, or demilitarized zones
Question 3 *

Separate security zones should be used for engineering, backup, and production systems?

True
False
Question 4 *

What is the process of detecting host-based operating systems and application modifications?

Antivirus / malware detection
Application whitelisting / host-based intrusion detection
Network-based intrusion detection
DHCP snooping

Video 7 - Defense Techniques, Part 2

Question 1 *

The first step in securing a control system environment is to identify the critical cyber assets and necessary communications. These cyber assets are used for which of the following?

A. Safety operations

B. Normal and emergency process control operations

C. Human resources

D. Real time and near real time control 

A, B, C, and D
B, C, and D
A, B, and D
A and D
Question 2 *

Control system cyber assets such as PLCs, PACs and terminal units may require passwords to authenticate. How should these passwords be handled? 

A. Change vendor default passwords

B. Review CERT announcements and inquire with the vendor regarding backdoor or static accounts hardcoded in to the cyber asset

C. Do nothing, control system cyber assets passwords are secure by default

D. Use passwords that are easy to remember or if complex write them down and store them physically next to the device

A and B
A and D
C
B and D
Question 3 *

Using physical device limitations such as hardware or cabling limiting data transfers in only one direction is called what?

Transistor
Two-way diode
One-way diode
Firewall
Question 4 *

What physical device is used to perform intelligent layer 2 and above, bi-directional filtering between security zones?

Transistor
Two-way diode
One-way diode
Firewall

Video 8 - Defense Techniques, Part 3

Question 1 *

Programmers, field technicians, process engineers, vendors, and others should use jump hosts for remote access to control system assets. What type of security controls should be dedicated to remote access? 

A. None remote access is secure by default

B. Firewall restricting only the ports necessary for the jump host

C. Virtualized host with role-specific applications

D. Virtual private network providing confidentiality, integrity and two-factor authentication

A
B and D
C and D
B, C, and D
Question 2 *

Network communications monitoring can be performed using what type of tools and applications?

A. Netflow to identify communication streams

B. Snort IDS with SCADA signatures to perform detailed communications inspection

C. Video recording equipment

D. Armored cabling and fiber-core power lines

A and D
B and C
A and B
C and D
Question 3 *

Cyber security is only one part of the security model. What two other general categories of security controls should complement each other? 

A. Physical security

B. Operational security

C. Monitoring and response

D. Security by Obscurity 

A and B
A and C
B and D
C and D
Question 4 *

What is the most important component of security?

Identifying critical cyber assets
Performing personnel background checks
Enabling security zones
Monitoring and responding to events of interest

Video 9 - Common Cyber Asset Security Controls

Question 1 *

What should you do prior to installing a new application or patch on a cyber asset?

Nothing, the patches and applications are tested by the vendor
Test the new application or patch on a development zone system
Test the new application or patch on a production zone system
Test only the new application prior to installing it, security patches are tested by the vendor
Question 2 *

When maintaining security controls what are the most important aspects? 

A. Monitoring the status of the security control

B. Authority to respond to detected events

C. Knowing what response to make to detected events

D. Ensuring all patches are up to date regardless of testing 

A and C
A, B, and C
A, C, and D
B, C, and D
Question 3 *

How should you properly dispose of or redeploy cyber assets?

Clean the cyber asset with Windex
Electronically erase the data storage and memory
Physically destroy the media with a drill
Cyber assets automatically erase unnecessary data
Question 4 *

What operational mechanism can be used to influence personnel to not want unnecessary access rights on a system? (Select the best answer)

Authority
Accountability
Monitoring
Termination
Question 5 *

Information classification programs should be enabled after identifying an organizations critical cyber assets.

True
False

Video 10 - Specific Control System Cyber Exposures

Question 1 *

Many control system communication protocols are unauthenticated and transmitted in clear text (e.g. administrative sessions, data table read and writes).

True
False

Video 11 - Validating Vendor Security Awareness

There are no questions on Video 11.

Video 12 - Cyber Asset Vulnerability Assessments

Question 1 *

Vulnerability assessments should always be performed on live, production systems.

True
False
Question 2 *

Two general categories of vulnerability assessments are:

A. Outside in

B. Inside out

C. Right side up

D. Upside down 

B and C
C and D
A and B
B and D

Video 13 - Resources

There are no questions on Video 13.