Download AIEM Certified Chief Grid Security Cyber Resilience Officer CCGSCO Exam and more Exams Technology in PDF only on Docsity!
Resilience Officer CCGSCO Exam
Question 1. Which NERC CIP standard specifically addresses electronic security perimeters for critical cyber assets? A) CIP‑ 001 B) CIP‑ 003 C) CIP‑ 005 D) CIP‑ 007 Answer: C Explanation: CIP‑005 defines the electronic security perimeter (ESP) and requirements for its protection, including firewalls and intrusion detection. Question 2. In the NIST Cybersecurity Framework, which core function is primarily concerned with “detecting anomalous activity in SCADA networks”? A) Identify B) Protect C) Detect D) Respond Answer: C Explanation: The Detect function focuses on developing and implementing activities to identify the occurrence of a cybersecurity event, such as anomalies in SCADA traffic. Question 3. What is the primary benefit of applying a “security‑by‑design” approach to Smart Grid deployments? A) Reducing capital expenditures on hardware B) Ensuring security controls are integrated from the outset, lowering retrofitting costs C) Eliminating the need for physical security at substations D) Allowing any third‑party vendor to access the grid without review Answer: B
Resilience Officer CCGSCO Exam
Explanation: Security‑by‑design embeds protection mechanisms early, which avoids costly redesigns and improves overall resilience. Question 4. Which layer of the Purdue Model is responsible for the supervisory control of field devices? A) Level 0 – Process B) Level 1 – Sensors/Actuators C) Level 2 – Control (PLC/DCS) D) Level 3 – Manufacturing Operations System (MOM) Answer: C Explanation: Level 2 contains PLCs and DCS that execute control logic and interface directly with field devices. Question 5. The IEC 61850 protocol is primarily used for: A) Remote terminal unit (RTU) communication over serial links B) Real‑time data exchange between protection devices in substations C) Secure file transfer between corporate IT systems D) Wireless sensor networks in distribution automation Answer: B Explanation: IEC 61850 defines communication standards for substation automation, enabling fast, interoperable data exchange among protection and control devices. Question 6. Which of the following best describes a “data diode” in grid communications? A) A bidirectional VPN tunnel for remote access B) A hardware‑enforced unidirectional gateway that allows data flow in only one direction C) An intrusion detection system that blocks all inbound traffic
Resilience Officer CCGSCO Exam
B) Autonomous operation of a microgrid when disconnected from the bulk grid C) Automatic rerouting of power to neighboring states D) Unlimited import of power from external markets Answer: B Explanation: Island mode enables a portion of the grid to continue operating independently, maintaining critical loads during a wider outage. Question 10. Which NERC CIP version introduced the concept of “high‑impact low‑frequency” (HILF) cyber events? A) CIP‑001 v B) CIP‑003 v C) CIP‑010 v D) CIP‑008 v Answer: C Explanation: CIP‑010 v5 added HILF to focus on rare but potentially catastrophic cyber incidents. Question 11. In supply chain risk management for grid hardware, which practice helps ensure component authenticity? A) Purchasing from the lowest‑cost supplier B) Using blockchain‑based provenance tracking C) Ignoring component serial numbers D) Relying on verbal assurances from vendors Answer: B Explanation: Blockchain can provide immutable records of component origin, helping verify authenticity and detect counterfeit parts.
Resilience Officer CCGSCO Exam
Question 12. Which physical security control is most effective at deterring sabotage at a substation perimeter? A) CCTV with motion analytics B) Password‑protected PLCs C) Intrusion detection software on the corporate network D) Remote access VPNs Answer: A Explanation: CCTV with analytics can detect and alert on unauthorized physical activity, providing a deterrent and early warning. Question 13. Distributed Energy Resources (DERs) increase cyber risk primarily because: A) They are always owned by the utility B) They introduce many new communication endpoints that may be insecure C) They reduce the need for cybersecurity staff D) They operate on proprietary, unhackable protocols Answer: B Explanation: DERs add numerous remote, often consumer‑owned devices to the network, expanding the attack surface. Question 14. Which of the following is a key component of an OT‑specific Security Operations Center (SOC)? A) Real‑time monitoring of IEC 61850 traffic patterns B) Daily backups of HR payroll data C) Managing social media accounts for the utility D) Monitoring only corporate email traffic Answer: A
Resilience Officer CCGSCO Exam
D) It reduces the need for physical security at substations Answer: A Explanation: Black‑start procedures enable generation units to self‑energize and restore the grid without external power. Question 18. In incident response for utilities, the “containment” phase typically includes: A) Publicly announcing the breach before analysis B) Isolating affected OT networks using VLAN segmentation or air‑gaps C) Deleting all system logs to protect privacy D) Shutting down all customer billing systems permanently Answer: B Explanation: Containment aims to limit the spread of the incident, often by isolating compromised OT segments. Question 19. Which regulatory body issues the NERC CIP standards in the United States? A) Federal Energy Regulatory Commission (FERC) B) Department of Energy (DOE) C) North American Electric Reliability Corporation (NERC) D) Securities and Exchange Commission (SEC) Answer: C Explanation: NERC develops and enforces the CIP reliability standards for bulk power systems. Question 20. Under the EU NIS2 directive, a utility classified as an “essential entity” must: A) Only report incidents after a 90‑day grace period B) Implement risk management measures and notify authorities within 24 hours of a significant incident
Resilience Officer CCGSCO Exam
C) Share all raw customer data with third parties D) Disable all smart meters to avoid cyber risk Answer: B Explanation: NIS2 requires prompt incident reporting (typically within 24 hours) and proactive risk management for essential services. Question 21. Which ISO/IEC standard is tailored specifically for information security in the energy utility sector? A) ISO 27001 B) ISO 27019 C) ISO 9001 D) ISO 14001 Answer: B Explanation: ISO 27019 provides guidance on applying ISO 27001 controls to the energy sector, addressing grid‑specific risks. Question 22. When conducting a cyber‑informed engineering (CIE) review, the primary focus is on: A) Reducing the number of engineers on the project team B) Embedding security considerations into the design and engineering lifecycle of OT assets C) Outsourcing all engineering work to offshore vendors D) Eliminating all physical security measures to save cost Answer: B Explanation: CIE integrates security analysis into engineering decisions, ensuring that designs are resilient to cyber threats.
Resilience Officer CCGSCO Exam
Explanation: An alternate site with redundant systems ensures that control functions can continue if the primary location is compromised. Question 26. The “least‑privilege” principle in OT environments dictates that: A) All users should have administrator rights to simplify troubleshooting Administrator rights are granted only when absolutely necessary, limiting access to the minimum required for job functions. Explanation: Limiting privileges reduces the impact of compromised accounts and accidental misuse. Question 27. Which emerging technology poses a risk of “adversarial machine learning” attacks on load‑balancing algorithms? A) Traditional relay protection B) AI‑driven demand‑response optimization C) Manual meter reading D) Legacy analog switches Answer: B Explanation: AI‑based load‑balancing can be manipulated by feeding crafted data that causes the algorithm to make harmful decisions. Question 28. Quantum‑safe cryptography is being considered for grid assets because: A) Classical RSA keys are unbreakable even with quantum computers B) Future quantum computers could decrypt currently used asymmetric keys, compromising long‑lived devices C) Quantum computers are already deployed in substations D) It eliminates the need for any encryption at all Answer: B
Resilience Officer CCGSCO Exam
Explanation: Quantum algorithms like Shor’s can break RSA/ECC, so adopting quantum‑resistant algorithms protects assets with long service lives. Question 29. The primary cybersecurity risk associated with widespread electric‑vehicle (EV) charging stations is: A) Physical damage to the charging hardware by weather B) Potential for coordinated load‑shaping attacks that destabilize the grid C) Increased fuel consumption for conventional vehicles D) Reduced need for renewable energy sources Answer: B Explanation: Large numbers of smart chargers can be remotely controlled, creating the possibility of malicious load manipulation. Question 30. Bridging the IT/OT skills gap often involves: A) Hiring only IT staff and ignoring OT expertise B) Cross‑training programs where OT engineers learn cybersecurity fundamentals and IT staff learn control system basics C) Eliminating all OT positions and automating everything D) Outsourcing all grid operations to cloud providers without oversight Answer: B Explanation: Cross‑training creates a workforce capable of understanding both domains, improving collaboration and security. Question 31. Which of the following statements best reflects the “defense‑in‑depth” strategy for a utility’s cyber‑resilience? A) Rely solely on a perimeter firewall to stop all attacks
Resilience Officer CCGSCO Exam
Explanation: CIP‑004 mandates role‑based training for individuals with access to critical cyber assets, with annual updates. Question 34. A “trusted computing base” (TCB) in an OT environment refers to: A) All devices that are physically trusted by the owner B) The set of hardware, firmware, and software components that enforce the system’s security policy, and must therefore be protected against tampering C) The collection of all user passwords stored in plain text D) The backup generators at a substation Answer: B Explanation: The TCB is the core components whose integrity is essential for overall security. Question 35. When assessing the criticality of grid assets, which factor is least relevant? A) The asset’s contribution to overall system reliability B) The cost of the asset’s physical replacement C) The asset’s exposure to cyber threats based on connectivity D) The color of the asset’s paint Answer: D Explanation: Paint color has no impact on criticality; the other factors directly affect operational importance and risk. Question 36. Which protocol is considered “plain‑text” and therefore a security concern when used without additional protection in SCADA communications? A) DNP3 over TLS B) Modbus TCP (unencrypted) C) IEC 61850 with GOOSE security extensions
Resilience Officer CCGSCO Exam
D) OPC UA with encryption Answer: B Explanation: Modbus TCP transmits data in clear text, making it vulnerable to eavesdropping and manipulation. Question 37. The concept of “graceful degradation” in grid resilience means: A) Shutting down the entire grid at the first sign of trouble B) Reducing service levels or load in a controlled manner to maintain stability while parts of the system are compromised C) Ignoring all alerts until a major failure occurs D) Turning off all protective relays to avoid false trips Answer: B Explanation: Graceful degradation allows the system to continue operating at reduced capacity, preventing total collapse. Question 38. In the context of regulatory audits, a “gap analysis” primarily aims to: A) Identify differences between current security controls and the requirements of applicable standards, then develop remediation plans B) Measure the physical distance between substations C) Count the number of employees in the security department D) Evaluate the speed of the utility’s customer service hotline Answer: A Explanation: Gap analysis highlights where controls fall short of standards, guiding corrective actions. Question 39. Which of the following best illustrates “ethical AI” in automated grid response?
Resilience Officer CCGSCO Exam
Explanation: Digital signatures ensure that only authorized, untampered firmware is applied, preventing malicious code injection. Question 42. In the event of a coordinated cyber‑physical attack on a substation, which response sequence is most appropriate? A) Immediately shutdown the substation without assessment B) Detect → Isolate affected network segments → Verify integrity of control logic → Initiate safe shutdown or manual mode if needed → Recover C) Wait for the attacker to stop on their own D) Ignore alarms and continue normal operation Answer: B Explanation: A structured response limits damage, preserves system integrity, and ensures safe restoration. Question 43. Which of the following best defines “cyber‑physical convergence” in grid security? A) The merging of physical security cameras with IT firewalls B) The interdependence of physical infrastructure (e.g., fences, locks) and cyber controls, requiring integrated risk assessments and coordinated defenses C) Replacing all physical equipment with virtual devices D) Using only software‑based solutions for all security needs Answer: B Explanation: Convergence acknowledges that attacks can span both domains, necessitating holistic protection strategies. Question 44. Under the NIST CSF, the “Protect” function includes which of the following activities? A) Continuous monitoring of network traffic
Resilience Officer CCGSCO Exam
B) Developing and implementing access control policies, encryption, and training programs C) Conducting post‑incident forensic analysis D) Reporting incidents to authorities Answer: B Explanation: Protect focuses on safeguards such as access control, data security, and awareness training. Question 45. Which of the following is a primary advantage of using IEC 61850 over traditional serial communication in substation automation? A) Higher latency and lower bandwidth B) Standardized data models and interoperability, enabling faster, more reliable communication C) Requirement for proprietary hardware only D) Inability to support redundancy Answer: B Explanation: IEC 61850 provides a common information model, facilitating interoperability and high‑speed data exchange. Question 46. In a utility’s risk register, a “risk owner” is responsible for: A) Ignoring the risk until it becomes a problem B) Managing and mitigating the assigned risk, including implementing controls and reporting status to leadership C) Delegating the risk to external auditors D) Deleting the risk entry after a month Answer: B Explanation: The risk owner ensures that the risk is actively managed and that appropriate mitigation measures are in place.
Resilience Officer CCGSCO Exam
D) Outsourcing all security functions to a third party without oversight Answer: B Explanation: CDM provides real‑time visibility and rapid remediation of security issues. Question 50. A utility is evaluating a cloud‑based SCADA analytics platform. Which risk mitigation strategy should be prioritized? A) Ignoring data residency regulations B) Encrypting data at rest and in transit, and ensuring the cloud provider meets NERC CIP‑ 013 (Supply Chain Risk Management) requirements C) Storing all raw telemetry logs on local floppy disks D) Allowing unrestricted internet access from field devices Answer: B Explanation: Encryption protects data confidentiality, and compliance with supply‑chain standards ensures the provider’s security posture. Question 51. Which of the following is a primary driver for adopting microgrid “island” capabilities in remote areas? A) Reducing the need for any cybersecurity measures B) Enhancing energy independence and resilience against grid‑wide outages or attacks C) Eliminating all renewable energy sources D) Increasing reliance on a single central generator Answer: B Explanation: Islanded microgrids can operate autonomously, providing local resilience when the main grid is compromised. Question 52. In the context of grid cyber‑risk communication, the “risk matrix” is used to: A) Plot asset locations on a geographic map
Resilience Officer CCGSCO Exam
B) Visualize the likelihood versus impact of identified risks, helping prioritize mitigation efforts for senior leadership C) Calculate the exact monetary loss from a cyber incident D) Determine the color scheme for security dashboards Answer: B Explanation: A risk matrix helps translate technical risk assessments into understandable visual aids for decision‑makers. Question 53. Which of the following is a recommended practice for securing wireless sensor networks (WSNs) used in distribution automation? A) Using default factory passwords on all sensors B) Implementing WPA3‑Enterprise encryption and mutual authentication for each node C) Disabling any form of encryption to improve latency D) Allowing any device to join the network without registration Answer: B Explanation: WPA3‑Enterprise provides strong encryption and authentication, protecting WSNs from unauthorized access. Question 54. The term “high‑impact low‑frequency” (HILF) events refers to: A) Frequent minor incidents that have no real impact B) Rare but potentially catastrophic cyber incidents that can cause widespread outage or safety hazards C) Daily maintenance activities D) Routine software patches Answer: B Explanation: HILF events are low‑probability but high‑consequence, requiring special planning and controls.
