Question 1

Why is it important to document and communicate the results of a cyber risk assessment?

Options :

A : To ensure compliance with data protection laws

B : To inform and guide the appropriate stakeholders in risk management decisions

C : For historical records only

D : As a formality with no real impact

Answer: B

Question 2

What should be the first activity when starting an assessment project?

Options :

A : Defining roles and responsibilities

B : Gathering and organizing information

C : Creating system architecture diagrams

D : Reviewing security policies

Answer: B

Question 3

Level 4 of the ISA95 model is primarily concerned with what aspect of an enterprise?

Options :

A : Manufacturing operations management

B : Business logistics management

C : Physical process control

D : Real-time data monitoring

Answer: B

Question 4

What is the key purpose of establishing Security Level Targets (SL-Ts) according to ZCR 5.6?

Options :

A : To document existing vulnerabilities

B : To calculate the cost of security measures

C : To satisfy regulatory requirements

D : To communicate the desired level of security for a zone or conduit

Answer: D

Question 5

What is the first step in the cyber risk assessment process according to ISA 62443-3-2?

Options :

A : Identify Threats

B : Determine Consequence & Impact

C : Establish Zones and Conduits

D : Identify System Under Consideration (SUC)

Answer: D