SANS 410 – ICS/SCADA Security Essentials Latest Update
with Verified Solutions Complete Exam Preparation
Material
Introduction:
This document provides the latest verified solutions for the SANS 410
Industrial Control Systems (ICS) and SCADA Security Essentials
course. It covers all key concepts and exam topics, including network
protocols, malware types, OSI layers, industrial protocols (Modbus,
DNP3, IEC 60870-5-104), control systems components (PLC, RTU,
IED), cybersecurity measures, and risk analysis methods. Each
section includes concise definitions and correct answers aligned with
current SANS training objectives. This material is ideal for exam
preparation, review, or practical reference in cybersecurity and
industrial automation fields.
Exam Questions and Answers
Social Engineering (SE) --- correct answer ---The art of
manipulating humans to do what you want with a combination of
logic and emotion. Often used to enhance other technical attacks.
Phishing and Spear Phishing --- correct answer ---the process of
sending an attack to a large number or small targeted number of
people.
,Malware --- correct answer ---Consists of virus, Trojans,
backdoors, bots, and worms.
Virus --- correct answer ---Parasitic malware that relies on
executable code insertion and user interaction to spread.
Trojans --- correct answer ---Malware that pretends to be good
software
Backdoors (RAT) --- correct answer ---malware that provides
remote access for attackers
Bots --- correct answer ---Malware that checks into a command and
control server
Worms --- correct answer ---self replicating malware.
ICS Malware --- correct answer ---Duqu
Flame
Shamoon
Stuxnet
Havex/Dragonfly
Black Energy
,Default or Weak Passwords --- correct answer ---shared passwords
are often simple, and default passwords are often found in vendor
manuals.
Password fuzzing --- correct answer ---brute force and dictionary
attacks
Authentication Bypass --- correct answer ---Often when a developer
forgets to require every page from verifying the user is logged in.
Weak Session Management --- correct answer ---Obtaining a
browser cookie or guessing it's content to hijack a session.
SQL Injection --- correct answer ---commands made against an
improperly sanitized database that can give an attacker read/write
access to the database as well as interaction to the OS and its files.
Cross Site Scripting (XSS) --- correct answer ---Javascript added to
the input and execution of that script in other users browsers.
Cross Site Request Forgery (CSRF) or (XSRF) --- correct answer ---A
hidden link, or a link that a browser automatically clicks on using
java script that takes a login cookie from your browser and uses it.
, Local and remote File Inclusions (LFI and RFI) --- correct answer --
-attackers can request non-log files from file systems that
developers failed to block.
Fuzzing Network Protocols --- correct answer ---Sending
unexpected traffic to an application to see the results.
Software Defined Radio (SDR) --- correct answer ---Device to
generate noise on WiFi frequencies.
Profibus (DP, FMS,PA) --- correct answer ---Developed by Siemens,
operates on RS485
Network protocol --- correct answer ---Agreement or rules of
engagement on how computer networks will communicate. Define
the format and order of messages and the actions to be taken upon
the receipt of messages.
Protocol Stacks --- correct answer ---Set of network protocol layers
that work together to implement communication.
Purposes for Network Protocols --- correct answer ---Standardize
the format of communication; Specify the order or timing of
with Verified Solutions Complete Exam Preparation
Material
Introduction:
This document provides the latest verified solutions for the SANS 410
Industrial Control Systems (ICS) and SCADA Security Essentials
course. It covers all key concepts and exam topics, including network
protocols, malware types, OSI layers, industrial protocols (Modbus,
DNP3, IEC 60870-5-104), control systems components (PLC, RTU,
IED), cybersecurity measures, and risk analysis methods. Each
section includes concise definitions and correct answers aligned with
current SANS training objectives. This material is ideal for exam
preparation, review, or practical reference in cybersecurity and
industrial automation fields.
Exam Questions and Answers
Social Engineering (SE) --- correct answer ---The art of
manipulating humans to do what you want with a combination of
logic and emotion. Often used to enhance other technical attacks.
Phishing and Spear Phishing --- correct answer ---the process of
sending an attack to a large number or small targeted number of
people.
,Malware --- correct answer ---Consists of virus, Trojans,
backdoors, bots, and worms.
Virus --- correct answer ---Parasitic malware that relies on
executable code insertion and user interaction to spread.
Trojans --- correct answer ---Malware that pretends to be good
software
Backdoors (RAT) --- correct answer ---malware that provides
remote access for attackers
Bots --- correct answer ---Malware that checks into a command and
control server
Worms --- correct answer ---self replicating malware.
ICS Malware --- correct answer ---Duqu
Flame
Shamoon
Stuxnet
Havex/Dragonfly
Black Energy
,Default or Weak Passwords --- correct answer ---shared passwords
are often simple, and default passwords are often found in vendor
manuals.
Password fuzzing --- correct answer ---brute force and dictionary
attacks
Authentication Bypass --- correct answer ---Often when a developer
forgets to require every page from verifying the user is logged in.
Weak Session Management --- correct answer ---Obtaining a
browser cookie or guessing it's content to hijack a session.
SQL Injection --- correct answer ---commands made against an
improperly sanitized database that can give an attacker read/write
access to the database as well as interaction to the OS and its files.
Cross Site Scripting (XSS) --- correct answer ---Javascript added to
the input and execution of that script in other users browsers.
Cross Site Request Forgery (CSRF) or (XSRF) --- correct answer ---A
hidden link, or a link that a browser automatically clicks on using
java script that takes a login cookie from your browser and uses it.
, Local and remote File Inclusions (LFI and RFI) --- correct answer --
-attackers can request non-log files from file systems that
developers failed to block.
Fuzzing Network Protocols --- correct answer ---Sending
unexpected traffic to an application to see the results.
Software Defined Radio (SDR) --- correct answer ---Device to
generate noise on WiFi frequencies.
Profibus (DP, FMS,PA) --- correct answer ---Developed by Siemens,
operates on RS485
Network protocol --- correct answer ---Agreement or rules of
engagement on how computer networks will communicate. Define
the format and order of messages and the actions to be taken upon
the receipt of messages.
Protocol Stacks --- correct answer ---Set of network protocol layers
that work together to implement communication.
Purposes for Network Protocols --- correct answer ---Standardize
the format of communication; Specify the order or timing of
