Exam 4 Quiz Answers

Exam 4 Quiz Answers

Hello Friends in this article i am gone to share Coursera Course: Cybersecurity Policy for Water and Electricity Infrastructures Week 4 | Exam 4 Quiz Answers with you..

Exam 4 Quiz Answers

Question 1)
What makes the electricity infrastructure a potential target of attack?

  • Many other infrastructures rely upon it.
  • Many other infrastructures support it.
  • Urban societies depend on electricity.
  • Urban societies are unsustainable.

Question 2)
What was the impact of the week-long 2003 Northeast Blackout?

  • It caused $4-$10 billion in damages and at least 90 related deaths.
  • It caused $4-$10 billion in damages and delayed the Super Bowl.
  • It paralyzed the northeast transportation grid.
  • It resulted in an early recess of Congress.

Question 3)
Under PPD-21 and 2013 National Infrastructure Protection Plan, which Federal department is the Sector-Specific Agency responsible for working with drinking water utilities to protect this infrastructure sector?

  • DHS
  • DoD
  • DoE
  • EPA

Question 4)
Participation in the National Infrastructure Protection Plan Risk Management Framework is compulsory for electricity infrastructure owners and operators.

  • True
  • False

Question 5)
The ES-C2M2 is a continuous improvement process for reducing cybersecurity risk across electric utilities.

  • True
  • False

Question 6)
This component of the ES-C2M2 provides a set of four operational objectives representing increasing levels of protection.

  • Standards
  • Domains
  • Maturity Levels
  • Processes

Question 7)
This component of ES-C2M2 guides an organization in prioritizing and implementing cybersecurity investments.

  • Standards
  • Domains
  • Maturity Levels
  • Processes

Question 8)
Which ES-C2M2 step prioritizes Domain Practices necessary to achieve the Target Maturity Level?

  • Step 1
  • Step 2
  • Step 3
  • Step 4

Question 9)
ES-C2M2 was designed to apply to all electric utilities except nuclear power plants.

  • True
  • False

Question 10)
How is ES-C2M2 similar to the NIST Cybersecurity Framework?

  • Both ES-C2M2 and NIST CSF were developed by DHS.
  • Both ES-CSM2 and NIST CSF have defined target capabilities.
  • Both ES-C2M2 and NIST CSF follow a continuous process of incremental cybersecurity improvement.
  • Both ES-C2M2 and NIST CSF were designed to apply across all public and private infrastructure sectors.

Question 11)
You are the System Security Officer for “Anywhere Power”. You have just initiated ES-C2M2 Step 1, “Perform Evaluation” on Domain 8, “Supply Chain and External Dependencies Management”. This domain establishes and maintains controls to manage cybersecurity risks associated with services and assets that are dependent on external entities. Domain Objective 8.1 “Identify Dependencies” identifies seven domain practices as shown in the attached figure. Since you know your vendors, you don’t maintain a written list of suppliers for system updates, replacements, or spares. Based on this information, how would you rate your current maturity level with respect to Domain Objective 8.1?

  • MIL0
  • MIL1
  • MIL2
  • MIL3

Question 12)
You are the System Security Officer for “Anywhere Power”. You have now moved on to ES-C2M2 Step 2, “Analyze Identified Gaps”. Domain 5, “Situational Awareness” involves developing near-real-time knowledge of a dynamic operating environment by logging and monitoring critical system activities. Domain Objective 5.1 “Perform Logging” identifies five domain practices as shown in the attached figure. Currently you maintain a log of all operator activity on your control system. Based on this information, what additional practices do you need to implement to attain MIL2 capability for Domain Objective 5.1?

  • a
  • b, c
  • d, e
  • None of the Above

Question 13)
You are the System Security Officer for “Anywhere Power”. You have now moved on to ES-C2M2 Step 2, “Analyze Identified Gaps”. Domain 8, “Supply Chain and External Dependencies Management” establishes and maintains controls to manage cybersecurity risks associated with services and assets that are dependent on external entities. Domain Objective 8.1 “Identify Dependencies” identifies seven domain practices as shown in the attached figure. Since you know your vendors, you don’t maintain a written list of suppliers for system updates, replacements, or spares. Based on this information, what additional practices do you need to implement to attain MIL1 capability for Domain Objective 8.1?

  • a, b
  • c, d, e, f
  • g
  • None of the Above

Question 14)
You are the System Security Officer for “Anywhere Power”. You have now moved on to ES-C2M2 Step 2, “Analyze Identified Gaps”. Domain 9, “Workforce Management” establishes and maintains plans, procedures, technologies, and controls to create a culture of cybersecurity and ensure the ongoing suitability and competence of assigned personnel. Domain Objective 9.1 “Assign Cybersecurity Responsibilities” identifies seven domain practices as shown in the attached figure. Obviously, your system managers and operators are assigned specific roles and trained to perform their jobs in order to maintain electricity production. These responsibilities are documented in the respective position descriptions, training materials, and operating manuals. Based on this information, what additional practices do you need to implement to attain MIL2 capability for Domain Objective 9.1?

  • a, b
  • c, d
  • e, f, g
  • None of the Above

Question 15)
You are the System Security Officer for “Anywhere Power”. You are working on ES-C2M2 Step 3, “Prioritize and Plan”. You have decided to use a modified RAMCAP methodology to prioritize implementation of identified domain practices necessary to achieve your target Maturity Level. This methodology assigns higher priority to the domain practice that offers the higher Return on Investment. ROI is calculated by dividing the estimated risk associated with not implementing the particular domain practice by its estimated cost of implementation: ROI = R / $. RAMCAP assesses risk as a product of Threat, Vulnerability, and Consequence: R = T x V x C. In order to attain MIL3 capability in Domain Objective 9.1 ““Workforce Management””, you have determined that you need to implement Domain Practices 9.1e, 9.1f, and 9.1g. Through careful analysis, you have estimated values or the cost and risk factors associated with each Domain Practice in the table below. Based on this information, which Domain Practice has the highest associated risk with not implementing it?

  • 9.1e
  • 9.1f
  • 9.1g
  • None of the Above

Question 16)
What is the worst reasonable consequence of a cyber attack on the North American electric grid?

  • It could destroy all electricity generators.
  • It could have cascading consequences across other infrastructures.
  • It could shut down the North American grid for months if not years.
  • It could devastate the economy and undermine US government.

Question 17)
Project Aurora demonstrated how an electricity generator could be physically damaged by cyber attack.

  • True
  • False

Question 18)
What are the basic components of ES-C2M2?

  • Standards, Domains, Profiles, & Processes
  • Standards, Domains, Maturity Levels, & Processes
  • Standards, Tiers, Profiles, & Practices
  • Standards, Tiers, Profiles, & Processes

Question 19)
This component of ES-C2M2 provides a set of 10 structured cybersecurity practices,
each set representing the activities an organization can perform to establish
and mature a specific capability.

  • Standards
  • Domains
  • Maturity Levels
  • Processes

Question 20)
Which ES-C2M2 step performs a system evaluation to assess its Current Maturity Level?

  • Step 1
  • Step 2
  • Step 3
  • Step 4

Question 21)
Which ES-C2M2 step selects a Target Maturity Level and analyzes gaps between it and the Current Maturity Level?

  • Step 1
  • Step 2
  • Step 3
  • Step 4

Question 22)
In ES-C2M2, you must satisfy all Domain Practices within a given Maturity Level to be assessed at that Maturity Level.

  • True
  • False

Question 23)
You are the System Security Officer for “Anywhere Power”. You have just initiated ES-C2M2 Step 1, “Perform Evaluation” on Domain 9, “Workforce Management”. This domain establishes and maintains plans, procedures, technologies, and controls to create a culture of cybersecurity and ensure the ongoing suitability and competence of assigned personnel. Domain Objective 9.1 “Assign Cybersecurity Responsibilities” identifies seven domain practices as shown in the attached figure. Obviously, your system managers and operators are assigned specific roles and trained to perform their jobs in order to maintain electricity production. These responsibilities are documented in the respective position descriptions, training materials, and operating manuals. Based on this information, how would you rate your current maturity level with respect to Domain Objective 9.1?

  • MIL0
  • MIL1
  • MIL2
  • MIL3

Question 24)
You are the System Security Officer for “Anywhere Power”. You are working on ES-C2M2 Step 3, “Prioritize and Plan”. You have decided to use a modified RAMCAP methodology to prioritize implementation of identified domain practices necessary to achieve your target Maturity Level. This methodology assigns higher priority to the domain practice that offers the higher Return on Investment. ROI is calculated by dividing the estimated risk associated with not implementing the particular domain practice by its estimated cost of implementation: ROI = R / $. RAMCAP assesses risk as a product of Threat, Vulnerability, and Consequence: R = T x V x C. In order to attain MIL2 capability in Domain Objective 5.1 “Perform Logging”, you have determined that you need to implement Domain Practices 5.1b and 5.1c. Through careful analysis, you have estimated values or the cost and risk factors associated with each Domain Practice in the table below. Based on this information, which Domain Practice has the highest associated risk with not implementing it?

  • 5.1b
  • 5.1c
  • All of the Above
  • None of the Above

Question 25)
The Department of Energy’s regulatory authority allows it to direct specific security measures and standards over commercial electric utilities.

  • True
  • False

Question 26)
How is ES-C2M2 different from the NIST Cybersecurity Framework?

  • Both ES-C2M2 and NIST CSF were developed by DHS.
  • Both ES-CSM2 and NIST CSF have defined target capabilities.
  • Both ES-C2M2 and NIST CSF follow a continuous process of incremental cybersecurity improvement.
  • Both ES-C2M2 and NIST CSF were designed to apply across all public and private infrastructure sectors.

Question 27)
You are the System Security Officer for “Anywhere Power”. You have just initiated ES-C2M2 Step 1, “Perform Evaluation” on Domain 5, “Situational Awareness”. Situational awareness involves developing near-real-time knowledge of a dynamic operating environment by logging and monitoring critical system activities. Domain Objective 5.1 “Perform Logging” identifies five domain practices as shown in the attached figure. Currently you maintain a log of all operator activity on your control system. Based on this information, how would you rate your current maturity level with respect to Domain Objective 5.1?

  • MIL0
  • MIL1
  • MIL2
  • MIL3

Question 3)
The Department of Energy has delegated Sector-Specific Agency responsibilities to what subordinate agency?

  • NERC
  • FERC
  • DHS
  • EPA

Question 15)
You are the System Security Officer for “Anywhere Power”. You are working on ES-C2M2 Step 3, “Prioritize and Plan”. You have decided to use a modified RAMCAP methodology to prioritize implementation of identified domain practices necessary to achieve your target Maturity Level. This methodology assigns higher priority to the domain practice that offers the higher Return on Investment. ROI is calculated by dividing the estimated risk associated with not implementing the particular domain practice by its estimated cost of implementation: ROI = R / $. RAMCAP assesses risk as a product of Threat, Vulnerability, and Consequence: R = T x V x C. In order to attain MIL2 capability in Domain Objective 5.1 “Perform Logging”, you have determined that you need to implement Domain Practices 5.1b and 5.1c. Through careful analysis, you have estimated values or the cost and risk factors associated with each Domain Practice in the table below. Based on this information, which Domain Practice offers the highest Return on Investment and therefore should be given higher priority?

  • 5.1b
  • 5.1c
  • All of the Above
  • None of the Above

 

Leave a Comment