IEC62443: IC33M EXAM QUESTIONS AND ANSWERS
WITH COMPLETE SOLUTIONS GRADED A++ LATEST
UPDATE
What are the 3 phases of the security life cycle?
Assess, Develop & Implement, Maintain
What topics are in the Assess Phase?
High Level Cyber Risk Assessment, Allocation of IACS Assets to Security Zones or
Conduits, Detailed Cyber Risk Assessment
What standard establishes guidelines for the Assess phase?
ISA 62443-3-2
______ identifies _____ functional layers of an enterprise system
ISA95, 5
Level 0
Process; defines the actual physical processes
Level 1
Safety&Protection / Basic Control: Intelligent devices, Sensing and manipulating the
physical processes. Process sensors, analyzers, actuators
Level 2
Supervisory Control; Supervising, monitoring and controlling the physical processes.
Real-time controls and software; DCS, HMI, SCADA
,Level 3
Operations Management; Managing production work flow, batch management,
manufacturing execution/operations management systems (MES/MOMS), data
historians, laboratory maintenance and plant performance management systems
Level 4
Enterprise Systems (Business Planning and Logistics); ERP is the primary system;
establishes the basic plant production schedule, material use, shipping and inventory
levels
What should Hardware Inventory include?
Computers (servers/workstations), Network equipment (switches/routers/firewalls),
Automation devices (PLC/DCS/VFD/RTU), All devices with Ethernet / IP address,
Devices with routable serial protocols (ControlNet, Profibus, Modbus TCP), Virtual
Machines (VMs)
What should Software Inventory include?
Operating Systems, Applications, Databases, Firmware
Which document details how the network is physically and logically constructed?
Network Diagram
What is the assessment of the criticality of an IACS asset called?
Cybersecurity Criticality Assessment
What level in the ISA 62443 Reference Model includes Business Planning and
Logistics?
Level 4
What are the three main phases of the IACS Cybersecurity Lifecycle?
,Assess, Develop and Implement, Maintain
When creating network diagrams, it is suggested to follow which model?
ISA-62443-1-1 Reference Model
Which assessment measures the negative impact of an IACS asset should
information be unavailable, unreliable, or compromised?
Cyber Criticality Assessment
Which documents illustrate components of a system, connectivity and physical
location?
System Architecture Diagrams
Which level in the ISA 62443 Reference Model defines the actual physical
processes?
Level 0
The first step in preparing for an assessment is to?
Define scope
Threat Source
the entity that can manifest a threat
Threat Vector
the means the threat source may utilize to compromise the zone or conduit
What are the different types of threats that can compromise SUC Assets?
Natural, technological, or actors.
What is the difference between Vulnerability Assessment and Risk Assessment?
Risk Assessment considers the consequences while Vulnerability Assessment does not
What is the difference between a cyber-incident and an intolerable consequence?
, A cyber-incident is something that happens to the component and the consequence is
an adverse or intolerable effect that we must prevent from happening.
Spoofing, tampering and denial of service are examples of a ?
Threat vector
What is the measure of the ultimate loss or harm associated with a consequence?
Impact
What should be done if a risk assessment indicates that the risk level is below the
organization's tolerable risk?
Accept the risk
What does ISA 62443-2-1 address?
Risk Assessment Requirements
What is the element, objective, description and rationale of ISA 62443-2-1?
Element: Risk Identification, Classification, and Assessment
Objective: Identify the set of IACS cyber risks that an organization faces, and assess
the severity of these risks
Description: Organizations protect their ability to perform their mission by systematically
identifying, prioritizing, and analyzing potential security threats, vulnerabilities, and
consequences using accepted methodologies.
Rationale: Investment in cybersecurity is driven by understanding of level or risk
What should be considered when identifying vulnerabilities of an IACS?
Access Points, Internal Networks, End Devices
What are the benefits of a cyber risk assessment?
WITH COMPLETE SOLUTIONS GRADED A++ LATEST
UPDATE
What are the 3 phases of the security life cycle?
Assess, Develop & Implement, Maintain
What topics are in the Assess Phase?
High Level Cyber Risk Assessment, Allocation of IACS Assets to Security Zones or
Conduits, Detailed Cyber Risk Assessment
What standard establishes guidelines for the Assess phase?
ISA 62443-3-2
______ identifies _____ functional layers of an enterprise system
ISA95, 5
Level 0
Process; defines the actual physical processes
Level 1
Safety&Protection / Basic Control: Intelligent devices, Sensing and manipulating the
physical processes. Process sensors, analyzers, actuators
Level 2
Supervisory Control; Supervising, monitoring and controlling the physical processes.
Real-time controls and software; DCS, HMI, SCADA
,Level 3
Operations Management; Managing production work flow, batch management,
manufacturing execution/operations management systems (MES/MOMS), data
historians, laboratory maintenance and plant performance management systems
Level 4
Enterprise Systems (Business Planning and Logistics); ERP is the primary system;
establishes the basic plant production schedule, material use, shipping and inventory
levels
What should Hardware Inventory include?
Computers (servers/workstations), Network equipment (switches/routers/firewalls),
Automation devices (PLC/DCS/VFD/RTU), All devices with Ethernet / IP address,
Devices with routable serial protocols (ControlNet, Profibus, Modbus TCP), Virtual
Machines (VMs)
What should Software Inventory include?
Operating Systems, Applications, Databases, Firmware
Which document details how the network is physically and logically constructed?
Network Diagram
What is the assessment of the criticality of an IACS asset called?
Cybersecurity Criticality Assessment
What level in the ISA 62443 Reference Model includes Business Planning and
Logistics?
Level 4
What are the three main phases of the IACS Cybersecurity Lifecycle?
,Assess, Develop and Implement, Maintain
When creating network diagrams, it is suggested to follow which model?
ISA-62443-1-1 Reference Model
Which assessment measures the negative impact of an IACS asset should
information be unavailable, unreliable, or compromised?
Cyber Criticality Assessment
Which documents illustrate components of a system, connectivity and physical
location?
System Architecture Diagrams
Which level in the ISA 62443 Reference Model defines the actual physical
processes?
Level 0
The first step in preparing for an assessment is to?
Define scope
Threat Source
the entity that can manifest a threat
Threat Vector
the means the threat source may utilize to compromise the zone or conduit
What are the different types of threats that can compromise SUC Assets?
Natural, technological, or actors.
What is the difference between Vulnerability Assessment and Risk Assessment?
Risk Assessment considers the consequences while Vulnerability Assessment does not
What is the difference between a cyber-incident and an intolerable consequence?
, A cyber-incident is something that happens to the component and the consequence is
an adverse or intolerable effect that we must prevent from happening.
Spoofing, tampering and denial of service are examples of a ?
Threat vector
What is the measure of the ultimate loss or harm associated with a consequence?
Impact
What should be done if a risk assessment indicates that the risk level is below the
organization's tolerable risk?
Accept the risk
What does ISA 62443-2-1 address?
Risk Assessment Requirements
What is the element, objective, description and rationale of ISA 62443-2-1?
Element: Risk Identification, Classification, and Assessment
Objective: Identify the set of IACS cyber risks that an organization faces, and assess
the severity of these risks
Description: Organizations protect their ability to perform their mission by systematically
identifying, prioritizing, and analyzing potential security threats, vulnerabilities, and
consequences using accepted methodologies.
Rationale: Investment in cybersecurity is driven by understanding of level or risk
What should be considered when identifying vulnerabilities of an IACS?
Access Points, Internal Networks, End Devices
What are the benefits of a cyber risk assessment?
