EXAM QUESTIONS AND ANSWERS WITH COMPLETE
SOLUTIONS GRADED A+
/. What does ISA-62443 1-1 Cover? - Answer-Basic Concepts and models related to
cybersecurity. The difference between IT and IACS, Defense-in-Depth and Security
zones and conduits.
/.The difference between IT and IACS - Answer-IACS Cybersecurity has to address
issues of health, safety and environment (HSE).
IT - Confidentiality - Integrity - Availability.
IACS - Availability - Integrity - Confidentiality.
With IACS there are lives on the line - downtime/rebooting not acceptable.
/.COTS - Answer-Commercial off the shelf
/.Defence in Depth - Answer-Layered Security (order doesn't matter this is example):
Physical Security
Policies and Procedures
Zones & Conduits
Malware Prevention
Access Controls
Monitoring & Detection
Patching
/.Risk equation - Answer-Risk = Threat x Vulnerability x Consequence
/.5 Risk Responses - Answer-1. Design the risk out
2. Reduce the risk
3. Accept the risk
4. Transfer or share the risk
5. Redesign ineffective controls
/.What requires continuous operation, may not tolerate rebooting and may require
certification after any changes - Answer-IACS
/.What is Shodan? - Answer-Online service which has done a full port scan of the entire
IPv4 Internet
/.What is a regulation? - Answer-Mandatory rules to follow
, /.What is a standard? - Answer-Standards are voluntary codes for which there are no
legal obligations to comply. Possibility of getting sued if negligent
/.Normative standard? - Answer-Normative elements are indicated by the use of the
words "shall" or "must"
/.Informative standard? - Answer-The informative
elements provide clarification or additional information like guidelines
/.What is ISA99? - Answer-Committee that makes standards across industries
/.What are the 4 work product organization (Groups) of the ISA 62443 standards? -
Answer-1. General
2. Policies & Procedures
3. System
4. Component
/.Are TRs normative or informative? - Answer-Informative
/.ISA-62443-1-1 - Answer-Concepts and Models
/.ISA-62443-2-1 - Answer-Security program requirements for IACS asset owners
/. - Answer-
/. - Answer-
/. - Answer-
/. - Answer-
/. - Answer-
/. - Answer-
/.ISA-62443-3-3 - Answer-System security requirements and security levels
/.3 most important 62443 primary groups - Answer-1-1
2-1
3-3
/.IEC - Answer-International Electrotechnical Commission
/.ISO - Answer-International Organization for Standardization
/.ISA99 Membership types - Answer-1. Information - Draft but no voting