6.5: Assessment
True/False
Indicate whether the statement is true or false.
____ 1. Security testing on SCADA systems, if not performed correctly, can disrupt operations.
Multiple Choice
Identify the choice that best completes the statement or answers the question.
____ 2. Which of the following is not a main category of SCADA systems?
| a. Legacy/Proprietary | c. Legacy/Common |
| b. Modern/Common | d. Modern/Proprietary |
____ 3. Which of the following tests attempts to actually exploit weaknesses in the system?
| a. Vulnerability assessment | c. Risk assessment |
| b. Penetration test | d. Regression testing |
____ 4. Which of the following is not a vulnerability associated with a control system?
| a. Discovery of unique numbers (point reference numbers) in use | c. Legacy systems that have not been updated |
| b. Wireless access points that do not provide authentication to the network | d. All are vulnerabilities |
Matching
Match the following assessment tools with their descriptions.
| A. CSET | D. Wireshark |
| B. Nessus | E. Snort |
| C. Packet sniffer | F. Nmap/netstat |
____ 5. Popular vulnerability scanner
____ 6. An intrustion detection system
____ 7. Used to identify open TCP/UDP ports
____ 8. DHS tool used to assess an ICS’s security posture
____ 9. Packet sniffing tool
____ 10. Generic term for a tool used to examine network communications
For the answers to these questions, email your name, the name of your college or other institution, and your position there to info@cyberwatchwest.org . CyberWatch West will email you a copy of the answer key.