TEK5530/List of Questions

From its-wiki.no
Jump to: navigation, search

TEK5530 List of Questions for the Exam

Q&A Exam TEK5530 spring 2024 You are going to be asked to pick randomly 3-4 questions. Please prepare by understanding and using the terminology related to the questions. Please see also the Main Takeaway (L1-L15.pdf)

L1-1: What are the criteria for a risk analysis?

  • What is a risk assessment?
  • What is risk appetite?
  • Why do well-established companies have a lower risk appetite than start-ups?

L1-2: In a risk analysis of IoT systems, frequency is replaced by exposure. Why?

  • What are the factors affecting exposure?

L2-1: Which are the domains being merged in the view of Internet of Things?

  • And what are the specifics and challenges of these domains?
  • Why are IoT devices especially vulnerable?

L2-2: Explain the manageability challenges with an IoT home environment, e.g. a smart home with sensors.

L2-3: What are the differences between an IT infrastructure and an operational control infrastructure with respect to connectivity, network posture, security solutions, and the response to attacks?

L2-4: Which three areas does 5G address, and what would be typical security challenges?

L2-5: What do we mean by Just transition related to energy systems?

L3-1: What is special with security of the Internet of Things?

  • Explain possible security problems with home IoT appliances

L3-2: Comparing IT and automation equipment, what would you see as main difference? Explain security challenges in IoT infrastructures by taking the example of either a smart home or an industrial control system.

L3-3: Explain attacks, where IoT devices can play a role!

  • What are the main defence mechanisms for IoT networks?

L4-1: What is the motivation for introducing a Smart Grid?

  • What do you see as main security problems for an automated meter reader?

L5-1: Why is QoS is an important question in automation?

  • What considerations would you take when analysing time aspects in automation?

L5-2: What are aspects of IoT lifetime security?

  • What challenges do you see related to a) maintenance and b) decommissioning?

L5-3: What is an operating envelope? Provide examples of parameters of an operating envelope

  • Why is it important to follow up requirements and have some kind of tracking?

L5-4: Explain the difference between functional, non-functional and security components

  • Provide examples of security challenges in IoT
  • Provide at least 4 functional components of a system of system.
  • Provide at least 4 security or privacy components
  • What is the relation of safety and security?

L6-1: What are the core elements of the Multi-Metrics approach? How can you achieve measurable security and privacy?

  • How is the Multi-Metrics analysis performed? What are the results being compared?

L6-2: Which are the areas relevant for Privacy labels?

L7-1: Provide s,p-functionalities for an application in the (home/ car / health care/ …) domain.

L7-2: Explain the effect of weighting in the Multi-Metrics analysis. What are the results of a linear weighting, as compared to a root-mean-square analysis?

L7-3: What are security functionalities and attributes? Name at least 3 of each type.

L8-1: Explain the Risk-Exposure Model

  • How is Exposure calculated? Provide two examples

L10-1: What are the security considerations in mobile systems (2G to 5G)? Explain

L11-1: What is ment by zero trust?

  • Explain why people, devices, network and workload need to be considered

L13-1: What are the NSM principles for ICT security?

  • Explain why identification and mapping is important?

L13-2: Explain an Intrusion Prevention System and an Intrusion Detection System

  • What are the differences between IPS and IDS?

L14-1: What are IaaS, PaaS, SaaS?

  • In terms of security, what do you need to consider when moving to the cloud?