IEC 62443-IC33 Risk Assessment
Specialist Exam Questions and Answers
(Graded A)
What type of vulnerability assessment technique involves using exploit tools? -
ANSWER-Penetration Testing (Most Invasive)
Which vulnerability assessment provides feedback on performance in comparison to
industry peers? - ANSWER-Gap Assessment (High Level - Least invasive)
Which type of assessment may include reviewing document, system walk-thru, traffic
analysis, or ARP tables? - ANSWER-Passive Assessment
Vulnerability Assessment - ANSWER-Defines,
Identifies,
Classifies the security vulnerabilities
Penetration Testing - ANSWER-Exploits vulnerabilities
Which type of assessment uses tools to discover devices and vulnerabilities of the
IACS? - ANSWER-Active Assessment
What type of vulnerability assessment identifies the worst-case unmitigated risk that the
SuC presents to the organization? - ANSWER-Cyber Risk Assessment
Which gap assessment tool was created by the US DHS? - ANSWER-CSET
What type of tool is used to capture and display Ethernet communications? - ANSWER-
Packet Capture
A feature that sends a copy of a network from one or more switch ports to a special
monitoring port is called: - ANSWER-Port Mirroring
Which computer programs assess computers, computer systems, networks or
applications for weaknesses against databases of know vulnerabilities? - ANSWER-
Network Vulnerability Scanning Tools
Nessuss, Nexpose, and Retina are assessment tools used to discover: - ANSWER-
System Vulnerabilities
What is the entity that can manifest a threat? - ANSWER-Threat source
Specialist Exam Questions and Answers
(Graded A)
What type of vulnerability assessment technique involves using exploit tools? -
ANSWER-Penetration Testing (Most Invasive)
Which vulnerability assessment provides feedback on performance in comparison to
industry peers? - ANSWER-Gap Assessment (High Level - Least invasive)
Which type of assessment may include reviewing document, system walk-thru, traffic
analysis, or ARP tables? - ANSWER-Passive Assessment
Vulnerability Assessment - ANSWER-Defines,
Identifies,
Classifies the security vulnerabilities
Penetration Testing - ANSWER-Exploits vulnerabilities
Which type of assessment uses tools to discover devices and vulnerabilities of the
IACS? - ANSWER-Active Assessment
What type of vulnerability assessment identifies the worst-case unmitigated risk that the
SuC presents to the organization? - ANSWER-Cyber Risk Assessment
Which gap assessment tool was created by the US DHS? - ANSWER-CSET
What type of tool is used to capture and display Ethernet communications? - ANSWER-
Packet Capture
A feature that sends a copy of a network from one or more switch ports to a special
monitoring port is called: - ANSWER-Port Mirroring
Which computer programs assess computers, computer systems, networks or
applications for weaknesses against databases of know vulnerabilities? - ANSWER-
Network Vulnerability Scanning Tools
Nessuss, Nexpose, and Retina are assessment tools used to discover: - ANSWER-
System Vulnerabilities
What is the entity that can manifest a threat? - ANSWER-Threat source
