ANSI/ISA 62443 Test Questions with correct
Answers
Boundary Protection Devices - verified answer(s)-✔✔Proxies
Gateways
Routers
Firewalls
Data Diodes
Guards
Encrypted Tunnels
External Time Sources - verified answer(s)-✔✔GPS
GLONASS - Global Navigation Satellite System
Galileo
FR-7 - Resource Availability includes: - verified answer(s)-✔✔DoS Protection
Resource Management (Prevent Resource Exhaustion)
Control System Backup
Control System Recovery & Reconstitution
Emergency Power
Network and Security Config Settings
Least Functionality
Control system component inventory
,Types of Security Levels (SLs) - verified answer(s)-✔✔* Target SLs (SL-T)
* Achieved SLs (SL-A)
* Capability SLs (SL-C)
* Initial SL
Foundational Requirements (FR) - verified answer(s)-✔✔1) Identification and Authentication
Control (IAC)
2) Use Control (UC)
3) System Integrity (SI)
4) Data Confidentiality (DC)
5) Restricted Data Flow (RDF)
6) Timely Response to Events (TRE)
7) Resource Availability (RA)
Security Level Definitions - verified answer(s)-✔✔SL-0: No specific requirements or security
protection necessary
SL-1: Protection against casual or coincidental violation
SL-2: Protection against intentional violation using simple means with low resources, generic
skills and low motivation
SL-3: Protection agains intentional violation using sophisticated means with moderate
resources, IACS-specific skills and moderate motivation
SL-4: Protection agains intentional violation using sophisticated means with extended
resources, IACS-specific skills and high motivation
FR-1 Identification and Authentication Control (IAC) - verified answer(s)-✔✔* Human user
identification and authentication
* S/W processes and device identification and authentication
* Account management
,* Identified management
* Authenticator management
* Wireless access management
* Password strength
* PKI certificates
* Strength of Public Key authentication
* Authenticator feedback
* Unsuccessful login attempts
* System use notification
* Access via untrusted networks
FR-2 Use Control (UC) - verified answer(s)-✔✔* Authentication enforcement
* Wireless use control
* Use control for portable and mobile devices
* Mobile code (Java, PDF, etc.)
* Session lock
* Remote session termination
* Concurrent session control
* Auditable events
* Audit storage capacity
* Response to audit processing failures
* Timestamps
* Non-repudiation
FR-3 System Integrity (SI) - verified answer(s)-✔✔* Communication integrity
* Malicious code protection
, * Security functionality verification
* S/W and information integrity
* Input validation
* Deterministic output
* Error handling
* Session integrity
* Protection of audit information
FR-4 Data Confidentiality (DC) - verified answer(s)-✔✔* Information confidentiality
* Information persistence (purge shared memory)
* Use of cryptography
FR-5 Restricted Data Flow (RDF) - verified answer(s)-✔✔* Network segmentation
* Zone boundary protection
* General purpose person-to-person communication restrictions (e.g., email, facebook, etc.)
* Application partitioning
FR-6 Timely Response to Events (TRE) - verified answer(s)-✔✔* Audit log accessibility
* Continuous monitoring
Malicious Code Protection Techniques - verified answer(s)-✔✔- Black/white lists
- Removable media control
- Sandbox techniques
- No Execute (NX) bit
- Data Execution Prevention
- ASLR - Address Space Layout Randomization
Answers
Boundary Protection Devices - verified answer(s)-✔✔Proxies
Gateways
Routers
Firewalls
Data Diodes
Guards
Encrypted Tunnels
External Time Sources - verified answer(s)-✔✔GPS
GLONASS - Global Navigation Satellite System
Galileo
FR-7 - Resource Availability includes: - verified answer(s)-✔✔DoS Protection
Resource Management (Prevent Resource Exhaustion)
Control System Backup
Control System Recovery & Reconstitution
Emergency Power
Network and Security Config Settings
Least Functionality
Control system component inventory
,Types of Security Levels (SLs) - verified answer(s)-✔✔* Target SLs (SL-T)
* Achieved SLs (SL-A)
* Capability SLs (SL-C)
* Initial SL
Foundational Requirements (FR) - verified answer(s)-✔✔1) Identification and Authentication
Control (IAC)
2) Use Control (UC)
3) System Integrity (SI)
4) Data Confidentiality (DC)
5) Restricted Data Flow (RDF)
6) Timely Response to Events (TRE)
7) Resource Availability (RA)
Security Level Definitions - verified answer(s)-✔✔SL-0: No specific requirements or security
protection necessary
SL-1: Protection against casual or coincidental violation
SL-2: Protection against intentional violation using simple means with low resources, generic
skills and low motivation
SL-3: Protection agains intentional violation using sophisticated means with moderate
resources, IACS-specific skills and moderate motivation
SL-4: Protection agains intentional violation using sophisticated means with extended
resources, IACS-specific skills and high motivation
FR-1 Identification and Authentication Control (IAC) - verified answer(s)-✔✔* Human user
identification and authentication
* S/W processes and device identification and authentication
* Account management
,* Identified management
* Authenticator management
* Wireless access management
* Password strength
* PKI certificates
* Strength of Public Key authentication
* Authenticator feedback
* Unsuccessful login attempts
* System use notification
* Access via untrusted networks
FR-2 Use Control (UC) - verified answer(s)-✔✔* Authentication enforcement
* Wireless use control
* Use control for portable and mobile devices
* Mobile code (Java, PDF, etc.)
* Session lock
* Remote session termination
* Concurrent session control
* Auditable events
* Audit storage capacity
* Response to audit processing failures
* Timestamps
* Non-repudiation
FR-3 System Integrity (SI) - verified answer(s)-✔✔* Communication integrity
* Malicious code protection
, * Security functionality verification
* S/W and information integrity
* Input validation
* Deterministic output
* Error handling
* Session integrity
* Protection of audit information
FR-4 Data Confidentiality (DC) - verified answer(s)-✔✔* Information confidentiality
* Information persistence (purge shared memory)
* Use of cryptography
FR-5 Restricted Data Flow (RDF) - verified answer(s)-✔✔* Network segmentation
* Zone boundary protection
* General purpose person-to-person communication restrictions (e.g., email, facebook, etc.)
* Application partitioning
FR-6 Timely Response to Events (TRE) - verified answer(s)-✔✔* Audit log accessibility
* Continuous monitoring
Malicious Code Protection Techniques - verified answer(s)-✔✔- Black/white lists
- Removable media control
- Sandbox techniques
- No Execute (NX) bit
- Data Execution Prevention
- ASLR - Address Space Layout Randomization
