The first generation of ICS/SCADA systems is considered monolithic, primarily characterized by standalone systems that had no external communications or connectivity with other systems. These systems were typically fully self-contained, with all components hard-wired together, and operations were managed without any networked interaction.References:
U.S. Department of Homeland Security, "Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies".
An Intrusion Detection System (IDS) is designed to monitor network or system activities for malicious activities or policy violations and can perform several functions:
Monitor:Observing network traffic and system activities for unusual or suspicious behavior.
Detect:Identifying potential security breaches including both known threats and unusual activities that could indicate new threats.
Respond:Executing pre-defined actions to address detected threats, which can include alerts or triggering automatic countermeasures.References:
Cisco Systems, "Intrusion Detection Systems".
Question # 19
Which of the following steps is used to reveal the IP addressing?
Enumeration is a step in the information-gathering phase of a penetration test or cyber attack where an attacker actively engages with the target to extract detailed information, including IP addressing.
Enumeration: During enumeration, the attacker interacts with network services to gather information such as user accounts, network shares, and IP addresses.
Techniques: Common techniques include using tools like Nmap, Netcat, and Nessus to scan for open ports, services, and to identify the IP addresses in use.
Purpose: The goal is to map the network's structure, find potential entry points, and understand the layout of the target environment.
Because enumeration involves discovering detailed information including IP addresses, it is the correct answer.
References
"Enumeration in Ethical Hacking," GeeksforGeeks, Enumeration.
In the context of data analysis, enumeration is not typically considered a step. Enumeration is more relevant in security assessments and network scanning contexts where specific details about devices, users, or services are cataloged. Data analysis steps typically include gathering data, preprocessing, analyzing, and interpreting results rather than enumeration, which is more about identifying and listing components in a system or network.References:
"Data Science from Scratch" by Joel Grus, which outlines common steps in data analysis.
Question # 21
Which of the following is required to determine the correct Security Association?
To determine the correct Security Association (SA) in the context of IPsec, several elements are required:
SPI (Security Parameter Index): Uniquely identifies the SA.
Partner IP address: The address of the endpoint with which the SA is established.
Protocol: Specifies the type of security protocol used (e.g., AH or ESP). All these components collectively define and identify a specific SA for secure communication between parties.References:
RFC 4301, "Security Architecture for the Internet Protocol".
Within IPsec, the SPI (Security Parameter Index) is a critical component that uniquely identifies a Security Association (SA) for the IPsec session. The SPI is used in the IPsec headers to help the receiving party determine which SA has been agreed upon for processing the incoming packets. This identification is crucial for the proper operation and management of security policies applied to the encrypted data flows.References:
RFC 4301, "Security Architecture for the Internet Protocol," which discusses the structure and use of the SPI in IPsec communications.
