OTArmor L1 Test – ICS/OT Cyber Security

QUIZ START

#1. In Active Directory, a security group is:

A management point for password policy settings

A group of users who all share a single username

A pre-configured user or device role

#2. Which CatTools feature would you use to create a backup of the network switch configuration?

Activity Wizard

Setup

Device Wizard

#3. What is a GFS (Grandfather – Father – Son ) backup scheme?

An incremental backup once per day for a week, a full backup once per week for a month, and a differential backup once per month for a year

An incremental backup once per day for a week, a differential backup once per week for a month, and a full backup once per month for a year

A differential backup once per day for a week, an incremental backup once per week for a month, and a full backup once per month for a year

#4. For a controller running in the secure state, what role is played by the ControlST software

It issues the user certificate, which the controller recognizes as secure

It retrieves the user certificate and uses it to establish a secure connection to the controller

#5. How many users can be logged on to one server at one time?

#6. The bridge on the top of the network Spanning Tree is what kind of switch?

Outer Edge

Root

Bridge

Edge

#7. Which term below refers to settings that can be applied to computers that join the domain, as well as the enforcement of required configuration settings?

Group Policy

Certificate Authority

ANIXIS Password Management

#8. The Security Server (VH1) is?

A virtual machine that serves as the Primary Domain Controller

A hardened computer running the VMware vSphere Hypervisor environment

#9. Load balancing Virtual Machines is a feature that allows VMs to be run on different hosts, which version of OTArmor/SecurityST uses this feature?

SecurityST/OTArmot Standard

Compact Secure

SecurityST/OTArmor

SecurityST/OTArmor Pro

#10. Which of the following does NOT describe a benefit of Cisco switches?

Layer 2 Threat Defense

Improved Broadcast and Multicast Storm Control

Centralized updating and patching independent of the OTArmot/SecurityST Appliance

#11. To install the monthly patch updates:

Place the patch DVD in the VH1 DVD drive, log in to PM1, attach the drive to SP1, and copy the files.

Place the patch DVD in the VH1 DVD drive, attach the drive to PM1, log in to PM1, and copy the files.

#12. If you change a domain policy setting:

Every HMI that logs in will receive the updated setting

New HMIs will receive the updated setting, but HMIs that were already set up in the system will not receive it

The user will be prompted to select either the old or the new setting

#13. What does the DLP (Data Loss Prevention) application do?

Prevent user access to USB/DVD/CD drives

Prevent user access to different applications

Allow access hard drives

Prevent downloads to the Mark VIe controller

#14. When McAfee solidcore is in Observer Mode:

Application Control isn't running on your system. Although the application is installed, its features are disabled

The application does not prevent any execution or changes made to the endpoints. Instead, it monitors execution activities and compares them with the local inventory and predefined rules

This mode indicates that Application Control is running and protection is enabled

This mode indicates that protection is effective but changes are allowed on protected endpoints

#15. When deploying patches, which of the following is true?

You can deploy multiple patches at a time to multiple computers

You can deploy multiple patches at a time to only one computer

You can deploy multiple patches and multiple Service Packs at a time to multiple computers

You can deploy only one patch at a time to only one computer

#16. The NIDS device:

Is a network traffic monitoring device attached to each leaf switch in the star topology used in the OTArmor/SecurityST network configuration

Builds upon the Microsoft Active Directory system to prevent network intrusion

Is a standalone device that monitors network traffic and logs issues to the SIEM application

#17. If you change a domain policy setting:

New HMIs will receive the updated setting, but HMIs that were already set up in the system will not receive it

The user will be prompted to select either the old or the new setting

Every HMI that logs in will receive the updated setting

#18. Which of the following is the Application Server, containing SolarWinds® CatTools™ and Acronis Backup Management System?

AP1

PM1

CA1

AP2

DC1

DR1

LM1

VH1

SP1

#19. What type of OTArmor/SecurityST configuration is made when you have VH1, VH2 & VH3?

Pro

Standard

Compact

#20. When does the root certificate need to be updated?

When a new HMI logs in for the first time

When domain authentication is required

When the system is turned over to the customer

#21. Where would you look if you needed to find the Security State for each configured controller?

Security State > Authenticated

System Editor > Security State

Component InfoView > Status tab

#22. Which of the following does NOT describe a benefit of Active Directory?

It eliminates the need for RADIUS authentication

Many controls extend from or leverage Active Directory

It helps customers address NERC and other compliance requirements

#23. True or False, McAfee Application Control prevents users from accessing applications?

False

True

#24. When trying to enter domain credentials in a SecureSuite application, you must press _______________ to open the login dialog for a VM. a. Ctrl + Alt + Delete

Ctrl + Alt + Insert

Shift + Alt + Insert

Actions – Ctrl-Alt-Delete

Ctrl + Alt + Delete

#25. What are the default groups the BHGEOper account is a Member Of?

#26. On what Virtual Machine does the McAfee ePO Application reside?

CA1

DC1

RDS1

DR1

SP1

EWS1

#27. The default settings used for backups limit any one node to use no more than _____ of the available network loading

10%

20%

25%

#28. What is the maximum number of HMIs that a OTArmor/SecurityST Standard be configured for?

#29. What are the BHGE standards IP addresses of VH1,DC1,DC2 and CA1 servers:

#30. From an admin command prompt, what command is used to check the status of the Application Control an HMI or VM?

sadmin status

sadmin enable

sadmin lockdown

sadmin recover

sadmin info

#31. Which Splunk application would you use to obtain information about failed logons?

Security

Active Directory

Change Management

#32. When deploying an agent from the McAfee ePO, do you?

Select Device, Select Actions – Agent – Deploy Agents

Select Device, Select Actions – Agent – Run Client Task

#33. The McAfee software has been implemented in this solution because this anti-virus application includes:

Host Intrusion Detection functionality

An exclusively online updating process

A centralized management console, using individual agents installed on each HMI under security management

#34. The VMWare ESXi host web interface (GUI) is accessed from:

DR1

Any machine on the Domain

DC1

#35. In order for a network switch to verify a user’s access rights, the switch must first:

Request membership in the Network Administrators group

Contact a RADIUS server in which it has been defined as an allowed client

Supply the shared secret and user credentials to Active Directory

#36. What problem is associated with retrofit installations and SFPs?

Retrofit installs usually use Multi-Mode Fiber Optic Cable, which has LC connectors that do not plug directly into the SFP

Retrofit installs usually use Single Mode Fiber Optic Cable, which has SC connectors that do not plug directly into the SFP

Retrofit installs usually use Multi-Mode Fiber Optic Cable, which has SC connectors that do not plug directly into the SFP

Retrofit installs usually use Single Mode Fiber Optic Cable, which has LC connectors that do not plug directly into the SFP.

#37. To confirm that individual certificates have been revoked, you must:

Delete the revoked certificates

Publish the revoked certificates

Validate the revoked certificates

#38. Splunk is:

A Network Intrusion Detection System (NIDS) application

A browser-based Unified Threat Management (UTM) device

A browser-based interface to security-related log and event information

#39. You would use the Splunk FISMA application to:

Display user record changes and computer account changes

Display reports that comply with SP 800-52 requirements

Display reports for reviewing log data related to Microsoft Active Dire

#40. McAfee uses a ruleset to apply Whitelisting, True or False, is this function applied from the ePO?

False

True

#41. In the Cisco FlexStack:

Failover and recovery are built in, but replacement requires an outage

A cross-over cable is used to stack switches

Members behave as one logical switch

#42. How would you locate in the ePO where the Policy Catalog is?

System Tree

Dashboards

#43. What is the minimum password length in the password policy?

#44. What happens during a secure socket layer (SSL) handshake?

The controller requests the CRL from the CA server

The client and server agree on connection security parameters

The CA server informs the controller that access is granted or rejected

#45. The CA Server (CA1):

Is the central repository for cyber-security event and log data

Issues and revokes digital certificates.

Provides the entry point for security managers to administer security-related applications.

#46. When making a switch configuration change, which command would you use to save the new configuration?

config t

wr mem

Ctrl + S

Ctrl + Z

#47. Which of the following virtual machines is considered optional for Compact configurations?

CA1

AP3

DC1

SP1

#48. OTArmor/SecurityST uses virtualization technology to minimize security lifecycle costs and provide enhanced recovery capabilities?

True

False

#49. If you needed to turn off a port, how would you do so?

From DR1, use the Putty – SSH Terminal application

From SP1, use the Putty – SSH Terminal application

From DC1, use the CatTools application

From DR1, use the CatTools application

#50. If you were going to set up a new user in the Server Manager, you would find the list of GE accounts in which set of folders?

DNS Server

Network Policy and Access Services

Active Directory Domain Services

#51. Which of the following is the Backup Domain Controller?

SP1

DR1

DC1

DC2

LM1

VH2

VH1

PM1

#52. Which of the following provides the real-time analysis of security alerts generated by network hardware and applications, and is used to log security data and generate reports for compliance purposes?

SIM

SEM

SIEM

#53. Which level of the standard Network Architecture does the OTArmor/SecurityST system reside on?

Level 2

Level 3

Level 0

Level 1

Level 4

Level 5

#54. Based on the policies BHBHGE has defined, when a potential threat is detected, the McAfee application will:

Block access to the file

Automatically clean up the file

Prompt the user to determine whether to block or clean up the file

#55. Controls traffic (i.e., the network traffic to and from our controllers and HMIs) resides on the:

PDH

UDH

EGD

MDH

#56. If you needed to change an individual’s assigned role, which dialog would you need to use?

Network Policy Server

Group Policy Management

Roles

#57. True or False, the High Availability (HA) option includes both hardware and data redundancy for security?

True

False

#58. How would an installation of the OTArmor/SecurityST solution at a nuclear power plant differ from a typical installation?

A separate OTArmor/SecurityST Appliance is required for each reactor

The required topology is a ring network

Outer Edge Switches are not permitted

#59. A data diode is designed to pass data:

In either direction, depending on the configuration of the device’s security settings

From the “high” side to the “low” side

From the “low” side to the “high” side

Finish

Results

Congratulation you pass the exam!!!

Sorry, it is time to review concepts and try again