Which Security Modes does an OPC UA SecureChannel support per the standard?
C — None, Sign and SignAndEncrypt
The OPC UA specification defines exactly three Security Modes on a SecureChannel: None (no protection, dev/test only), Sign (authentication and integrity via HMAC, no confidentiality), and SignAndEncrypt (sign plus AES encryption). Option A is wrong because "Encrypt" without signing is not a defined mode; you cannot encrypt without also signing in OPC UA. Option B is wrong because it omits the mandatory SignAndEncrypt mode used in production. Option D is wrong because it removes the None mode, which is legally part of the standard even though it is unsuitable for production. In production you should always choose SignAndEncrypt with a strong Security Policy such as Basic256Sha256, Aes128_Sha256_RsaOaep or Aes256_Sha256_RsaPss.
Treat SecurityMode=None as a red flag in any production audit: it is acceptable only on a strictly isolated commissioning network, never on a routed plant network.
- A.None and Encrypt
- B.None and Sign
- C.None, Sign and SignAndEncrypt✓
- D.Sign and SignAndEncrypt only
OPC UA bank in preparation
The full OPC UA bank isn't available yet. Drop your email to get notified at launch and grab an early-bird discount.
Join the waitlist →See the 9 other OPC UA practice questions
Related questions
- OPC UA supports two communication patterns: Client/Server (the classic Request/Response model) and Pub/Sub (publish/subscribe over MQTT or UDP multicast/unicast), the latter introduced in version 1.04 to address Industrie 4.0 use cases.1. Architecture · Client/Server vs. Pub/Sub
- The OPC UA Address Space is a hierarchical structure of Nodes linked by typed References (HasComponent, HasProperty, HasTypeDefinition, etc.), exposed as a graph that clients can walk through the Browse service.1. Architecture · Address Space
- The main OPC UA Service Sets are: Discovery, SecureChannel, Session, NodeManagement, View, Query, Attribute (Read/Write), MonitoredItem, Subscription, and Method (Call).3. Services · Hauptsächliche Service Sets
- OPC UA separates Application authentication (the client/server X.509 certificate) from User authentication (the actual end-user login), which can be Anonymous, Username/Password, or User Certificate.4. Security · User-Authentifizierung
- PA-DIM (Process Automation Device Information Model) is an OPC UA Companion Specification for process transmitters (temperature, pressure, flow, level), standardising 70+ parameters that are read identically on Endress+Hauser, Yokogawa, Siemens and ABB devices.6. Companion Specs · PA-DIM