• Home
  • Articles
  • [Dec 28, 2024] Pass Network Security ICS-SCADA Exam With 77 Questions [Q19-Q40]

[Dec 28, 2024] Pass Network Security ICS-SCADA Exam With 77 Questions [Q19-Q40]

Share

[Dec 28, 2024] Pass Network Security ICS-SCADA Exam With 77 Questions

Ultimate Guide to Prepare Free Fortinet ICS-SCADA Exam Questions and Answer

NEW QUESTION # 19
Which of the following is the stance that by default has a default deny approach?

  • A. Promiscuous
  • B. Paranoid
  • C. Prudent
  • D. Permissive

Answer: B

Explanation:
In the context of network security policies, a "Paranoid" stance typically means adopting a default-deny posture. This security approach is one of the most restrictive, where all access is blocked unless explicitly allowed.
A default deny strategy is considered best practice for securing highly sensitive environments, as it minimizes the risk of unauthorized access and reduces the attack surface.
This approach contrasts with more open stances such as Permissive or Promiscuous, which are less restrictive and generally allow more traffic by default.
Reference
"Network Security: Policies and Guidelines for Effective Network Management," by Jonathan Gossels.
"Best Practices for Implementing a Security Awareness Program," by Kaspersky Lab.


NEW QUESTION # 20
Which of the following are not a part of the temporal score in the CVSS? (Select all that apply.)

  • A. User Interaction
  • B. Reporting Confidence
  • C. Remediation Level
  • D. Attack Vector

Answer: A,D

Explanation:
The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity.
The temporal score in CVSS adjusts the base score of a vulnerability based on factors that change over time, such as the availability of exploits or the existence of patches.
The temporal score includes:
Remediation Level
Report Confidence
Attack Vector and User Interaction are part of the base score, not the temporal score, as they describe the fundamental characteristics of the vulnerability and do not typically change over time.
Reference
Common Vulnerability Scoring System v3.1: Specification Document.
"Understanding CVSS," by FIRST (Forum of Incident Response and Security Teams).


NEW QUESTION # 21
Which of the following can be used to view entire copies of web sites?

  • A. Google Cache
  • B. Netcraft
  • C. Bing offline
  • D. Wayback machine

Answer: D

Explanation:
The Wayback Machine is an internet service provided by the Internet Archive that allows users to see archived versions of web pages across time, enabling them to browse past versions of a website as it appeared on specific dates.
It captures and stores snapshots of web pages, making it an invaluable tool for accessing the historical state of a website or recovering content that has since been changed or deleted.
Other options like Google Cache may also show snapshots of web pages, but the Wayback Machine is dedicated to this purpose and holds a vast archive of historical web data.
Reference
Internet Archive: https://archive.org
"Using the Wayback Machine," Internet Archive Help Center.


NEW QUESTION # 22
Which of the ICS/SCADA generations is considered networked?

  • A. Third
  • B. First
  • C. Second
  • D. Fourth

Answer: A

Explanation:
Industrial Control Systems (ICS) have evolved through several generations, each characterized by different technological capabilities and integration levels.
The third generation of ICS/SCADA systems is considered networked. This generation incorporates more advanced digital and networking technologies, allowing for broader connectivity and communication across different systems and components within industrial environments.
Third-generation SCADA systems are often characterized by their use of standard communication protocols and networked solutions, improving interoperability and control but also increasing the attack surface for potential cyber threats.
Reference
"Evolution of Industrial Control Systems and Cybersecurity Implications," IEEE Transactions on Industry Applications.
"Network Security for Industrial Control Systems," by Department of Homeland Security.


NEW QUESTION # 23
What share does the WannaCry ransomware use to connect with the target?

  • A. $Admin
  • B. $C
  • C. $IPC
  • D. $SPOOL

Answer: C

Explanation:
The WannaCry ransomware utilizes the $IPC (Inter-Process Communication) share to connect with and infect target machines. This hidden network share supports the operation of named pipes, which facilitates the communication necessary for WannaCry to execute its payload across networks.
Reference:
CISA Analysis Report, "WannaCry Ransomware".
WannaCry ransomware uses the SMB (Server Message Block) protocol to propagate through networks and connect to target systems. Specifically, it exploits a vulnerability in SMBv1, known as EternalBlue (MS17-010).
IPC Share: The $IPC (Inter-Process Communication) share is a hidden administrative share used for inter-process communication. WannaCry uses this share to gain access to other machines on the network.
SMB Exploitation: By exploiting the SMB vulnerability, WannaCry can establish a connection to the $IPC share, allowing it to execute the payload on the target machine.
Propagation: Once connected, it deploys the DoublePulsar backdoor and then spreads the ransomware payload.
Given these details, the correct answer is $IPC.
Reference
"WannaCry Ransomware Attack," Wikipedia, WannaCry.
"MS17-010: Security Update for Windows SMB Server," Microsoft, MS17-010.


NEW QUESTION # 24
Which of the following is NOT an exploit tool?

  • A. Canvas
  • B. Metasploit
  • C. Nessus
  • D. Core Impact

Answer: C

Explanation:
Among the options listed, Nessus is primarily a vulnerability assessment tool, not an exploit tool. It is used to scan systems, networks, and applications to identify vulnerabilities but does not exploit them. On the other hand, Canvas, Core Impact, and Metasploit are exploit tools designed to actually perform attacks (safely and legally) to demonstrate the impact of vulnerabilities.
Reference:
Tenable, Inc., "Nessus FAQs".


NEW QUESTION # 25
What step of the malware infection installs the malware on the target?

  • A. Drive-by
  • B. Init
  • C. Dropper
  • D. Stager

Answer: C

Explanation:
The term "Dropper" in cybersecurity refers to a small piece of software used in malware deployment that is designed to install or "drop" malware (like viruses, ransomware, spyware) onto the target system.
The Dropper itself is not typically malicious in behavior; however, it is used as a vehicle to install malware that will perform malicious activities without detection.
During the infection process, the Dropper is usually the first executable that runs on a system. It then unpacks or downloads additional malicious components onto the system.
Reference
Common Malware Enumeration (CME): http://cme.mitre.org
Microsoft Malware Protection Center: https://www.microsoft.com/en-us/wdsi


NEW QUESTION # 26
At what layer does a switch normally operate?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: D

Explanation:
A network switch typically operates at Layer 2 of the OSI model, which is the Data Link layer. This layer is responsible for node-to-node data transfer-a function that involves handling data frames between physical devices on the same network or link. The switch uses MAC addresses to forward data to the appropriate destination within the network.
Reference:
Andrew S. Tanenbaum, "Computer Networks".


NEW QUESTION # 27
Which mode within IPsec provides a secure connection tunnel between two endpoints AND protects the sender and the receiver?

  • A. Tunnel
  • B. Covered
  • C. Protected
  • D. Transport

Answer: A

Explanation:
IPsec (Internet Protocol Security) has two modes: Transport mode and Tunnel mode.
Tunnel mode is used to create a secure connection tunnel between two endpoints (e.g., two gateways, or a client and a gateway) and it encapsulates the entire IP packet.
This mode not only protects the payload but also the header information of the original IP packet, thereby providing a higher level of security compared to Transport mode, which only protects the payload.
Reference
Kent, S. and Seo, K., "Security Architecture for the Internet Protocol," RFC 4301, December 2005.
"IPsec Services," Microsoft TechNet.


NEW QUESTION # 28
Which of the following components is not part of the Authentication Header (AH)?

  • A. Authentication
  • B. Confidentiality
  • C. Replay
  • D. Integrity

Answer: B

Explanation:
The Authentication Header (AH) is a component of the IPsec protocol suite that provides authentication and integrity to the communications. AH ensures that the contents of the communications have not been altered in transit (integrity) and verifies the sending and receiving parties (authentication). However, AH does not provide confidentiality, which would involve encrypting the payload data. Confidentiality is provided by the Encapsulating Security Payload (ESP), another component of IPsec.
Reference:
RFC 4302, "IP Authentication Header".


NEW QUESTION # 29
What is the size in bytes of the TCP sequence number in the header?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: D

Explanation:
In the Transmission Control Protocol (TCP) header, the sequence number field is crucial for ensuring the correct sequencing of the packets sent over a network.
The sequence number field in the TCP header is 32 bits long, which equates to 4 bytes.
This sequence number is used to keep track of the bytes in a sequence that are transferred over a TCP connection, ensuring that packets are arranged in the correct order and data integrity is maintained during transmission.
Reference
Postel, J., "Transmission Control Protocol," RFC 793, September 1981.
"TCP/IP Guide," Kozierok, C. M., 2005.


NEW QUESTION # 30
The NIST SP 800-53 defines how many management controls?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: D

Explanation:
NIST SP 800-53 is a publication that provides a catalog of security and privacy controls for federal information systems and organizations and promotes the development of secure and resilient federal information and information systems.
According to the NIST SP 800-53 Rev. 5, the framework defines a comprehensive set of controls, which are divided into different families. Among these families, there are specifically nine families categorized under management controls. These include categories such as risk assessment, security planning, program management, and others.
Reference
"NIST Special Publication 800-53 (Rev. 5) Security and Privacy Controls for Information Systems and Organizations." NIST website: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf


NEW QUESTION # 31
What is a vulnerability called that is released before a patch comes out?

  • A. Zero day
  • B. First
  • C. Pre-release
  • D. Initial

Answer: A

Explanation:
A vulnerability that is exploited before the vendor has issued a patch or even before the vulnerability is known to the vendor is referred to as a "zero-day" vulnerability. The term "zero-day" refers to the number of days the software vendor has had to address and patch the vulnerability since it was made public-zero, in this case.
Reference:
Symantec Security Response, "Zero Day Initiative".


NEW QUESTION # 32
What type of communication protocol does Modbus RTU use?

  • A. SSTP
  • B. ICMP
  • C. UDP
  • D. Serial

Answer: D

Explanation:
Modbus RTU (Remote Terminal Unit) is a communication protocol based on a master-slave architecture that uses serial communication. It is one of the earliest communication protocols developed for devices connected over serial lines. Modbus RTU packets are transmitted in a binary format over serial lines such as RS-485 or RS-232.
Reference:
Modbus Organization, "MODBUS over Serial Line Specification and Implementation Guide V1.02".


NEW QUESTION # 33
Which of the registrars contains the information for the domain owners in South America?

  • A. AFRINIC
  • B. LACNIC
  • C. ARIN
  • D. RIPENCC

Answer: B

Explanation:
LACNIC (Latin American and Caribbean Network Information Centre) is the regional Internet registry for Latin America and parts of the Caribbean. It manages the allocation and registration of Internet number resources (such as IP addresses and AS numbers) within this region and maintains the registry of domain owners in South America.
Reference:
LACNIC official website, "About LACNIC".


NEW QUESTION # 34
What does the SPI within IPsec identify?

  • A. Decryption algorithm
  • B. All of these
  • C. Key Exchange
  • D. Security Association

Answer: D

Explanation:
Within IPsec, the SPI (Security Parameter Index) is a critical component that uniquely identifies a Security Association (SA) for the IPsec session. The SPI is used in the IPsec headers to help the receiving party determine which SA has been agreed upon for processing the incoming packets. This identification is crucial for the proper operation and management of security policies applied to the encrypted data flows.
Reference:
RFC 4301, "Security Architecture for the Internet Protocol," which discusses the structure and use of the SPI in IPsec communications.


NEW QUESTION # 35
What is used in the Modbus protocol to tell the slave to read or write?

  • A. Function code
  • B. Unit ID
  • C. None of these
  • D. Slave command

Answer: A

Explanation:
In the Modbus protocol, the function code is used to tell the slave device what kind of action to perform, such as reading or writing data.
Modbus function codes specify the type of operation to be performed on the registers. For example, function code 03 is used to read holding registers, and function code 06 is used to write a single register.
Each function code is a single byte in size and is positioned at the start of the PDU (Protocol Data Unit) in the Modbus message structure, directly influencing how the slave interprets and executes the request.
Reference
"Modbus Application Protocol Specification V1.1b," Modbus Organization.
"The Modbus Protocol Explained," by Schneider Electric.


NEW QUESTION # 36
Which of the TCP flags represents data in the packet?

  • A. RST
  • B. FIN
  • C. PSH
  • D. ACK

Answer: C

Explanation:
The PSH (Push) flag in the TCP header instructs the receiving host to push the data to the receiving application immediately without waiting for the buffer to fill. This is used to ensure that data is not delayed, thus improving the efficiency of communication where real-time data processing is required. It effectively tells the system that the data in the packet should be considered urgent.
Reference:
Douglas E. Comer, "Internetworking with TCP/IP Vol.1: Principles, Protocols, and Architecture".


NEW QUESTION # 37
Which type of Intrusion Prevention System can monitor and validate encrypted data?

  • A. Anomaly
  • B. Memory
  • C. Network
  • D. Host

Answer: C

Explanation:
A Network Intrusion Prevention System (NIPS) is capable of monitoring and validating encrypted data if it is integrated with technologies that allow it to decrypt the traffic.
Typically, network IPS can be set up with SSL/TLS decryption capabilities to inspect encrypted data as it traverses the network. This allows the IPS to analyze the content of encrypted packets and apply security policies accordingly.
Monitoring encrypted traffic is critical in detecting hidden malware, unauthorized data exfiltration, and other security threats concealed within SSL/TLS encrypted sessions.
Reference
"Network Security Technologies and Solutions," by Yusuf Bhaiji, Cisco Press.
"Decrypting SSL/TLS Traffic with IPS," by Palo Alto Networks.


NEW QUESTION # 38
Which of the following steps is used to reveal the IP addressing?

  • A. Cover your tracks
  • B. Surveillance
  • C. Enumeration
  • D. Footprinting

Answer: C

Explanation:
Enumeration is a step in the information-gathering phase of a penetration test or cyber attack where an attacker actively engages with the target to extract detailed information, including IP addressing.
Enumeration: During enumeration, the attacker interacts with network services to gather information such as user accounts, network shares, and IP addresses.
Techniques: Common techniques include using tools like Nmap, Netcat, and Nessus to scan for open ports, services, and to identify the IP addresses in use.
Purpose: The goal is to map the network's structure, find potential entry points, and understand the layout of the target environment.
Because enumeration involves discovering detailed information including IP addresses, it is the correct answer.
Reference
"Enumeration in Ethical Hacking," GeeksforGeeks, Enumeration.
"Network Enumeration," Wikipedia, Network Enumeration.


NEW QUESTION # 39
The vulnerability that led to the WannaCry ransomware infections affected which protocol?

  • A. RPC
  • B. SMB
  • C. Samba
  • D. None of these

Answer: B

Explanation:
WannaCry is a ransomware attack that spread rapidly across multiple computer networks in May 2017.
The vulnerability exploited by the WannaCry ransomware was in the Microsoft Windows implementation of the Server Message Block (SMB) protocol.
Specifically, the exploit, known as EternalBlue, targeted a flaw in the SMBv1 protocol. This flaw allowed the ransomware to spread within corporate networks without any user interaction, making it one of the fastest-spreading and most harmful cyberattacks at the time.
Reference
Microsoft Security Bulletin MS17-010 - Critical: https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2017/ms17-010 National Vulnerability Database, CVE-2017-0144: https://nvd.nist.gov/vuln/detail/CVE-2017-0144


NEW QUESTION # 40
......

Pass ICS-SCADA Tests Engine pdf - All Free Dumps: https://examcollection.dumpsvalid.com/ICS-SCADA-brain-dumps.html

Related Articles

more
Fortinet ICS-SCADA Certification Practice Exam

Copyright © 2026 DumpsValid NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy