ISA 62443 IC34 6 SYSTEM, DEVICE, AND NETWORK
HARDENING EXAM QUESTIONS AND ANSWERS WITH
COMPLETE SOLUTIONS GRADED A++
What is system hardening?
The practice of increasing system security by minimizing attack surface. This involves
eliminating unnecessary software and user accounts, deactivating superfluous services,
implementing strong access controls, and installing security patches.
What can be hardened?
Almost everything that is configurable
OS Hardening Guidelines
•NIST SP 800-123 "Guide to General Server Security"
•Microsoft Security Guides
•Center for Internet Security's (CIS) Security Benchmarks
•Defense Information Systems Agency's "Security Technical Implementation Guides"
(DISA STIGs)
•Security Guides from Automation Suppliers
-Yokogawa
-Emerson
-Honeywell
-Siemens
-others
, Basic Steps to Secure an Operating System
•Patch and update the OS
•Remove or disable unnecessary services, applications, and network protocols
•Configure OS user authentication
•Configure access controls appropriately
•Install and configure additional security controls
•Test the security of the OS
What are CIS Benchmarks?
CIS Benchmarks are globally-accepted technical rules for system hardening, including
OS, middleware, applications, and network devices. Defined by security professionals
and freely distributed in .PDF format, they're used as a standard for security
configuration policies and best practices. Machine-readable format available to
members.
What is involved in hardening IACS devices?
cyber-physical devices like PLCs, motors, drives, I/O, HMIs, sensors, analyzers, IEDs,
and flow computers. These devices, running embedded operating systems, are integral
in controlling physical processes
IACS Device Hardening Guidance:
•NIST
-Guide to Industrial Control System (ICS) Security SP 800-82 -
https://csrc.nist.gov/publications/detail/sp/800-82/rev-2/final
-
•Vendor specific guidance
HARDENING EXAM QUESTIONS AND ANSWERS WITH
COMPLETE SOLUTIONS GRADED A++
What is system hardening?
The practice of increasing system security by minimizing attack surface. This involves
eliminating unnecessary software and user accounts, deactivating superfluous services,
implementing strong access controls, and installing security patches.
What can be hardened?
Almost everything that is configurable
OS Hardening Guidelines
•NIST SP 800-123 "Guide to General Server Security"
•Microsoft Security Guides
•Center for Internet Security's (CIS) Security Benchmarks
•Defense Information Systems Agency's "Security Technical Implementation Guides"
(DISA STIGs)
•Security Guides from Automation Suppliers
-Yokogawa
-Emerson
-Honeywell
-Siemens
-others
, Basic Steps to Secure an Operating System
•Patch and update the OS
•Remove or disable unnecessary services, applications, and network protocols
•Configure OS user authentication
•Configure access controls appropriately
•Install and configure additional security controls
•Test the security of the OS
What are CIS Benchmarks?
CIS Benchmarks are globally-accepted technical rules for system hardening, including
OS, middleware, applications, and network devices. Defined by security professionals
and freely distributed in .PDF format, they're used as a standard for security
configuration policies and best practices. Machine-readable format available to
members.
What is involved in hardening IACS devices?
cyber-physical devices like PLCs, motors, drives, I/O, HMIs, sensors, analyzers, IEDs,
and flow computers. These devices, running embedded operating systems, are integral
in controlling physical processes
IACS Device Hardening Guidance:
•NIST
-Guide to Industrial Control System (ICS) Security SP 800-82 -
https://csrc.nist.gov/publications/detail/sp/800-82/rev-2/final
-
•Vendor specific guidance
