ECCouncil ICS-SCADA Cyber Security Practice Test - Questions Answers, Page 3

Modbus RTU (Remote Terminal Unit) is a communication protocol based on a master-slave architecture that uses serial communication. It is one of the earliest communication protocols developed for devices connected over serial lines. Modbus RTU packets are transmitted in a binary format over serial lines such as RS-485 or RS-232.

Reference:

Modbus Organization, 'MODBUS over Serial Line Specification and Implementation Guide V1.02'.

The first generation of ICS/SCADA systems is considered monolithic, primarily characterized by standalone systems that had no external communications or connectivity with other systems. These systems were typically fully self-contained, with all components hard-wired together, and operations were managed without any networked interaction.

Reference:

U S. Department of Homeland Security, 'Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies'.

The Authentication Header (AH) is a component of the IPsec protocol suite that provides authentication and integrity to the communications. AH ensures that the contents of the communications have not been altered in transit (integrity) and verifies the sending and receiving parties (authentication). However, AH does not provide confidentiality, which would involve encrypting the payload data. Confidentiality is provided by the Encapsulating Security Payload (ESP), another component of IPsec.

Reference:

RFC 4302, 'IP Authentication Header'.

The Common Vulnerability Scoring System (CVSS) is a framework for rating the severity of security vulnerabilities. CVSS provides three main score areas: Base, Temporal, and Environmental.

Base Score evaluates the intrinsic qualities of a vulnerability.

Temporal Score reflects the characteristics of a vulnerability that change over time.

Environmental Score considers the specific impact of the vulnerability on a particular organization, tailoring the Base and Temporal scores according to the importance of the affected IT asset.

Reference:

FIRST, 'Common Vulnerability Scoring System v3.1: Specification Document'.

Among the options listed, Nessus is primarily a vulnerability assessment tool, not an exploit tool. It is used to scan systems, networks, and applications to identify vulnerabilities but does not exploit them. On the other hand, Canvas, Core Impact, and Metasploit are exploit tools designed to actually perform attacks (safely and legally) to demonstrate the impact of vulnerabilities.

Reference:

Tenable, Inc., 'Nessus FAQs'.

ICMP (Internet Control Message Protocol) is used in network devices, like routers, to send error messages and operational information indicating success or failure when communicating with another IP address.

An ICMP type 8 packet specifically is an 'Echo Request.' It is used primarily by the ping command to test the connectivity between two nodes.

When a device sends an ICMP Echo Request, it expects to receive an ICMP Echo Reply (type 0) from the target node. This mechanism helps in diagnosing the state and reachability of a network on the Internet or within a private network.

Reference

RFC 792 Internet Control Message Protocol: https://tools.ietf.org/html/rfc792

Internet Assigned Numbers Authority (IANA) ICMP Parameters:

The term 'Dropper' in cybersecurity refers to a small piece of software used in malware deployment that is designed to install or 'drop' malware (like viruses, ransomware, spyware) onto the target system.

The Dropper itself is not typically malicious in behavior; however, it is used as a vehicle to install malware that will perform malicious activities without detection.

During the infection process, the Dropper is usually the first executable that runs on a system. It then unpacks or downloads additional malicious components onto the system.

Reference

Common Malware Enumeration (CME): http://cme.mitre.org

Microsoft Malware Protection Center: https://www.microsoft.com/en-us/wdsi

WannaCry is a ransomware attack that spread rapidly across multiple computer networks in May 2017.

The vulnerability exploited by the WannaCry ransomware was in the Microsoft Windows implementation of the Server Message Block (SMB) protocol.

Specifically, the exploit, known as EternalBlue, targeted a flaw in the SMBv1 protocol. This flaw allowed the ransomware to spread within corporate networks without any user interaction, making it one of the fastest-spreading and most harmful cyberattacks at the time.

Reference

Microsoft Security Bulletin MS17-010 - Critical: https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2017/ms17-010

National Vulnerability Database, CVE-2017-0144: https://nvd.nist.gov/vuln/detail/CVE-2017-0144

RIPENCC (Rseaux IP Europens Network Coordination Centre) is one of the five Regional Internet Registries (RIRs) that allocate IP addresses and manage related resources within a specific region.

Specifically, RIPENCC covers Europe, the Middle East, and parts of Central Asia.

For domain owners, while the top-level domain (TLD) registrars handle domain registration, the information about IP allocations and related network infrastructure information in Europe is managed by RIPENCC.

Reference

RIPE Network Coordination Centre: https://www.ripe.net

RIPE Documentation and Information: https://www.ripe.net/manage-ips-and-asns