Difference between revisions of "TEK5530/List of Questions"
Josef.Noll (Talk | contribs) (Created page with "== TEK5530 List of Questions for the Exam == Q&A Exam TEK5530 spring 2023 L1-1: What areas wold you consider when addressing security in (industrial) control systems? L1-2:...") |
Josef.Noll (Talk | contribs) |
||
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
== TEK5530 List of Questions for the Exam == | == TEK5530 List of Questions for the Exam == | ||
− | Q&A Exam TEK5530 spring | + | Q&A Exam TEK5530 spring 2024 |
+ | ''You are going to be asked to pick randomly 3-4 questions. Please prepare by understanding and using the terminology related to the questions.'' Please see also the Main Takeaway (L1-L15.pdf) | ||
− | |||
− | L1- | + | L1-1: What are the criteria for a risk analysis? |
+ | |||
+ | * What is a risk assessment? | ||
+ | * What is risk appetite? | ||
+ | * Why do well-established companies have a lower risk appetite than start-ups? | ||
+ | |||
+ | L1-2: In a risk analysis of IoT systems, frequency is replaced by exposure. Why? | ||
+ | |||
+ | * What are the factors affecting exposure? | ||
+ | |||
− | |||
L2-1: Which are the domains being merged in the view of Internet of Things? | L2-1: Which are the domains being merged in the view of Internet of Things? | ||
+ | |||
* And what are the specifics and challenges of these domains? | * And what are the specifics and challenges of these domains? | ||
* Why are IoT devices especially vulnerable? | * Why are IoT devices especially vulnerable? | ||
L2-2: Explain the manageability challenges with an IoT home environment, e.g. a smart home with sensors. | L2-2: Explain the manageability challenges with an IoT home environment, e.g. a smart home with sensors. | ||
+ | |||
+ | L2-3: What are the differences between an IT infrastructure and an operational control infrastructure with respect to connectivity, network posture, security solutions, and the response to attacks? | ||
+ | |||
+ | L2-4: Which three areas does 5G address, and what would be typical security challenges? | ||
+ | |||
+ | L2-5: What do we mean by Just transition related to energy systems? | ||
L3-1: What is special with security of the Internet of Things? | L3-1: What is special with security of the Internet of Things? | ||
− | |||
− | L3-2: Comparing IT and automation equipment, what would you see as main difference? | + | * Explain possible security problems with home IoT appliances |
− | Explain security challenges in IoT infrastructures by taking the example of either a smart home or an industrial control system. | + | |
+ | L3-2: Comparing IT and automation equipment, what would you see as main difference? | ||
+ | Explain security challenges in IoT infrastructures by taking the example of either a smart home or an industrial control system. | ||
L3-3: Explain attacks, where IoT devices can play a role! | L3-3: Explain attacks, where IoT devices can play a role! | ||
− | |||
− | + | * What are the main defence mechanisms for IoT networks? | |
+ | |||
L4-1: What is the motivation for introducing a Smart Grid? | L4-1: What is the motivation for introducing a Smart Grid? | ||
+ | |||
* What do you see as main security problems for an automated meter reader? | * What do you see as main security problems for an automated meter reader? | ||
L5-1: Why is QoS is an important question in automation? | L5-1: Why is QoS is an important question in automation? | ||
+ | |||
* What considerations would you take when analysing time aspects in automation? | * What considerations would you take when analysing time aspects in automation? | ||
+ | L5-2: What are aspects of IoT lifetime security? | ||
+ | |||
+ | * What challenges do you see related to a) maintenance and b) decommissioning? | ||
L5-3: What is an operating envelope? Provide examples of parameters of an operating envelope | L5-3: What is an operating envelope? Provide examples of parameters of an operating envelope | ||
+ | |||
* Why is it important to follow up requirements and have some kind of tracking? | * Why is it important to follow up requirements and have some kind of tracking? | ||
+ | L5-4: Explain the difference between functional, non-functional and security components | ||
− | |||
* Provide examples of security challenges in IoT | * Provide examples of security challenges in IoT | ||
− | * Provide at least 4 functional components of a system of system. | + | * Provide at least 4 functional components of a system of system. |
* Provide at least 4 security or privacy components | * Provide at least 4 security or privacy components | ||
* What is the relation of safety and security? | * What is the relation of safety and security? | ||
− | + | L6-1: What are the core elements of the Multi-Metrics approach? How can you achieve measurable security and privacy? | |
− | + | * How is the Multi-Metrics analysis performed? What are the results being compared? | |
− | + | ||
− | + | L6-2: Which are the areas relevant for Privacy labels? | |
− | + | ||
− | + | ||
− | + | ||
− | |||
− | |||
− | + | L7-1: Provide s,p-functionalities for an application in the (home/ car / health care/ …) domain. | |
− | * How is the | + | |
+ | L7-2: Explain the effect of weighting in the Multi-Metrics analysis. What are the results of a linear weighting, as compared to a root-mean-square analysis? | ||
+ | |||
+ | L7-3: What are security functionalities and attributes? Name at least 3 of each type. | ||
+ | |||
+ | L8-1: Explain the Risk-Exposure Model | ||
+ | |||
+ | * How is Exposure calculated? Provide two examples | ||
+ | |||
+ | L10-1: What are the security considerations in mobile systems (2G to 5G)? Explain | ||
+ | |||
+ | L11-1: What is ment by zero trust? | ||
+ | |||
+ | * Explain why people, devices, network and workload need to be considered | ||
+ | |||
+ | L13-1: What are the NSM principles for ICT security? | ||
+ | * Explain why identification and mapping is important? | ||
− | + | L13-2: Explain an Intrusion Prevention System and an Intrusion Detection System | |
− | + | * What are the differences between IPS and IDS? | |
− | + | L14-1: What are IaaS, PaaS, SaaS? | |
− | + | * In terms of security, what do you need to consider when moving to the cloud? | |
− | * | + |
Latest revision as of 13:48, 29 April 2024
Wiki for ITS | ||||||
---|---|---|---|---|---|---|
|
TEK5530 List of Questions for the Exam
Q&A Exam TEK5530 spring 2024 You are going to be asked to pick randomly 3-4 questions. Please prepare by understanding and using the terminology related to the questions. Please see also the Main Takeaway (L1-L15.pdf)
L1-1: What are the criteria for a risk analysis?
- What is a risk assessment?
- What is risk appetite?
- Why do well-established companies have a lower risk appetite than start-ups?
L1-2: In a risk analysis of IoT systems, frequency is replaced by exposure. Why?
- What are the factors affecting exposure?
L2-1: Which are the domains being merged in the view of Internet of Things?
- And what are the specifics and challenges of these domains?
- Why are IoT devices especially vulnerable?
L2-2: Explain the manageability challenges with an IoT home environment, e.g. a smart home with sensors.
L2-3: What are the differences between an IT infrastructure and an operational control infrastructure with respect to connectivity, network posture, security solutions, and the response to attacks?
L2-4: Which three areas does 5G address, and what would be typical security challenges?
L2-5: What do we mean by Just transition related to energy systems?
L3-1: What is special with security of the Internet of Things?
- Explain possible security problems with home IoT appliances
L3-2: Comparing IT and automation equipment, what would you see as main difference? Explain security challenges in IoT infrastructures by taking the example of either a smart home or an industrial control system.
L3-3: Explain attacks, where IoT devices can play a role!
- What are the main defence mechanisms for IoT networks?
L4-1: What is the motivation for introducing a Smart Grid?
- What do you see as main security problems for an automated meter reader?
L5-1: Why is QoS is an important question in automation?
- What considerations would you take when analysing time aspects in automation?
L5-2: What are aspects of IoT lifetime security?
- What challenges do you see related to a) maintenance and b) decommissioning?
L5-3: What is an operating envelope? Provide examples of parameters of an operating envelope
- Why is it important to follow up requirements and have some kind of tracking?
L5-4: Explain the difference between functional, non-functional and security components
- Provide examples of security challenges in IoT
- Provide at least 4 functional components of a system of system.
- Provide at least 4 security or privacy components
- What is the relation of safety and security?
L6-1: What are the core elements of the Multi-Metrics approach? How can you achieve measurable security and privacy?
- How is the Multi-Metrics analysis performed? What are the results being compared?
L6-2: Which are the areas relevant for Privacy labels?
L7-1: Provide s,p-functionalities for an application in the (home/ car / health care/ …) domain.
L7-2: Explain the effect of weighting in the Multi-Metrics analysis. What are the results of a linear weighting, as compared to a root-mean-square analysis?
L7-3: What are security functionalities and attributes? Name at least 3 of each type.
L8-1: Explain the Risk-Exposure Model
- How is Exposure calculated? Provide two examples
L10-1: What are the security considerations in mobile systems (2G to 5G)? Explain
L11-1: What is ment by zero trust?
- Explain why people, devices, network and workload need to be considered
L13-1: What are the NSM principles for ICT security?
- Explain why identification and mapping is important?
L13-2: Explain an Intrusion Prevention System and an Intrusion Detection System
- What are the differences between IPS and IDS?
L14-1: What are IaaS, PaaS, SaaS?
- In terms of security, what do you need to consider when moving to the cloud?