
[2024年10月31日] 最新ICS-SCADAのPDF問題集リアル無料テスト本日更新です
ICS-SCADA問題集には100%厳密検証された問題と解答で合格保証もしくは全額返金
質問 # 25
Which of the options in the netstat command show the routing table?
- A. s
- B. a
- C. c
- D. r
正解:D
解説:
The netstat command is a versatile networking tool used for various network-related information-gathering tasks, including displaying all network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.
The specific option -r with the netstat command is used to display the routing table.
This information is critical for troubleshooting network issues and understanding how data is routed through a network, identifying possible points of failure or security vulnerabilities.
Reference
"Linux Network Administrator's Guide," by O'Reilly Media.
Man pages for netstat in UNIX/Linux distributions.
質問 # 26
Which component of the IT Security Model is attacked with masquerade?
- A. Confidentiality
- B. Availability
- C. Authentication
- D. Integrity
正解:C
解説:
A masquerade attack involves an attacker pretending to be an authorized user of a system, thus compromising the authentication component of the IT security model. Authentication ensures that the individuals accessing the system are who they claim to be. By masquerading as a legitimate user, an attacker can bypass this security measure and gain unauthorized access to the system.
Reference:
William Stallings, "Security in Computing".
質問 # 27
At what layer does a switch normally operate?
- A. 0
- B. 1
- C. 2
- D. 3
正解:D
解説:
A network switch typically operates at Layer 2 of the OSI model, which is the Data Link layer. This layer is responsible for node-to-node data transfer-a function that involves handling data frames between physical devices on the same network or link. The switch uses MAC addresses to forward data to the appropriate destination within the network.
Reference:
Andrew S. Tanenbaum, "Computer Networks".
質問 # 28
What is the default size in bits of the Windows Echo Request packet?
- A. 0
- B. 1
- C. 2
- D. 3
正解:A
解説:
The default size of a Windows Echo Request packet, commonly known as a ping request, is 28 bytes. This size is derived from the following components:
ICMP Header: The Internet Control Message Protocol (ICMP) header is 8 bytes.
IPv4 Header: The IP header for an IPv4 packet is typically 20 bytes.
Therefore, the total size of the default Windows Echo Request packet is 28 bytes (8 bytes for ICMP header + 20 bytes for IPv4 header).
Reference
"Ping (networking utility)," Wikipedia, Ping.
"ICMP Header Format," Cisco, ICMP Header.
質問 # 29
Which of the following is a weakness of a vulnerability scanner?
- A. Maintains a signature database
- B. Not designed to go through filters
- C. Work best on a local network
- D. Detect known vulnerabilities
正解:B
解説:
One weakness of a vulnerability scanner is that it is not designed to go through filters or bypass security controls like firewalls or intrusion detection systems. Vulnerability scanners typically perform well in identifying known weaknesses within the perimeter of a network or system but might not effectively assess systems that are shielded by robust security measures, which can filter out the scanner's attempts to probe or attack.
Reference:
National Institute of Standards and Technology (NIST), "Technical Guide to Information Security Testing and Assessment".
質問 # 30
Which of the ICS/SCADA generations is considered networked?
- A. First
- B. Second
- C. Fourth
- D. Third
正解:D
質問 # 31
Which of the following was attacked using the Stuxnet malware?
- A. All of these
- B. PLC3
- C. PLCS
- D. PLC7
正解:C
解説:
Stuxnet is a highly sophisticated piece of malware discovered in 2010 that specifically targeted Supervisory Control and Data Acquisition (SCADA) systems used to control and monitor industrial processes.
The primary targets of Stuxnet were Programmable Logic Controllers (PLCs), which are critical components in industrial control systems.
Stuxnet was designed to infect Siemens Step7 software PLCs. It altered the operation of the PLCs to cause physical damage to the connected hardware, famously used against Iran's uranium enrichment facility, where it caused the fast-spinning centrifuges to tear themselves apart.
Reference
Langner, R. "Stuxnet: Dissecting a Cyberwarfare Weapon." IEEE Security & Privacy, May-June 2011.
"W32.Stuxnet Dossier," Symantec Corporation, Version 1.4, February 2011.
質問 # 32
Which of the ICS/SCADA generations is considered networked?
- A. First
- B. Second
- C. Fourth
- D. Third
正解:D
解説:
Industrial Control Systems (ICS) have evolved through several generations, each characterized by different technological capabilities and integration levels.
The third generation of ICS/SCADA systems is considered networked. This generation incorporates more advanced digital and networking technologies, allowing for broader connectivity and communication across different systems and components within industrial environments.
Third-generation SCADA systems are often characterized by their use of standard communication protocols and networked solutions, improving interoperability and control but also increasing the attack surface for potential cyber threats.
Reference
"Evolution of Industrial Control Systems and Cybersecurity Implications," IEEE Transactions on Industry Applications.
"Network Security for Industrial Control Systems," by Department of Homeland Security.
質問 # 33
Which of the following ports are used for communications in Modbus TCP?
- A. 0
- B. 1
- C. 2
- D. 3
正解:D
解説:
Modbus TCP is a variant of the Modbus family of simple, networked protocols aimed at industrial automation applications. Unlike the original Modbus protocol, which runs over serial links, Modbus TCP runs over TCP/IP networks.
Port 502 is the standard TCP port used for Modbus TCP communications. This port is designated for Modbus messages encapsulated in a TCP/IP wrapper, facilitating communication between Modbus devices and management systems over an IP network.
Knowing the correct port number is crucial for network configuration, security settings, and troubleshooting communications within a Modbus-enabled ICS/SCADA environment.
Reference
Modbus Organization, "MODBUS Application Protocol Specification V1.1b3".
"Modbus TCP/IP - A Comprehensive Network protocol," by Schneider Electric.
質問 # 34
The vulnerability that led to the WannaCry ransomware infections affected which protocol?
- A. RPC
- B. SMB
- C. None of these
- D. Samba
正解:B
解説:
WannaCry is a ransomware attack that spread rapidly across multiple computer networks in May 2017.
The vulnerability exploited by the WannaCry ransomware was in the Microsoft Windows implementation of the Server Message Block (SMB) protocol.
Specifically, the exploit, known as EternalBlue, targeted a flaw in the SMBv1 protocol. This flaw allowed the ransomware to spread within corporate networks without any user interaction, making it one of the fastest-spreading and most harmful cyberattacks at the time.
Reference
Microsoft Security Bulletin MS17-010 - Critical: https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2017/ms17-010 National Vulnerability Database, CVE-2017-0144: https://nvd.nist.gov/vuln/detail/CVE-2017-0144
質問 # 35
Which of the following is NOT ICS specific malware?
- A. Ha vex
- B. Code Red
- C. Flame
- D. Stuxnet
正解:B
解説:
Code Red is not ICS specific malware; it was a famous worm that targeted computers running Microsoft's IIS web server. Unlike Flame, Havex, and Stuxnet, which were specifically designed to target industrial control systems or perform espionage related to ICS environments, Code Red was aimed at exploiting vulnerabilities in internet-facing software to perform denial-of-service attacks and other malicious activities.
Reference:
CERT Coordination Center, "Code Red Worm Exploiting Buffer Overflow In IIS Indexing Service DLL".
質問 # 36
A protocol analyzer that produces raw output is which of the following?
- A. Capsa
- B. tcpdump
- C. Wireshark
- D. Commview
正解:B
解説:
tcpdump is a powerful command-line packet analyzer used primarily in UNIX and UNIX-like operating systems; it allows the capture and display of TCP/IP and other packets being transmitted or received over a network to which the computer is attached.
Unlike graphical tools like Wireshark, tcpdump provides raw output of the packet captures directly to the terminal or a specified file, making it ideal for deep dive network analysis, especially in environments where a graphical user interface is unavailable.
tcpdump uses the libpcap library to capture packet data, which allows it to support a wide range of command-line options to filter and display packet information according to user needs.
Reference
"tcpdump manual page," by the Tcpdump Group.
"Practical Packet Analysis Using Wireshark to Solve Real-World Network Problems," by Chris Sanders, No Starch Press.
質問 # 37
Which component of the IT Security Model is the highest priority in ICS/SCADA Security?
- A. Availability
- B. Authentication
- C. Confidentiality
- D. Integrity
正解:A
解説:
In ICS/SCADA systems, the highest priority typically is Availability, due to the critical nature of the services and infrastructures they support. These systems often control vital processes in industries like energy, water treatment, and manufacturing. Any downtime can lead to significant disruptions, safety hazards, or economic losses. Thus, ensuring that systems are operational and accessible is a primary security focus in the context of ICS/SCADA security.
Reference:
National Institute of Standards and Technology (NIST), "Guide to Industrial Control Systems (ICS) Security".
質問 # 38
Which of the following is the stance that by default has a default deny approach?
- A. Paranoid
- B. Promiscuous
- C. Prudent
- D. Permissive
正解:A
解説:
In the context of network security policies, a "Paranoid" stance typically means adopting a default-deny posture. This security approach is one of the most restrictive, where all access is blocked unless explicitly allowed.
A default deny strategy is considered best practice for securing highly sensitive environments, as it minimizes the risk of unauthorized access and reduces the attack surface.
This approach contrasts with more open stances such as Permissive or Promiscuous, which are less restrictive and generally allow more traffic by default.
Reference
"Network Security: Policies and Guidelines for Effective Network Management," by Jonathan Gossels.
"Best Practices for Implementing a Security Awareness Program," by Kaspersky Lab.
質問 # 39
Which of the following is considered the best way to counter packet monitoring for a switch?
- A. Port mirror
- B. Duplication
- C. Tap
- D. SPAN
正解:A
解説:
Port mirroring (also known as SPAN - Switched Port Analyzer) is considered one of the best ways to counter packet monitoring on a switch. This technique involves copying traffic from one or more switch ports (or an entire VLAN) to another port where the monitoring device is connected. Port mirroring allows administrators to monitor network traffic in a non-intrusive way, as it does not affect network performance and is transparent to users and endpoints on the network.
Reference:
Cisco Systems, "Catalyst Switched Port Analyzer (SPAN) Configuration Example".
質問 # 40
A Virtual Private Network (VPN) requires how many Security Associations?
- A. 0
- B. 1
- C. 2
- D. 3
正解:D
解説:
A Virtual Private Network (VPN) typically requires two Security Associations (SAs) for a secure communication session. One SA is used for inbound traffic, and the other for outbound traffic.
In the context of IPsec, which is often used to secure VPN connections, these two SAs facilitate the bidirectional secure exchange of packets in a VPN tunnel.
Each SA uniquely defines how traffic should be securely processed, including the encryption and authentication mechanisms. This ensures that data sent in one direction is handled independently from data sent in the opposite direction, maintaining the integrity and confidentiality of both communication streams.
Reference
"Understanding IPSec VPNs," by Cisco Systems.
"IPsec Security Associations," RFC 4301, Security Architecture for the Internet Protocol.
質問 # 41
What is the size in bytes of the TCP sequence number in the header?
- A. 0
- B. 1
- C. 2
- D. 3
正解:B
解説:
In the Transmission Control Protocol (TCP) header, the sequence number field is crucial for ensuring the correct sequencing of the packets sent over a network.
The sequence number field in the TCP header is 32 bits long, which equates to 4 bytes.
This sequence number is used to keep track of the bytes in a sequence that are transferred over a TCP connection, ensuring that packets are arranged in the correct order and data integrity is maintained during transmission.
Reference
Postel, J., "Transmission Control Protocol," RFC 793, September 1981.
"TCP/IP Guide," Kozierok, C. M., 2005.
質問 # 42
Which of the following is the stance on risk that by default allows traffic with a default permit approach?
- A. Promiscuous
- B. Paranoid
- C. Prudent
- D. Permissive
正解:D
解説:
In network security, the stance on managing and assessing risk can vary widely depending on the security policies of an organization.
A "Permissive" stance, often referred to as a default permit approach, allows all traffic unless it has been specifically blocked. This approach can be easier to manage from a usability standpoint but is less secure as it potentially allows unwanted or malicious traffic unless explicitly filtered.
This is in contrast to a more restrictive policy, which denies all traffic unless it has been explicitly permitted, typically seen in more secure environments.
Reference
"Network Security Basics," by Cisco Systems.
"Understanding Firewall Policies," by Fortinet.
質問 # 43
What is the size of the AH in bits with respect to width?
- A. 0
- B. 1
- C. 2
- D. 3
正解:A
解説:
The Authentication Header (AH) in the context of IPsec has a fixed header portion of 24 bits and a mutable part that can vary, but when considering the fixed structure of the AH itself, the width is typically considered to be 32 bits at its core structure for basic operations in providing integrity and authentication, without confidentiality.
Reference:
RFC 4302, "IP Authentication Header".
質問 # 44
Which of the CVSS metrics refer to the exploit quotient of the vulnerability?
- A. All of these
- B. Temporal
- C. IBase
- D. Environmental
正解:B
解説:
The Common Vulnerability Scoring System (CVSS) uses several metrics to assess the severity of vulnerabilities. Among them, the Temporal metric group specifically reflects the exploit quotient of a vulnerability.
Temporal metrics consider factors that change over time after a vulnerability is initially assessed. These include:
Exploit Code Maturity: This assesses the likelihood of the vulnerability being exploited based on the availability and maturity of exploit code.
Remediation Level: The level of remediation available for the vulnerability, which influences the ease of mitigation.
Report Confidence: This metric measures the reliability of the reports about the vulnerability.
These temporal factors directly affect the exploitability and potential threat posed by a vulnerability, adjusting the base score to provide a more current view of the risk.
Reference
Common Vulnerability Scoring System v3.1: User Guide.
"Understanding CVSS," by FIRST (Forum of Incident Response and Security Teams).
質問 # 45
Which of the following are valid TCP flags?
- A. BGP,FIN,PSH,SYN,ACK
- B. FIN,PSH,URG,RST,SYN
- C. IGP,ACK,SYN,PSH,URG
- D. None of these
正解:B
解説:
TCP flags are used in the header of TCP segments to control the flow of data and to indicate the status of a connection. Valid TCP flags include:
FIN: Finish, used to terminate the connection.
PSH: Push, instructs the receiver to pass the data to the application immediately.
URG: Urgent, indicates that the data contained in the segment should be processed urgently.
RST: Reset, abruptly terminates the connection upon error or other conditions.
SYN: Synchronize, used during the initial handshake to establish a connection.
These flags are integral to managing the state and flow of TCP connections.
Reference:
Douglas E. Comer, "Internetworking with TCP/IP Vol.1: Principles, Protocols, and Architecture".
質問 # 46
How many IPsec modes are there?
- A. Four
- B. Two
- C. None of these
- D. Three
正解:B
解説:
IPsec (Internet Protocol Security) primarily operates in two modes: Transport mode and Tunnel mode.
Transport mode: Encrypts only the payload of each packet, leaving the header untouched. This mode is typically used for end-to-end communication between two systems.
Tunnel mode: Encrypts both the payload and the header of each IP packet, which is then encapsulated into a new IP packet with a new header. Tunnel mode is often used for network-to-network communications (e.g., between two gateways) or between a remote client and a gateway.
Reference
"Security Architecture for the Internet Protocol," RFC 4301.
"IPsec Modes of Operation," by Internet Engineering Task Force (IETF).
質問 # 47
Which component of the IT Security Model is attacked with eavesdropping and interception?
- A. Authentication
- B. Confidentiality
- C. Availability
- D. Integrity
正解:B
解説:
Eavesdropping and interception primarily attack the confidentiality component of the IT Security Model. Confidentiality is concerned with protecting information from being accessed by unauthorized parties. Eavesdropping involves listening to private communication or capturing data as it is transmitted over a network, thereby breaching the confidentiality of the information.
Reference:
William Stallings, "Cryptography and Network Security: Principles and Practice".
質問 # 48
......
Fortinet ICS-SCADA 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
2024年最新の有効なICS-SCADAテスト解答Fortinet試験PDF:https://jp.fast2test.com/ICS-SCADA-premium-file.html