Review Questions and Answers
Review Questions for Chapter 1
(Please read the questions carefully and select the one BEST answer.)
1. According to NIST SP 800-82, the term “industrial control system” encompasses which of the following?
a. SCADA systems
b. Distributed control systems (DCSs)
c. Programmable logic controllers (PLCs)
d. All of the above
Answer: d
2. According to ANSI/ISA-99.00.01, “a collection of personnel, hardware, and software that can affect or influence the safe, secure, and reliable operation of an industrial process” is a(n):
a. Industrial automation and control system
b. Distributed control system
c. Discrete control system
d. Programmable logic controller
Answer: a
3. A “type of loosely coupled distributed monitoring and control system commonly associated with electric power transmission and distribution systems, oil and gas pipelines, and water and sewage systems” is defined by ANSI/ISA-99.00.01 as which of the following?
a. Distributed control system
b. SCADA system
c. Safety instrumented system (SIS)
d. Human-machine interface (HMI)
Answer: b
4. Which one of the following items is NOT a component of a classical SCADA system model?
a. Human-machine interface (HMI)
b. Remote terminal unit (RTU)
c. Enterprise resource planning (ERP)
d. Programmable logic controller (PLC)
Answer: c. ERP is a resource used by management systems.
5. Which of the following is NOT a characteristic of a SCADA master terminal unit (MTU)?
a. Has two-way communication with field devices
b. Usually located at the master control center
c. Has high-bandwidth communication requirements
d. Communicates through telephone, VHF/UHF radio, spread spectrum radio, satellite, and/or microwave
Answer: c. A MTU has low-bandwidth communication requirements.
6. In a typical SCADA application, what component serves as a data concentrator and is an interface between the MTU and field devices?
a. HMI
b. RTU
c. Data historian
d. Relational database
Answer: b
7. IEC standard 61131-3 was designed to make it easier to implement control logic functions. IEC 61131-3 is which of the following?
a. Vendor-independent international standard for PLC programming languages
b. Standard guide to industrial control systems
c. Safety instrumented systems (SIS) standard for the process industry
d. Integrated enterprise-wide risk management standard
Answer: a
8. Which of the following is NOT a characteristic of a data historian?
a. Provides for prompt recovery of data
b. Performs data compression
c. Supports interactive storage and retrieval of detailed production information
d. Provides system histories over given time periods
Answer: c. Interactive storage and retrieval are functions of real-time relational databases.
9. A yield accounting system used in conjunction with a SCADA system provides which of the following functions?
a. Plant material movement
b. Inventory discrepancies
c. Material balances
d. All of the above
Answer: d
10. ANSI/ISA-99.00.01-2007 defines which of the following as “a type of control system in which the system elements are dispersed but operated in a coupled manner?”
a. Distributed control system
b. Discrete control system
c. Dispersed control system
d. Coupled control system
Answer: a. Answer b, a discrete control system, is one in which parameters at one or more points may change only at discrete values of time. Answers c and d are made-up distracters.
11. ANSI/ISA-84.00.01-2004 Part 1(IEC 61511-1 Mod) defines which of the following as an “instrumented system used to implement one or more safety instrumented functions (SIF)”?
a. Safety surety system
b. Failure proof system
c. Safety instrumented system
d. Safety function system
Answer: c. The other answers are made-up distracters.
12. Necessary activities involved in the implementation of safety instrumented function(s) occurring during a period of time that starts at the concept phase of a project and finishes when all of the safety instrumented functions are no longer available for use is known as which of the following?
a. Safety duration
b. Safety life cycle
c. Safety boundary
d. Safety period
Answer: b
13. The safety integrity level (SIL) is a discrete level for specifying the safety integrity requirements of the safety instrumented functions to be allocated to the safety instrumented systems. Which of the following statements is TRUE?
a. Safety integrity level 4 has the lowest level of safety integrity; safety integrity level 1 has the highest.
b. Safety integrity level 4 has the highest level of safety integrity; safety integrity level 1 has the lowest.
c. Safety integrity level 3 has the highest level of safety integrity; safety integrity level 1 has the lowest.
d. Safety integrity level 3 has the lowest level of safety integrity; safety integrity level 1 has the highest.
Answer: b
14. The Open Systems Interconnection (OSI) reference model has how many layers?
a. Six
b. Five
c. Seven
d. Four
Answer: c. The layers are application, presentation, session, transport, network, data link, and physical.
15. Which layer of the OSI model converts packets into electrical or optical signals for sending on the transmission media?
a. Application
b. Presentation
c. Physical
d. Session
Answer: c
16. What are the four layers of the TCP/IP model?
a. Application, Host-to-Host, Internet, and Network Access
b. Application, Presentation, Internet, and Network Access
c. Application, Network, Internet, and Network Access
d. Application, Host-to-Host, Internet, and Physical
Answer: a
17. NIST 800-82 defines which of the following as “a set of open standards developed to promote interoperability between disparate field devices, automation/control, and business systems”?
a. Modbus/TCP
b. OPC
c. DNP3
d. Profibus
Answer: b
18. The protocol that supports the communication of safety-related data over a variety of industrial networks and ensures data transfer integrity is known as which of the following?
a. Safety instrumented system (SIS)
b. Safety instrumented function (SIF)
c. OpenSAFETY
d. ClosedSafety
Answer: c
19. Which of the following statements relative to the IEC layered architecture Standard IEC 61850 for substation automation is NOT true?
a. It is a set of protocols for electric utilities.
b. IEC-enabled devices can obtain power grid condition data via an Ethernet process bus.
c. Merge units provide interfaces to field devices.
d. It is not compatible with legacy protocols.
Answer: d
20. Which of the following are versions of Profibus?
a. Profibus PA, Profibus CP, Profibus CIP
b. Profibus PA, Profibus DP, Profibus FMS
c. Profibus PA, Profibus CP, Profibus FMS
d. Profibus PA, Profibus CIP, Profibus FMS
Answer: b
Review Questions for Chapter 2
1. Information system security is defined as comprising which of the following three basic elements?
a. Confidentiality, integrity, and authorization
b. Confidentiality, integrity, and availability
c. Audit, integrity, and availability
d. Security, integrity, and availability
Answer: b
2. Protecting documents and messages from unauthorized disclosure refers to which of the following?
a. Confidentiality
b. Availability
c. Authorization
d. Integrity
Answer: a
3. An attack that overloads the resources of a computing system is an attack against which of the following?
a. Integrity
b. Availability
c. Confidentiality
d. Authentication
Answer: b
4. Which of the following items refers to the act of verifying a user’s identity and confirming that a user is who he or she professes to be?
a. Authentication
b. Authorization
c. Registration
d. Accountability
Answer: a
5. Which of the following is a detective activity used to determine if violations of information system security have occurred?
a. Confirming
b. Authenticating
c. Auditing
d. Authorizing
Answer: c
6. Ensuring that the sender of a message or contract cannot later deny sending the message or contract is known as which of the following?
a. Nonrepudiation
b. Denial
c. Validation
d. Confirmation
Answer: a
7. A security control that minimizes the effect of an attack and the degree of resulting damage is known as which type of control?
a. Corrective
b. Preventive
c. Deterrent
d. Detective
Answer: a
8. The Information Assurance Technical Framework Forum (IATF) Document 3.1 (Table 2-1) defines which of the following attacks as an “attempt to circumvent or break protection features, introduce malicious code, or steal or modify information”?
a. Distribution
b. Close-in
c. Active
d. Passive
Answer: c
9. The act of establishing numerous layers of protection wherein a subsequent layer will provide protection if a previous layer is breached is known as which of the following?
a. Defense in depth
b. Complete mediation
c. Least privilege
d. Open design
Answer: a
10. Which of the following is noncompulsory?
a. Standards
b. Guidelines
c. Policies
d. Procedures
Answer: b
11. A self-replicating or self-reproducing program that spreads by inserting copies of itself into other executable code or documents is known as which of the following?
a. Worm
b. Mobile code
c. Back door
d. Virus
Answer: d
12. An attack that focuses on the authentication protocol between a claiming party and a verifying party communicating with each other is known as which of the following?
a. Meet-in-the-middle
b. Man-in-the-middle
c. Social engineering
d. Brute force
Answer: b
13. NIST SP 800-41 defines which of the following as “devices or programs that control the flow of network traffic between networks or hosts that employ differing security postures”?
a. Firewalls
b. Demilitarized zones
c. Trap doors
d. Browsers
Answer: a
14. What type of firewall filters packets based on firewall access control lists (ACLs), which specify the packets that can be sent to particular destination addresses, or on specific application port destinations?
a. Stateful inspection
b. Packet filtering
c. Application proxy
d. Screened-host
Answer: b
15. What type of firewall serves as an intermediary between networks and serves to mask the source of a message?
a. Application
b. Packet filtering
c. Stateful inspection
d. Application proxy
Answer: d
16. What type of firewall defines a demilitarized zone (DMZ) or perimeter network, which is a third network that lies between the internal trusted network and the external untrusted network as an added layer of protection?
a. Dual-homed host
b. Screened-subnet
c. Screened-host
d. Application
Answer: b
17. What type of cryptography uses public and private key pairs?
a. Symmetric
b. Asymmetric
c. Secret key
d. Transposition
Answer: b
18. The Advanced Encryption Standard (AES) is an example of which of the following types of cryptography?
a. Symmetric key
b. Asymmetric key
c. Public key
d. Dual key
Answer: a
19. The result of a variable length message being fed into a hash function is a shorter, fixed length output digital stream, known as which of the following?
a. Ciphertext
b. Plaintext
c. Message digest
d. Cryptovariable
Answer: c
20. A digital signature uses asymmetric key encryption to achieve which of the following?
a. Nonrepudiation
b. Nonrepudiation and authentication
c. Authorization
d. Confidentiality
Answer: b
21. A cryptographic attack in which the attacker has access to multiple samples of encrypted messages that have been encrypted with the same algorithm and attempts to find the key is known as which of the following?
a. Chosen ciphertext
b. Ciphertext only
c. Adaptive chosen ciphertext
d. Known plaintext
Answer: b
22. A private network that operates as an overlay on a public infrastructure is known as which of the following?
a. Virtual private network
b. Dual band network
c. 4G network
d. Demilitarized zone
Answer: a
23. IPsec provides which of the following two modes of operation?
a. Symmetric key mode and transport mode
b. Authentication mode and tunnel mode
c. Transport mode and tunnel mode
d. Transport mode and transparent mode
Answer: c
24. A VPN that provides secure communications over a public network between two trusted networks is known as which of the following?
a. Host-to-host
b. Gateway-to-gateway
c. Host-to-gateway
d. Host-to-demilitarized zone
Answer: b
Review Questions for Chapter 3
1. Which of the following statements is generally TRUE regarding an industrial automation and control system?
a. Installation of software patches can be performed routinely and frequently.
b. Encryption of data can sometimes lead to problematic delays.
c. Penetration testing can be conducted routinely and frequently.
d. Confidentiality is a key concern in automation systems as opposed to integrity and availability.
Answer: b
2. In both IT and automation and control systems, which of the following is the primary concern in the event of an emergency or malicious event?
a. Equipment safety
b. Preservation of documentation
c. Personnel safety
d. Facility protection
Answer: c
3. Which of the following statements is FALSE?
a. Flash drives and other portable memory devices can be sources of malware injections into control systems.
b. Maintenance hooks and trap doors installed in automation and control systems for remote maintenance can be easy entry points to modify critical software and firmware with negative consequences.
c. In many control system environments, control engineers, in general, do not have multiple responsibilities, such that the security principle of separation of duties is not normally violated.
d. Many facilities house legacy systems with outdated technology, minimal memory and computing power, and little thought to security.
Answer: c
4. Which of the following actions is the most likely to result in blockages and lack of system availability in automation and control systems?
a. Remote access
b. Life cycle design
c. Accountability
d. Port scanning
Answer: d
5. Which threat source is motivated by revenge, ego, and dissatisfaction?
a. Insider
b. Espionage
c. Criminal
d. Hacker
Answer: a
6. What is a source of a possible disruption of control system functions that is not normally considered?
a. Changes from digital to analog systems
b. Upgrades from analog to digital systems
c. Malware
d. Attacks
Answer: b
7. In general, what distinguishes analog control equipment from digital control equipment?
a. Analog controls generate more high-frequency peak voltages than digital controls.
b. Digital controls generate more high-frequency peak voltages than analog controls.
c. Analog controls generate essentially the same number of high-frequency peak voltages as digital controls.
d. Digital controls generate essentially the same number of high-frequency peak voltages as analog controls.
Answer: b
8. Which of the following is more likely to be performed in an IT environment than in an automation and control system environment?
a. Security architecture analysis
b. Information security testing
c. Quantitative risk analysis
d. Change management
Answer: d
9. Which of the following is more likely to be a common area of security practice that is equally performed in both IT and automation and control systems?
a. Information security management
b. Information processing controls
c. Email security
d. Digital signatures
Answer: a
10. Which of the following threat sources is motivated by economic exploitation and competitive advantage, and uses social engineering?
a. Insider
b. Terrorist
c. Industrial espionage
d. Computer criminal
Answer: c
11. What is a detective control that is more frequently applied in IT systems than in control and automation systems?
a. Firewall
b. Separation of duties
c. Biometrics
d. Auditing
Answer: d
12. Which of the following is NOT a usual reason for an organization’s reluctance to disclose successful attacks against it?
a. Hope the attack will harm competitors
b. Embarrassment
c. Effect on reputation
d. Possible loss of customers
Answer: a
13. Which of the following can lead to a single point of failure in an industrial automation and control system?
a. Separation of duties
b. Disk redundancy
c. Combination of safety and security mechanisms
d. Use of authentication with identification
Answer: c
14. What is a typical characteristic of industrial automation and control systems?
a. Have excess computing cycles
b. Have limited extra computing cycles
c. Have excess memory
d. Computational speed is not an issue
Answer: b
15. What is a typical characteristic of an automation and control system supplier?
a. Usually ensures maintenance hooks are never left enabled without the customer’s approval
b. Usually ensures default passwords are never duplicated from one customer to another
c. Usually provides unmodified off-the-shelf hardware and software
d. Usually provides modified hardware and software
Answer: d
Review Questions for Chapter 4
1. Which of the following is an important element in connecting to smart meters?
a. Home area network
b. Energy storage devices
c. Cloud computing
d. Printers
Answer: a
2. Energy storage devices are especially useful in which of the following cases?
a. Fossil fuel energy sources
b. Nonrenewable energy sources
c. Intermittent renewable energy sources
d. Constant energy sources
Answer: c
3. The application of data mining and analysis to large amounts of data for the purposes of discovering knowledge and making intelligent predictions and decisions is known as which of the following?
a. Artificial intelligence
b. Analytics
c. Data aggregation
d. Predictive calculus
Answer: b
4. Which of the following techniques is used for condition monitoring of high voltage electrical equipment and identifying areas of potential failure?
a. Analytics
b. Artificial intelligence
c. Robotics
d. Scanning
Answer: a
5. Data from a variety of sources that is analyzed in real time or near real time to perform predictive modeling and support physical, logical, and administrative security is known as which of the following?
a. Data aggregation
b. Cyber analytics
c. Cybersecurity
d. Sensitivity analysis
Answer: b
6. What of the following is NOT a characteristic of cloud computing?
a. Measured service
b. Resource pooling
c. On-demand self-service
d. Minimal elasticity
Answer: d
7. Which of the flowing is NOT one of the three cloud service models?
a. Cloud application as a service
b. Cloud software as a service
c. Cloud platform as a service
d. Cloud infrastructure as a service
Answer: a
8. Which of the following is NOT one of the five basic privacy principles?
a. Access
b. Choice
c. Preemption
d. Notice
Answer: c
9. Which of the following items is NOT one of the European Union (EU) privacy principles?
a. Data should be collected in accordance with the law.
b. Data should be used only for the purposes for which it was collected, and it should be used only for a reasonable period of time.
c. Transmission of personal information to locations where equivalent personal data protection cannot be assured is permitted.
d. Individuals have the right to correct errors contained in their personal data.
Answer: c
10. The ability of an entity to exchange information with another entity is known as which of the following?
a. Compatibility
b. Commonality
c. Interchangeability
d. Interoperability
Answer: d
11. Which of the following is NOT a distinguishing characteristic of the Smart Grid?
a. Development and incorporation of demand response, demand-side resources, and energy efficiency resources
b. Deployment and integration of distributed resources and generation, excluding renewable resources
c. Provision to consumers of timely information and control options
d. Increased use of digital information and controls technology to improve reliability, security, and efficiency of the electric grid
Answer: b
12. Which of the following is NOT an expected result of Smart Grid implementation?
a. Higher grid resiliency
b. Improved energy delivery efficiency
c. Reduced operating costs
d. Possible loss of customers
Answer: d
13. Which of the following is NOT a domain in the NIST Smart Grid framework?
a. Control
b. Customer
c. Operations
d. Bulk generation
Answer: a
14. Which domain of the Smart Grid framework provides energy generated from sources such as coal, gas, water from dams, nuclear reactions, geothermal, the sun, and wind?
a. Distribution
b. Transmission
c. Bulk generation
d. Service provider
Answer: c
15. Which domain of the Smart Grid delivers electrical power to the distribution domain and balances the required electrical load?
a. Transmission
b. Service provider
c. Operations
d. Bulk generation
Answer: a
16. Which domain of the Smart Grid handles customer problems and manages business accounts?
a. Markets
b. Service provider
c. Markets
d. Operations
Answer: b
17. What subsystem of the Smart Grid comprises hardware and meter data management (MDM) software that provide the normal meter reading functions as well as supporting two-way communications that can exchange energy information and commands with customer’s devices through a home area network?
a. Advanced Metering Infrastructure (AMI)
b. Energy Management System (EMS)
c. Energy Services Interface (ESI)
d. Smart Grid Interface (SGI)
Answer: a
18. In Smart Grid Terminology, DER stands for which of the following terms?
a. Delayed energy reduction
b. Determined energy requirements
c. Distributed energy requirements
d. Distributed energy resources
Answer: d
19. Which domain of the Smart Grid framework has a home area network and also might have a requirement for energy storage for intermittent sources of electricity?
a. Customer
b. Distribution
c. Operations
d. Markets
Answer: a
20. Which domain of the Smart Grid framework handles large amounts of customer personally identifiable information and must ensure that adequate privacy protections are in place?
a. Customer
b. Markets
c. Service provider
d. Operations
Answer: c
21. Which of the following evolving technologies can increase communications, collaboration, and innovation, but also be a source of compromise of PII and other sensitive information?
a. Social networks
b. Interoperability
c. Cloud computing
d. Analytics
Answer: a
22. Which domain of the Smart Grid framework does not have an energy storage requirement for intermittent sources of electricity?
a. Customer
b. Transmission
c. Bulk generation
d. Markets
Answer: d
23. Which domain of the Smart Grid framework has the most potential for benefiting from the use of cloud computing?
a. Customer
b. Transmission
c. Distribution
d. Operations
Answer: d