62443 Retest Questions and Answers
100% Verified
What SHALL "Review, improve, maintain the CSMS" do and what SHOULD it do? -
ANSWER-SHALL monitor and evaluate applicable legislation relevant to cyber security.
SHOULD monitor and evaluate industry CSMS strategies.
What are the 5 elements of the NIST CSF Framework? - ANSWER-1 - Identify
2 - Protect
3 - Detect
4 - Respond
5 - Recover
What is the purpose of ISO/IEC 15408 (Common Criteria)? - ANSWER-To define a
Product Development Evaluation Methodology
What is the purpose of ISO/IEC 21827? - ANSWER-SSE-CMM Systems Security
Engineering Capability Maturity Model
What is the purpose of ISO 27001 - ANSWER-Information Security Management
Systems Requirements
ISA 62443-2-1 (system def) - ANSWER-Requirements for an IACS Security
Management System
ISA 62443-3-3 - ANSWER-System Security Requirements and SLs
COBIT 5 - ANSWER-Control Objectives for Information and Related Technologies
CCS CSC - ANSWER-Council on Cyber Security Critical Security Controls
NIST SP 800-82 rev2 & draft rev3 - ANSWER-Guide to ICS Security
What do Global Frameworks do? - ANSWER-Provide a common taxonomy and
mechanism
What do Global Frameworks additionally do? - ANSWER-DESCRIBE current cybersec
posture & target state
IDENTIFY & PRIORITIZE opportunity for improvement
ASSESS progress towards target state
COMMUNICATE cyber risk to stakeholders
, What consists of globally recognized standards for cyber security - ANSWER-NIST CSF
Informative References (IEC 62443 is one of them)
Who developed IEC 62443? - ANSWER-IEC
Who developed ANSI/ISA 62443 - ANSWER-ISA99
What can a Framework do? - ANSWER-Serve as a model for international cooperation
on strengthening critical infrastructure cyber security
Which is a PRIMARY reason why network security is important in IACS environements?
- ANSWER-PLCs under cyber attack can have costly and dangerous impacts
What are the 3 main components of ISASecure Integrated Threat Analysis (ITA)
Program? - ANSWER-1. Software Development Security Assurance
2. Functional Security Assessment
3. Communications Robustness Testing
What does Framework Core consist of? - ANSWER-- Set of desired activities &
outcomes
- Guides organizations in managing and reducing cyber risk
- Complements their existing processes
What does Framework Implementation Tiers consist of? - ANSWER-- Provide context
on how organization views cyber risk
- Guide to consider appropriate level of rigor
- Communication tool - discuss risk appetite, mission priority, budget
What does Framework Profile consist of? - ANSWER-- Unique alignment of
organizational requirements etc etc against desired outcomes of framework core
- Primarily used to identify and prioritize opportunities for improving cybersecurity at an
organization
Service Providers are required to... - ANSWER-Use technologies which are considered
secure
Technologies which are no longer considered secure: - ANSWER-WEP and DES
When do integration service provider activities start and end? - ANSWER-Start in
design phase, end in handover of Automation Solution to asset owner
5 Patching Asset Owner Requirements - ANSWER-1 - Info Gathering
2 - Monitoring & Evaluation
3 - Patch Testing
4 - Patch Deployment
5 - Verification & Reporting
100% Verified
What SHALL "Review, improve, maintain the CSMS" do and what SHOULD it do? -
ANSWER-SHALL monitor and evaluate applicable legislation relevant to cyber security.
SHOULD monitor and evaluate industry CSMS strategies.
What are the 5 elements of the NIST CSF Framework? - ANSWER-1 - Identify
2 - Protect
3 - Detect
4 - Respond
5 - Recover
What is the purpose of ISO/IEC 15408 (Common Criteria)? - ANSWER-To define a
Product Development Evaluation Methodology
What is the purpose of ISO/IEC 21827? - ANSWER-SSE-CMM Systems Security
Engineering Capability Maturity Model
What is the purpose of ISO 27001 - ANSWER-Information Security Management
Systems Requirements
ISA 62443-2-1 (system def) - ANSWER-Requirements for an IACS Security
Management System
ISA 62443-3-3 - ANSWER-System Security Requirements and SLs
COBIT 5 - ANSWER-Control Objectives for Information and Related Technologies
CCS CSC - ANSWER-Council on Cyber Security Critical Security Controls
NIST SP 800-82 rev2 & draft rev3 - ANSWER-Guide to ICS Security
What do Global Frameworks do? - ANSWER-Provide a common taxonomy and
mechanism
What do Global Frameworks additionally do? - ANSWER-DESCRIBE current cybersec
posture & target state
IDENTIFY & PRIORITIZE opportunity for improvement
ASSESS progress towards target state
COMMUNICATE cyber risk to stakeholders
, What consists of globally recognized standards for cyber security - ANSWER-NIST CSF
Informative References (IEC 62443 is one of them)
Who developed IEC 62443? - ANSWER-IEC
Who developed ANSI/ISA 62443 - ANSWER-ISA99
What can a Framework do? - ANSWER-Serve as a model for international cooperation
on strengthening critical infrastructure cyber security
Which is a PRIMARY reason why network security is important in IACS environements?
- ANSWER-PLCs under cyber attack can have costly and dangerous impacts
What are the 3 main components of ISASecure Integrated Threat Analysis (ITA)
Program? - ANSWER-1. Software Development Security Assurance
2. Functional Security Assessment
3. Communications Robustness Testing
What does Framework Core consist of? - ANSWER-- Set of desired activities &
outcomes
- Guides organizations in managing and reducing cyber risk
- Complements their existing processes
What does Framework Implementation Tiers consist of? - ANSWER-- Provide context
on how organization views cyber risk
- Guide to consider appropriate level of rigor
- Communication tool - discuss risk appetite, mission priority, budget
What does Framework Profile consist of? - ANSWER-- Unique alignment of
organizational requirements etc etc against desired outcomes of framework core
- Primarily used to identify and prioritize opportunities for improving cybersecurity at an
organization
Service Providers are required to... - ANSWER-Use technologies which are considered
secure
Technologies which are no longer considered secure: - ANSWER-WEP and DES
When do integration service provider activities start and end? - ANSWER-Start in
design phase, end in handover of Automation Solution to asset owner
5 Patching Asset Owner Requirements - ANSWER-1 - Info Gathering
2 - Monitoring & Evaluation
3 - Patch Testing
4 - Patch Deployment
5 - Verification & Reporting
