Difference between revisions of "TEK5530/List of Questions"
Josef.Noll (Talk | contribs) (Created page with "== TEK5530 List of Questions for the Exam == Q&A Exam TEK5530 spring 2023 L1-1: What areas wold you consider when addressing security in (industrial) control systems? L1-2:...") |
Josef.Noll (Talk | contribs) (→TEK5530 List of Questions for the Exam) |
||
Line 1: | Line 1: | ||
== TEK5530 List of Questions for the Exam == | == TEK5530 List of Questions for the Exam == | ||
− | Q&A Exam TEK5530 spring 2023 | + | Q&A Exam TEK5530 spring 2023 - TO BE UPDATED FOR 2024 |
+ | ''You are going to be asked to pick randomly 3-4 questions. Please prepare by understanding and using the terminology related to the questions.'' Please see also the Main Takeaway (L1-L15.pdf) | ||
− | L1-1: What areas | + | L1-1: What areas would you consider when addressing security in (industrial) control systems? |
L1-2: What are the differences between an IT infrastructure and an operational control infrastructure with respect to connectivity, network posture, security solutions, and the response to attacks? | L1-2: What are the differences between an IT infrastructure and an operational control infrastructure with respect to connectivity, network posture, security solutions, and the response to attacks? |
Revision as of 07:14, 23 April 2024
Wiki for ITS | ||||||
---|---|---|---|---|---|---|
|
TEK5530 List of Questions for the Exam
Q&A Exam TEK5530 spring 2023 - TO BE UPDATED FOR 2024 You are going to be asked to pick randomly 3-4 questions. Please prepare by understanding and using the terminology related to the questions. Please see also the Main Takeaway (L1-L15.pdf)
L1-1: What areas would you consider when addressing security in (industrial) control systems?
L1-2: What are the differences between an IT infrastructure and an operational control infrastructure with respect to connectivity, network posture, security solutions, and the response to attacks?
L1-3: What are the components of a smart metering system (AMS), and what security challenges do you see?
L2-1: Which are the domains being merged in the view of Internet of Things?
- And what are the specifics and challenges of these domains?
- Why are IoT devices especially vulnerable?
L2-2: Explain the manageability challenges with an IoT home environment, e.g. a smart home with sensors.
L3-1: What is special with security of the Internet of Things?
- Explain possible security problems with home IoT appliances!
L3-2: Comparing IT and automation equipment, what would you see as main difference? Explain security challenges in IoT infrastructures by taking the example of either a smart home or an industrial control system.
L3-3: Explain attacks, where IoT devices can play a role!
- Why can tamper resistance be important in the IoT?
L3-8 Is over-the-air update a plus or a minus for the security of the system? Why?
L4-1: What is the motivation for introducing a Smart Grid?
- What do you see as main security problems for an automated meter reader?
L5-1: Why is QoS is an important question in automation?
- What considerations would you take when analysing time aspects in automation?
L5-3: What is an operating envelope? Provide examples of parameters of an operating envelope
- Why is it important to follow up requirements and have some kind of tracking?
L7-1: Explain the difference between functional, non-functional and security components
- Provide examples of security challenges in IoT
- Provide at least 4 functional components of a system of system.
- Provide at least 4 security or privacy components
- What is the relation of safety and security?
L8-1: Discuss the shortcomings of the traditional threat-based approach with respect to IoT systems
L8-2: Name three methods for measuring or evaluating security in IoT systems?
- What are the characteristics of these methods?
L8-3: What are the criteria for a risk analysis?
- What is a risk assessment?
- What is risk appetite?
- Why do well-established companies have a lower risk appetite than start-ups?
L8-4: In a risk analysis of IoT systems, frequency is replaced by exposure. Why?
- What are the factors affecting exposure?
L10: What are the core elements of the Multi-Metrics approach? How can you achieve measurable security and privacy?
- How is the Multi-Metrics analysis performed? What are the results being compared?
L10-2: Provide s,p-functionalities for an application in the (home/ car / health care/ …) domain.
L10-3: Explain the effect of weighting in the Multi-Metrics analysis. What are the results of a linear weighting, as compared to a root-mean-square analysis?
L11-1: What are security functionalities and attributes? Name at least 3 of each type.
L14-3: What is a threat modeling tool? Use the example of the Microsoft Thread modeling tool.
- How can a threat modeling tool contribute to a better product?