Module 6: Vulnerabilities
Indicate whether the statement is true or false.
____ 1. Security testing on SCADA systems, if not performed correctly, can disrupt operations.
Identify the choice that best completes the statement or answers the question.
____ 2. Which of the following is not a main category of SCADA systems?
|a. Legacy/Proprietary||c. Legacy/Common|
|b. Modern/Common||d. Modern/Proprietary|
____ 3. Which of the following tests attempts to actually exploit weaknesses in the system?
|a. Vulnerability assessment||c. Risk assessment|
|b. Penetration test||d. Regression testing|
____ 4. Which of the following is not a vulnerability associated with a control system?
|a. Discovery of unique numbers (point reference numbers) in use||c. Legacy systems that have not been updated|
|b. Wireless access points that do not provide authentication to the network||d. All are vulnerabilities|
Match the following assessment tools with their descriptions.
|A. CSET||D. Wireshark|
|B. Nessus||E. Snort|
|C. Packet sniffer||F. Nmap/netstat|
____ 5. Popular vulnerability scanner
____ 6. An intrustion detection system
____ 7. Used to identify open TCP/UDP ports
____ 8. DHS tool used to assess an ICS’s security posture
____ 9. Packet sniffing tool
____ 10. Generic term for a tool used to examine network communications
For the answers to these questions, email your name, the name of your college or other institution, and your position there to email@example.com. CyberWatch West will email you a copy of the answer key.