DNP3 Granular Application Control Quiz
22 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to Lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What does the application DNP3_Cold.Restart indicate?

  • Sending a warm restart command to a DNP3 device by an unauthorized DNP3 client
  • Sending a power-up command to a DNP3 device by an authorized DNP3 client
  • Sending a device restart command to a DNP3 device by an unauthorized DNP3 client
  • Sending a cold restart command to a DNP3 device by an authorized DNP3 client (correct)

What can continuously sending the DNP3_Cold.Restart command cause?

  • Improved device security
  • Device enhancement
  • Denial of service (DoS) condition (correct)
  • Increased network efficiency

How are application control signatures organized?

  • In a hierarchical structure (correct)
  • In a circular structure
  • In a linear structure
  • In a random structure

What does FortiOS provide administrators in terms of inspecting sub-application traffic?

<p>All the tools they need (B)</p> Signup and view all the answers

What can be done using FortiGate in terms of industrial protocols like Modbus?

<p>Support a variety of industrial protocols along with their subcategories (A)</p> Signup and view all the answers

In the example provided, what is the primary device in the Modbus TCP implementation?

<p>Modbus Client (A)</p> Signup and view all the answers

What is the IP address of the primary device in the Modbus TCP implementation?

<p>10.10.3 (B)</p> Signup and view all the answers

What does the application DNP3_Read indicate?

<p>Detection of the DNP3 read command (C)</p> Signup and view all the answers

What does the application DNP3_Write indicate?

<p>Detection of the DNP3 write command (C)</p> Signup and view all the answers

What does the parent signature do in the hierarchical structure of application control signatures?

<p>Takes precedence over the child signature (A)</p> Signup and view all the answers

What can administrators do using FortiOS in terms of DNP3_Write and DNP3_Read?

<p>Block DNP3_Write while allowing devices to collaborate using DNP3_Read (C)</p> Signup and view all the answers

What is the IP-address of the switch interface named ssw-01?

<p>10.10.4.1 (A)</p> Signup and view all the answers

Where is the Conpot server connected to FortiGate?

<p>Port5 (D)</p> Signup and view all the answers

What protocol is the Conpot server on PLC1 simulating?

<p>Modbus (A)</p> Signup and view all the answers

What type of traffic will be allowed and identified by the default application control profile on the firewall policy?

<p>Modbus traffic (B)</p> Signup and view all the answers

What does the application name for the traffic sent from the Modbus client primary to the Conpot server indicate?

<p>Detection of the Modbus_Diagnostics command (B)</p> Signup and view all the answers

What are the most common breach points in an O.T environment?

<p>All of the above (D)</p> Signup and view all the answers

What type of exploit can compromise RTU or HMI in an O.T environment?

<p>DoS attack (A)</p> Signup and view all the answers

What type of attack can the SCADA system be vulnerable to in an O.T environment?

<p>DoS and malicious control (A)</p> Signup and view all the answers

What does the term 'Air gap breached' refer to in an O.T environment?

<p>Physical connection between secure and insecure networks (D)</p> Signup and view all the answers

What does the term 'Droppers USB' refer to in the context of breach points in an O.T environment?

<p>USB devices used for introducing malware (A)</p> Signup and view all the answers

What is the purpose of the firewall policy configured to allow and log all traffic from port3 to the ssw-01 interface of FortiGate for all services?

<p>To monitor and control traffic flow (D)</p> Signup and view all the answers
Use Quizgecko on...
Browser
Browser