IC33 - Pre-Instructional Survey

1. Which of the following are considered an IACS asset?

a. A PLC
b. An HMI computer
c. An operator
d. All of the above

2. Which of the following is the “expectation of loss expressed as the probability that a
particular threat will exploit a particular vulnerability with a particular consequence”?

a. Risk
b. Vulnerability
c. Threat Source
d. Consequence

3. Which of the following is a “flaw or weakness in a system's design, implementation, or

operation and management that could be exploited to violate the system's integrity or
security policy”?

a. Risk
b. Vulnerability
c. Threat Source
d. Consequence

4. What are the three main phases of the IACS Cybersecurity Lifecycle?

a. Assess, Operate, Maintain

b. Design, Implement, Maintain
c. Assess, Develop & Implement, Maintain
d. Design, Operate, Maintain

5. Which is the correct formula for cyber risk?

a. Risk = Threat x Asset x Consequence

b. Risk = Threat x Vulnerability x Cost
c. Risk = Threat Agent x Threat x Vulnerability
d. Risk = Threat x Vulnerability x Consequence

©,ISA
IC33 (V3.02)
 6. What type of vulnerability assessment technique involves attempting to exploit a
vulnerability?

a. Passive vulnerability assessment

b. Active vulnerability assessment
c. Gap assessment
d. Penetration test

7. Which of the following is a benefit of performing an IACS cyber risk assessment?

a. Being able to better prioritize cybersecurity activities and resources

b. Being able to identify the root cause of an incident
c. Being better prepared to respond to a cybersecurity incident
d. Being better prepared to apply patches

8. What is a threat source?

a. A weakness that can be exploited to compromise a system

b. A person or object that can manifest a threat
c. A measure of the likelihood that an attack will be successful
d. The undesirable result of an incident

9. Which of the following is the term for the undesirable result of an incident?

a. Threat Source
b. Vulnerability
c. Consequence
d. Threat actor

10. Which of the following are types of vulnerability assessments?

a. Gap assessment, passive vulnerability assessment, penetration testing

b. Gap assessment, system hardening, penetration testing
c. Active vulnerability assessment, patch management, penetration testing
d. Passive vulnerability assessment, penetration testing, threat modeling

11. “Countermeasures” in cyber security are measures taken to:

a. Eliminate system penetration by outsiders

b. Confuse perimeter intrusion detectors
c. Reduce the system’s risk of loss from vulnerabilities and threats
d. Eliminate the risk of an inside attacker taking over a computer network

©,ISA
IC33 (V3.02)
 12. One-way safety is different from security in industrial plants is that:

a. Safety considers the effects of malicious actions, not just the causes.
b. The field of safety encompasses the field of security.
c. Safety concerns itself with human error and the natural causes of accidents, while
security may involve malicious behavior.
d. Safety concerns itself with malicious behavior, while security may involve human
error and the natural causes of accidents.

13. Which option are correct Foundational Requirements (FR) of the ISA/IEC-62443-3-3?

a. Authentication and Authorization (AA), Use Control (UC), System Integrity (SI)
b. System Integrity (SI), Data Confidentiality (DC), Security Level (SL)
c. Timely Response to Events (TRE), Restrict Data Flow (RDF), Use Control (UC)
d. System Robustness (SR), Data Confidentiality (DC), Identification and
Authentication Control (IAC)

14. The standard ISA 62443-3-2 belongs in which tier/group of the ISA 99 committee work
products?

a. Component
b. System
c. General
d. Policies & Procedures

15. The desired level of security for a system is known as?

a. Capability Security Level

b. Target Security Level
c. Target Protection Level
d. Achieved Security Level

16. What are the main type of intrusion detection systems?

a. Perimeter Intrusion Detection & Network Intrusion Detection

b. Host Intrusion Detection & Network Intrusion Detection
c. Host Intrusion Detection & Intrusion Prevention Systems
d. Intrusion Prevention / Network Intrusion Detection

17. What type of assessment uses tools to discover devices and vulnerabilities of IACS?
a. Penetration Testing
b. Active Assessment
c. Passive Assessment
d. GAP Assessment

18. Which of the following is the correct formula for Cyber Risk Reduction Factor (CRRF)?

a. CRRF = Unmitigated Risk / Tolerable Risk

©,ISA
IC33 (V3.02)
 b. CRRF = Mitigated Risk / Tolerable Risk
c. CRRF= Tolerable Risk / Unmitigated Risk
d. CRRF= Tolerable Risk / Mitigated Risk

19. What type of assessment may include reviewing documents, system walk-thru, traffic
analysis, or ARP tables?

a. Active Assessment
b. Passive Assessment
c. GAP Assessment
d. Vulnerability Assessment

20. Which is the Security Level of protecting against intentional violation using sophisticated
means with moderate resources, IACS specific skills and moderate motivation?

a. SL 1
b. SL 2
c. SL 3
d. SL 4

©,ISA
IC33 (V3.02)
 IC33 - Post-Instructional Survey

1. What are the three main phases of the IACS Cybersecurity Lifecycle?

a. Assess, Operate, Maintain

b. Design, Implement, Maintain
c. Assess, Develop & Implement, Maintain
d. Design, Operate, Maintain

2. What type of drawing best illustrates the components, connectivity and physical location of
an IACS?

a. Network diagram
b. System architecture diagram
c. P&ID
d. Purdue diagram

3. Which formula is correct?

a. Risk = Threat x Asset x Consequence

b. Risk = Threat x Vulnerability x Cost
c. Risk = Threat Agent x Threat x Vulnerability
d. Risk = Threat x Vulnerability x Consequence

4. What type of vulnerability assessment technique involves attempting to exploit a

vulnerability?

a. Passive vulnerability assessment

b. Active vulnerability assessment
c. Gap assessment
d. Penetration test

5. What type of vulnerability assessment technique involves using automated network

scanning tools but not using exploit tools?

a. Passive vulnerability assessment

b. Active vulnerability assessment
c. Gap assessment
d. Penetration test

©,ISA
IC33 (V3.02)
 6. What type of tool is used to capture and display Ethernet communications?

a. Packet capture
b. Ethernet capture
c. Port capture
d. Event capture

7. A feature that sends a copy of network from one or more switch ports to a special
monitoring port is called?

a. Packet capturing
b. Port mirroring
c. GMP Snooping
d. VLAN Hopping

8. Which of the following is a benefit of performing an IACS cyber risk assessment?

a. Being able to better prioritize cybersecurity activities and resources

b. Being able to identify the root cause of an incident
c. Being better prepared to respond to a cybersecurity incident
d. Being better prepared to apply patches

9. What is a threat source?

a. A weakness that can be exploited to compromise a system

b. A person or object that can manifest a threat
c. A measure of the likelihood that an attack will be successful
d. The undesirable result of an incident

10. Which of the following is the term for the undesirable result of an incident?

a. Threat Source
b. Vulnerability
c. Consequence
d. Threat actor

11. The desired level of security for a particular system is known as?

a. Target Security Level

b. Achieved Security Level
c. Capability Security Level
d. Protection Level

©,ISA
IC33 (V3.02)
 12. Which Security Level is defined as “Protection against intentional violation using simple
means with low resources, generic skills and low motivation”?

a. SL 0
b. SL 2
c. SL 5
d. SL 4

13. What makes a risk assessment different from a vulnerability assessment?

a. A risk assessment takes consequence into consideration

b. A risk assessment attempts to exploit known vulnerabilities
c. A risk assessment involves network discovery
d. A risk assessment identifies gaps in compliance with industry standards

14. What are the typical variables in a risk matrix?

a. Likelihood and Consequence

b. Likelihood and Threat
c. Threat and Consequence
d. Threat and Likelihood

15. Which of the following are types of vulnerability assessments?

a. Gap assessment, passive vulnerability assessment, penetration testing

b. Gap assessment, system hardening, penetration testing
c. Active vulnerability assessment, patch management, penetration testing
d. Passive vulnerability assessment, penetration testing, threat modeling

16. What type of Security Levels (SL’s) are part of the ISA/IEC-62443?
a. Target Security Level (SL-T), Achieved Security Level (SL-A), Security Level
Determination (SL-D)
b. Target Security Level (SL-T), Achieved Security Level (SL-A), Capability Security
Level (SL-C)
c. Target Security Level (SL-T), Security Level Determination (SL-D), Equipment
Security Level (SL-E)
d. Equipment Security Level (SL-E), Security Level Determination (SL-D), Achieved
Security Level (SL-A)

17. What GAP Assessment tool was created by the US Department of Homeland Security?

a. Nexpose
b. NMAP
c. CSET
d. C2M2

©,ISA
IC33 (V3.02)
 18. What is the likelihood of the threat occurring and leading to the final consequence
without any cybersecurity countermeasure in place?

a. UTL
b. MTL
c. IPL
d. APL

19. Delaying or blocking the flow of information is a system is an example of following threat
vector: _______?

a. Man in de middle
b. Tampering
c. Denial of Service
d. Spoofing

20. Which term is used to describe the passive collection of data in packet capture
programs?

a. Zenmap
b. Superscan
c. Sniffing the Ethernet
d. Port Mirroring

©,ISA
IC33 (V3.02)