Module 6: Vulnerabilities

Module 6 Assessment


Indicate whether the statement is true or false.

____ 1. Security testing on SCADA systems, if not performed correctly, can disrupt operations.


Multiple Choice

Identify the choice that best completes the statement or answers the question.

____ 2. Which of the following is not a main category of SCADA systems?

a. Legacy/Proprietary c. Legacy/Common
b. Modern/Common d. Modern/Proprietary


____ 3. Which of the following tests attempts to actually exploit weaknesses in the system?

a. Vulnerability assessment c. Risk assessment
b. Penetration test d. Regression testing


____ 4. Which of the following is not a vulnerability associated with a control system?

a. Discovery of unique numbers (point reference numbers) in use c. Legacy systems that have not been updated
b. Wireless access points that do not provide authentication to the network d. All are vulnerabilities



Match the following assessment tools with their descriptions.

A. CSET D. Wireshark
B. Nessus E. Snort
C. Packet sniffer F. Nmap/netstat

____ 5. Popular vulnerability scanner

____ 6. An intrustion detection system

____ 7. Used to identify open TCP/UDP ports

____ 8. DHS tool used to assess an ICS’s security posture

____ 9. Packet sniffing tool

____ 10. Generic term for a tool used to examine network communications




For the answers to these questions, email your name, the name of your college or other institution, and your position there to CyberWatch West will email you a copy of the answer key.


Icon for the Creative Commons Attribution 4.0 International License

Critical Infrastructure Cybersecurity by Whatcom Community College and CyberWatch West is licensed under a Creative Commons Attribution 4.0 International License, except where otherwise noted.

Share This Book