2024年12月 Fortinet ICS-SCADA認定リアル2024年最新の模擬試験合格させます [Q23-Q45]

Share

2024年12月 Fortinet ICS-SCADA認定リアル2024年最新の模擬試験合格させます

ICS-SCADA試験問題と有効なICS-SCADA問題集でPDF


Fortinet ICS-SCADA 認定試験の出題範囲:

トピック出題範囲
トピック 1
  • Bridging the Air Gap: It covers guard, Data diode, and next-generation firewalls.
トピック 2
  • Introduction to ICS
  • SCADA Network Defense: This topic covers IT security model, ICS
  • SCADA security model, security posture, risk management, risk assessment and security policy.
トピック 3
  • Introduction to Hacking: It discusses scanning, footprinting, intelligence gathering, hacking methodology, exploitation, covering tracks, and enumeration.
トピック 4
  • Standards and Regulations for Cybersecurity: It discusses ISO 27001, ICS
  • SCADA, NERC CIP, CFATS, ISA99, and NIST SP 800-82.
トピック 5
  • TCP
  • IP 101: Its primary focus is on TCP
  • IP network. This topic covers ICS
  • SCADA protocols, TCP
  • IP layering, TCP
  • IP protocol architecture, RFCs and STDs.

 

質問 # 23
Which of the registrars contains the information for the domain owners in Europe?

  • A. AFRINIC
  • B. RIPENCC
  • C. ARIN
  • D. LACNIC

正解:B

解説:
RIPENCC (Reseaux IP Europeens Network Coordination Centre) is one of the five Regional Internet Registries (RIRs) that allocate IP addresses and manage related resources within a specific region.
Specifically, RIPENCC covers Europe, the Middle East, and parts of Central Asia.
For domain owners, while the top-level domain (TLD) registrars handle domain registration, the information about IP allocations and related network infrastructure information in Europe is managed by RIPENCC.
Reference
RIPE Network Coordination Centre: https://www.ripe.net
RIPE Documentation and Information: https://www.ripe.net/manage-ips-and-asns


質問 # 24
Which of the following ports are used for communications in Modbus TCP?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

正解:B

解説:
Modbus TCP is a variant of the Modbus family of simple, networked protocols aimed at industrial automation applications. Unlike the original Modbus protocol, which runs over serial links, Modbus TCP runs over TCP/IP networks.
Port 502 is the standard TCP port used for Modbus TCP communications. This port is designated for Modbus messages encapsulated in a TCP/IP wrapper, facilitating communication between Modbus devices and management systems over an IP network.
Knowing the correct port number is crucial for network configuration, security settings, and troubleshooting communications within a Modbus-enabled ICS/SCADA environment.
Reference
Modbus Organization, "MODBUS Application Protocol Specification V1.1b3".
"Modbus TCP/IP - A Comprehensive Network protocol," by Schneider Electric.


質問 # 25
Which of the following is considered the best way to counter packet monitoring for a switch?

  • A. Duplication
  • B. Tap
  • C. SPAN
  • D. Port mirror

正解:D

解説:
Port mirroring (also known as SPAN - Switched Port Analyzer) is considered one of the best ways to counter packet monitoring on a switch. This technique involves copying traffic from one or more switch ports (or an entire VLAN) to another port where the monitoring device is connected. Port mirroring allows administrators to monitor network traffic in a non-intrusive way, as it does not affect network performance and is transparent to users and endpoints on the network.
Reference:
Cisco Systems, "Catalyst Switched Port Analyzer (SPAN) Configuration Example".


質問 # 26
Which component of the IT Security Model is usually the least priority in ICS/SCADA Security?

  • A. Authentication
  • B. Confidentiality
  • C. Availability
  • D. Integrity

正解:B

解説:
In ICS/SCADA systems, the typical priority hierarchy of the IT Security Model components places Availability and Integrity above Confidentiality. This prioritization is due to the critical nature of operational continuity and data accuracy in industrial control systems, where system downtime or incorrect data can lead to significant operational disruptions or safety issues. Confidentiality, while important, is often considered of lesser priority compared to ensuring systems are operational (Availability) and data is accurate (Integrity).
Reference:
National Institute of Standards and Technology (NIST), "Guide to Industrial Control Systems (ICS) Security".


質問 # 27
Which of the ICS/SCADA generations is considered networked?

  • A. Second
  • B. Third
  • C. First
  • D. Fourth

正解:B

解説:
Industrial Control Systems (ICS) have evolved through several generations, each characterized by different technological capabilities and integration levels.
The third generation of ICS/SCADA systems is considered networked. This generation incorporates more advanced digital and networking technologies, allowing for broader connectivity and communication across different systems and components within industrial environments.
Third-generation SCADA systems are often characterized by their use of standard communication protocols and networked solutions, improving interoperability and control but also increasing the attack surface for potential cyber threats.
Reference
"Evolution of Industrial Control Systems and Cybersecurity Implications," IEEE Transactions on Industry Applications.
"Network Security for Industrial Control Systems," by Department of Homeland Security.


質問 # 28
How many IPsec modes are there?

  • A. Four
  • B. Three
  • C. Two
  • D. None of these

正解:C

解説:
IPsec (Internet Protocol Security) primarily operates in two modes: Transport mode and Tunnel mode.
Transport mode: Encrypts only the payload of each packet, leaving the header untouched. This mode is typically used for end-to-end communication between two systems.
Tunnel mode: Encrypts both the payload and the header of each IP packet, which is then encapsulated into a new IP packet with a new header. Tunnel mode is often used for network-to-network communications (e.g., between two gateways) or between a remote client and a gateway.
Reference
"Security Architecture for the Internet Protocol," RFC 4301.
"IPsec Modes of Operation," by Internet Engineering Task Force (IETF).


質問 # 29
Which of the following are NOT components of an ICS/SCADA network device?

  • A. Legacy systems
  • B. High bandwidth networks
  • C. Weak network stack
  • D. Low processing threshold

正解:B

解説:
Industrial Control Systems (ICS) and SCADA networks typically operate in environments where the available bandwidth is limited. They are often characterized by:
Low processing threshold: ICS/SCADA devices generally have limited processing capabilities due to their specialized and often legacy nature.
Legacy systems: Many ICS/SCADA systems include older technology that might not support newer security protocols or high-speed data transfer.
Weak network stack: These systems may have incomplete or less robust network stacks that can be susceptible to specific types of network attacks.
High bandwidth networks are not typical of ICS/SCADA environments, as these systems do not usually require or support high-speed data transmission due to their operational requirements and the older technology often used in such environments.
Reference
"Navigating the Challenges of Industrial Control Systems," by ISA-99 Industrial Automation and Control Systems Security.
"Cybersecurity for Industrial Control Systems," by the Department of Homeland Security.


質問 # 30
How many firewalls are there in the most common ICS/SCADA architecture?

  • A. 0
  • B. 1
  • C. 2
  • D. None of these

正解:C

解説:
The most common ICS/SCADA architecture typically includes two firewalls. This dual firewall configuration often involves one firewall placed between the enterprise network and the ICS/SCADA network, and another between the ICS/SCADA network and the plant floor devices. This arrangement, known as a "demilitarized zone" (DMZ) between the two firewalls, adds an additional layer of security to help isolate and protect sensitive operational technology (OT) environments from threats originating from IT networks.
Reference:
National Institute of Standards and Technology (NIST), "Guide to Industrial Control Systems (ICS) Security".


質問 # 31
What is the extension of nmap scripts?

  • A. .nsn
  • B. .nse
  • C. .nsv
  • D. .ns

正解:B

解説:
Nmap scripts, which are used to enhance the functionality of Nmap for performing network discovery, security auditing, and other tasks, have the extension .nse. This stands for Nmap Scripting Engine, which allows users to write scripts to automate a wide variety of networking tasks.
Reference:
Nmap Network Scanning by Gordon Lyon (also known as Fyodor Vaskovich), detailing the use and examples of Nmap scripts.


質問 # 32
Which of the following is a component of an IDS?

  • A. Respond
  • B. All of these
  • C. Detect
  • D. Monitor

正解:B

解説:
An Intrusion Detection System (IDS) is designed to monitor network or system activities for malicious activities or policy violations and can perform several functions:
Monitor: Observing network traffic and system activities for unusual or suspicious behavior.
Detect: Identifying potential security breaches including both known threats and unusual activities that could indicate new threats.
Respond: Executing pre-defined actions to address detected threats, which can include alerts or triggering automatic countermeasures.
Reference:
Cisco Systems, "Intrusion Detection Systems".


質問 # 33
Which of the IPsec headers contains the Security Parameters Index (SPI)?

  • A. AH
  • B. ESP
  • C. ICV
  • D. Both AH and ESP

正解:D

解説:
IPsec uses two main protocols to secure network communications: Authentication Header (AH) and Encapsulating Security Payload (ESP).
Both AH and ESP use a Security Parameters Index (SPI), which is a critical component of their headers. The SPI is a unique identifier that enables the receiver to select the correct security association for processing incoming packets.
AH provides authentication and integrity, while ESP provides confidentiality, in addition to authentication and integrity. Both protocols use the SPI to manage these functions securely.
Reference
"IPsec Security Architecture," RFC 4302 (AH) and RFC 4303 (ESP).
"IPsec Explained," by Juniper Networks.


質問 # 34
A Virtual Private Network (VPN) requires how many Security Associations?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

正解:D

解説:
A Virtual Private Network (VPN) typically requires two Security Associations (SAs) for a secure communication session. One SA is used for inbound traffic, and the other for outbound traffic.
In the context of IPsec, which is often used to secure VPN connections, these two SAs facilitate the bidirectional secure exchange of packets in a VPN tunnel.
Each SA uniquely defines how traffic should be securely processed, including the encryption and authentication mechanisms. This ensures that data sent in one direction is handled independently from data sent in the opposite direction, maintaining the integrity and confidentiality of both communication streams.
Reference
"Understanding IPSec VPNs," by Cisco Systems.
"IPsec Security Associations," RFC 4301, Security Architecture for the Internet Protocol.


質問 # 35
The vulnerability that led to the WannaCry ransomware infections affected which protocol?

  • A. RPC
  • B. Samba
  • C. SMB
  • D. None of these

正解:C

解説:
WannaCry is a ransomware attack that spread rapidly across multiple computer networks in May 2017.
The vulnerability exploited by the WannaCry ransomware was in the Microsoft Windows implementation of the Server Message Block (SMB) protocol.
Specifically, the exploit, known as EternalBlue, targeted a flaw in the SMBv1 protocol. This flaw allowed the ransomware to spread within corporate networks without any user interaction, making it one of the fastest-spreading and most harmful cyberattacks at the time.
Reference
Microsoft Security Bulletin MS17-010 - Critical: https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2017/ms17-010 National Vulnerability Database, CVE-2017-0144: https://nvd.nist.gov/vuln/detail/CVE-2017-0144


質問 # 36
Which of the options in the netstat command show the routing table?

  • A. r
  • B. c
  • C. s
  • D. a

正解:A

解説:
The netstat command is a versatile networking tool used for various network-related information-gathering tasks, including displaying all network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.
The specific option -r with the netstat command is used to display the routing table.
This information is critical for troubleshooting network issues and understanding how data is routed through a network, identifying possible points of failure or security vulnerabilities.
Reference
"Linux Network Administrator's Guide," by O'Reilly Media.
Man pages for netstat in UNIX/Linux distributions.


質問 # 37
Which of the following is known as a prebuilt directional gateway that is unidirectional?

  • A. Unigate
  • B. Firewall
  • C. Data Diode
  • D. S. Department of Energy, "Cybersecurity for SCADA Systems".
  • E. None of these

正解:C

解説:
A data diode is known as a prebuilt directional gateway that is unidirectional, designed specifically to allow data to travel in only one direction, ensuring secure one-way communication. This feature makes data diodes ideal for environments where it is critical to prevent any possibility of data leakage or unauthorized access from an external network back to a secure network. Data diodes are commonly used in military and industrial applications, including ICS/SCADA systems, to protect sensitive information.
Reference:


質問 # 38
What form of attack uses a vector that infects a software package?

  • A. Watering Hole
  • B. Quicksand
  • C. All of these
  • D. Spam

正解:A

解説:
A "watering hole" attack is a security exploit in which the attacker seeks to compromise a specific group of end users by infecting websites that members of the group are known to visit.
The goal is to infect a website that members of a targeted community frequently use with malware. Once a user visits the compromised website, malware can be delivered to the user's system, exploiting vulnerabilities on their device.
This attack vector is used in scenarios where attackers want to breach secure environments indirectly by targeting less secure points in a network's ecosystem, such as third-party software used within the organization.
Reference
"Watering Hole Attacks: Detect, Disrupt, and Prevent," by Kaspersky Lab.
"Emerging Threats in Cybersecurity: Understanding Watering Hole Attacks," published in the Journal of Network Security.


質問 # 39
Which of the hacking methodology steps can be used to identify the applications and vendors used?

  • A. Enumeration
  • B. Surveillance
  • C. Scanning
  • D. OSINT

正解:D

解説:
OSINT (Open Source Intelligence) refers to the collection and analysis of information gathered from public, freely available sources to be used in an intelligence context. In the context of hacking methodologies, OSINT can be used to identify applications and vendors employed by a target organization by analyzing publicly available data such as websites, code repositories, social media, and other internet-facing resources.
Reference:
Michael Bazzell, "Open Source Intelligence Techniques".


質問 # 40
What step of the malware infection installs the malware on the target?

  • A. Drive-by
  • B. Init
  • C. Stager
  • D. Dropper

正解:D

解説:
The term "Dropper" in cybersecurity refers to a small piece of software used in malware deployment that is designed to install or "drop" malware (like viruses, ransomware, spyware) onto the target system.
The Dropper itself is not typically malicious in behavior; however, it is used as a vehicle to install malware that will perform malicious activities without detection.
During the infection process, the Dropper is usually the first executable that runs on a system. It then unpacks or downloads additional malicious components onto the system.
Reference
Common Malware Enumeration (CME): http://cme.mitre.org
Microsoft Malware Protection Center: https://www.microsoft.com/en-us/wdsi


質問 # 41
What is a vulnerability called that is released before a patch comes out?

  • A. Pre-release
  • B. Zero day
  • C. Initial
  • D. First

正解:B

解説:
A vulnerability that is exploited before the vendor has issued a patch or even before the vulnerability is known to the vendor is referred to as a "zero-day" vulnerability. The term "zero-day" refers to the number of days the software vendor has had to address and patch the vulnerability since it was made public-zero, in this case.
Reference:
Symantec Security Response, "Zero Day Initiative".


質問 # 42
How many main score areas are there in the CVSS?2

  • A. 0
  • B. 1
  • C. None of these
  • D. 2

正解:D

解説:
The Common Vulnerability Scoring System (CVSS) is a framework for rating the severity of security vulnerabilities. CVSS provides three main score areas: Base, Temporal, and Environmental.
Base Score evaluates the intrinsic qualities of a vulnerability.
Temporal Score reflects the characteristics of a vulnerability that change over time.
Environmental Score considers the specific impact of the vulnerability on a particular organization, tailoring the Base and Temporal scores according to the importance of the affected IT asset.
Reference:
FIRST, "Common Vulnerability Scoring System v3.1: Specification Document".


質問 # 43
What version of SMB did the WannaCry ransomware attack?

  • A. 0
  • B. 1
  • C. All of these
  • D. 2

正解:A

解説:
The WannaCry ransomware primarily exploited vulnerabilities in the SMB (Server Message Block) version 1 protocol to propagate across network systems. Microsoft had identified vulnerabilities in SMBv1, which were exploited by the EternalBlue exploit to spread the ransomware. This led to widespread infections, particularly in systems that had not applied the security updates released to patch the vulnerability.
Reference:
Microsoft Security Bulletin MS17-010, "Security Update for Microsoft Windows SMB Server".


質問 # 44
How many IPsec rules are there in Microsoft Firewall configuration?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

正解:A

解説:
In the configuration of Microsoft Windows Firewall with Advanced Security, you can define IPsec rules as part of your security policy. Typically, these rules can be organized into four main categories: Allow connection, Block connection, Allow if secure (which can specify encryption or authentication requirements), and Custom. While the interface and features can vary slightly between Windows versions, four fundamental types of rules regarding how traffic is handled are commonly supported.
Reference:
Microsoft documentation, "Windows Firewall with Advanced Security".


質問 # 45
......

ICS-SCADA問題集を無料PDFゲットせよ最近更新された問題:https://www.passtest.jp/Fortinet/ICS-SCADA-shiken.html

ICS-SCADAブレーン問題集で学習ガイドには試験合格するための秘訣:https://drive.google.com/open?id=1ZOSgEXDJvReXOp9STxmNvhp_VRDF6tjr