
[2025年04月02日] 完全版には更新されたのはISA Cybersecurity(ISA-IEC-62443)認定サンプル問題
最新のISA ISA-IEC-62443リアル試験問題集PDF
質問 # 43
Which of the following is the underlying protocol for Ethernet/IP?
Available Choices (select all choices that are correct)
- A. Building Automation and Control Network (BACnet)
- B. Object Linking and Embedding (OLE) for Process Control
- C. Common Industrial Protocol
- D. Highway Addressable Remote Transducer (HART)
正解:C
質問 # 44
Which is the PRIMARY responsibility of the network layer of the Open Systems Interconnection (OSI)
model?
Available Choices (select all choices that are correct)
- A. Gives transparent transfer of data between end users
- B. Provides the rules for framing, converting electrical signals to data
- C. Forwards packets, including routing through intermediate routers
- D. Handles the physics of getting a message from one device to another
正解:C
質問 # 45
Which of the following refers to internal rules that govern how an organization protects critical system
resources?
Available Choices (select all choices that are correct)
- A. Legislation
- B. Security policy
D- Code of conduct - C. Formal guidance
正解:B
質問 # 46
Electronic security, as defined in ANSI/ISA-99.00.01:2007. includes which of the following?
Available Choices (select all choices that are correct)
- A. Computers, networks, operating systems, applications, and other programmable configurable components of the system
- B. Personnel, policies, and procedures related to the security of computers, networks. PLCs, and other programmable configurable components of the system
- C. Security guidelines for the proper configuration of IACS PLCs and other programmable configurable components of the system
- D. Security guidelines for the proper configuration of IACS computers and operating systems
正解:A、B
解説:
In ANSI/ISA-99.00.01:2007, which is part of the ISA/IEC 62443 standards, electronic security encompasses both the technical and human aspects of cybersecurity within industrial automated and control systems (IACS). Option B correctly highlights components such as computers, networks, operating systems, applications, and other programmable configurable components which are intrinsic to the system's electronic security framework. Option C is also correct as it includes the personnel, policies, andprocedures which play a crucial role in securing these systems. This emphasizes that security is not only about the technological solutions but also about managing human elements and organizational processes effectively.ISA/IEC 62443 Cybersecurity Fundamentals References:
* ISA/IEC 62443 standards focus on the holistic nature of security which is clearly supported by including both the technological (Option B) and human elements (Option C) in the definition of electronic security.
質問 # 47
Which is a common pitfall when initiating a CSMS program?
Available Choices (select all choices that are correct)
- A. Immediate jump into detailed risk assessment
- B. Organizational lack of communication
- C. Failure to relate to the mission of the organization
- D. Insufficient documentation due to lack of good follow-up
正解:A
解説:
"A common pitfall is to attempt to initiate a CSMS program without at least a high-level rationale that relates cyber security to the specific organization and its mission." A CSMS program is a Cybersecurity Management System program that follows the IEC 62443 standards for securing industrial control systems (ICS)1. A common pitfall when initiating a CSMS program is D.
Immediate jump into detailed risk assessment. This is because a detailed risk assessment requires a clear definition of the system under consideration (SuC), the allocation of IACS assets to zones and conduits, and the identification of threats, vulnerabilities, and consequences for each zone and conduit2. These steps are part of the assess phase of the CSMS program, which is the first phase of the security program development process2. However, before starting the assess phase, it is important to have the management team's support to ensure the CSMS program will have sufficient financial and organizational resources to implement necessary actions2. Therefore, jumping into detailed risk assessment without having the management buy-in is a common mistake that can jeopardize the success of the CSMS program.
質問 # 48
What is the name of the protocol that implements serial Modbus over Ethernet?
Available Choices (select all choices that are correct)
- A. MODBUS/TCP
- B. MODBUS/Ethernet
- C. MODBUS/CIP
- D. MODBUS/Plus
正解:A
解説:
MODBUS/TCP is the name of the protocol that implements serial Modbus over Ethernet. MODBUS/TCP is a variant of the Modbus protocol that uses the Transmission Control Protocol (TCP) as the transport layer to encapsulate Modbus messages and send them over Ethernet networks. MODBUS/TCP preserves the Modbus application layer and data model, which means that serial Modbus devices can communicate with MODBUS/TCP devices through a gateway or a converter. MODBUS/TCP is widely used in industrial automation and control systems, as it offers high performance, interoperability, and compatibility with existing Modbus devices. References: ISA/IEC 62443 Cybersecurity Fundamentals Specialist Study Guide, Section
3.1.21; MODBUS Application Protocol Specification V1.1b3, Section 1.1
質問 # 49
Which of the following attacks relies on a human weakness to succeed?
Available Choices (select all choices that are correct)
- A. Escalation-of-privileges
- B. Spoofing
- C. Phishing
- D. Denial-of-service
正解:C
質問 # 50
Safety management staff are stakeholders of what security program development?
Available Choices (select all choices that are correct)
- A. ERM
- B. SPRP
- C. CSMS
- D. CSA
正解:C
質問 # 51
Which of the following ISA-99 (IEC 62443) Reference Model levels is named correctly?
Available Choices (select all choices that are correct)
- A. Level 4: Process
- B. Level 2: Quality Control
- C. Level 3: Operations Management
- D. Level 1: Supervisory Control
正解:C
質問 # 52
In which layer is the physical address assigned?
Available Choices (select all choices that are correct)
- A. Layer 1
- B. Layer 2
- C. Layer 7
- D. Layer 3
正解:B
解説:
According to the OSI model, the physical address is assigned in the layer 2, also known as the data link layer.
The physical address is a unique identifier for each device on a network, such as a MAC address or a serial number. The data link layer is responsible for transferring data between adjacent nodes on a network, using the physical address to identify the source and destination of each frame. The data link layer also provides error detection and correction, flow control, and media access control. References: ISA/IEC 62443 Cybersecurity Fundamentals Specialist Exam Prep, section 2.2; ISA/IEC 62443 Standards to Secure Your Industrial Control System, section 3.1.2.
質問 # 53
Electronic security, as defined in ANSI/ISA-99.00.01:2007. includes which of the following?
Available Choices (select all choices that are correct)
- A. Security guidelines for the proper configuration of IACS PLCs and other programmable configurable
components of the system - B. Computers, networks, operating systems, applications, and other programmable configurable
components of the system - C. Personnel, policies, and procedures related to the security of computers, networks. PLCs, and other
programmable configurable components of the system - D. Security guidelines for the proper configuration of IACS computers and operating systems
正解:C
質問 # 54
What is a feature of an asymmetric key?
Available Choices (select all choices that are correct)
- A. Uses a continuous stream
- B. Has lower network overhead
- C. Uses different keys
- D. Shares the same key OD.
正解:C
質問 # 55
Why is patch management more difficult for IACS than for business systems?
Available Choices (select all choices that are correct)
- A. Many more approvals are required.
- B. Overtime pay is required for technicians.
- C. Business systems automatically update.
- D. Patching a live automation system can create safety risks.
正解:D
質問 # 56
Why is OPC Classic considered firewall unfriendly?
Available Choices (select all choices that are correct)
- A. OPC Classic is allowed to use only port 80.
- B. OPC Classic is an obsolete communication standard.
- C. OPC Classic works with control devices from different manufacturers.
- D. OPC Classic uses DCOM, which dynamically assigns any port between 1024 and 65535.
正解:D
質問 # 57
At Layer 4 of the Open Systems Interconnection (OSI) model, what identifies the application that will handle a packet inside a host?
Available Choices (select all choices that are correct)
- A. A TCP/UDP host ID
- B. ATCP/UDP application ID
- C. ATCP/UDP port number
- D. ATCP/UDP registry number
正解:C
解説:
At layer 4 of the OSI model, also known as the transport layer, the application that will handle a packet inside a host is identified by a TCP/UDP port number. A port number is a 16-bit integer that is assigned to a specific application or service that runs on a host. Port numbers are used to multiplex and demultiplex the data streams that are exchanged between hosts and end systems. Multiplexing is the process of combining multiple data streams into one, while demultiplexing is the process of separating one data stream into multiple ones. Port numbers are part of the header of the transport layer protocol data unit (PDU), which is called a segment for TCP and a datagram for UDP. The header contains the source port number and the destination port number, which indicate the applications that are involved in the communication. For example, if a host sends a packet to another host using the HTTP protocol, which runs on port 80 by default, the source port number would be a random number chosen by the sender, and the destination port number would be 80. The receiver would then use the destination port number to demultiplex the packet and deliver it to the HTTP application.
Port numbers are divided into three ranges: well-known ports (0-1023), registered ports (1024-49151), and dynamic or private ports (49152-65535). Well-known ports are reserved for common and standardized applications and services, such as HTTP (80), FTP (21), and SSH (22). Registered ports are assigned by the Internet Assigned Numbers Authority (IANA) to specific applications and services that request them, such as Skype (49175) and Minecraft (25565). Dynamic or private ports are not assigned by any authority and can be used by any application or service that needs them, such as ephemeral ports that are used for temporary connections.
The other options are not valid identifiers for the application that will handle a packet inside a host at layer 4 of the OSI model. A TCP/UDP application ID is not a term that is used in the OSI model or the TCP/IP model.
A TCP/UDP host ID is not a term that is used in the OSI model or the TCP/IP model, and it would be more appropriate for layer 3, which is the network layer, where the host is identified by an IP address. A TCP/UDP registry number is not a term that is used in the OSI model or the TCP/IP model, and it would be more appropriate for layer 5, which is the session layer, where the registry number is used to identify a session between two hosts.
References:
* Transport Layer | Layer 4 | The OSI-Model1
* OSI model - Wikipedia2
* What is Layer 4 of the OSI Model? | Glossary | A10 Networks3
* What Are the 7 Layers of the OSI Model? | Webopedia4
質問 # 58
What is a feature of an asymmetric key?
Available Choices (select all choices that are correct)
- A. Uses a continuous stream
- B. Has lower network overhead
- C. Uses different keys
- D. Shares the same key OD.
正解:C
解説:
An asymmetric key is a feature of asymmetric cryptography, also known as public-key cryptography, which is a method of encrypting and decrypting data using two different keys: a public key and a private key. The public key can be shared with anyone, while the private key must be kept secret by the owner. The public key and the private key aremathematically related, but it is computationally infeasible to derive one from the other.
Asymmetric cryptography can be used for various purposes, such as digital signatures, key exchange, and encryption. For example, if Alice wants to send a message to Bob, she can use Bob's public key to encrypt the message, and only Bob can decrypt it using his private key. Alternatively, if Bob wants to prove that he is the author of a message, he can use his private key to sign the message, and anyone can verify it using his public key. Asymmetric cryptography has some advantages over symmetric cryptography, which uses the same key for both encryption and decryption. For instance, asymmetric cryptography does not require a secure channel to distribute the keys, and it can provide non-repudiation and authentication. However, asymmetric cryptography also has some drawbacks, such as higher computational complexity, larger key sizes, and higher network overhead.
References:
* ISA/IEC 62443-3-3:2018, Section 4.2.3.6.1, Cryptography1
* ISA/IEC 62443-4-2:2019, Section 4.2.3.6.1, Cryptography
* ISA/IEC 62443 Cybersecurity Fundamentals Specialist Study Guide, Section 5.3.1, Cryptography
* ISA/IEC 62443 Cybersecurity Fundamentals Specialist Exam Specification, Section 5.3.1,
* Cryptography
質問 # 59
What do packet filter firewalls examine?
Available Choices (select all choices that are correct)
- A. The relationships between packets in a session
- B. The packet structure and sequence
- C. Every incoming packet up to the application layer
- D. Only the source, destination, and ports in the header of each packet
正解:D
解説:
Packet filter firewalls, as defined by ISA/IEC 62443 standards on cybersecurity, primarily examine the source, destination, and ports in the header of each packet. This type of firewall does not inspect the packet content deeply (such as its structure or sequence) or maintain awareness of the relationships between packets in a session. Instead, it operates at a more superficial level, filtering packets based solely on IP addresses and TCP/UDP ports. This approach allows packet filter firewalls to quickly process and either accept or block packets based on these predefined criteria without delving into the complexities of session management or the content of the packets up to the application layer.
質問 # 60
Authorization (user accounts) must be granted based on which of the following?
Available Choices (select all choices that are correct)
- A. Common needs for large groups
- B. System complexity
- C. Specific roles
- D. Individual preferences
正解:C
解説:
Authorization is the process of granting or denying access to a network resource or function. Authorization (user accounts) must be granted based on specific roles, which are defined as sets of permissions and responsibilities assigned to a user or a group of users. Roles should be based on the principle of least privilege, which means that users should only have the minimum level of access required to perform their tasks. Roles should also be based on the principle of separation of duties, which means that users should not have conflicting or overlapping responsibilities that could compromise the security or integrity of the system.
Authorization based on individual preferences or common needs for large groups is not recommended, as it could lead to excessive or unnecessary access rights, or to inconsistent or conflicting policies. Authorization based on system complexity is also not a good criterion, as it could result in overcomplicated or unclear roles that are difficult to manage or audit. References:
* ISA/IEC 62443-3-3:2013 - Security for industrial automation and control systems - Part 3-3: System security requirements and security levels1
* ISA/IEC 62443-2-1:2010 - Security for industrial automation and control systems - Part 2-1:
Establishing an industrial automation and control systems security program2
* ISA/IEC 62443-4-1:2018 - Security for industrial automation and control systems - Part 4-1: Product security development life-cycle requirements3
質問 # 61
The Risk Analysis category contains background information that is used where?
Available Choices (select all choices that are correct)
- A. Only the Assessment element
- B. Many other elements in the CSMS
- C. (Elements external to the CSMS
- D. Only the Risk ID element
正解:B
解説:
The Risk Analysis category contains background information that is used to identify and assess the risks associated with the cyber-physical system (CPS) under consideration. This information includes the system description, the threat model, the vulnerability analysis, the risk assessment method, and the risk acceptance criteria. The Risk Analysis category is used as an input for many other elements in the CSMS, such as the Risk ID, Risk Reduction, Risk Acceptance, and Risk Monitoring elements. The Risk Analysis category provides the basis for the risk management process and helps to ensure a consistent and systematic approach to cybersecurity in the CPS. References:
* Using the ISA/IEC 62443 Standards to Secure Your Control System, page 13
* [ISA/IEC 62443 Cybersecurity Fundamentals Specialist Study Guide], page 34
質問 # 62
......
ISA ISA-IEC-62443問題集で一発合格を目指すならこれ!:https://www.goshiken.com/ISA/ISA-IEC-62443-mondaishu.html
ISA-IEC-62443練習テスト問題更新されたのは90問があります:https://drive.google.com/open?id=1yIVOJ3UzvHwA0sCP1cy0qx_2F-TIbAFD