Term
| What wireless device is used for exchanging two-way emails, is a secure/multipurpose Internet mail extension and NSA-approved device for sensitive but unclassified information within DoD? |
|
Definition
|
|
Term
| What VPN Architecture does not require secondary authentication? |
|
Definition
|
|
Term
| Which encapsulation protocols allows authentication of the sender? |
|
Definition
| Authentication Header (AH) |
|
|
Term
| Which encapsulation protocols supports authentication of the sender and encryption of data? |
|
Definition
| Encapsulating Security Protocol (ESP) |
|
|
Term
| What is an automated protocol to negotiate, create and manage security associations Between two computers? |
|
Definition
| Internet Key Exchange (IKE) |
|
|
Term
| IKE SAs are established in two phases. What is the only mode in phase two? |
|
Definition
|
|
Term
| The Risk Management process includes what? |
|
Definition
Risk Assessment
Risk Mitigation
Evaluation and Continual Assesment |
|
|
Term
| What publication is the Standards for Security Categories of Federal Information and Information Systems? |
|
Definition
|
|
Term
| Who must give written approval for high risk software before use? |
|
Definition
|
|
Term
| What is the solution security analysis? |
|
Definition
| should be conducted during certification and accreditation proccess |
|
|
Term
| The ISSM is responsible for developing what? |
|
Definition
| locally needed backup plans that consider data-production rates and data-loss risks when under development |
|
|
Term
| What does CTTA stand for? |
|
Definition
| Certified Tempest Technical Authority |
|
|
Term
| All facilities processing Sensitive Compartmental Information(SCI) will be reviewed by what for initial TEMPEST accreditation? |
|
Definition
| Certified Tempest Technical Authority(CTTA) |
|
|
Term
| What does CC/S/A stand for? |
|
Definition
| Combatant commands, services and agencies |
|
|
Term
|
Definition
|
|
Term
| What are the objectives of ST&E? |
|
Definition
| to uncover design, implementation and operational flaws that could allow the violation of security policy, determine the adequacy of security mechanisms, assurances and other properties to enforce the security policy, and assess the degree of consistency between the system documentation and its implementation. |
|
|
Term
| What are the INFOCON levels? |
|
Definition
Normal
Alpha
Bravo
Charle
Delta |
|
|
Term
|
Definition
| Calls for maximum CND force readiness |
|
|
Term
| Do administrative login errors require a reportable incident? |
|
Definition
|
|
Term
|
Definition
| Failure to comply with policy |
|
|
Term
| What are some ways to protect a work station? |
|
Definition
|
|
Term
| What are the various factors of protection levels? |
|
Definition
Clearance levels
Need to know
formal access |
|
|
Term
|
Definition
| A baseline of user activity that is considered a routine level of user errors |
|
|
Term
| What happens when you exceed a clipping level? |
|
Definition
| A violation record is produced |
|
|
Term
| Which criteria does the DoD require alarms, signals and reports? |
|
Definition
| System techs are trained periodically |
|
|
Term
| What is critical infrastructure? |
|
Definition
| any asset that the incapacitation or destruction of which would have a negative impact on the IS |
|
|
Term
| Which DoD-Cert is Just a notification? |
|
Definition
|
|
Term
|
Definition
| Evaluation Assurance Levels, convenient reference for the amount of analysis and testing performed on a product. |
|
|
Term
| How often do you need to re-accredited an IS? |
|
Definition
|
|
Term
| What is the difference between certification and accreditation? |
|
Definition
Certification = validation
Accreditation = approval |
|
|
Term
| What are the three access controls? |
|
Definition
|
|
Term
|
Definition
| has to be authorized by owner |
|
|
Term
| Where do you remove a virus from? |
|
Definition
|
|
Term
| What is the significance of 1996? |
|
Definition
|
|
Term
| What is the Economic Espionage act? |
|
Definition
| Protects intellectual property and prevents the theft of trade secrets |
|
|
Term
| What is penetration testing used for? |
|
Definition
|
|
Term
| Type analysis performed during testing is tempest for what? |
|
Definition
|
|
Term
| What are two types of audience? |
|
Definition
|
|
Term
| How can you make training more effective? |
|
Definition
| targeting specific audience |
|
|
Term
| What are two ways the security inspections can be performed? |
|
Definition
|
|
Term
| What should be done when reviewing incident data? |
|
Definition
Review security logs
internal and external policies
and report to IAO |
|
|
Term
| Is it the responsibility of the ISSM to review and approve contingency plan? |
|
Definition
|
|
Term
| What are the responsibilities of the ISSM? |
|
Definition
Periodically scheduled security training
Disaster recovery
Conduct contingency plan |
|
|
Term
|
Definition
| Data Compromise and spillage |
|
|
Term
| Using Data analyzers and sniffers, can you make a permanent record of network activity? |
|
Definition
|
|
Term
| If automated auditing is not available, the ISSM/SA must get approval from who, to conduct manual audits? |
|
Definition
|
|
Term
| What determines the risk to the system, the likelihood security controls may not work and the impact? |
|
Definition
|
|
Term
| What is high risk software? |
|
Definition
| public domain, demonstration software, and embedded software not obtainded through official channels |
|
|
Term
| Which access requires the most stringent security controls? |
|
Definition
|
|
Term
| Which automated tool can be used by applications to look for evidence of data tampering? |
|
Definition
| Use of alarms, signals, and reports by DoD |
|
|
Term
| What is the purpose of monitoring? |
|
Definition
| identify security events that could impact the operations of a computer facility. |
|
|
Term
| What is the web-based application used to track IAVAs for DISA? |
|
Definition
| Vulnerability Compliance Tracking System |
|
|
Term
| What does DISA stand for? |
|
Definition
| Defense Information Systems Agency |
|
|
Term
|
Definition
| responsible for implementing the guidance internally, as well as having overall responsibility for the IAVA process throughout DoD |
|
|
Term
| What does DISA develop and provide? |
|
Definition
| security configuration guidance for IA and IA-enabled IT products in coordination with the Director of the National Security Agency, or NSA |
|
|
