DNS
IPSEC
Environments
Technology
OT Devices
100

This record is used to map a domain name to an IPv4 address

A Record

100

This protocol provides encryption, integrity, and authentication for IPsec traffic.

What is ESP (Encapsulating Security Payload)?

100

This three letter acronym is a name for the environment that interconnects and provides infrastructure for generation plants. 

GCN 

100

This is used to protect endpoints in our OT networks at the OS level

Windows Defender

100

What is a PLC

Programable Logic Controller

200

What is the primary purpose of an MX record

An MX (Mail Exchange) record is used to specify which mail servers are responsible for receiving email for a domain.

200

This phase establishes a secure, authenticated control channel between IPsec peers.

What is IKE Phase 1?

200

In the Acronym SCADA, what is the final A? 

Aquisition

200

These are used to provide network protections

Palo Alto Firewalls

200

What is a SEL 735 used for? 

Metering

300

What is a Resolver (DNS Resolver)?

A DNS resolver is a system (usually a server) that translates a domain name into an IP address so your device can connect to the correct destination.

300

This IPsec mode encapsulates and encrypts the entire original IP packet, commonly used in site-to-site VPNs.

What is Tunnel Mode?

300
This three letter acronym is the smart itron metering environment 

AMI

300

This system gathers and automates critical network inventory as well as does some threat detections

Tenable OT

300

What is a SEL 700g used for?

Protection for Generation Locations

400

Upon what port does DNS typically operate?

53

400

What are the required matching parameters for an IPsec Security Association (SA)?

For an SA to come up, both sides must agree on things like:

  • Encryption algorithm (e.g., AES-256)
  • Integrity/hash (e.g., SHA-256)
  • Traffic selectors (local/remote subnets)
  • Mode (tunnel vs transport)
400

This environment secures our transmission and distribution systems

SCADA

400

This system is our primary security data aggregator in OT environments and serves as our SIEM

SPLUNK

400

What is ignition? 

an HMI solution

500

a server at the very top of the DNS hierarchy. It acts as the starting point for translating domain names into IP addresses.

What is a Root Nameserver?

500

What is a Phase 2 mismatch (traffic selectors or transform set mismatch)?

This is the most likely cause when Phase 1 succeeds but Phase 2 fails, often due to mismatched encryption domains or transform sets.

500

This environment is both a backhaul communication network and a network leveraged for secure systems like e911

GridNet

500

This system does change detection for SCADA

Tripwire

500

What does a Station Service PLC do? 

controls and audits the power generated by the units and fed back to the local control house