IC32 - Pre-Instructional Survey

1. What is the primary function of a firewall?

a. Block all internet traffic

b. Detect network intrusions
c. Filters network traffic
d. Authenticate users

2. Inter-network connection device that restricts data communication traffic between two
connected networks is called a(n) .

a. IDS
b. Firewall
c. Router
d. Anti-virus software

3. A robust and enterprise-wide awareness and training program is paramount

a. to protecting the IACS from different Threat Actors

b. to ensuring that all risks are mitigated
c. to ensuring that people understand their IT (and OT) security
responsibilities, organizational policies, and how to properly use and
protect the IT (and OT) resources entrusted to them
d. to optimizing the IDS with the latest signatures

4. Implementation of policy involves

a. Creating appropriate and cost-effective policy

b. Communicating the policy to the organization
b. Training personnel in the organization
c. all of the above

5. Which port is used by MODBUS TCP?

a. Not defined
b. Depends on the Operating System
c. TCP port 502
d. TCP port 520

©ISA, IC32 (v5.01)

 IC32 - Pre-Instructional Survey

6. What are the three main phases of the IACS Cybersecurity Lifecycle?

a. Assess, Develop & Mitigate, Maintain

b. Design, Implement, Maintain
c. Assess, Develop & Implement, Maintain
d. Design, Mitigate, Maintain

7. Which of the following is the correct risk equation?

a. Risk = Threat x Asset x Consequence

b. Risk = Threat x Vulnerability x Cost
c. Risk = Threat Agent x Threat x Vulnerability
d. Risk = Threat x Vulnerability x Consequence

8. The desired level of security for a system is known as?

a. Target Security Level

b. Achieved Security Level
c. Capability Security Level
d. Protection Level

9. An unscheduled activity such as a security incident exposing unknown risk may

trigger ?

a. a n i m m e d i a t e c a l l to the police
b. a r eview of the CSMS
c. hardening of all OT equipment
d. a recalculation of the CRRF

10. An Intrusion Detection System (IDS) is an example of what method of treating risk?

a. Detect
b. Deter
c. Defend
d. Defeat

©ISA, IC32 (v5.01)

 IC32 - Pre-Instructional Survey
11. Security service system that monitors and analyzes system events for the purpose of
finding, and providing real-time or near real-time warning of attempts to access system
resources in an unauthorized manner is called a(n) .

a. IDS
b. Firewall
c. Router
d. Anti-virus software

12. What is the name of the firewall feature that analyzes protocols at the application
layer to identify malicious or malformed packets?

a. Stateful inspection
b. Deep packet inspection
c. Packet filter
d. Layer 3 check

13. A three-tier network segmentation design that prevents direct communication between
the enterprise network and the process control network by creating a buffer is also
known as a(n) .

a. Zones and conduits

b. Perimeter firewall
c. ICS firewall
d. DMZ

14. Which of the following are the main elements of the NIST CSF Framework?

a. Identify, Protect, Detect, Respond, Rephrase

b. Identify, Protect, Defend, Detect, Respond
c. Identify, Protect, Detect, Remediate, Recover
d. Identify, Protect, Detect, Respond, Recover

15. What are the main types of intrusion detection systems?

a. Perimeter Intrusion Detection & Network Intrusion Detection

b. Host Intrusion Detection & Network Intrusion Detection
c. Host Intrusion Detection & Intrusion Prevention Systems
d. Intrusion Prevention & Network Intrusion Detection

©ISA, IC32 (v5.01)

 16. What is the desired outcome of the Initiate a CSMS program activity?
a. Conceptual diagrams that show how an AD forest can be attacked
b. Obtain leadership commitment, support, and funding
c. Identify software agents used by threat agents to propagate attacks
d. Conduct periodic IACS conformance audits

17. Which of the following is NOT a network device hardening best practice?
a. Install latest firmware updates
b. Shut down unused physical interfaces
c. Enable logging, collect logs (e.g. Syslog) and review regularly
d. Use Telnet for remote management

18. Which of the following is an example of dual-factor authentication?

a. Username and password

b. Digital certificate and smart card
c. Fingerprint and retinal signature
d. Fingerprint and smart card

19. A network that uses a public telecommunication infrastructure such as the Internet to
provide remote networks or computers with secure access to another network is known as
a .

a. VLAN
b. VSAT
c. VPN
d. VNC

20. If a virus shuts down an industrial network by overloading the Ethernet switches
which basic information security property is affected?

a. Integrity
b. Confidentiality
c. Availability
d. Reliability

2022, ISA
IC32 v5.0
 IC32 - Post-Instructional Survey

1) Which three basic properties are the building blocks of cyber security?

a) Authorization, Identification, and Integrity (AII)

b) Confidentiality, Integrity and Availability (CIA)
c) Authorization, Reliability and Integrity (ARI)
d) Confidentiality, Integrity and Authorization (CIA)

2) What is the biggest security problem if business networks connect directly to industrial control
systems?

a) Too many business users requesting data will slow control system operation to a crawl,
endangering the security of processes.
b) Unauthorized business users, outsiders and malware can penetrate critical industrial control
systems and upset critical processes.
c) Production workers will change data in business systems given the opportunity
d) Cybersecurity insurance will increase in cost

3) “Countermeasures” in cyber security are measures taken to:

a) Eliminate system penetration by outsiders

b) Confuse perimeter intrusion detectors
c) Reduce the system’s risk of loss from vulnerabilities and threats
d) Eliminate the risk of an inside attacker taking over a computer network

4) Why would a company issue security policies for industrial networks?

a) To let outside intruders know the consequences of their actions.

b) To clearly establish which department “owns” the network
c) To guide a company’s cybersecurity department on how to catch security violations.
d) To communicate the responsibilities of users, management, IT staff for company security.

5) A key factor for the success of a cyber security program is:

a) Security policy, objectives and activities that reflect business rationale and objectives.
b) Strict rules that forbid interconnection of control system to business systems.
c) The latest in security technologies.
d) The latest in hardware technologies.

ISA, IC32 (v5.01)

 IC32 - Post-Instructional Survey

6) One-way safety is different from security in industrial plants is that:

a) Safety considers the effects of malicious actions, not just the causes.
b) The field of safety encompasses the field of security.
c) Safety concerns itself with human error and the natural causes of accidents, while security
may involve malicious behavior.
d) Safety concerns itself with malicious behavior, while security may involve human error and the
natural causes of accidents.

7) Which of the following documents are IT Security standards?

a) IEC 61850
b) ISO 27001:2013
c) ISA 95
d) ISA 84

8) Which of the following are control system security standards?

a) COBIT 5
b) ISO/IEC 15408:2009
c) ISA/IEC 62443
d) ISO 27001:2013

9) The standard ISA 62443-2-1 belongs in which tier/group of the ISA 99 committee work
products?

a) Component
b) System
c) General
d) Policies & Procedures

10) Which of the following is NOT generally considerered to be a requirement of industrial control
systems?

a) Real-time performance
b) High availability
c) Frequent updates
d) HSE considerations

ISA, IC32 (v5.01)

 IC32 - Post-Instructional Survey
11) Which formula is correct?

a) Risk = Threat x Asset x Consequence

b) Risk = Threat x Vulnerability x Cost
c) Risk = Threat x Likelihood x Vulnerability
d) Risk = Threat x Vulnerability x Consequence

12) Which of the following would NOT be considered a countermeasure?

a) Replay
b) Access Controls
c) Encryption
d) Intrusion Detection

13) A logical grouping of physical, informational, and application assets sharing common security
requirements is called a(n) __________________

a) Security model
b) Asset model
c) Conduit
d) Zone

14) Which of the following is Layer 4 in the ISO OSI/Reference Model?

a) Session
b) Network
c) Transport
d) Data

15) ISA/IEC 62443-2-1 is ?

a) a standard that defines requirements for an IACS risk management system

b) a guideline for setting up an OT security reference architecture
c) a standard that defines requirements for an IACS security management system
d) an IT standard that defines requirements for an ISMS

ISA, IC32 (v5.01)

 IC32 - Post-Instructional Survey
16) TCP is a ___________ protocol

a) Layer 4
b) Layer 3
c) Send and forget
d) Layer 7

17) “Protection against intentional violation using sophisticated means with moderate resources,
IACS specific skills and moderate motivation” refers to ?

a) SL 5
b) SL 2
c) SL 4
d) SL 3

18) What is Microsoft’s normal scheduled release day for security patches?

a) When critical patches available

b) The first Monday of the month
c) The first Friday of the month
d) The second Tuesday of the month

19) What is the purpose of Windows Server Update Services (WSUS)?

a) Deploy the latest Microsoft Hyper-V product updates

b) Distribution of Microsoft Software Update Services
c) Deploy the latest Microsoft product updates and hotfixes
d) Distribution of Windows Software Unified Server

20) What is the primary function of a firewall?

a) Block all internet traffic

b) Detect network intrusions
c) Filters network traffic
d) Authenticate users

ISA, IC32 (v5.01)

 IC32 - Post-Instructional Survey
21) What is the first step in the High-Level Risk Assessment?

a) Identify Threats
b) Identify Critical Assets and Consequences
c) Define Methodology for Identifying Risks
d) Analyze Threats

22) What is the desired outcome of the Initiate a CSMS program activity?

a) Conceptual diagrams that show how an AD forest can be attacked

b) Obtain leadership commitment, support, and funding
c) Identify software agents used by threat agents to propagate attacks
d) Select and implement countermeasures

23) Which organization bridges the gap between 62443 standards and their implementation?

a) National Institute of Standards and Technology (NIST)

b) International Electrotechnical Commission (IEC)
c) European Union Agency for Network and Information Security (ENISA)
d) ISA Security Compliance Institute (ISCI)

24) System Robustness Testing includes which of the following?

a) Fuzz testing
b) Network traffic load testing
c) Vulnerability scanning
d) All the above

25) What are the three main phases of the ISA/IEC 62443 Cybersecurity Lifecycle?

a) Assess, Develop and Implement, Maintain

b) Assess, Integrate, Maintain
c) Analyze, Develop and Implement, Maintain
d) Analyze, Integrate, Maintain

ISA, IC32 (v5.01)