The first generation of ICS/SCADA systems is considered monolithic, primarily characterized by standalone systems that had no external communications or connectivity with other systems. These systems were typically fully self-contained, with all components hard-wired together, and operations were managed without any networked interaction.References:
U.S. Department of Homeland Security, "Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies".
Question 2
What does the SPI within IPsec identify?
Options:
A.
Security Association
B.
Key Exchange
C.
Decryption algorithm
D.
All of these
Answer:
A
Explanation:
Within IPsec, the SPI (Security Parameter Index) is a critical component that uniquely identifies a Security Association (SA) for the IPsec session. The SPI is used in the IPsec headers to help the receiving party determine which SA has been agreed upon for processing the incoming packets. This identification is crucial for the proper operation and management of security policies applied to the encrypted data flows.References:
RFC 4301, "Security Architecture for the Internet Protocol," which discusses the structure and use of the SPI in IPsec communications.
Question 3
Which of the following is the stance that by default has a default deny approach?
Options:
A.
Permissive
B.
Paranoid
C.
Promiscuous
D.
Prudent
Answer:
B
Explanation:
In the context of network security policies, a "Paranoid" stance typically means adopting a default-deny posture. This security approach is one of the most restrictive, where all access is blocked unless explicitly allowed.
A default deny strategy is considered best practice for securing highly sensitive environments, as it minimizes the risk of unauthorized access and reduces the attack surface.
This approach contrasts with more open stances such as Permissive or Promiscuous, which are less restrictive and generally allow more traffic by default.
References
"Network Security: Policies and Guidelines for Effective Network Management," by Jonathan Gossels.
"Best Practices for Implementing a Security Awareness Program," by Kaspersky Lab.