IC 613: Cyber Security in Industrial Automation

Date of Exam: Nov 04, 2020

Maximum Marks: 70
Each question right answer: 2 points, wrong answer: -1 point
Duration: 20 minutes, Open Book
Weightage for total course: 15%

Question 1: Sub-net mask 255.255.0.0 belongs to which class?

1. A

2. B

3. C

4. D

Question 2: Which of the following statement is true about OSI model?

1. It has 4 layers.

2. It is a software written by International Organization for Standardization (ISO)

3. Data is encapsulated and moved to lower layer and de-encapsulated and moved to upper layer.

4. Data is de-encapsulated and moved to lower layer and encapsulated and moved to upper layer.

Question 3 : Which of the following is not an automation and control communication protocol?

1. Modbus

2. CANbus

3. LANbus

4. Profibus

Question 4 : Which of the following statement is true about Modbus?

1. It implements information modeling

2. It transmits raw bits/words

 3. It has inbuilt security

4. Both 1 and 2

Question 5 : Which of the following is not a OPC specification?

1. OPC-HDA

2. OPC-HA

3. OPC-DA

4. OPC-AE

Question 6 : Which of the following is not a OPC-UA feature?

1. Integrated security

2. Multi-platform compatibility

3. Scalable

4. Deterministic

Question 7 : Which underlying protocol does Controller Area Network protocol use?

1. Carrier Sense Multiple Access with Collision Detection CSMA/CD

2. Carrier Sense Multiple Access with Collision Avoidance CSMA/CA

3. P-Persistent Carrier Sense Multiple Access

4. Non-Persistent Carrier Sense Multiple Access

Question 8 : Ethernet/IP is a ?

1. Network Layer Protocol

2. Transport Layer Protocol

3. Application Layer Protocol

4. Data Link Layer Protocol

Question 9 : Which of the following Modbus data types have read and write access?

1. Coils and Holding Registers

2. Discrete Input and Input Registers

3. Coils Only

4. Discrete Input Only

Question 10 : Which of the following is not a OPC-UA built-in type?

1. Boolean

2. String

3. DateTime

4. Register

Question 11: what is CIA triad ?

1. Confidentiality, Integrity, Availability.

2. Confidentiality, Integrity, Accountability.

3. Configuration, Initialization, Accountability.

4. Configuration, Integrity, Authentication.

Question 12: Authentication and Authorization are?

1. Authentication is confirming the identity of person who claims to be and authorization is

allowing the person to perform allowed jobs.

2. Authentication is allowing the person to perform given jobs and authorization is identifying
the person.

3. Authentication is confidentiality and authorization is integrity.

4. Authentication is integrity and authorization is confidentiality.

Question 13: Control types are:

1. Confidentiality control, Detective control, Directive control, Predictive control

 2. Configuration control, Detective control, Deterministic control, Predictive control

3. Comprehensive control, Detective control, Deterrent control, Preventive control

4. Corrective control, Detective control, Deterrent control, Preventive control

Question 14: Complete Mediation is:

1. the entity must go through a valid authorization process that can be circumvented

2. the entity must go through a valid authorization process that cannot be circumvented

3. the entity need not go through a valid authorization process that cannot be circumvented

4. the entity must go through a valid authentication process that cannot be circumvented

Question 15: Which one is the topmost in the hierarchy:

1. Guidelines

2. Procedures

3. Policies

4. Standards

Question 16: Dumpster Diving is

1. an individual sorts through office material in a file called dumpster

2. an individual sorts through discarded material in a dumpster

3. an individual with role dumpster sorts through discarded material

4. it’s a rescue operation

Question 17: Packet filtering firewall works at:

1. Network layer

2. Application layer

3. Data link Layer

4. Transport layer
Question 18: What is the minimum number of cryptographic keys required for secure two way
communication in Symmetric Key Cryptography?

1. One

2. Two

3. Three

4. Four

Question 19: How many keys are required to fully implement a symmetric algorithm with 10
participants?

1. 10

2. 20

3. 45

4. 100

Question 20: What cannot be achieved through Secret / Symmetric key cryptography ?

1. Non Repudiation

2. Confidentiality

3. Integrity

4. Key Distribution

Question 21 : How many encryption keys are required to fully implement an asymmetric algorithm with
10 participants?

1. 10

2. 20

3. 30

4. 100

Question 22: Richard received an encrypted message sent to him from Sue. Which key should he use to
decrypt the message?

1. Richard’s public key

2. Richard’s private key

 3. Sue’s public key

4. Sue’s private key

Question 23: An attack that overloads the resources of a computing system is an attack against which of
the following?

1. Integrity

2. Availability

3. Confidentiality

4. Authentication

Question 24: Which of the following items refers to the act of verifying a user’s identity and confirming
that the user is who he or she professes to be?

1. Authentication

2. Authorization

3. Registration

4. Accountability

Question 25: A security control that minimizes the effect of an attack and the degree of resulting
damage is known as which type of control?

1. Corrective

2. Preventive

3. Deterrent

4. Detective

Question 26: The act of establishing numerous layers of protection wherein a subsequent layer will
provide protection if a previous layer is breached is known as which of the following?

1. Defense in depth

2. Complete mediation

3. Least privilege

4. Open design

Question 27 : A VPN that provides secure communications over a public network

between two trusted networks is known as which of the following?

1. Host-to-host

2. Gateway-to-gateway

3. Host-to-gateway

4. Host-to-demilitarized zone

Question 28: In a typical hierarchal Industrial Control System Structure the top most layer is:

1. Plantwide Operations and Control

2. Enterprise Integration
3. Basic Control System
4. Process

Question 29: For a geographically wide control system framework is normally called:
1. Distributed Control System
2. Wide Area Control system
3. Supervisory Control and Data Acquisition
4. Distributed Programmable Logic Control System

Question 30: Industrial Control System priorities in ascending order are:

1. Safety, Availability, Integrity, confidentiality

2. Confidentiality, Integrity, Availability, Safety
3. Integrity, Safety, Availability, Confidentiality
4. Confidentiality, Integrity, Availability, Safety

Question 31: SIL -2 typically deals to handle following qualitative consequence:

1. Potential for minor on-site injuries

2. Potential for major on-site injuries or a fatality
3. Potential for major on-site fatalities
4. Potential for fatalities in the community

Question 32: Safety Instrumented Systems help risk reduction factor by:
1. Estimating probability of failure of control hardware on demand
2. Estimating probability of failure of the complete control system
3. Estimating probability of failure of meeting the performance objective function of a control
system
4. All of the above
Question 33: Open Safety protocol Verifies data using Cyclic Redundancy Check (CRC) and:

1. Message Encapsulation
2. Message Authentication
3. Message Authorization
4. Message Authentication and Authorization

Question 34: Radio, GSM, satellite communication is typically found in:

1. SCADA systems
2. Distributed Control Systems
3. Safety Control Systems
4. All of the above

Question 35: Which one of the following items is NOT a component of a classical
SCADA system model:

1. Human-machine interface (HMI)

2. Remote terminal unit (RTU)
3. Enterprise resource planning (ERP)
4. Programmable logic controller (PLC)