
[2024年更新]ICS-SCADAはNetwork Securityリアルな無料試験練習テスト
無料Network Security ICS-SCADA試験問題を提供します
Fortinet ICS-SCADA 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
質問 # 13
A Security Association is a __________ way connection?
- A. Two
- B. One
- C. None of these
- D. Three
正解:B
解説:
A Security Association (SA) in the context of IPsec is a one-way logical connection used for secure communication between two endpoints. IPsec requires two SAs to establish a secure, bidirectional communication channel-one for each direction (inbound and outbound). This arrangement ensures that each direction is independently secured, with its own set of security parameters.
Reference:
RFC 4301, "Security Architecture for the Internet Protocol".
質問 # 14
Which of the following is a component of an IDS?
- A. All of these
- B. Monitor
- C. Respond
- D. Detect
正解:A
解説:
An Intrusion Detection System (IDS) is designed to monitor network or system activities for malicious activities or policy violations and can perform several functions:
Monitor: Observing network traffic and system activities for unusual or suspicious behavior.
Detect: Identifying potential security breaches including both known threats and unusual activities that could indicate new threats.
Respond: Executing pre-defined actions to address detected threats, which can include alerts or triggering automatic countermeasures.
Reference:
Cisco Systems, "Intrusion Detection Systems".
質問 # 15
Which of the IEC 62443 Security Levels is identified by a cybercrime/hacker target?
- A. 0
- B. 1
- C. 2
- D. 3
正解:A
解説:
IEC 62443 is an international series of standards on Industrial communication networks and system security, specifically related to Industrial Automation and Control Systems (IACS). Within the IEC 62443 standards, Security Level 3 is defined as protection against deliberate or specialized intrusion. It is designed to safeguard against threats from skilled attackers (cybercriminals or hackers) targeting specific processes or operations within the industrial control system.
Reference:
International Electrotechnical Commission, "IEC 62443 Standards".
質問 # 16
Which of the IPsec headers contains the Security Parameters Index (SPI)?
- A. ESP
- B. AH
- C. ICV
- D. Both AH and ESP
正解:D
解説:
IPsec uses two main protocols to secure network communications: Authentication Header (AH) and Encapsulating Security Payload (ESP).
Both AH and ESP use a Security Parameters Index (SPI), which is a critical component of their headers. The SPI is a unique identifier that enables the receiver to select the correct security association for processing incoming packets.
AH provides authentication and integrity, while ESP provides confidentiality, in addition to authentication and integrity. Both protocols use the SPI to manage these functions securely.
Reference
"IPsec Security Architecture," RFC 4302 (AH) and RFC 4303 (ESP).
"IPsec Explained," by Juniper Networks.
質問 # 17
What is a vulnerability called that is released before a patch comes out?
- A. Pre-release
- B. Initial
- C. First
- D. Zero day
正解:D
解説:
A vulnerability that is exploited before the vendor has issued a patch or even before the vulnerability is known to the vendor is referred to as a "zero-day" vulnerability. The term "zero-day" refers to the number of days the software vendor has had to address and patch the vulnerability since it was made public-zero, in this case.
Reference:
Symantec Security Response, "Zero Day Initiative".
質問 # 18
Which of the following steps is used to reveal the IP addressing?
- A. Surveillance
- B. Footprinting
- C. Cover your tracks
- D. Enumeration
正解:D
解説:
Enumeration is a step in the information-gathering phase of a penetration test or cyber attack where an attacker actively engages with the target to extract detailed information, including IP addressing.
Enumeration: During enumeration, the attacker interacts with network services to gather information such as user accounts, network shares, and IP addresses.
Techniques: Common techniques include using tools like Nmap, Netcat, and Nessus to scan for open ports, services, and to identify the IP addresses in use.
Purpose: The goal is to map the network's structure, find potential entry points, and understand the layout of the target environment.
Because enumeration involves discovering detailed information including IP addresses, it is the correct answer.
Reference
"Enumeration in Ethical Hacking," GeeksforGeeks, Enumeration.
"Network Enumeration," Wikipedia, Network Enumeration.
質問 # 19
Which component of the IT Security Model is attacked with eavesdropping and interception?
- A. Confidentiality
- B. Integrity
- C. Authentication
- D. Availability
正解:A
解説:
Eavesdropping and interception primarily attack the confidentiality component of the IT Security Model. Confidentiality is concerned with protecting information from being accessed by unauthorized parties. Eavesdropping involves listening to private communication or capturing data as it is transmitted over a network, thereby breaching the confidentiality of the information.
Reference:
William Stallings, "Cryptography and Network Security: Principles and Practice".
質問 # 20
Which of the following is the stance on risk that by default allows traffic with a default permit approach?
- A. Permissive
- B. Prudent
- C. Paranoid
- D. Promiscuous
正解:A
解説:
In network security, the stance on managing and assessing risk can vary widely depending on the security policies of an organization.
A "Permissive" stance, often referred to as a default permit approach, allows all traffic unless it has been specifically blocked. This approach can be easier to manage from a usability standpoint but is less secure as it potentially allows unwanted or malicious traffic unless explicitly filtered.
This is in contrast to a more restrictive policy, which denies all traffic unless it has been explicitly permitted, typically seen in more secure environments.
Reference
"Network Security Basics," by Cisco Systems.
"Understanding Firewall Policies," by Fortinet.
質問 # 21
Which of the TCP flags represents data in the packet?
- A. ACK
- B. PSH
- C. RST
- D. FIN
正解:B
解説:
The PSH (Push) flag in the TCP header instructs the receiving host to push the data to the receiving application immediately without waiting for the buffer to fill. This is used to ensure that data is not delayed, thus improving the efficiency of communication where real-time data processing is required. It effectively tells the system that the data in the packet should be considered urgent.
Reference:
Douglas E. Comer, "Internetworking with TCP/IP Vol.1: Principles, Protocols, and Architecture".
質問 # 22
The NIST SP 800-53 defines how many management controls?
- A. 0
- B. 1
- C. 2
- D. 3
正解:D
解説:
NIST SP 800-53 is a publication that provides a catalog of security and privacy controls for federal information systems and organizations and promotes the development of secure and resilient federal information and information systems.
According to the NIST SP 800-53 Rev. 5, the framework defines a comprehensive set of controls, which are divided into different families. Among these families, there are specifically nine families categorized under management controls. These include categories such as risk assessment, security planning, program management, and others.
Reference
"NIST Special Publication 800-53 (Rev. 5) Security and Privacy Controls for Information Systems and Organizations." NIST website: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf
質問 # 23
What is the maximum size in bytes of an ethernet packet?
- A. 0
- B. 1
- C. 2
- D. 3
正解:B
解説:
The maximum transmission unit (MTU) for Ethernet, which is the largest size of an Ethernet packet or frame that can be sent over the network, is typically 1500 bytes. This size does not include the Ethernet frame's preamble and start frame delimiter but does include all other headers and the payload. Ethernet's MTU of 1500 bytes is a standard for most Ethernet networks, especially those conforming to the IEEE 802.3 standard.
Reference:
IEEE 802.3-2012, "Standard for Ethernet".
質問 # 24
Which component of the IT Security Model is attacked with modification?
- A. Authentication
- B. Integrity
- C. Confidentiality
- D. Availability
正解:B
解説:
Modification attacks directly impact the integrity of data within the IT Security Model. Integrity ensures that information is accurate and unchanged from its original form unless altered by authorized means. An attack that involves modification manipulates data in unauthorized ways, thereby compromising its accuracy and reliability.
Reference:
Shon Harris, "CISSP Certification: All-in-One Exam Guide".
質問 # 25
Which component of the IT Security Model is attacked with masquerade?
- A. Integrity
- B. Authentication
- C. Confidentiality
- D. Availability
正解:B
解説:
A masquerade attack involves an attacker pretending to be an authorized user of a system, thus compromising the authentication component of the IT security model. Authentication ensures that the individuals accessing the system are who they claim to be. By masquerading as a legitimate user, an attacker can bypass this security measure and gain unauthorized access to the system.
Reference:
William Stallings, "Security in Computing".
質問 # 26
Which type of Intrusion Prevention System can monitor and validate encrypted data?
- A. Network
- B. Anomaly
- C. Memory
- D. Host
正解:A
解説:
A Network Intrusion Prevention System (NIPS) is capable of monitoring and validating encrypted data if it is integrated with technologies that allow it to decrypt the traffic.
Typically, network IPS can be set up with SSL/TLS decryption capabilities to inspect encrypted data as it traverses the network. This allows the IPS to analyze the content of encrypted packets and apply security policies accordingly.
Monitoring encrypted traffic is critical in detecting hidden malware, unauthorized data exfiltration, and other security threats concealed within SSL/TLS encrypted sessions.
Reference
"Network Security Technologies and Solutions," by Yusuf Bhaiji, Cisco Press.
"Decrypting SSL/TLS Traffic with IPS," by Palo Alto Networks.
質問 # 27
A Virtual Private Network (VPN) requires how many Security Associations?
- A. 0
- B. 1
- C. 2
- D. 3
正解:C
解説:
A Virtual Private Network (VPN) typically requires two Security Associations (SAs) for a secure communication session. One SA is used for inbound traffic, and the other for outbound traffic.
In the context of IPsec, which is often used to secure VPN connections, these two SAs facilitate the bidirectional secure exchange of packets in a VPN tunnel.
Each SA uniquely defines how traffic should be securely processed, including the encryption and authentication mechanisms. This ensures that data sent in one direction is handled independently from data sent in the opposite direction, maintaining the integrity and confidentiality of both communication streams.
Reference
"Understanding IPSec VPNs," by Cisco Systems.
"IPsec Security Associations," RFC 4301, Security Architecture for the Internet Protocol.
質問 # 28
Which of the following ports are used for communications in Modbus TCP?
- A. 0
- B. 1
- C. 2
- D. 3
正解:A
解説:
Modbus TCP is a variant of the Modbus family of simple, networked protocols aimed at industrial automation applications. Unlike the original Modbus protocol, which runs over serial links, Modbus TCP runs over TCP/IP networks.
Port 502 is the standard TCP port used for Modbus TCP communications. This port is designated for Modbus messages encapsulated in a TCP/IP wrapper, facilitating communication between Modbus devices and management systems over an IP network.
Knowing the correct port number is crucial for network configuration, security settings, and troubleshooting communications within a Modbus-enabled ICS/SCADA environment.
Reference
Modbus Organization, "MODBUS Application Protocol Specification V1.1b3".
"Modbus TCP/IP - A Comprehensive Network protocol," by Schneider Electric.
質問 # 29
Which of the ICS/SCADA generations is considered networked?
- A. Third
- B. First
- C. Fourth
- D. Second
正解:A
質問 # 30
Which publication from NIST provides guidance on Industrial Control Systems?
- A. NIST SP 800-44
- B. NIST SP 800-77
- C. NIST SP 800-90
- D. NIST SP 800-82
正解:D
解説:
NIST Special Publication 800-82, "Guide to Industrial Control Systems (ICS) Security," provides guidance on securing industrial control systems, including SCADA systems, distributed control systems (DCS), and other control system configurations such as programmable logic controllers (PLC). It offers practices and recommendations for protecting and securing ICS systems against disruptions, malicious activities, and other threats to their integrity and availability.
Reference:
National Institute of Standards and Technology (NIST), "Guide to Industrial Control Systems (ICS) Security".
質問 # 31
What type of protocol is represented by the number 6?
- A. TCP
- B. IUDP
- C. IGRP
- D. ICMP
正解:A
解説:
The protocol number 6 represents TCP (Transmission Control Protocol) in the Internet Protocol suite. TCP is a core protocol of the Internet Protocol suite and operates at the transport layer, providing reliable, ordered, and error-checked delivery of a stream of bytes between applications running on hosts communicating via an IP network.
Reference:
RFC 793, "Transmission Control Protocol," which specifies the detailed operation of TCP.
質問 # 32
When monitoring a network, you receive an ICMP type 8 packet. What does this represent?
- A. Echo reply
- B. Echo request
- C. Echo start
- D. Echo recall
正解:B
解説:
ICMP (Internet Control Message Protocol) is used in network devices, like routers, to send error messages and operational information indicating success or failure when communicating with another IP address.
An ICMP type 8 packet specifically is an "Echo Request." It is used primarily by the ping command to test the connectivity between two nodes.
When a device sends an ICMP Echo Request, it expects to receive an ICMP Echo Reply (type 0) from the target node. This mechanism helps in diagnosing the state and reachability of a network on the Internet or within a private network.
Reference
RFC 792 Internet Control Message Protocol: https://tools.ietf.org/html/rfc792 Internet Assigned Numbers Authority (IANA) ICMP Parameters:
質問 # 33
Which of the following was attacked using the Stuxnet malware?
- A. PLC7
- B. PLC3
- C. PLCS
- D. All of these
正解:C
解説:
Stuxnet is a highly sophisticated piece of malware discovered in 2010 that specifically targeted Supervisory Control and Data Acquisition (SCADA) systems used to control and monitor industrial processes.
The primary targets of Stuxnet were Programmable Logic Controllers (PLCs), which are critical components in industrial control systems.
Stuxnet was designed to infect Siemens Step7 software PLCs. It altered the operation of the PLCs to cause physical damage to the connected hardware, famously used against Iran's uranium enrichment facility, where it caused the fast-spinning centrifuges to tear themselves apart.
Reference
Langner, R. "Stuxnet: Dissecting a Cyberwarfare Weapon." IEEE Security & Privacy, May-June 2011.
"W32.Stuxnet Dossier," Symantec Corporation, Version 1.4, February 2011.
質問 # 34
Which of the IEC 62443 security levels is identified by a hacktivist/terrorist target?
- A. 0
- B. 1
- C. 2
- D. 3
正解:D
解説:
IEC 62443 defines multiple security levels (SLs) tailored to address different types of threats and attackers in industrial control systems.
Security Level 4 (SL4) is designed to protect against sophisticated attacks by adversaries such as hacktivists or terrorists. SL4 involves threats that are targeted with specific intent against the organization, using advanced skills and means.
This level assumes that the adversary is capable of sustained and focused efforts with significant resources, including state-level actors or well-funded groups, aiming at causing widespread disruption or damage.
Reference
IEC 62443-3-3: System security requirements and security levels.
"Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems," by Eric Knapp.
質問 # 35
......
Fortinet ICS-SCADAリアルな問題と知能問題集:https://www.passtest.jp/Fortinet/ICS-SCADA-shiken.html
ICS-SCADA問題集でNetwork Security高確率練習問題集:https://drive.google.com/open?id=1ZOSgEXDJvReXOp9STxmNvhp_VRDF6tjr