6.5: Assessment
- Page ID
- 4363
True/False
Indicate whether the statement is true or false.
____ 1. Security testing on SCADA systems, if not performed correctly, can disrupt operations.
Multiple Choice
Identify the choice that best completes the statement or answers the question.
____ 2. Which of the following is not a main category of SCADA systems?
a. Legacy/Proprietary | c. Legacy/Common |
b. Modern/Common | d. Modern/Proprietary |
____ 3. Which of the following tests attempts to actually exploit weaknesses in the system?
a. Vulnerability assessment | c. Risk assessment |
b. Penetration test | d. Regression testing |
____ 4. Which of the following is not a vulnerability associated with a control system?
a. Discovery of unique numbers (point reference numbers) in use | c. Legacy systems that have not been updated |
b. Wireless access points that do not provide authentication to the network | d. All are vulnerabilities |
Matching
Match the following assessment tools with their descriptions.
A. CSET | D. Wireshark |
B. Nessus | E. Snort |
C. Packet sniffer | F. Nmap/netstat |
____ 5. Popular vulnerability scanner
____ 6. An intrustion detection system
____ 7. Used to identify open TCP/UDP ports
____ 8. DHS tool used to assess an ICS’s security posture
____ 9. Packet sniffing tool
____ 10. Generic term for a tool used to examine network communications
For the answers to these questions, email your name, the name of your college or other institution, and your position there toinfo@cyberwatchwest.org. CyberWatch West will email you a copy of the answer key.