TEK5530/List of Questions

From its-wiki.no
Jump to: navigation, search
Wiki for ITS
ITS wiki WNaS@ITS Master/PhD Courses Master Thesis Research Areas
English-Language-icon.png

TEK5530 List of Questions for the Exam

Q&A Exam TEK5530 spring 2023 - TO BE UPDATED FOR 2024 You are going to be asked to pick randomly 3-4 questions. Please prepare by understanding and using the terminology related to the questions. Please see also the Main Takeaway (L1-L15.pdf)

L1-1: What areas would you consider when addressing security in (industrial) control systems?

L1-2: What are the differences between an IT infrastructure and an operational control infrastructure with respect to connectivity, network posture, security solutions, and the response to attacks?

L1-3: What are the components of a smart metering system (AMS), and what security challenges do you see?

L2-1: Which are the domains being merged in the view of Internet of Things?

  • And what are the specifics and challenges of these domains?
  • Why are IoT devices especially vulnerable?

L2-2: Explain the manageability challenges with an IoT home environment, e.g. a smart home with sensors.

L3-1: What is special with security of the Internet of Things?

  • Explain possible security problems with home IoT appliances!

L3-2: Comparing IT and automation equipment, what would you see as main difference? Explain security challenges in IoT infrastructures by taking the example of either a smart home or an industrial control system.

L3-3: Explain attacks, where IoT devices can play a role!

  • Why can tamper resistance be important in the IoT?

L3-8 Is over-the-air update a plus or a minus for the security of the system? Why?

L4-1: What is the motivation for introducing a Smart Grid?

  • What do you see as main security problems for an automated meter reader?

L5-1: Why is QoS is an important question in automation?

  • What considerations would you take when analysing time aspects in automation?


L5-3: What is an operating envelope? Provide examples of parameters of an operating envelope

  • Why is it important to follow up requirements and have some kind of tracking?


L7-1: Explain the difference between functional, non-functional and security components

  • Provide examples of security challenges in IoT
  • Provide at least 4 functional components of a system of system.
  • Provide at least 4 security or privacy components
  • What is the relation of safety and security?

L8-1: Discuss the shortcomings of the traditional threat-based approach with respect to IoT systems

L8-2: Name three methods for measuring or evaluating security in IoT systems?

  • What are the characteristics of these methods?

L8-3: What are the criteria for a risk analysis?

  • What is a risk assessment?
  • What is risk appetite?
  • Why do well-established companies have a lower risk appetite than start-ups?

L8-4: In a risk analysis of IoT systems, frequency is replaced by exposure. Why?

  • What are the factors affecting exposure?

L10: What are the core elements of the Multi-Metrics approach? How can you achieve measurable security and privacy?

  • How is the Multi-Metrics analysis performed? What are the results being compared?


L10-2: Provide s,p-functionalities for an application in the (home/ car / health care/ …) domain.

L10-3: Explain the effect of weighting in the Multi-Metrics analysis. What are the results of a linear weighting, as compared to a root-mean-square analysis?

L11-1: What are security functionalities and attributes? Name at least 3 of each type.

L14-3: What is a threat modeling tool? Use the example of the Microsoft Thread modeling tool.

  • How can a threat modeling tool contribute to a better product?
Retrieved from "https://its-wiki.no/index.php?title=TEK5530/List_of_Questions&oldid=50455"