ANSI/ISA 62443 Test Questions and
Answers (Graded A)
Boundary Protection Devices - ANSWER-Proxies
Gateways
Routers
Firewalls
Data Diodes
Guards
Encrypted Tunnels
External Time Sources - ANSWER-GPS
GLONASS - Global Navigation Satellite System
Galileo
FR-7 - Resource Availability includes: - ANSWER-DoS Protection
Resource Management (Prevent Resource Exhaustion)
Control System Backup
Control System Recovery & Reconstitution
Emergency Power
Network and Security Config Settings
Least Functionality
Control system component inventory
Types of Security Levels (SLs) - ANSWER-* Target SLs (SL-T)
* Achieved SLs (SL-A)
* Capability SLs (SL-C)
* Initial SL
Foundational Requirements (FR) - ANSWER-1) Identification and Authentication
Control (IAC)
2) Use Control (UC)
3) System Integrity (SI)
4) Data Confidentiality (DC)
5) Restricted Data Flow (RDF)
6) Timely Response to Events (TRE)
7) Resource Availability (RA)
Security Level Definitions - ANSWER-SL-0: No specific requirements or security
protection necessary
SL-1: Protection against casual or coincidental violation
SL-2: Protection against intentional violation using simple means with low resources,
generic skills and low motivation
,SL-3: Protection agains intentional violation using sophisticated means with moderate
resources, IACS-specific skills and moderate motivation
SL-4: Protection agains intentional violation using sophisticated means with extended
resources, IACS-specific skills and high motivation
FR-1 Identification and Authentication Control (IAC) - ANSWER-* Human user
identification and authentication
* S/W processes and device identification and authentication
* Account management
* Identified management
* Authenticator management
* Wireless access management
* Password strength
* PKI certificates
* Strength of Public Key authentication
* Authenticator feedback
* Unsuccessful login attempts
* System use notification
* Access via untrusted networks
FR-2 Use Control (UC) - ANSWER-* Authentication enforcement
* Wireless use control
* Use control for portable and mobile devices
* Mobile code (Java, PDF, etc.)
* Session lock
* Remote session termination
* Concurrent session control
* Auditable events
* Audit storage capacity
* Response to audit processing failures
* Timestamps
* Non-repudiation
FR-3 System Integrity (SI) - ANSWER-* Communication integrity
* Malicious code protection
* Security functionality verification
* S/W and information integrity
* Input validation
* Deterministic output
* Error handling
* Session integrity
* Protection of audit information
FR-4 Data Confidentiality (DC) - ANSWER-* Information confidentiality
* Information persistence (purge shared memory)
* Use of cryptography
, FR-5 Restricted Data Flow (RDF) - ANSWER-* Network segmentation
* Zone boundary protection
* General purpose person-to-person communication restrictions (e.g., email, facebook,
etc.)
* Application partitioning
FR-6 Timely Response to Events (TRE) - ANSWER-* Audit log accessibility
* Continuous monitoring
Malicious Code Protection Techniques - ANSWER-- Black/white lists
- Removable media control
- Sandbox techniques
- No Execute (NX) bit
- Data Execution Prevention
- ASLR - Address Space Layout Randomization
- Stack corruption detection
- Mandatory Access Control (MAC)
Conduit - ANSWER-Logical grouping of communications channels connecting 2 or more
zones - share common security requirements.
Compensating Countermeasures - ANSWER-- Component Level - Physical
- Component Level - Logical
- Control System/Zone Level
Types of Attacks - ANSWER-- Active
- Passive
- Inside
- Outside
- Natural
RJ-45 Jack Options - ANSWER-- Sealed Registered Jack 45
- M12 Connector
Environmental Conditions that can affect IACS integrity - ANSWER-- Particulates
- Liquids
- Vibration
- Gases
- Radiation
- EMI (Electromagnetic interference)
Mobile Code - ANSWER-- Java
- Java Script
- Active X
Answers (Graded A)
Boundary Protection Devices - ANSWER-Proxies
Gateways
Routers
Firewalls
Data Diodes
Guards
Encrypted Tunnels
External Time Sources - ANSWER-GPS
GLONASS - Global Navigation Satellite System
Galileo
FR-7 - Resource Availability includes: - ANSWER-DoS Protection
Resource Management (Prevent Resource Exhaustion)
Control System Backup
Control System Recovery & Reconstitution
Emergency Power
Network and Security Config Settings
Least Functionality
Control system component inventory
Types of Security Levels (SLs) - ANSWER-* Target SLs (SL-T)
* Achieved SLs (SL-A)
* Capability SLs (SL-C)
* Initial SL
Foundational Requirements (FR) - ANSWER-1) Identification and Authentication
Control (IAC)
2) Use Control (UC)
3) System Integrity (SI)
4) Data Confidentiality (DC)
5) Restricted Data Flow (RDF)
6) Timely Response to Events (TRE)
7) Resource Availability (RA)
Security Level Definitions - ANSWER-SL-0: No specific requirements or security
protection necessary
SL-1: Protection against casual or coincidental violation
SL-2: Protection against intentional violation using simple means with low resources,
generic skills and low motivation
,SL-3: Protection agains intentional violation using sophisticated means with moderate
resources, IACS-specific skills and moderate motivation
SL-4: Protection agains intentional violation using sophisticated means with extended
resources, IACS-specific skills and high motivation
FR-1 Identification and Authentication Control (IAC) - ANSWER-* Human user
identification and authentication
* S/W processes and device identification and authentication
* Account management
* Identified management
* Authenticator management
* Wireless access management
* Password strength
* PKI certificates
* Strength of Public Key authentication
* Authenticator feedback
* Unsuccessful login attempts
* System use notification
* Access via untrusted networks
FR-2 Use Control (UC) - ANSWER-* Authentication enforcement
* Wireless use control
* Use control for portable and mobile devices
* Mobile code (Java, PDF, etc.)
* Session lock
* Remote session termination
* Concurrent session control
* Auditable events
* Audit storage capacity
* Response to audit processing failures
* Timestamps
* Non-repudiation
FR-3 System Integrity (SI) - ANSWER-* Communication integrity
* Malicious code protection
* Security functionality verification
* S/W and information integrity
* Input validation
* Deterministic output
* Error handling
* Session integrity
* Protection of audit information
FR-4 Data Confidentiality (DC) - ANSWER-* Information confidentiality
* Information persistence (purge shared memory)
* Use of cryptography
, FR-5 Restricted Data Flow (RDF) - ANSWER-* Network segmentation
* Zone boundary protection
* General purpose person-to-person communication restrictions (e.g., email, facebook,
etc.)
* Application partitioning
FR-6 Timely Response to Events (TRE) - ANSWER-* Audit log accessibility
* Continuous monitoring
Malicious Code Protection Techniques - ANSWER-- Black/white lists
- Removable media control
- Sandbox techniques
- No Execute (NX) bit
- Data Execution Prevention
- ASLR - Address Space Layout Randomization
- Stack corruption detection
- Mandatory Access Control (MAC)
Conduit - ANSWER-Logical grouping of communications channels connecting 2 or more
zones - share common security requirements.
Compensating Countermeasures - ANSWER-- Component Level - Physical
- Component Level - Logical
- Control System/Zone Level
Types of Attacks - ANSWER-- Active
- Passive
- Inside
- Outside
- Natural
RJ-45 Jack Options - ANSWER-- Sealed Registered Jack 45
- M12 Connector
Environmental Conditions that can affect IACS integrity - ANSWER-- Particulates
- Liquids
- Vibration
- Gases
- Radiation
- EMI (Electromagnetic interference)
Mobile Code - ANSWER-- Java
- Java Script
- Active X
