Copyright

Detecting Threats, Exceptions & Anomalies in Critical Infrastructure Chapter Exam

Exam Instructions:

Choose your answers to the questions and click 'Next' to see the next set of questions. You can skip questions if you would like and come back to them later with the yellow "Go To First Skipped Question" button. When you have completed the practice exam, a green submit button will appear. Click it to see your results. Good luck!

Page 1

Question 1 1. A zero-day exploit is _____.

Question 2 2. What is NOT a behavioral anomaly?

Question 3 3. Which is NOT a behavioral anomaly detection tool in industrial networks?

Question 4 4. What is NOT a network behavioral standard, according to NBAD?

Question 5 5. The first step for anomaly detection in an industrial network is _____.'

Page 2

Question 6 6. The systems and devices in the network generate logs during operations. These logs contain information on _____.

Question 7 7. Manual exception reporting is done by comparing actual users or operations in the network activities with those in the white list. A white list consists of information on _____.

Question 8 8.

Which of the following activities or behavior indicates a suspicious anomaly in a network?


A) An unauthorized user logging into a system which is usually accessed by system administrators only

B) An authorized user executing a prohibited command on a server

C) The response to a ping command to a server is taking the usual amount of time

D) An application which is not authorized is accessing the process control system

Question 9 9.

Consider a network with a communication policy that states that communication should happen only between devices within the same zone, and an operational policy that the number of unsuccessful attempts for server login with admin credentials is restricted to three.


In the above network, an automatic exception is raised in which of the following scenarios:


A) A smart phone capturing a screen shot of a SCADA system in a secured zone and sharing it over the internet

B) A system administrator sending emails from an enterprise server to all the employees of the organization

C) An authorized user changing the process logic in a Programmable Logic Controller system to optimize the process speed

D) An authorized user repeatedly attempting unsuccessfully to log into a server with admin credentials, and who has exceeded the number of permissible attempts for a login.

Question 10 10. Systematic exception reporting refers to _____.

Page 3

Question 11 11. Unified threat management focuses on _____.

Question 12 12. Which of the following unified threat management capabilities deals with objectionable information?

Question 13 13. Which of the following provides midrange unified threat management?

Question 14 14. Unified threat management started out as?

Question 15 15. Which of the following is considered to be a threat to a computer?

Page 4

Question 16 16. Fire is an example of a _____ information security threat.

Question 17 17. Information security must _____, and protect against, all threats.

Question 18 18. A _____ is anything that can negatively alter, disrupt, hide, or erase an object or objects of interest.

Question 19 19. _____ is anything that can negatively affect information.

Question 20 20. Information security threats can be _____.

Page 5

Question 21 21. DCS stands for _____.

Question 22 22. NIST, NERC, CSCS and API are _____.

Question 23 23. The purpose of SCADA systems is to _____.

Question 24 24. IDS systems _____.

Question 25 25. SCADA stands for _____.

Page 6

Question 26 26. Suppose I have created a list of IP addresses and now, except for those, no one else can access my network. This is an example of _____.

Question 27 27. Which of the following is true?

Question 28 28. Which of the following is true?

Question 29 29. Which of the following is true?

Question 30 30. Suppose I have created a list with some IP addresses and now they cannot access my network. This is an example of _____.

Detecting Threats, Exceptions & Anomalies in Critical Infrastructure Chapter Exam Instructions

Choose your answers to the questions and click 'Next' to see the next set of questions. You can skip questions if you would like and come back to them later with the yellow "Go To First Skipped Question" button. When you have completed the practice exam, a green submit button will appear. Click it to see your results. Good luck!

Computer Science 330: Critical Infrastructure Security  /  Computer Science Courses
Support