
ISA-IEC-62443 Dumps PDF 2026 Program Your Preparation EXAM SUCCESS
Get Perfect Results with Premium ISA-IEC-62443 Dumps Updated 221 Questions
NEW QUESTION # 75
Which is the BEST deployment system for malicious code protection?
Available Choices (select all choices that are correct)
- A. IACS protocol converters
- B. Application whitelistinq (AWL) OD.
- C. Zones and conduits
- D. Network segmentation
Answer: B
Explanation:
Application whitelisting (AWL) is a technique that allows only authorized applications to run on a system, and blocks any unauthorized or malicious code from executing. AWL is one of the most effective methods for preventing malware infections and reducing the attack surface of a system. AWL can be implemented at different levels, such as the operating system, the network, or the application itself. AWL is especially useful forindustrial automation and control systems (IACS), which often run on legacy or proprietary platforms that are not compatible with traditional antivirus software or other security solutions. AWL can also help protect IACS from zero-day attacks, which exploit unknown vulnerabilities that have not been patched or detected by security vendors. AWL is recommended by the ISA/IEC 62443 standards as a key component of malicious code protection for IACS. According to the standards, AWL should be applied to all IACS components that support it, and should be configured and maintained according to the security policies and procedures of the organization. AWL should also be complemented by other security measures, such as network segmentation, zones and conduits, and patch management, to provide a defense-in-depth approach to IACS security. References:
* ISA/IEC 62443-3-3:2013, System security requirements and security levels, Section 5.2.3.41
* ISA/IEC 62443-2-1:2010, Establishing an industrial automation and control systems security program, Section 4.3.3.6.42
* ISA/IEC 62443-4-2:2019, Technical security requirements for IACS components, Section 4.2.3.43
* ISA/IEC 62443-3-2:2020, Security risk assessment for system design, Section 7.3.3.44
* ISA/IEC 62443-4-1:2018, Product development requirements, Section 5.2.3.45
NEW QUESTION # 76
Which factor drives the selection of countermeasures?
Available Choices (select all choices that are correct)
- A. System design
- B. Security levels
- C. Foundational requirements
- D. Output from a risk assessment
Answer: D
Explanation:
The selection of countermeasures is driven by the output from a risk assessment, which identifies the risks and their associated likelihood and consequences for each zone and conduit in the industrial automation and control system (IACS). The risk assessment also determines the target security level (SL-T) for each zone and conduit, which represents the desired level of protection against the identified threats. The countermeasures are then selected based on the SL-T and the existing security level (SL-A) of the zone and conduit, as well as the cost and feasibility of implementation. The countermeasures should aim to reduce the risk to an acceptable level by increasing the SL-A to meet or exceed the SL-T. References: ISA/IEC 62443-3-2:2018 - Security risk assessment for system design, ISA/IEC 62443-3-3:2013 - System security requirements and security levels, ISA/IEC 62443 Cybersecurity Fundamentals Specialist Training Course
NEW QUESTION # 77
Which is a role of the application layer?
Available Choices (select all choices that are correct)
- A. Provides the mechanism for opening, closing, and managing a session between end-user application processes
- B. Delivers and formats information, possibly with encryption and security
- C. Includes protocols specific to network applications such as email, file transfer, and reading data registers in a PLC
- D. Includes user applications specific to network applications such as email, file transfer, and reading data registers in a PLC
Answer: B,C
Explanation:
The application layer is the topmost layer of the OSI model, which provides the interface between the user and the network. It includes protocols specific to network applications such as email, file transfer, and reading data registers in a PLC. These protocols deliver and format information, possibly with encryption and security, to ensure reliable and meaningful communication between different applications. The application layer does not include user applications, which are separate from the network protocols. The application layer also does not provide the mechanism for opening, closing, and managing a session between end-user application processes, which is the function of the session layer. References:
ISA/IEC 62443 Cybersecurity Fundamentals Specialist Study Guide, page 181 Using the ISA/IEC 62443 Standards to Secure Your Control System, page 82 The application layer in network protocols, such as in the OSI model or the TCP/IP protocol suite, is primarily responsible for providing services directly to user applications. This layer is involved in:
Option A: Including protocols specific to network applications such as email, file transfer, and industrial protocols like reading data registers in a Programmable Logic Controller (PLC). This is a core function of the application layer as it facilitates specific high-level networking capabilities.
Option D: Delivering and formatting information, which can include encryption and ensuring the security of data as it is transmitted across the network. This includes protocols like HTTP for web browsing which can encrypt data via HTTPS, SMTP for secure email transmission, and FTP for secure file transfer.
NEW QUESTION # 78
What are the connections between security zones called?
Available Choices (select all choices that are correct)
- A. Tunnels
- B. Conduits
- C. Firewalls
- D. Pathways
Answer: B
Explanation:
According to the ISA/IEC 62443 standard, the connections between security zones are called conduits. A conduit is defined as a logical or physical grouping of communication channels connecting two or more zones that share common security requirements. A conduit can be used to control and monitor the data flow between zones, and to apply security measures such as encryption, authentication, filtering, or logging. A conduit can also be used to isolate zones from each other in case of a security breach or incident. A conduit can be implemented using various technologies, such as firewalls, routers, switches, cables, or wireless links.
However, these technologies are not synonymous with conduits, as they are only components of a conduit. A firewall, for example, can be used to create multiple conduits between different zones, or to protect a single zone fromexternal threats. Therefore, the other options (firewalls, tunnels, and pathways) are not correct names for the connections between security zones. References:
* ISA/IEC 62443-3-2:2016 - Security for industrial automation and control systems - Part 3-2: Security risk assessment and system design1
* ISA/IEC 62443-3-3:2013 - Security for industrial automation and control systems - Part 3-3: System security requirements and security levels2
* Zones and Conduits | Tofino Industrial Security Solution3
* Key Concepts of ISA/IEC 62443: Zones & Security Levels | Dragos4
NEW QUESTION # 79
Why is patch management more difficult for IACS than for business systems?
Available Choices (select all choices that are correct)
- A. Business systems automatically update.
- B. Many more approvals are required.
- C. Overtime pay is required for technicians.
- D. Patching a live automation system can create safety risks.
Answer: D
Explanation:
Patch management is the process of applying software updates to fix security vulnerabilities, improve functionality, or enhance performance. Patch management is an essential part of cybersecurity, as unpatched systems can be exploited by malicious actors. However, patch management for industrial automation and control systems (IACS) is more challenging than for business systems, because patching a live automation system can create safety risks. According to the ISA/IEC 62443 standards, patching an IACS may have the following potential impacts1:
* Patching may introduce new vulnerabilities or errors that compromise the availability, integrity, or confidentiality of the IACS.
* Patching may affect the functionality or performance of the IACS, causing unexpected or undesired behavior, such as process shutdowns, slowdowns, or failures.
* Patching may require downtime or reduced operation of the IACS, which may affect production, quality, or profitability.
* Patching may require additional resources, such as personnel, equipment, or testing facilities, which may not be readily available or affordable.
Therefore, patch management for IACS requires careful planning, testing, and validation before applying patches to the operational environment. The ISA/IEC 62443 standards provide guidance and best practices for patch management in the IACS environment, such as1:
* Establishing a patch management program that defines roles, responsibilities, policies, and procedures
* for patching IACS components and systems.
* Identifying and prioritizing the IACS assets that need patching, based on their criticality, vulnerability, and risk level.
* Evaluating and verifying the patches for compatibility, functionality, and security before applying them to the IACS.
* Implementing and documenting the patching process, including backup, recovery, and rollback procedures, in case of patch failure or adverse effects.
* Monitoring and auditing the patching activities and outcomes, and reporting any issues or incidents.
References: 1: ISA TR62443-2-3 - Security for industrial automation and control systems, Part 2-3: Patch management in the IACS environment
NEW QUESTION # 80
How should outreach be handled with product suppliers and service providers?
- A. Only system integrators need to be informed about lifecycle support.
- B. Asset owners should be informed about how to report vulnerabilities.
- C. Patch management policies should be kept confidential from asset owners.
- D. Communication should only occur after a system failure.
Answer: B
Explanation:
ISA/IEC 62443 places strong emphasis on coordinated communication across the IACS ecosystem, particularly between asset owners, product suppliers, and service providers. Outreach is a core element of vulnerability management and continuous risk reduction.
Step 1: Asset owner accountability
According to ISA/IEC 62443-2-1, the asset owner is responsible for establishing and maintaining processes for identifying, reporting, and responding to cybersecurity vulnerabilities. This includes ensuring that clear reporting channels exist and are communicated to relevant parties.
Step 2: Vulnerability disclosure alignment
ISA/IEC 62443-4-1 requires product suppliers to support vulnerability handling and coordinated disclosure.
For this process to work effectively, asset owners must know how and where to report vulnerabilities discovered during operation.
Step 3: Why proactive communication matters
Waiting until a system failure contradicts the preventive intent of the standard. Cybersecurity is treated as a continuous process, not an incident-driven reaction.
Step 4: Elimination of incorrect options
* Limiting communication to integrators ignores suppliers and operators.
* Keeping patch policies confidential prevents coordinated risk management.
Therefore, the standard supports proactive outreach where asset owners are informed about how to report vulnerabilities, making Option B correct.
NEW QUESTION # 81
What is the purpose of ICS-CERT Alerts?
- A. To notify the owners of critical infrastructure
- B. To inform about hardware upgrades
- C. To advertise cybersecurity services
- D. To alert of targeted global energy sector threats
Answer: A
Explanation:
ICS-CERT (Industrial Control Systems Cyber Emergency Response Team) issues alerts to inform critical infrastructure owners and operators about newly discovered vulnerabilities, threats, and mitigation strategies.
"ICS-CERT Alerts provide timely information to critical infrastructure owners and operators concerning current security issues, vulnerabilities, and exploits."
- ICS-CERT Advisory Documentation (now under CISA)
Alerts may be sector-wide or vendor-specific, and are part of the U.S. Department of Homeland Security's proactive cyber defense strategy.
Clarification of Options:
Not specific to the energy sector only (D is too narrow)
Not promotional in nature (eliminates A and B)
References:
ICS-CERT Alert Guidance (now under CISA)
ISA/IEC 62443-2-1 - External threat awareness
NEW QUESTION # 82
What does the first group of the ISA/IEC 62443 series focus on?
- A. Policies and procedures
- B. System technology aspects
- C. Component security requirements
- D. General standards and reports
Answer: D
Explanation:
The ISA/IEC 62443 standards are divided into four main groups: General, Policies and Procedures, System, and Component. The first group, "General," includes foundational standards and technical reports that provide essential concepts, models, terminology, and overall guidance for the rest of the series. This includes parts such as 62443-1-1 (concepts and models), 1-2 (glossary), 1-3 (metrics), and 1-4 (security lifecycle and use cases).
Reference: ISA/IEC 62443-1-1:2007, Section 4.1.2; Official 62443 series structure as published by ISA and IEC.
NEW QUESTION # 83
At Layer 4 of the Open Systems Interconnection (OSI) model, what identifies the application that will handle a packet inside a host?
Available Choices (select all choices that are correct)
- A. ATCP/UDP registry number
- B. ATCP/UDP application ID
- C. ATCP/UDP port number
- D. A TCP/UDP host ID
Answer: C
Explanation:
At layer 4 of the OSI model, also known as the transport layer, the application that will handle a packet inside a host is identified by a TCP/UDP port number. A port number is a 16-bit integer that is assigned to a specific application or service that runs on a host. Port numbers are used to multiplex and demultiplex the data streams that are exchanged between hosts and end systems. Multiplexing is the process of combining multiple data streams into one, while demultiplexing is the process of separating one data stream into multiple ones. Port numbers are part of the header of the transport layer protocol data unit (PDU), which is called a segment for TCP and a datagram for UDP. The header contains the source port number and the destination port number, which indicate the applications that are involved in the communication. For example, if a host sends a packet to another host using the HTTP protocol, which runs on port 80 by default, the source port number would be a random number chosen by the sender, and the destination port number would be 80. The receiver would then use the destination port number to demultiplex the packet and deliver it to the HTTP application.
Port numbers are divided into three ranges: well-known ports (0-1023), registered ports (1024-49151), and dynamic or private ports (49152-65535). Well-known ports are reserved for common and standardized applications and services, such as HTTP (80), FTP (21), and SSH (22). Registered ports are assigned by the Internet Assigned Numbers Authority (IANA) to specific applications and services that request them, such as Skype (49175) and Minecraft (25565). Dynamic or private ports are not assigned by any authority and can be used by any application or service that needs them, such as ephemeral ports that are used for temporary connections.
The other options are not valid identifiers for the application that will handle a packet inside a host at layer 4 of the OSI model. A TCP/UDP application ID is not a term that is used in the OSI model or the TCP/IP model. A TCP/UDP host ID is not a term that is used in the OSI model or the TCP/IP model, and it would be more appropriate for layer 3, which is the network layer, where the host is identified by an IP address. A TCP
/UDP registry number is not a term that is used in the OSI model or the TCP/IP model, and it would be more appropriate for layer 5, which is the session layer, where the registry number is used to identify a session between two hosts.
References:
Transport Layer | Layer 4 | The OSI-Model1
OSI model - Wikipedia2
What is Layer 4 of the OSI Model? | Glossary | A10 Networks3
What Are the 7 Layers of the OSI Model? | Webopedia4
NEW QUESTION # 84
Which of the following provides the overall conceptual basis in the design of an appropriate security program?
- A. Zone model
- B. Reference architecture
- C. Asset model
- D. Reference model
Answer: D
Explanation:
The reference model provides the overall conceptual basis for designing an appropriate security program. The ISA/IEC 62443-1-1 standard introduces the reference model to explain the structure, concepts, and relationships within an industrial automation and control system (IACS). It establishes the foundation for applying zones and conduits and for understanding security levels and how assets interact. This model is the cornerstone for implementing other architectural and technical security controls.
Reference: ISA/IEC 62443-1-1:2007, Section 4.2, "Reference Model"; also see Figure 1 in 62443-1-1.
NEW QUESTION # 85
Which of the following is an example of separation of duties as a part of system development and maintenance?
Available Choices (select all choices that are correct)
- A. Developers write and then test their own code.
- B. Design and implementation are performed by the same team.
- C. Changes are approved by one party and implemented by another.
- D. Configuration settings are made by one party and self-reviewed using a checklist.
Answer: C
Explanation:
Separation of duties is a security principle that aims to prevent fraud, errors, conflicts of interest, or misuse of resources by dividing critical tasks or functions among different people or teams. It is one of the foundational requirements (FRs) of the ISA/IEC 62443 standards for securing industrial automation and control systems (IACSs). According to the ISA/IEC 62443-2-1 standard, separation of duties includes the following system requirements (SRs):
* SR 2.1: Security management policy
* SR 2.2: Personnel security
* SR 2.3: System development and maintenance
* SR 2.4: Incident response and recovery
* SR 2.5: Compliance and review
Among these SRs, the one that is most related to the example of system development and maintenance is SR
2.3. SR 2.3 requires that the IACS shall provide the capability to ensure that the development and maintenance of the system and its components are performed in a secure manner. This means that the IACS should have a mechanism to control the access and authorization of developers, testers, integrators, and maintainers who work on the system and its components. It also means that the IACS should have a mechanism to verify and validate the quality and security of the system and its components before, during, and after the development and maintenance processes.
Therefore, an example of separation of duties as a part of system development and maintenance is that changes are approved by one party and implemented by another. This ensures that the changes are authorized, documented, and reviewed by someone who is not involved in the implementation. This reduces the risk of introducing errors, vulnerabilities, or malicious code into the system and its components.
References:
* ISA/IEC 62443-2-1:2010, Security for industrial automation and control systems - Part 2-1: Establishing an industrial automation and control systems security program1
* ISA/IEC 62443 Cybersecurity Fundamentals Specialist Certificate Program2
* ISA/IEC 62443 Cybersecurity Library3
* Using the ISA/IEC 62443 Standards to Secure Your Control Systems4
NEW QUESTION # 86
Safety management staff are stakeholders of what security program development?
Available Choices (select all choices that are correct)
- A. SPRP
- B. CSMS
- C. CSA
- D. ERM
Answer: B
NEW QUESTION # 87
Which standard focuses on protecting sensitive information across all organizational systems through a broad Information Security Management System (ISMS)?
- A. Both ISA/IEC 62443 and ISO/IEC 27001
- B. ISO/IEC 27001
- C. None of the above
- D. ISA/IEC 62443
Answer: B
Explanation:
ISO/IEC 27001 is the international standard that defines requirements for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS) across an organization.
Step 1: Scope of ISO/IEC 27001
ISO/IEC 27001 applies broadly to all information assets, including IT systems, business processes, and organizational data, regardless of industry.
Step 2: Contrast with ISA/IEC 62443
ISA/IEC 62443 focuses specifically on Industrial Automation and Control Systems, addressing OT-specific risks such as safety, availability, and real-time constraints. While 62443-2-1 aligns with ISMS principles, it is not a general-purpose ISMS standard.
Step 3: Complementary use
Organizations commonly use ISO/IEC 27001 for enterprise-wide information security and ISA/IEC 62443 for OT/IACS environments.
Thus, the standard focused on protecting sensitive information across all organizational systems via an ISMS is ISO/IEC 27001.
NEW QUESTION # 88
Which of the following tools has the potential for serious disruption of a control network and should not be
used on a live system?
Available Choices (select all choices that are correct)
- A. Remote desktop
- B. FTP
- C. Web browser
- D. Vulnerability scanner
Answer: D
NEW QUESTION # 89
Which of the following is NOT a general class of firewalls?
- A. Application proxy
- B. Packet filter
- C. Network monitor
- D. Stateful inspection
Answer: C
Explanation:
Packet filter, application proxy, and stateful inspection are all recognized types or classes of firewalls in both IT and industrial control environments. A network monitor, on the other hand, is not considered a firewall but rather a tool for observing and analyzing network traffic. It does not provide firewall-like controls for blocking or allowing traffic.
Reference: ISA/IEC 62443-3-3:2013, Section 4.2.3.3 ("Types of firewalls"); ISA/IEC 62443-1-1:2007, Section 3.2.6.
NEW QUESTION # 90
A manufacturing plant has inconsistent cybersecurity processes that vary widely between shifts and teams.
According to the maturity levels described in ISA/IEC 62443-2-1, how would this situation be classified?
- A. Level 4 - Improving (quantitatively managed)
- B. Level 3 - Defined / Practiced (repeatable and documented processes)
- C. Level 2 - Managed (documented procedures and training programs)
- D. Level 1 - Initial (ad-hoc and undocumented processes)
Answer: D
Explanation:
The ISA/IEC 62443-2-1 standard introduces Security Program Maturity Levels, which help assess how well an organization has integrated security into its industrial operations. Level 1 is the "Initial" stage where processes are ad-hoc, undocumented, and vary across the organization - precisely the case described in the question.
"Maturity Level 1 (Initial) - Processes are ad hoc and undocumented. There is no consistency in how security is implemented across the organization or teams. Security activities are performed inconsistently, typically in response to incidents."
- ISA/IEC 62443-2-1:2010, Table 4 - Maturity Levels
The inconsistency between shifts and teams indicates a lack of standardized procedures, which is a hallmark of Level 1.
References:
ISA/IEC 62443-2-1:2010 - Section 4.2.3, Table 4
ISA/IEC 62443-2-1 - Maturity Levels and Program Requirements
NEW QUESTION # 91
Which of the following attacks relies on a human weakness to succeed?
Available Choices (select all choices that are correct)
- A. Escalation-of-privileges
- B. Phishing
- C. Denial-of-service
- D. Spoofing
Answer: B
Explanation:
Phishing is a type of cyberattack that relies on a human weakness to succeed. Phishing is the practice of sending fraudulent emails or other messages that appear to come from a legitimate source, such as a bank, a government agency, or a trusted person, in order to trick the recipient into revealing sensitive information, such as passwords, credit card numbers, or personal details, or into clicking on malicious links or attachments that may install malware or ransomware on their devices. Phishing is a common and effective way of compromising the security of industrial automation and control systems (IACS), as it can bypass technical security measures by exploiting the human factor. Phishing can also be used to gain access to the IACS network, to conduct reconnaissance, to launch further attacks, or to cause damage or disruption to the IACS operations. The ISA/IEC 62443 series of standards recognize phishing as a potential threat vector for IACS and provide guidance and best practices on how to prevent, detect, and respond to phishing attacks. Some of the recommended countermeasures include:
Educating and training the IACS staff on how to recognize and avoid phishing emails and messages, and how to report any suspicious or malicious activity.
Implementing and enforcing policies and procedures for email and message security, such as using strong passwords, verifying the sender's identity, and not opening or clicking on unknown or unsolicited links or attachments.
Applying technical security controls, such as antivirus software, firewalls, spam filters, encryption, and authentication, to protect the IACS devices and network from phishing attacks.
Monitoring and auditing the IACS network and devices for any signs of phishing attacks, such as anomalous or unauthorized traffic, connections, or activities, and taking appropriate actions to contain and mitigate the impact of any incidents. References:
ISA/IEC 62443-1-1:2009, Security for industrial automation and control systems - Part 1-1: Terminology, concepts and models1 ISA/IEC 62443-2-1:2009, Security for industrial automation and control systems - Part 2-1: Establishing an industrial automation and control systems security program2 ISA/IEC 62443-2-4:2015, Security for industrial automation and control systems - Part 2-4: Security program requirements for IACS service providers3 ISA/IEC 62443-3-3:2013, Security for industrial automation and control systems - Part 3-3: System security requirements and security levels4 ISA/IEC 62443-4-2:2019, Security for industrial automation and control systems - Part 4-2: Technical security requirements for IACS components5
NEW QUESTION # 92
What are the connections between security zones called?
Available Choices (select all choices that are correct)
- A. Tunnels
- B. Conduits
- C. Firewalls
- D. Pathways
Answer: B
Explanation:
According to the ISA/IEC 62443 standard, the connections between security zones are called conduits. A conduit is defined as a logical or physical grouping of communication channels connecting two or more zones that share common security requirements. A conduit can be used to control and monitor the data flow between zones, and to apply security measures such as encryption, authentication, filtering, or logging. A conduit can also be used to isolate zones from each other in case of a security breach or incident. A conduit can be implemented using various technologies, such as firewalls, routers, switches, cables, or wireless links.
However, these technologies are not synonymous with conduits, as they are only components of a conduit. A firewall, for example, can be used to create multiple conduits between different zones, or to protect a single zone from external threats. Therefore, the other options (firewalls, tunnels, and pathways) are not correct names for the connections between security zones. References:
ISA/IEC 62443-3-2:2016 - Security for industrial automation and control systems - Part 3-2: Security risk assessment and system design1 ISA/IEC 62443-3-3:2013 - Security for industrial automation and control systems - Part 3-3: System security requirements and security levels2 Zones and Conduits | Tofino Industrial Security Solution3 Key Concepts of ISA/IEC 62443: Zones & Security Levels | Dragos4
NEW QUESTION # 93
Which statement BEST describes the enforceability of standards?
- A. Standards have criminal penalties for non-compliance.
- B. Compliance with standards is voluntary.
- C. Courts never consider standards when determining liability.
- D. Standards are always legally binding and must be followed.
Answer: B
Explanation:
ISA/IEC 62443 is an international consensus standard, not a regulation. The standard itself clearly distinguishes between voluntary standards and legally enforceable regulations. By default, compliance with standards such as ISA/IEC 62443 is voluntary, unless they are explicitly referenced in laws, regulations, contracts, or regulatory frameworks.
Step 1: Nature of standards
Standards are developed to provide agreed-upon best practices and requirements based on expert consensus.
ISA/IEC 62443 provides structured, auditable requirements for securing IACS, but it does not carry legal force on its own.
Step 2: Relationship to law and regulation
Governments or regulators may reference standards within regulations, making compliance mandatory in specific contexts. However, the enforceability in such cases comes from the law or contract, not from the standard itself.
Step 3: Role in liability and due diligence
While compliance is voluntary, courts may consider standards as evidence of industry best practice when evaluating negligence or due diligence. This does not make them legally binding, but it does make them highly influential.
Step 4: Why other options are incorrect
Standards do not impose criminal penalties, are not automatically legally binding, and are often considered by courts.
Therefore, the most accurate statement is that compliance with standards is voluntary.
NEW QUESTION # 94
Which of the following is NOT a general class of firewalls?
- A. Application proxy
- B. Packet filter
- C. Stateful inspection
- D. Network inspection
Answer: D
Explanation:
The three general classes of firewalls are:
Packet Filtering Firewalls - Basic filters based on IPs, ports, protocols Stateful Inspection Firewalls - Track active connections and session state Application Proxy Firewalls - Act as intermediaries at the application layer
"Network inspection" is not a standard firewall classification, but rather a general term that may refer to DPI (Deep Packet Inspection) or NIDS (Network Intrusion Detection Systems).
"Firewall technologies are typically classified into packet filtering, stateful inspection, and application proxy types."
- ISA/IEC 62443-3-3:2013, SR 5.1 - Zone Boundary Protection
References:
ISA/IEC 62443-3-3:2013 - Clause SR 5.1
NIST SP 800-41 - Guidelines on Firewalls and Firewall Policy
NEW QUESTION # 95
......
ISA-IEC-62443 PDF Dumps Extremely Quick Way Of Preparation: https://passking.actualtorrent.com/ISA-IEC-62443-exam-guide-torrent.html