Free Preparation Discussions
MENU
Eccouncil ICS-SCADA Exam Questions
- Topic 1: Introduction to ICS/SCADA Network Defense: This topic covers IT security model, ICS/SCADA security model, security posture, risk management, risk assessment and security policy.
- Topic 2: TCP/IP 101: Its primary focus is on TCP/IP network. This topic covers ICS/SCADA protocols, TCP/IP layering, TCP/IP protocol architecture, RFCs and STDs.
- Topic 3: Introduction to Hacking: It discusses scanning, footprinting, intelligence gathering, hacking methodology, exploitation, covering tracks, and enumeration.
- Topic 4: Vulnerability Management: System vulnerabilities, desktop vulnerabilities, CVE, ICS/SCADA vulnerability sites, ICS/SCADA vulnerability uniqueness, and challenges of vulnerability management within ICS/SCADA are its sub-topics.
- Topic 5: Standards and Regulations for Cybersecurity: It discusses ISO 27001, ICS/SCADA, NERC CIP, CFATS, ISA99, and NIST SP 800-82.
- Topic 6: Securing the ICS Network: This topic delves into physical security, monitoring, legacy machines, ISO roadmap, and vulnerability assessment.
- Topic 7: Bridging the Air Gap: It covers guard, Data diode, and next-generation firewalls.
- Topic 8: Introduction to Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS): The topic covers network node, advantages of IDS, and limitations of IDS.
Free Eccouncil ICS-SCADA Exam Actual Questions
Note: Premium Questions for ICS-SCADA were last updated On Jun. 13, 2025 (see below)
What type of communication protocol does Modbus RTU use?
Modbus RTU (Remote Terminal Unit) is a communication protocol based on a master-slave architecture that uses serial communication. It is one of the earliest communication protocols developed for devices connected over serial lines. Modbus RTU packets are transmitted in a binary format over serial lines such as RS-485 or RS-232. Reference:
Modbus Organization, 'MODBUS over Serial Line Specification and Implementation Guide V1.02'.
Which of the following names represents inbound filtering?
Ingress filtering is a method used in network security to ensure that incoming packets are allowed or blocked based on a set of security rules.
This type of filtering is often implemented at the boundaries of networks to prevent unwanted or harmful traffic from entering a more secure internal network.
The term 'ingress' refers to traffic that is entering a network boundary, whereas 'egress' refers to traffic exiting a network.
Reference
Cisco Networking Academy Program: Network Security.
'Understanding Ingress and Egress Filtering,' Network Security Guidelines, TechNet.
Which of the IEC 62443 Security Levels is identified by a cybercrime/hacker target?
IEC 62443 is an international series of standards on Industrial communication networks and system security, specifically related to Industrial Automation and Control Systems (IACS). Within the IEC 62443 standards, Security Level 3 is defined as protection against deliberate or specialized intrusion. It is designed to safeguard against threats from skilled attackers (cybercriminals or hackers) targeting specific processes or operations within the industrial control system. Reference:
International Electrotechnical Commission, 'IEC 62443 Standards'.
Which of the following are required functions of information management?
Information management within the context of network security involves several critical functions that ensure data is correctly handled for security operations. These functions include:
Normalization: This process standardizes data formats from various sources to a common format, making it easier to analyze systematically.
Correlation: This function identifies relationships between disparate pieces of data, helping to identify patterns or potential security incidents.
Data enrichment: Adds context to the collected data, enhancing the information with additional details, such as threat intelligence.
All these functions are essential to effective information management in security systems, allowing for more accurate monitoring and faster response to potential threats.
Reference
'Data Enrichment and Correlation in SIEM Systems,' Security Information Management Best Practices.
'Normalization Techniques for Security Data,' Journal of Network Security.
The vulnerability that led to the WannaCry ransomware infections affected which protocol?
WannaCry is a ransomware attack that spread rapidly across multiple computer networks in May 2017.
The vulnerability exploited by the WannaCry ransomware was in the Microsoft Windows implementation of the Server Message Block (SMB) protocol.
Specifically, the exploit, known as EternalBlue, targeted a flaw in the SMBv1 protocol. This flaw allowed the ransomware to spread within corporate networks without any user interaction, making it one of the fastest-spreading and most harmful cyberattacks at the time.
Reference
National Vulnerability Database, CVE-2017-0144: https://nvd.nist.gov/vuln/detail/CVE-2017-0144
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Elbert
10 days agoValene
2 months agoSalina
3 months agoAlishia
4 months agoMartha
5 months agoLeonida
5 months agoAlpha
6 months agoJaney
6 months agoBurma
6 months agoMy
7 months agoIluminada
7 months agoRebbecca
7 months agoJules
8 months agoMalinda
8 months agoGerardo
8 months agoFrancoise
9 months agoEulah
9 months agoSanjuana
9 months agoTequila
9 months agoFranchesca
10 months agoHerminia
10 months agoEmerson
11 months agoDorthy
11 months agoJanna
1 years agoTresa
1 years agoCherry
1 years agoCharlesetta
1 years agoKirk
1 years agoJacki
1 years ago