ISA 62443 Cybersecurity Fundamentals
Exam IC32 Questions With Correct Answers
What does ISA-62443 1-1 Cover? - verified answer(s)-✔✔Basic Concepts and models related
to cybersecurity. The difference between IT and IACS, Defense-in-Depth and Security zones
and conduits.
The difference between IT and IACS - verified answer(s)-✔✔IACS Cybersecurity has to address
issues of health, safety and environment (HSE).
IT - Confidentiality - Integrity - Availability.
IACS - Availability - Integrity - Confidentiality.
With IACS there are lives on the line - downtime/rebooting not acceptable.
COTS - verified answer(s)-✔✔Commercial off the shelf
Defence in Depth - verified answer(s)-✔✔Layered Security (order doesn't matter this is
example):
Physical Security
Policies and Procedures
Zones & Conduits
Malware Prevention
Access Controls
Monitoring & Detection
Patching
,Risk equation - verified answer(s)-✔✔Risk = Threat x Vulnerability x Consequence
5 Risk Responses - verified answer(s)-✔✔1. Design the risk out
2. Reduce the risk
3. Accept the risk
4. Transfer or share the risk
5. Redesign ineffective controls
What requires continuous operation, may not tolerate rebooting and may require certification
after any changes - verified answer(s)-✔✔IACS
What is Shodan? - verified answer(s)-✔✔Online service which has done a full port scan of the
entire IPv4 Internet
What is a regulation? - verified answer(s)-✔✔Mandatory rules to follow
What is a standard? - verified answer(s)-✔✔Standards are voluntary codes for which there
are no legal obligations to comply. Possibility of getting sued if negligent
Normative standard? - verified answer(s)-✔✔Normative elements are indicated by the use of
the words "shall" or "must"
Informative standard? - verified answer(s)-✔✔The informative
elements provide clarification or additional information like guidelines
What is ISA99? - verified answer(s)-✔✔Committee that makes standards across industries
, What are the 4 work product organization (Groups) of the ISA 62443 standards? - verified
answer(s)-✔✔1. General
2. Policies & Procedures
3. System
4. Component
Are TRs normative or informative? - verified answer(s)-✔✔Informative
ISA-62443-1-1 - verified answer(s)-✔✔Concepts and Models
ISA-62443-2-1 - verified answer(s)-✔✔Security program requirements for IACS asset owners
- verified answer(s)-✔✔
- verified answer(s)-✔✔
- verified answer(s)-✔✔
- verified answer(s)-✔✔
- verified answer(s)-✔✔
- verified answer(s)-✔✔
ISA-62443-3-3 - verified answer(s)-✔✔System security requirements and security levels
Exam IC32 Questions With Correct Answers
What does ISA-62443 1-1 Cover? - verified answer(s)-✔✔Basic Concepts and models related
to cybersecurity. The difference between IT and IACS, Defense-in-Depth and Security zones
and conduits.
The difference between IT and IACS - verified answer(s)-✔✔IACS Cybersecurity has to address
issues of health, safety and environment (HSE).
IT - Confidentiality - Integrity - Availability.
IACS - Availability - Integrity - Confidentiality.
With IACS there are lives on the line - downtime/rebooting not acceptable.
COTS - verified answer(s)-✔✔Commercial off the shelf
Defence in Depth - verified answer(s)-✔✔Layered Security (order doesn't matter this is
example):
Physical Security
Policies and Procedures
Zones & Conduits
Malware Prevention
Access Controls
Monitoring & Detection
Patching
,Risk equation - verified answer(s)-✔✔Risk = Threat x Vulnerability x Consequence
5 Risk Responses - verified answer(s)-✔✔1. Design the risk out
2. Reduce the risk
3. Accept the risk
4. Transfer or share the risk
5. Redesign ineffective controls
What requires continuous operation, may not tolerate rebooting and may require certification
after any changes - verified answer(s)-✔✔IACS
What is Shodan? - verified answer(s)-✔✔Online service which has done a full port scan of the
entire IPv4 Internet
What is a regulation? - verified answer(s)-✔✔Mandatory rules to follow
What is a standard? - verified answer(s)-✔✔Standards are voluntary codes for which there
are no legal obligations to comply. Possibility of getting sued if negligent
Normative standard? - verified answer(s)-✔✔Normative elements are indicated by the use of
the words "shall" or "must"
Informative standard? - verified answer(s)-✔✔The informative
elements provide clarification or additional information like guidelines
What is ISA99? - verified answer(s)-✔✔Committee that makes standards across industries
, What are the 4 work product organization (Groups) of the ISA 62443 standards? - verified
answer(s)-✔✔1. General
2. Policies & Procedures
3. System
4. Component
Are TRs normative or informative? - verified answer(s)-✔✔Informative
ISA-62443-1-1 - verified answer(s)-✔✔Concepts and Models
ISA-62443-2-1 - verified answer(s)-✔✔Security program requirements for IACS asset owners
- verified answer(s)-✔✔
- verified answer(s)-✔✔
- verified answer(s)-✔✔
- verified answer(s)-✔✔
- verified answer(s)-✔✔
- verified answer(s)-✔✔
ISA-62443-3-3 - verified answer(s)-✔✔System security requirements and security levels
