최신 GRID 무료덤프 - GIAC Response and Industrial Defense (GRID)

문제1

Your organization has deployed an IDS in an ICS environment, and the system has generated an alert indicating unusual communication between a remote workstation and a programmable logic controller (PLC).
How should you proceed with investigating this issue?

A. Review the logs to identify the nature of the communication, verify if the workstation should have access to the PLC, and investigate the user's activity

B. Ignore the alert, as it could be a false positive

C. Disable the IDS system

D. Restart the PLC to reset its communication logs

정답: A

문제2

Why is it difficult to deploy detection tools that perform full system scans in ICS environments?

A. ICS systems are already fully secured

B. Full system scans can disrupt the critical operations of ICS systems, causing downtime or performance issues

C. Detection tools are not compatible with ICS devices

D. ICS systems do not store any critical data

정답: B

문제3

Your security team has received a high-priority alert from a network intrusion detection system (NIDS) monitoring an ICS environment. The alert indicates unusual outbound communication from an ICS device to an external IP address.
What steps should you take to investigate and mitigate this potential security threat?

A. Increase the network bandwidth to handle more traffic

B. Ignore the alert, as it may be a false positive

C. Investigate the outbound communication by reviewing the logs, isolate the affected device from the network, and escalate the issue to the incident response team

D. Immediately shut down all ICS devices

정답: C

문제4

Which of the following best describes tactical threat intelligence in the context of ICS security?

A. Strategies for increasing employee engagement

B. Detailed information about the tactics, techniques, and procedures (TTPs) used by attackers

C. Guidelines for increasing system performance

D. Information about daily operational tasks

정답: B

문제5

Which of the following is a key factor when determining whether a detected anomaly is a legitimate threat?

A. The size of the network

B. The weather conditions

C. The employee who detected the anomaly

D. The source and destination of the traffic

정답: D

문제6

What is the role of event logs in monitoring ICS systems?

A. They record system events, which help in detecting anomalies and investigating incidents

B. They increase system storage capacity

C. They store financial information

D. They reduce energy consumption

정답: A

문제7

In ICS environments, what is the primary advantage of using anomaly-based detection systems?

A. They require no configuration or monitoring

B. They are cheaper than signature-based detection systems

C. They can detect unknown threats by identifying deviations from normal behavior

D. They improve system performance

정답: C

문제8

Your threat hunting team has identified unusual outbound communication from a PLC to an unknown external IP address.
What steps should you take to investigate this anomaly?

A. Isolate the PLC from the network, review logs, and investigate the external IP address to determine the nature of the communication

B. Reboot the PLC immediately

C. Increase network bandwidth to accommodate the traffic

D. Ignore the anomaly as a false positive

정답: A

문제9

A manufacturing plant that relies on ICS systems for its production line receives an alert indicating that unauthorized access was attempted on one of its programmable logic controllers (PLCs).
What should be the first steps in handling this situation using active defense principles?

A. Shut down the entire production line immediately

B. Reset all passwords for the entire ICS system without investigation

C. Ignore the alert and continue production

D. Review the system logs, investigate the unauthorized access attempt, isolate the PLC from the network, and enhance access controls to prevent further attempts

정답: D

문제10

What is the primary purpose of threat analysis in an ICS environment?

A. To eliminate network traffic

B. To increase system power consumption

C. To analyze potential threats and determine the appropriate response

D. To reduce employee workload

정답: C

최신 GRID 무료덤프 - GIAC Response and Industrial Defense (GRID)

우리와 연락하기

유용한 링크

최신 업데이트