OTArmor L1 Test – ICS/OT Cyber Security

QUIZ START

#1. Which of the following does NOT describe a benefit of Cisco switches?

Centralized updating and patching independent of the OTArmot/SecurityST Appliance

Improved Broadcast and Multicast Storm Control

Layer 2 Threat Defense

#2. How many users can be logged on to one server at one time?

#3. When trying to enter domain credentials in a SecureSuite application, you must press _______________ to open the login dialog for a VM. a. Ctrl + Alt + Delete

Actions – Ctrl-Alt-Delete

Ctrl + Alt + Insert

Shift + Alt + Insert

Ctrl + Alt + Delete

#4. For a controller running in the secure state, what role is played by the ControlST software

It issues the user certificate, which the controller recognizes as secure

It retrieves the user certificate and uses it to establish a secure connection to the controller

#5. If you change a domain policy setting:

Every HMI that logs in will receive the updated setting

New HMIs will receive the updated setting, but HMIs that were already set up in the system will not receive it

The user will be prompted to select either the old or the new setting

#6. In order for a network switch to verify a user’s access rights, the switch must first:

Supply the shared secret and user credentials to Active Directory

Request membership in the Network Administrators group

Contact a RADIUS server in which it has been defined as an allowed client

#7. The Security Server (VH1) is?

A virtual machine that serves as the Primary Domain Controller

A hardened computer running the VMware vSphere Hypervisor environment

#8. From an admin command prompt, what command is used to check the status of the Application Control an HMI or VM?

sadmin status

sadmin info

sadmin recover

sadmin lockdown

sadmin enable

#9. A data diode is designed to pass data:

From the “low” side to the “high” side

In either direction, depending on the configuration of the device’s security settings

From the “high” side to the “low” side

#10. Which of the following is the Backup Domain Controller?

VH2

VH1

DC2

DC1

DR1

LM1

SP1

PM1

#11. When making a switch configuration change, which command would you use to save the new configuration?

Ctrl + Z

wr mem

config t

Ctrl + S

#12. To install the monthly patch updates:

Place the patch DVD in the VH1 DVD drive, log in to PM1, attach the drive to SP1, and copy the files.

Place the patch DVD in the VH1 DVD drive, attach the drive to PM1, log in to PM1, and copy the files.

#13. Which of the following virtual machines is considered optional for Compact configurations?

DC1

CA1

AP3

SP1

#14. What problem is associated with retrofit installations and SFPs?

Retrofit installs usually use Multi-Mode Fiber Optic Cable, which has SC connectors that do not plug directly into the SFP

Retrofit installs usually use Multi-Mode Fiber Optic Cable, which has LC connectors that do not plug directly into the SFP

Retrofit installs usually use Single Mode Fiber Optic Cable, which has LC connectors that do not plug directly into the SFP.

Retrofit installs usually use Single Mode Fiber Optic Cable, which has SC connectors that do not plug directly into the SFP

#15. True or False, McAfee Application Control prevents users from accessing applications?

True

False

#16. What type of OTArmor/SecurityST configuration is made when you have VH1, VH2 & VH3?

Standard

Compact

Pro

#17. Controls traffic (i.e., the network traffic to and from our controllers and HMIs) resides on the:

EGD

UDH

MDH

PDH

#18. What are the default groups the BHGEOper account is a Member Of?

#19. Which of the following provides the real-time analysis of security alerts generated by network hardware and applications, and is used to log security data and generate reports for compliance purposes?

SIEM

SEM

SIM

#20. Which CatTools feature would you use to create a backup of the network switch configuration?

Setup

Device Wizard

Activity Wizard

#21. Which term below refers to settings that can be applied to computers that join the domain, as well as the enforcement of required configuration settings?

Certificate Authority

ANIXIS Password Management

Group Policy

#22. What is the maximum number of HMIs that a OTArmor/SecurityST Standard be configured for?

#23. When does the root certificate need to be updated?

When the system is turned over to the customer

When a new HMI logs in for the first time

When domain authentication is required

#24. The bridge on the top of the network Spanning Tree is what kind of switch?

Outer Edge

Edge

Bridge

Root

#25. The NIDS device:

Is a network traffic monitoring device attached to each leaf switch in the star topology used in the OTArmor/SecurityST network configuration

Builds upon the Microsoft Active Directory system to prevent network intrusion

Is a standalone device that monitors network traffic and logs issues to the SIEM application

#26. True or False, the High Availability (HA) option includes both hardware and data redundancy for security?

True

False

#27. The default settings used for backups limit any one node to use no more than _____ of the available network loading

20%

10%

25%

#28. How would you locate in the ePO where the Policy Catalog is?

System Tree

Dashboards

#29. If you change a domain policy setting:

The user will be prompted to select either the old or the new setting

Every HMI that logs in will receive the updated setting

New HMIs will receive the updated setting, but HMIs that were already set up in the system will not receive it

#30. If you needed to turn off a port, how would you do so?

From DC1, use the CatTools application

From DR1, use the CatTools application

From DR1, use the Putty – SSH Terminal application

From SP1, use the Putty – SSH Terminal application

#31. What happens during a secure socket layer (SSL) handshake?

The CA server informs the controller that access is granted or rejected

The client and server agree on connection security parameters

The controller requests the CRL from the CA server

#32. To confirm that individual certificates have been revoked, you must:

Delete the revoked certificates

Validate the revoked certificates

Publish the revoked certificates

#33. What does the DLP (Data Loss Prevention) application do?

Prevent downloads to the Mark VIe controller

Prevent user access to different applications

Allow access hard drives

Prevent user access to USB/DVD/CD drives

#34. When McAfee solidcore is in Observer Mode:

This mode indicates that Application Control is running and protection is enabled

This mode indicates that protection is effective but changes are allowed on protected endpoints

The application does not prevent any execution or changes made to the endpoints. Instead, it monitors execution activities and compares them with the local inventory and predefined rules

Application Control isn't running on your system. Although the application is installed, its features are disabled

#35. Which of the following does NOT describe a benefit of Active Directory?

It eliminates the need for RADIUS authentication

It helps customers address NERC and other compliance requirements

Many controls extend from or leverage Active Directory

#36. If you needed to change an individual’s assigned role, which dialog would you need to use?

Group Policy Management

Network Policy Server

Roles

#37. Which Splunk application would you use to obtain information about failed logons?

Change Management

Security

Active Directory

#38. If you were going to set up a new user in the Server Manager, you would find the list of GE accounts in which set of folders?

Active Directory Domain Services

Network Policy and Access Services

DNS Server

#39. The McAfee software has been implemented in this solution because this anti-virus application includes:

Host Intrusion Detection functionality

An exclusively online updating process

A centralized management console, using individual agents installed on each HMI under security management

#40. What is the minimum password length in the password policy?

#41. What is a GFS (Grandfather – Father – Son ) backup scheme?

A differential backup once per day for a week, an incremental backup once per week for a month, and a full backup once per month for a year

An incremental backup once per day for a week, a full backup once per week for a month, and a differential backup once per month for a year

An incremental backup once per day for a week, a differential backup once per week for a month, and a full backup once per month for a year

#42. You would use the Splunk FISMA application to:

Display reports that comply with SP 800-52 requirements

Display reports for reviewing log data related to Microsoft Active Dire

Display user record changes and computer account changes

#43. On what Virtual Machine does the McAfee ePO Application reside?

DR1

DC1

CA1

RDS1

EWS1

SP1

#44. When deploying patches, which of the following is true?

You can deploy multiple patches at a time to multiple computers

You can deploy only one patch at a time to only one computer

You can deploy multiple patches and multiple Service Packs at a time to multiple computers

You can deploy multiple patches at a time to only one computer

#45. When deploying an agent from the McAfee ePO, do you?

Select Device, Select Actions – Agent – Deploy Agents

Select Device, Select Actions – Agent – Run Client Task

#46. Where would you look if you needed to find the Security State for each configured controller?

Component InfoView > Status tab

Security State > Authenticated

System Editor > Security State

#47. In Active Directory, a security group is:

A management point for password policy settings

A pre-configured user or device role

A group of users who all share a single username

#48. Which level of the standard Network Architecture does the OTArmor/SecurityST system reside on?

Level 3

Level 0

Level 1

Level 2

Level 5

Level 4

#49. What are the BHGE standards IP addresses of VH1,DC1,DC2 and CA1 servers:

#50. Which of the following is the Application Server, containing SolarWinds® CatTools™ and Acronis Backup Management System?

AP2

LM1

PM1

CA1

SP1

VH1

AP1

DC1

DR1

#51. McAfee uses a ruleset to apply Whitelisting, True or False, is this function applied from the ePO?

True

False

#52. The CA Server (CA1):

Issues and revokes digital certificates.

Is the central repository for cyber-security event and log data

Provides the entry point for security managers to administer security-related applications.

#53. OTArmor/SecurityST uses virtualization technology to minimize security lifecycle costs and provide enhanced recovery capabilities?

False

True

#54. Load balancing Virtual Machines is a feature that allows VMs to be run on different hosts, which version of OTArmor/SecurityST uses this feature?

SecurityST/OTArmor

SecurityST/OTArmor Pro

Compact Secure

SecurityST/OTArmot Standard

#55. In the Cisco FlexStack:

Failover and recovery are built in, but replacement requires an outage

A cross-over cable is used to stack switches

Members behave as one logical switch

#56. Splunk is:

A browser-based interface to security-related log and event information

A browser-based Unified Threat Management (UTM) device

A Network Intrusion Detection System (NIDS) application

#57. Based on the policies BHBHGE has defined, when a potential threat is detected, the McAfee application will:

Prompt the user to determine whether to block or clean up the file

Automatically clean up the file

Block access to the file

#58. The VMWare ESXi host web interface (GUI) is accessed from:

Any machine on the Domain

DC1

DR1

#59. How would an installation of the OTArmor/SecurityST solution at a nuclear power plant differ from a typical installation?

A separate OTArmor/SecurityST Appliance is required for each reactor

The required topology is a ring network

Outer Edge Switches are not permitted

Finish

Results

Congratulation you pass the exam!!!

Sorry, it is time to review concepts and try again