Eccouncil ICS/SCADA Cyber Security ICS-SCADA Exam Practice Test

Answer : C

The third generation of ICS/SCADA systems is considered distributed. This generation features systems that are networked and interconnected, typically using a variety of standard communication protocols. This distribution allows for broader connectivity and integration with other systems, enhancing operational flexibility and efficiency but also introducing more vectors for potential cyber threats. Reference:

Joseph Weiss, 'Protecting Industrial Control Systems from Electronic Threats'.

The third generation of ICS/SCADA systems is considered distributed. These systems emerged in the late 1990s and early 2000s and were designed to overcome the limitations of earlier generations by leveraging networked architectures.

Distributed Architecture: Third-generation systems distributed control functions across multiple interconnected devices and systems, providing greater scalability and flexibility.

Network Integration: These systems integrated more extensively with IT networks, allowing for remote monitoring and control.

Standard Protocols: Adoption of standard communication protocols (e.g., Ethernet, TCP/IP) facilitated interoperability and integration with other systems.

Enhanced Redundancy: Improved fault tolerance and redundancy were implemented to ensure system reliability.

Due to these features, the third generation is known as the distributed generation.

Reference

'SCADA Systems,' SCADAHacker, SCADA Generations.

Answer : D

WannaCry is a ransomware attack that spread rapidly across multiple computer networks in May 2017.

The vulnerability exploited by the WannaCry ransomware was in the Microsoft Windows implementation of the Server Message Block (SMB) protocol.

Specifically, the exploit, known as EternalBlue, targeted a flaw in the SMBv1 protocol. This flaw allowed the ransomware to spread within corporate networks without any user interaction, making it one of the fastest-spreading and most harmful cyberattacks at the time.

Reference

Microsoft Security Bulletin MS17-010 - Critical: https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2017/ms17-010

National Vulnerability Database, CVE-2017-0144: https://nvd.nist.gov/vuln/detail/CVE-2017-0144

Answer : D

Among the options listed, Nessus is primarily a vulnerability assessment tool, not an exploit tool. It is used to scan systems, networks, and applications to identify vulnerabilities but does not exploit them. On the other hand, Canvas, Core Impact, and Metasploit are exploit tools designed to actually perform attacks (safely and legally) to demonstrate the impact of vulnerabilities. Reference:

Tenable, Inc., 'Nessus FAQs'.

Answer : A

The Wayback Machine is an internet service provided by the Internet Archive that allows users to see archived versions of web pages across time, enabling them to browse past versions of a website as it appeared on specific dates.

It captures and stores snapshots of web pages, making it an invaluable tool for accessing the historical state of a website or recovering content that has since been changed or deleted.

Other options like Google Cache may also show snapshots of web pages, but the Wayback Machine is dedicated to this purpose and holds a vast archive of historical web data.

Reference

Internet Archive: https://archive.org

'Using the Wayback Machine,' Internet Archive Help Center.

Answer : D

In network security, the stance on managing and assessing risk can vary widely depending on the security policies of an organization.

A 'Permissive' stance, often referred to as a default permit approach, allows all traffic unless it has been specifically blocked. This approach can be easier to manage from a usability standpoint but is less secure as it potentially allows unwanted or malicious traffic unless explicitly filtered.

This is in contrast to a more restrictive policy, which denies all traffic unless it has been explicitly permitted, typically seen in more secure environments.

Reference

'Network Security Basics,' by Cisco Systems.

'Understanding Firewall Policies,' by Fortinet.

Answer : D

A Virtual Private Network (VPN) typically requires two Security Associations (SAs) for a secure communication session. One SA is used for inbound traffic, and the other for outbound traffic.

In the context of IPsec, which is often used to secure VPN connections, these two SAs facilitate the bidirectional secure exchange of packets in a VPN tunnel.

Each SA uniquely defines how traffic should be securely processed, including the encryption and authentication mechanisms. This ensures that data sent in one direction is handled independently from data sent in the opposite direction, maintaining the integrity and confidentiality of both communication streams.

Reference

'Understanding IPSec VPNs,' by Cisco Systems.

'IPsec Security Associations,' RFC 4301, Security Architecture for the Internet Protocol.

Answer : B

TCP (Transmission Control Protocol) is a connection-oriented protocol used in the majority of internet communications.

Connection-oriented protocols like TCP require a connection to be established between the communicating devices before data is transmitted. This ensures reliable and ordered delivery of data.

TCP manages this by establishing a handshake mechanism (TCP three-way handshake) to set up the connection prior to transmitting data and properly terminating the connection once the communication session has completed.

Reference

'TCP/IP Illustrated, Volume 1: The Protocols' by W. Richard Stevens.

Postel, J., 'Transmission Control Protocol,' RFC 793.