Module 6: Vulnerabilities
Assessment
True/False
Indicate whether the statement is true or false.
____ 1. Security testing on SCADA systems, if not performed correctly, can disrupt operations.
Multiple Choice
Identify the choice that best completes the statement or answers the question.
____ 2. Which of the following is not a main category of SCADA system?
- a. Legacy/Proprietary
- b. Modern/Commond.
- c. Legacy/Common
- d. Modern/Proprietary
____ 3. Which of the following tests attempts to actually exploit weaknesses in the system?
- a. Vulnerability assessment
- b. Penetration test
- c. Risk assessment
- d. Regression testing
____ 4. Which of the following is not a vulnerability associated with a control system?
- a. Discovery of unique numbers (point reference numbers) in use
- b. Wireless access points that do not provide authentication to the network
- c. Legacy systems that have not been updated
- d. All are vulnerabilities
Matching
Match the following assessment tools with their descriptions.
- a. CSET
- b. Nessuse
- c.Packet sniffer
- d. Wireshark
- e. Snort
- f. nmap/netstat
____ 5. Popular vulnerability scanner
____ 6. An intrusion detection system
____ 7. Used to identify open TCP/UDP ports
____ 8. DHS tool used to assess an ICS’ security posture
____ 9. Packet sniffing tool
____ 10. Generic term for a tool used to examine network communications
Short Answer
- Describe how an attacker can gain control of a SCADA system.