Exam IC32 Questions With Correct
Answers
/. Name the phases of the IACS cybersecurity lifecycle. - Answer-(1) Assess Phase
(2) Develop & Implement Phase
(3) Maintain Phase
/.What is the goal of the "Assess Phase"? - Answer-A zone is assigned a target security
level (SL-T).
/.What is the goal of the "Develop & Implement Phase"? - Answer-Countermeasure are
implemented to meet the target security level (SL-T).
/.What is the goal of the "Maintain Phase"? - Answer-Ensure the achieved security level
(SL-A) is better than or equal to the target security level (SL-T).
/.Name the main activities performed within the "Maintain Phase"? - Answer-(1)
Cybersecurity Maintenance Monitoring and Management of Change (ISA 62443-2-1)
(2) Cyber Incident Response & Recovery (ISA 62443-2-1)
/.Name the continuous processes performed within the "Maintain Phase"? - Answer-(1)
Cyber Security Management System: Policies, Procedures, Training & Awareness (ISA
62443-2-1)
(2) Periodic Cybersecurity Audits (ISA 62443-2-1)
/.Explain the "4 Ts" of risk management. - Answer-(1) Tolerate
(2) Transfer
(3) Terminate
(4) Treat
/.Explaint the meaning of "risk tolerance". - Answer-The risk is known (!) and accepted
by the organization.
, /.Explaint the meaning of "risk transfer". - Answer-The risk is passed to a third party to
manage.
Note: This does not eliminate the risk.
/.Explaint the meaning of "risk termination". - Answer-The context of the risk (processes,
site, system, etc.) is stopped entirely, hence the risk is no longer relevant.
/.Explaint the meaning of "risk treatment". - Answer-Aims to reduce either the likelihood
or the resulting impact, through introduction of relevant controls.
/.Explain the "5Ds" of risk treatment. - Answer-(1) Deter
(2) Detect
(3) Delay
(4) Deny
(5) Defeat
/.What elements should be listed in a hardware asset inventory? - Answer-(1)
Computers
(2) Network equipment
(3) Automation devices
Note: Virtual Hardware should also be included!
/.What elements should be listed in a software asset inventory? - Answer-(1) Operating
systems
(2) Applications
(3) Databases
(4) Firmware
/.Define the term "system hardening". - Answer-System hardening describes the
process of securing a system by reducing its attack surface.
/.List common measures for system hardening. - Answer-(1) Removal of unnecessary
software
(2) Removal of unnecessary user accounts