Exam GICSP Topic 1 Question 6 Discussion

Actual exam question for GIAC's GICSP exam
Question #: 6
Topic #: 1
What information can be found by dumping data at rest from a Purdue Enterprise Reference Architecture level 0/1 device?

Suggested Answer: C Vote an answer

Level 0 and Level 1 devices in the Purdue model include sensors, actuators, and controllers such as PLCs.
Dumping data at rest from these devices often reveals static cryptographic keys (C) stored within device memory or configuration files.
Firmware on read-protected chips (A) is generally inaccessible without specialized hardware attacks.
Frequency-hopping algorithms (B) pertain to wireless devices and are typically secured and not directly stored in the general memory dump.
GICSP stresses the risk of key compromise from device data extraction as it can enable unauthorized control or decryption of communications.
Reference:
GICSP Official Study Guide, Domain: ICS Security Operations & Incident Response Purdue Model and ICS Device Security GICSP Training on Device-Level Security Threats

by Elma at Jan 23, 2026, 08:35 PM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

0
0
0
10