microIC33 - IACS Cybersecurity Lifecycle Quiz

Questions and Answers

What is the purpose of the 'Assess' phase in the IACS security lifecycle?

• Maintenance, monitoring, and management of change
• Conduct detailed risk assessment (correct)
• Design and engineering of cybersecurity countermeasures
• Cybersecurity requirement specification

Which level of the Purdue enterprise reference architecture is associated with MEM/MOMS systems?

• Level 0
• Level 4
• Level 5
• Level 3 (correct)

In the 'Implement and design' phase, what task involves the installation, commissioning, and validation of countermeasures?

• Incident response and recovery
• Design and engineering of cybersecurity countermeasures (correct)
• Maintenance, monitoring, and management of change
• Cybersecurity requirement specification

Which component is NOT part of the scope preparation for an assessment as mentioned in the text?

Switch port assignment (D)

What are some of the continuous processes mentioned in terms of cybersecurity management system?

Training and awareness (C)

What type of devices should be included in the Asset Inventory Hardware?

Automation devices with Routable serial protocol (A)

Which tool is NOT listed under Software Asset Management (SAM) tools?

Vulnerability scanning toolkit (VST) (C)

What does 'Cyber risk' in the context of cybersecurity consist of?

Threat, vulnerability, and consequences (A)

Which of the following is a tool used for Active vulnerability assessment?

Nessus (B)

What is the purpose of a Gap assessment in the context of IACS cybersecurity vulnerability assessment?

To identify standards and compare documented information (B)