Module 6: Vulnerabilities

Assessment

True/False

Indicate whether the statement is true or false.

 

____ 1. Security testing on SCADA systems, if not performed correctly, can disrupt operations.

Multiple Choice

Identify the choice that best completes the statement or answers the question.

 

____ 2. Which of the following is not a main category of SCADA system?

  • a. Legacy/Proprietary
  • b. Modern/Commond.
  • c. Legacy/Common
  • d. Modern/Proprietary

 

____ 3. Which of the following tests attempts to actually exploit weaknesses in the system?

  • a. Vulnerability assessment
  • b. Penetration test
  • c. Risk assessment
  • d. Regression testing

 

____ 4. Which of the following is not a vulnerability associated with a control system?

  • a. Discovery of unique numbers (point reference numbers) in use
  • b. Wireless access points that do not provide authentication to the network
  • c. Legacy systems that have not been updated
  • d. All are vulnerabilities

Matching

Match the following assessment tools with their descriptions.

  • a. CSET
  • b. Nessuse
  • c.Packet sniffer
  • d. Wireshark
  • e. Snort
  • f. nmap/netstat

 

____ 5. Popular vulnerability scanner

 

____ 6. An intrusion detection system

 

____ 7. Used to identify open TCP/UDP ports

 

____ 8. DHS tool used to assess an ICS’ security posture

 

____ 9. Packet sniffing tool

 

____ 10. Generic term for a tool used to examine network communications

Short Answer

  1. Describe how an attacker can gain control of a SCADA system.

License

Icon for the Creative Commons Attribution 4.0 International License

Critical Infrastructure Systems by NCyTE Center is licensed under a Creative Commons Attribution 4.0 International License, except where otherwise noted.

Share This Book