OTArmor L1 Test – ICS/OT Cyber Security

QUIZ START

#1. To confirm that individual certificates have been revoked, you must:

Publish the revoked certificates

Delete the revoked certificates

Validate the revoked certificates

#2. Which of the following does NOT describe a benefit of Cisco switches?

Centralized updating and patching independent of the OTArmot/SecurityST Appliance

Improved Broadcast and Multicast Storm Control

Layer 2 Threat Defense

#3. The Security Server (VH1) is?

A virtual machine that serves as the Primary Domain Controller

A hardened computer running the VMware vSphere Hypervisor environment

#4. When McAfee solidcore is in Observer Mode:

This mode indicates that Application Control is running and protection is enabled

The application does not prevent any execution or changes made to the endpoints. Instead, it monitors execution activities and compares them with the local inventory and predefined rules

This mode indicates that protection is effective but changes are allowed on protected endpoints

Application Control isn't running on your system. Although the application is installed, its features are disabled

#5. Splunk is:

A browser-based Unified Threat Management (UTM) device

A browser-based interface to security-related log and event information

A Network Intrusion Detection System (NIDS) application

#6. What is the minimum password length in the password policy?

#7. What type of OTArmor/SecurityST configuration is made when you have VH1, VH2 & VH3?

Pro

Compact

Standard

#8. On what Virtual Machine does the McAfee ePO Application reside?

CA1

EWS1

RDS1

SP1

DR1

DC1

#9. A data diode is designed to pass data:

From the “high” side to the “low” side

In either direction, depending on the configuration of the device’s security settings

From the “low” side to the “high” side

#10. When deploying patches, which of the following is true?

You can deploy multiple patches at a time to multiple computers

You can deploy multiple patches and multiple Service Packs at a time to multiple computers

You can deploy multiple patches at a time to only one computer

You can deploy only one patch at a time to only one computer

#11. Which of the following is the Application Server, containing SolarWinds® CatTools™ and Acronis Backup Management System?

SP1

CA1

PM1

DR1

AP1

LM1

DC1

AP2

VH1

#12. Based on the policies BHBHGE has defined, when a potential threat is detected, the McAfee application will:

Prompt the user to determine whether to block or clean up the file

Automatically clean up the file

Block access to the file

#13. If you change a domain policy setting:

Every HMI that logs in will receive the updated setting

New HMIs will receive the updated setting, but HMIs that were already set up in the system will not receive it

The user will be prompted to select either the old or the new setting

#14. When making a switch configuration change, which command would you use to save the new configuration?

config t

Ctrl + S

wr mem

Ctrl + Z

#15. Which term below refers to settings that can be applied to computers that join the domain, as well as the enforcement of required configuration settings?

Certificate Authority

Group Policy

ANIXIS Password Management

#16. When trying to enter domain credentials in a SecureSuite application, you must press _______________ to open the login dialog for a VM. a. Ctrl + Alt + Delete

Ctrl + Alt + Delete

Shift + Alt + Insert

Actions – Ctrl-Alt-Delete

Ctrl + Alt + Insert

#17. When does the root certificate need to be updated?

When domain authentication is required

When a new HMI logs in for the first time

When the system is turned over to the customer

#18. Which level of the standard Network Architecture does the OTArmor/SecurityST system reside on?

Level 0

Level 5

Level 1

Level 3

Level 4

Level 2

#19. If you were going to set up a new user in the Server Manager, you would find the list of GE accounts in which set of folders?

DNS Server

Network Policy and Access Services

Active Directory Domain Services

#20. Which of the following is the Backup Domain Controller?

SP1

PM1

DC1

DC2

VH2

LM1

VH1

DR1

#21. What is the maximum number of HMIs that a OTArmor/SecurityST Standard be configured for?

#22. The bridge on the top of the network Spanning Tree is what kind of switch?

Outer Edge

Edge

Root

Bridge

#23. In Active Directory, a security group is:

A group of users who all share a single username

A management point for password policy settings

A pre-configured user or device role

#24. Load balancing Virtual Machines is a feature that allows VMs to be run on different hosts, which version of OTArmor/SecurityST uses this feature?

SecurityST/OTArmor Pro

Compact Secure

SecurityST/OTArmot Standard

SecurityST/OTArmor

#25. Which of the following does NOT describe a benefit of Active Directory?

Many controls extend from or leverage Active Directory

It eliminates the need for RADIUS authentication

It helps customers address NERC and other compliance requirements

#26. The CA Server (CA1):

Issues and revokes digital certificates.

Is the central repository for cyber-security event and log data

Provides the entry point for security managers to administer security-related applications.

#27. If you needed to change an individual’s assigned role, which dialog would you need to use?

Roles

Group Policy Management

Network Policy Server

#28. Which CatTools feature would you use to create a backup of the network switch configuration?

Device Wizard

Setup

Activity Wizard

#29. In the Cisco FlexStack:

Failover and recovery are built in, but replacement requires an outage

A cross-over cable is used to stack switches

Members behave as one logical switch

#30. What are the default groups the BHGEOper account is a Member Of?

#31. Which of the following virtual machines is considered optional for Compact configurations?

AP3

CA1

DC1

SP1

#32. OTArmor/SecurityST uses virtualization technology to minimize security lifecycle costs and provide enhanced recovery capabilities?

True

False

#33. If you change a domain policy setting:

The user will be prompted to select either the old or the new setting

Every HMI that logs in will receive the updated setting

New HMIs will receive the updated setting, but HMIs that were already set up in the system will not receive it

#34. True or False, McAfee Application Control prevents users from accessing applications?

True

False

#35. How would an installation of the OTArmor/SecurityST solution at a nuclear power plant differ from a typical installation?

A separate OTArmor/SecurityST Appliance is required for each reactor

Outer Edge Switches are not permitted

The required topology is a ring network

#36. You would use the Splunk FISMA application to:

Display user record changes and computer account changes

Display reports for reviewing log data related to Microsoft Active Dire

Display reports that comply with SP 800-52 requirements

#37. The default settings used for backups limit any one node to use no more than _____ of the available network loading

25%

20%

10%

#38. From an admin command prompt, what command is used to check the status of the Application Control an HMI or VM?

sadmin lockdown

sadmin info

sadmin recover

sadmin status

sadmin enable

#39. True or False, the High Availability (HA) option includes both hardware and data redundancy for security?

True

False

#40. Controls traffic (i.e., the network traffic to and from our controllers and HMIs) resides on the:

EGD

PDH

UDH

MDH

#41. What are the BHGE standards IP addresses of VH1,DC1,DC2 and CA1 servers:

#42. What does the DLP (Data Loss Prevention) application do?

Allow access hard drives

Prevent user access to different applications

Prevent user access to USB/DVD/CD drives

Prevent downloads to the Mark VIe controller

#43. The VMWare ESXi host web interface (GUI) is accessed from:

DC1

DR1

Any machine on the Domain

#44. If you needed to turn off a port, how would you do so?

From SP1, use the Putty – SSH Terminal application

From DC1, use the CatTools application

From DR1, use the CatTools application

From DR1, use the Putty – SSH Terminal application

#45. To install the monthly patch updates:

Place the patch DVD in the VH1 DVD drive, attach the drive to PM1, log in to PM1, and copy the files.

Place the patch DVD in the VH1 DVD drive, log in to PM1, attach the drive to SP1, and copy the files.

#46. For a controller running in the secure state, what role is played by the ControlST software

It issues the user certificate, which the controller recognizes as secure

It retrieves the user certificate and uses it to establish a secure connection to the controller

#47. What happens during a secure socket layer (SSL) handshake?

The controller requests the CRL from the CA server

The client and server agree on connection security parameters

The CA server informs the controller that access is granted or rejected

#48. How would you locate in the ePO where the Policy Catalog is?

Dashboards

System Tree

#49. Where would you look if you needed to find the Security State for each configured controller?

Component InfoView > Status tab

System Editor > Security State

Security State > Authenticated

#50. Which of the following provides the real-time analysis of security alerts generated by network hardware and applications, and is used to log security data and generate reports for compliance purposes?

SIEM

SEM

SIM

#51. Which Splunk application would you use to obtain information about failed logons?

Security

Active Directory

Change Management

#52. The NIDS device:

Is a standalone device that monitors network traffic and logs issues to the SIEM application

Is a network traffic monitoring device attached to each leaf switch in the star topology used in the OTArmor/SecurityST network configuration

Builds upon the Microsoft Active Directory system to prevent network intrusion

#53. How many users can be logged on to one server at one time?

#54. In order for a network switch to verify a user’s access rights, the switch must first:

Request membership in the Network Administrators group

Supply the shared secret and user credentials to Active Directory

Contact a RADIUS server in which it has been defined as an allowed client

#55. The McAfee software has been implemented in this solution because this anti-virus application includes:

A centralized management console, using individual agents installed on each HMI under security management

An exclusively online updating process

Host Intrusion Detection functionality

#56. When deploying an agent from the McAfee ePO, do you?

Select Device, Select Actions – Agent – Run Client Task

Select Device, Select Actions – Agent – Deploy Agents

#57. McAfee uses a ruleset to apply Whitelisting, True or False, is this function applied from the ePO?

False

True

#58. What problem is associated with retrofit installations and SFPs?

Retrofit installs usually use Multi-Mode Fiber Optic Cable, which has SC connectors that do not plug directly into the SFP

Retrofit installs usually use Single Mode Fiber Optic Cable, which has LC connectors that do not plug directly into the SFP.

Retrofit installs usually use Multi-Mode Fiber Optic Cable, which has LC connectors that do not plug directly into the SFP

Retrofit installs usually use Single Mode Fiber Optic Cable, which has SC connectors that do not plug directly into the SFP

#59. What is a GFS (Grandfather – Father – Son ) backup scheme?

A differential backup once per day for a week, an incremental backup once per week for a month, and a full backup once per month for a year

An incremental backup once per day for a week, a differential backup once per week for a month, and a full backup once per month for a year

An incremental backup once per day for a week, a full backup once per week for a month, and a differential backup once per month for a year

Finish

Results

Congratulation you pass the exam!!!

Sorry, it is time to review concepts and try again