GRID Cheat Sheet 2026

The 30 highest-yield GRID facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.

82 questions
180 min time limit
71% to pass
  1. Why is a post-incident review crucial in ICS environments? To strengthen future response and defense
  2. Why is passive monitoring preferred in ICS threat detection? It minimizes interference with critical systems
  3. In the IEC 62443 security level framework, what does Security Level 2 (SL 2) describe? Protection against intentional violation using simple means and low motivation
  4. What is the primary challenge of applying traditional IT patch management practices to OT/ICS environments? OT systems often cannot tolerate downtime required for patching
  5. Which metric from CVSS is most relevant when assessing an ICS vulnerability where no internet connectivity exists? Attack Vector (AV) — specifically local or physical
  6. What is the role of a security information and event management (SIEM) system in ICS? To centralize log data and detect threats
  7. NIST SP 800-82 recommends which network architecture strategy when IT and OT systems must exchange data? Implementation of a DMZ with firewalls between IT and OT
  8. In GRID exam context, what does a 'severity × likelihood' matrix primarily help an ICS security team accomplish? Prioritize which vulnerabilities to address first based on risk
  9. What is the role of a 'risk register' in an ongoing ICS vulnerability management program? It tracks identified risks, their ratings, owners, and remediation status over time
  10. What technique is commonly used by ICS attackers for lateral movement? Credential reuse
  11. What is the primary advantage of one-way communication in ICS defense? It blocks inbound cyber attacks
  12. Which tool is widely used by ICS security professionals to passively identify OT protocols such as Modbus, DNP3, and BACnet on a captured packet trace? Wireshark with OT protocol dissectors
  13. Why is network segmentation critical in ICS defense? To isolate threats and improve control
  14. Which zone in ICS architecture typically houses SCADA servers? Operations zone
  15. Which ICS protocol uses Function Code 90 (0x5A) and is associated with Siemens S7 PLCs, making it a common target for attackers? S7comm
  16. NERC CIP-004 requires personnel risk assessments for individuals who have which type of access? Unescorted physical or electronic logical access to BES Cyber Systems
  17. What is a typical objective of attackers in ICS environments? Cause operational disruption
  18. What is the primary purpose of a network intrusion detection system (NIDS) in an ICS environment? Detect malicious activity in network traffic
  19. When performing a vulnerability assessment on a SCADA system, why should engineers always test in a lab or replica environment first? Scanning or testing production ICS can cause device crashes or process disruptions
  20. What is the primary security weakness of the Modbus TCP protocol in ICS environments? It has no built-in authentication, authorization, or data integrity verification
  21. Under NERC CIP, a 'BES Cyber Asset' (BCA) is classified based on its potential impact to the BES. Which classification carries the highest compliance burden? High Impact
  22. Which NERC CIP standard specifically governs Electronic Security Perimeters (ESPs) and remote access management? CIP-005-7
  23. How should communication be handled during an ICS incident? Communicate out-of-band
  24. Which ICS-specific vulnerability database provides advisories specifically for industrial control systems? ICS-CERT CISA advisories
  25. What compensating control is commonly used when an ICS component cannot be patched due to operational constraints? Network segmentation and enhanced monitoring
  26. Which NERC CIP standard addresses 'Systems Security Management,' including management of ports and services, security patches, and malicious code prevention? CIP-007-6
  27. Which protocol is commonly used in oil and gas pipeline SCADA systems and operates over serial lines using a master-slave architecture? Modbus RTU
  28. NIST Special Publication 800-82 was written to provide guidance for which type of system? Industrial Control Systems (ICS) including SCADA and DCS
  29. Which of the following is a significant advantage of using passive monitoring for asset discovery in an OT network compared to active scanning? It poses a much lower risk of disrupting sensitive or legacy OT devices.
  30. IEC 62443-3-3 defines 'Foundational Requirements' (FRs) for IACS. Which of the following is one of the seven FRs? Use Control (UC) — restricting system functionality to authorized users and devices
Turn these facts into recall: