ICS-SCADA Exam Dumps - ICS/SCADA Cyber Security Exam

TCP flags are used in the header of TCP segments to control the flow of data and to indicate the status of a connection. Valid TCP flags include:

FIN: Finish, used to terminate the connection.

PSH: Push, instructs the receiver to pass the data to the application immediately.

URG: Urgent, indicates that the data contained in the segment should be processed urgently.

RST: Reset, abruptly terminates the connection upon error or other conditions.

SYN: Synchronize, used during the initial handshake to establish a connection.These flags are integral to managing the state and flow of TCP connections.References:

Douglas E. Comer, "Internetworking with TCP/IP Vol.1: Principles, Protocols, and Architecture".

A data diode is known as a prebuilt directional gateway that is unidirectional, designed specifically to allow data to travel in only one direction, ensuring secure one-way communication. This feature makes data diodes ideal for environments where it iscritical to prevent any possibility of data leakage or unauthorized access from an external network back to a secure network. Data diodes are commonly used in military and industrial applications, including ICS/SCADA systems, to protect sensitive information.References:

U.S. Department of Energy, "Cybersecurity for SCADA Systems".

IPsec offers two modes of operation: Transport mode and Tunnel mode.

Transport mode in IPsec provides security for the payload (the message part) of each packet along the communication path between two endpoints.

In this mode, the IP header of the original packet is not encrypted; it secures only the payload, not protecting the headers. This means while the data is protected, information about the sender and receiver as contained in the IP header is not obscured.

References

"Security Architecture for IP," RFC 4301.

IPsec documentation, Internet Engineering Task Force (IETF).

WannaCry is a ransomware attack that spread rapidly across multiple computer networks in May 2017.

The vulnerability exploited by the WannaCry ransomware was in the Microsoft Windows implementation of the Server Message Block (SMB) protocol.

Specifically, the exploit, known as EternalBlue, targeted a flaw in the SMBv1 protocol. This flaw allowed the ransomware to spread within corporate networks without any user interaction, making it one of the fastest-spreading and most harmful cyberattacks at the time.

References

Microsoft Security Bulletin MS17-010 - Critical:https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2017/ms17-010

National Vulnerability Database, CVE-2017-0144:https://nvd.nist.gov/vuln/detail/CVE-2017-0144

IEC 62443 defines multiple security levels (SLs) tailored to address different types of threats and attackers in industrial control systems.

Security Level 4 (SL4) is designed to protect against sophisticated attacks by adversaries such as hacktivists or terrorists. SL4 involves threats that are targeted with specific intent against the organization, using advanced skills and means.

This level assumes that the adversary is capable of sustained and focused efforts with significant resources, including state-level actors or well-funded groups, aiming at causing widespread disruption or damage.

References

IEC 62443-3-3: System security requirements and security levels.

"Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems," by Eric Knapp.