TEK5530/List of Questions
| Wiki for ITS | ||||||
|---|---|---|---|---|---|---|
|
|
TEK5530 List of Questions for the Exam
Q&A Exam TEK5530 spring 2024 You are going to be asked to pick randomly 3-4 questions. Please prepare by understanding and using the terminology related to the questions. Please see also the Main Takeaway (L1-L15.pdf)
L1-1: What are the criteria for a risk analysis?
- What is a risk assessment?
- What is risk appetite?
- Why do well-established companies have a lower risk appetite than start-ups?
L1-2: In a risk analysis of IoT systems, frequency is replaced by exposure. Why?
- What are the factors affecting exposure?
L2-1: Which are the domains being merged in the view of Internet of Things?
- And what are the specifics and challenges of these domains?
- Why are IoT devices especially vulnerable?
L2-2: Explain the manageability challenges with an IoT home environment, e.g. a smart home with sensors.
L2-3: What are the differences between an IT infrastructure and an operational control infrastructure with respect to connectivity, network posture, security solutions, and the response to attacks?
L2-4: Which three areas does 5G address, and what would be typical security challenges?
L2-5: What do we mean by Just transition related to energy systems?
L3-1: What is special with security of the Internet of Things?
- Explain possible security problems with home IoT appliances
L3-2: Comparing IT and automation equipment, what would you see as main difference? Explain security challenges in IoT infrastructures by taking the example of either a smart home or an industrial control system.
L3-3: Explain attacks, where IoT devices can play a role!
- What are the main defence mechanisms for IoT networks?
L4-1: What is the motivation for introducing a Smart Grid?
- What do you see as main security problems for an automated meter reader?
L5-1: Why is QoS is an important question in automation?
- What considerations would you take when analysing time aspects in automation?
L5-2: What are aspects of IoT lifetime security?
- What challenges do you see related to a) maintenance and b) decommissioning?
L5-3: What is an operating envelope? Provide examples of parameters of an operating envelope
- Why is it important to follow up requirements and have some kind of tracking?
L5-4: Explain the difference between functional, non-functional and security components
- Provide examples of security challenges in IoT
- Provide at least 4 functional components of a system of system.
- Provide at least 4 security or privacy components
- What is the relation of safety and security?
L6-1: What are the core elements of the Multi-Metrics approach? How can you achieve measurable security and privacy?
- How is the Multi-Metrics analysis performed? What are the results being compared?
L6-2: Which are the areas relevant for Privacy labels?
L7-1: Provide s,p-functionalities for an application in the (home/ car / health care/ …) domain.
L7-2: Explain the effect of weighting in the Multi-Metrics analysis. What are the results of a linear weighting, as compared to a root-mean-square analysis?
L7-3: What are security functionalities and attributes? Name at least 3 of each type.
L8-1: Explain the Risk-Exposure Model
- How is Exposure calculated? Provide two examples
L10-1: What are the security considerations in mobile systems (2G to 5G)? Explain
L11-1: What is ment by zero trust?
- Explain why people, devices, network and workload need to be considered
L13-1: What are the NSM principles for ICT security?
- Explain why identification and mapping is important?
L13-2: Explain an Intrusion Prevention System and an Intrusion Detection System
- What are the differences between IPS and IDS?
L14-1: What are IaaS, PaaS, SaaS?
- In terms of security, what do you need to consider when moving to the cloud?
