ISA 62443 IC34 7 ACCESS CONTROLS & REMOTE ACCESS EXAM
QUESTIONS AND ANSWERS WITH COMPLETE SOLUTIONS
GRADED A++
What does Access Control involve?
Involves setting and enforcing policies to ensure only authorized entities can use
system resources. It manages account activities, including creation, modification, and
removal, and enforces principles like least privilege and separation of duties. It also
handles login attempts, session control, and notifications.
What two function requirements address Access Control?
FR 1 and FR 2
Which FR is Identification and authentication control (IAC)?
FR 1
Which FR is Use control (UC)?
FR 2
What is AAA?
Authentication - Authorization - Accounting
What are some implementations of AAA in technology?
Active Directory, LDAP, Oauth, TACAS+, RADIUS
What are the factors of multi-factor authentication?
Something you know/are/have and somewhere you are
Access Control Guidance:
, ISA/IEC Guidance:
- 62443-2-1: Establishes an IACS Security Program
- 62443-3-3: Outlines system security requirements and security levels
- 62443-2-4: Provides system security requirements
NIST Publications:
- 800-53 Revision 4: Security and Privacy Controls for Federal Info Systems
- 800-82 Revision 2: Guide to ICS Security
Public Safety Canada:
- TR12-002: Recommended ICS Cybersecurity Best Practices
US DHS:
- Catalog of Control Systems Security: Recommendations for Standards Developers
Access Control Best Practices:
- Craft an access control policy with appropriate rules for individual users or user groups
- Use multiple authentication methods for critical Industrial Control Systems (ICSs)
- Isolate sensitive or business-critical data for controlled access
- Use AAA servers for IACS resources management, when feasible
- Set up distinct IACS domains for each production area
- Leverage Organizational Units (OUs) to logically or functionally separate resources
What does a Certificate Authority (CA) provide?
Stores, issues, and signs a digital certificate
What does a Verification Authority (VA) provide?
3rd party which can provide an entity information on behalf of a CA
What does a Registration Authority (RA) provide?
QUESTIONS AND ANSWERS WITH COMPLETE SOLUTIONS
GRADED A++
What does Access Control involve?
Involves setting and enforcing policies to ensure only authorized entities can use
system resources. It manages account activities, including creation, modification, and
removal, and enforces principles like least privilege and separation of duties. It also
handles login attempts, session control, and notifications.
What two function requirements address Access Control?
FR 1 and FR 2
Which FR is Identification and authentication control (IAC)?
FR 1
Which FR is Use control (UC)?
FR 2
What is AAA?
Authentication - Authorization - Accounting
What are some implementations of AAA in technology?
Active Directory, LDAP, Oauth, TACAS+, RADIUS
What are the factors of multi-factor authentication?
Something you know/are/have and somewhere you are
Access Control Guidance:
, ISA/IEC Guidance:
- 62443-2-1: Establishes an IACS Security Program
- 62443-3-3: Outlines system security requirements and security levels
- 62443-2-4: Provides system security requirements
NIST Publications:
- 800-53 Revision 4: Security and Privacy Controls for Federal Info Systems
- 800-82 Revision 2: Guide to ICS Security
Public Safety Canada:
- TR12-002: Recommended ICS Cybersecurity Best Practices
US DHS:
- Catalog of Control Systems Security: Recommendations for Standards Developers
Access Control Best Practices:
- Craft an access control policy with appropriate rules for individual users or user groups
- Use multiple authentication methods for critical Industrial Control Systems (ICSs)
- Isolate sensitive or business-critical data for controlled access
- Use AAA servers for IACS resources management, when feasible
- Set up distinct IACS domains for each production area
- Leverage Organizational Units (OUs) to logically or functionally separate resources
What does a Certificate Authority (CA) provide?
Stores, issues, and signs a digital certificate
What does a Verification Authority (VA) provide?
3rd party which can provide an entity information on behalf of a CA
What does a Registration Authority (RA) provide?
