chapter-19 Flashcards Preview

PDG 2013 > chapter-19 > Flashcards

Flashcards in chapter-19 Deck (252)

What three types of security are essential to the AirForce mission? (457)

I) Information Assurance (IA); 2) installation security; and3) Antiterrorism (AT).


Who must protect information and information systemsand adhere to all information assurance and relatedsecurity policies and procedures? (457)

Personnel at all levels.


Information __ refers to the measures that protect,defend and ensure the availability, integrity, confidentiality,authentication and nonrepudiation of informationand information systems. (457)



What do Information Assurance's (IA) protection,detection and reaction capabilities provide? (457)

Restoration of information and information systems.


Why is Information Assurance (IA) policy based onfact-based operational risk assessments? (457)

Because total risk avoidance is often not practical - risk assessmentand management are required instead.


Name the three core Information Assurance (IA)security disciplines. (457)

Communications Security (COMSEC), Computer Security(COMPUSEC) and Emissions Security (EMSEC).


The information assurance discipline __ ensuresthe confidentiality, integrity and availability of informationsystems assets, including hardware, software,firmware and information being processed, stored andcommunicated. (457)

Computer Security (COMPUSEC).


A(n) __ system is any telecommunications and/orcomputer-related equipment or interconnected system orsubsystems of equipment used in the acquisition, storage,manipulation, management, movement, control, display,switching interchange, transmission or reception of voices and/or data. (457)

Information. (This includes software, firmware and hardware.)


A Computer Security (COMPUSEC) __ is anyaction, device, procedure, technique or other measurethat reduces an information system's vulnerability to anacceptable or manageable level. (457)



What enemy activities pose the greatest threats tocommunications and information systems? (457-458)

Information Operations (IO) and Information Warfare (IW)activities.


Information Operations (10) and Information Warfare(IW) attacks include introduction of malicious codes,trapdoors or viruses. What could result from these activities?(458)

1) Loss of information and information system confidentiality,integrity and availability; 2) disclosure of classified orsensitive information; 3) altered or deleted mission-essentialdata; and 4) destruction of communications and informationsystems.


Viruses, worms, Trojan horses and Botnets are examplesof __ logic. (458)

Malicious logic.


How does the Air Force protect information systemsfrom malicious logic attacks? (458)

Through preventive measures, including I) user awarenesstraining; 2) local policies; 3) configuration management; and4) antivirus software.


Prevent malicious logic by using antivirus softwareon all information systems. Name four other minimumsecurity measures. (458)

Any four of the following: I) Scan all incoming or downloadedelectronic traffic and files for viruses; 2) scan removableand fixed media prior to use; 3) report all virus attacks;4) preserve evidence of malicious incidents for ongoing investigations;5) use government-owned computer systems forofficial use only; and 6) do not surf unapproved websites ongovernment-owned computer systems.


Describe the minimum security requirements fordesktops and workstations used by one person at a time.(458)

1) Ensure each user's access is based on security clearanceand need to know; 2) prevent unauthorized casual viewing ofinformation; and 3) protect against tampering, theft and loss.


Strong, two-factor, authentication for accessing systemsand networks combines a Common Access Card(CAC) with a(n) __ . (458)



A Common Access Card (CAC) is a DoD identificationcard with an integrated circuit chip that holds what?(458)

Public Key Infrastructure (PKI) certificates and keys.


When may passwords be used in lieu of a CommonAccess Card (CAC)? (458)

When support for CAC or other strong, two-factor authenticationis unavailable.


Where should you place devices that display or outputclassified and sensitive information? (458)

In locations that deter unauthorized casual viewing.


Use a secure ____ and screen-lock to secureany unattended workstation. (458)

Screen saver. (Otherwise, log off completely.)


When using a Common Access Card (CAC), removeit if the workstation is unattended. T/F (458)



How can you protect information systems from tampering,theft and loss? (458)

1) Control physical access to facilities, information systemsand data; 2) use the Common Access Card (CAC) removallock feature, keyboard locks, secure screen savers, and addonsecurity software; and 3) control removal and secure storageof information on unattended systems.


Compact discs are an example of removable media.Provide two additional examples. (458)

1) USB drives; and 2) external storage drives.


How should you safeguard, mark and label removablemedia? (458)

Using the requirements for the highest level of information itever stored.


Why does storing large amounts of Personally IdentifiableInformation (PII) (500 or more records) on removablemedia require proper approval? (458)

Its loss or theft may lead to identity theft or adversely impactpersonnel.


What additional security measures apply when removablemedia contains sensitive information? (458-459)

1) Restrict its use to locations that meet information protectionand security policies; 2) report any loss or suspectedloss; and 3) clear, sanitize or destroy it before releasing it to Vunauthorized personnel or outside the DoD or Air Force.


What should you do before attaching any removablemedia or storage device to an information system? (459)

Refer to local security guidance.


Using disguised removable· media or storage devicesis prohibited. T/F (459)



What are Portable Electronic Devices (PED)? (459)

Small electronic devices capable of recording, storing,transmitting or processing information. (Examples includePDAs, hand-held and laptop computers, cellular phones, emaildevices and audio or video recording devices.)


Most desktop and workstation protective measuresand even removable media also apply to Portable ElectronicDevices (PED). What additional measures apply towireless-enabled PEDs? (459)

1) Comply with Air Force wireless and wireless securitypolicies; 2) do not use to store, process or transmit classifiedinformation without proper approval and additional securitymechanisms and measures; 3) do not use in areas where classifiedinformation is discussed or processed without coordinatingwith the local security manager; 4) consider Opera- \_.,tions Security (OPSEC) and force protection before adoptingor implementing any policy or procedure; and 5) do not connectpersonally owned PEDs to the Air Force network.


Who should you notify if classified information wasprocessed or maintained on an unclassified PortableElectronic Device (PED)? (459)

Your supervisor, security manager or Information AssuranceOfficer (!AO).


Connecting personally owned Portable ElectronicDevices (PED) to the Air Force network is forbidden, butyou may request a government-owned PED if required.T/F (459)



What are three prohibitions on the use of personallyowned Information Technology (IT)? (459-460)

Do not use personally owned IT to I) process classified information;2) perform government work without justificationand approval; and 3) store or process Controlled UnclassifiedInformation (CUI) or Personally Identifiable Information(PII).


What might justify using personally owned InformationTechnology (IT) to perform government work?(459)

Mission requirements. government-owned IT availability andrationale.


Government-owned sensitive information must remainon government removable media or devices. T/F(460)

True. (Mark and protect it appropriately.)


What will happen to personally owned InformationTechnology (IT) with Controlled Unclassified Information(CUI), classified information or Personally IdentifiableInformation (PII)? (459)

It will be confiscated and sanitized or destroyed.


Never use __ computing facilities or services toprocess government-owned unclassified, sensitive or classifiedinformation, or access Web-based government services.(460)



Define phishing. (460)

Emails with embedded scripts and false links that allow accessfor a hacker to control your computer or install maliciouslogic programs.


How do our adversaries use phishing to compromisethe mission effectiveness of your organization? (460)

They use this form of social engineering to solicit informationfrom Air Force members.


What should you do with emails from financial institutionsasking for personal information? (460)

Delete and report it to the appropriate financial institution'sspam or phishing Point of Contact (POC).


At a minimum, what three things should you do tosafeguard your computer from phishing? (460)

1) Never click on a hyperlink inside an email from an unknownsource; 2) never download files attached to an emailfrom an unknown source; and 3) contact the sender of theemail to verify if it is authentic.


__ are measures and controls that deny unauthorizedpersons national security information derivedfrom US government information systems and ensuresthe authenticity of those systems. (460)

Communications Security (COMSEC).


What are the three components of CommunicationsSecurity (COMSEC)? (460)

1) Cryptosecurity; 2) transmission security; and 3) physicalsecurity.


__ is a component of Communications Security(COMSEC) that results from the provision and properuse of technically sound cryptosystems. (460)



__ is a component of Communications Security(COMSEC) resulting from measures that protect transmissionsfrom interception and exploitation by meansother than cryptoanalysis. (460)

Transmission security.


Give examples of transmission security. (460)

Using secured communications systems, registered mail,secure telephone and facsimile equipment, manual cryptosystems,call signs or authentication to transmit classified information.


Define physical security. (460)

Using all physical measures necessary to safeguard CommunicationsSecurity (COMSEC) material from unauthorizedaccess.


List the five common Communications Security(COMSEC) physical security measures. (460)

1) Verifying the need-to-know and clearance of personnelgranted access; 2) following proper storage and handlingprocedures; 3) accurately accounting for all materials; 4)transporting materials using authorized means; and 5) immediatelyreporting the loss or possible compromise of materials.


What Information Assurance (IA) security principlemeans denying unauthorized persons valuable informationderived from intercepting and analyzing compromisingemanations from cryptoequipment, informationsystems and telecommunication systems? (461)

Emissions Security (EMSEC).


What is Emissions Security's (EMSEC) objective?(461)

To deny unauthorized access to classified and, in some instances,unclassified information that contains compromisingemanations within an inspectable space.


Why does Operations Security (OPSEC) identify,analyze and control critical information indicatingfriendly actions, whether military operations or otheractivities? (461)

To 1) identify actions that can be observed by adversary intelligencesystems; 2) determine what indicators could beused to derive critical information useful to adversaries; 3)eliminate (or reduce to an acceptable level) the vulnerabilitiesof friendly actions to adversary exploitation; and 4)closely integrate and synchronize with other influence operationscapabilities.


___ must be closely integrated and synchronizedwith other influence operations capabilities and all aspectsof the protected operations. (461)

Operations Security (OPSEC).


Operations Security (OPSEC) is not a collection ofspecific rules and instructions applicable to every operation.T/F (461)

True. (It is a process.)


What is Operations Security's (OPSEC) purpose?(461)

To eliminate or reduce adversary collection and exploitationof critical information.


Operations Security (OPSEC) applies to all activitiesthat prepare, sustain or employ forces during whichphases of operations? (461)

All phases.


Why should commanders and other decisionmakersapply Operations Security (OPSEC) analysis to the planning,preparation, execution and post execution phases ofany operation or activity from the earliest stages of planning?(461)

To enhance operational effectiveness.


Operations Security (OPSEC) analysis helpsdecisionmakers weigh the __ they will accept in specificoperational circumstances. (461)



In what four situations are Air Force forces vulnerableto observation? (461)

1) At peacetime bases and locations; 2) in training or exercises;3) while moving; and 4) when deployed during actualoperations.


Why is Operations Security (OPSEC) incorporatedinto day-to-day operations? (461)

To ensure a seamless transition to contingency operations.


What five distinct steps constitute the OperationsSecurity (OPSEC) process? (461)

1) Identify critical information; 2) analyze threats; 3) analyzevulnerabilities; 4) assess risk; and 5) apply appropriateOPSEC measures.


What five basic characteristics of Operations Security(OPSEC) indicators make them potentially valuable toan adversary? (461-462)

1) Signatures (what identifies it or causes it to stand out); 2)associations (its relationship to other information or activities);3) profiles (the sum of each activity's signatures andassociations); 4) contrasts (observable differences from an activity's standard profile and its most recent or current actions);and 5) exposure (when and how long an indicator isobserved)


The Air Force handles its classified information andControlled Unclassified Information (CUI) according toAir Force-specific policies. T/F (462)

False. (It is consistent with national policy.)


What documents provide guidance for managingclassified information and Controlled Unclassified Information(CUI)? (462)

DoDM 5200.01, Volumes 1 through 4, DoD lnfonnationSecurity Program, and AFI 31-401, Information SecurityProgram Management.


______ classification is the initial decision that 1) anitem of information meets classification requirements inEO 13526, Classified National Security Information; and2) unauthorized disclosure could reasonably result indamage to national security. (462)

Original classification. (An Original Classification Authority(OCA) makes this decision.)


Who may originally classify information? (462)

Only the SecDef, the secretaries of the military departmentsand other officials who are specifically delegated the authority in writing.


Who appoints Original Classification Authorities(OCA)? (462)

The SECAF appoints them to Top Secret-and-below levels;the SECAF's Administrative Assistant appoints them to Secret-and-below levels.


Original Classification Authorities (OCA) receivetraining in the exercise of their authority and have programresponsibility or __ over classified information.(462)



A documents the details of an original classificationdecision and specifies items or categories that mustbe classified. (462)

Security Classification Guide (SCG).


What does a Security Classification Guide (SCG)identify? (462)

The applicable classification level, the reason for classifying,any special handling caveats, downgrading and declassificationinstructions, declassification exemptions, the OriginalClassification Authority (OCA) and a Point of Contact(POC).


When is information derivatively classified? (462)

When it is extracted, paraphrased, restated or generated in anew form.


Photocopying or mechanically reproducing classifiedmaterial is not derivative classification. T/F (462)



What provides derivative classification guidance?(462)

Source documents and Security Classification Guides (SCG).


All cleared DoD personnel who create and derivativelyclassify material must mark it according to DoDM5200.01 and AFI 31-410. T/F (462)

False. (Mark them according to DoDM 5200.01 and AFI 31-401.)


All classified information, whether hard copy or electronic,must be properly marked. Why are the markingsconspicuous? (462)

They are the primary way to inform holders of protectionrequirements.


What are the purposes of markings on classified material?(462)

To 1) alert holders to the presence of classified information;2) identify the exact information needing protection; 3) indicatethe assigned classification level; 4) provide any guidanceon downgrading and declassification; 5) give informationon the sources and reasons for classification; and 6)warn of special access, control or safeguarding requirements.


Every classified document must be marked to showthe _______classification of information it contains. (462)



Where is the overall classification of a documentidentified? (462)

On the first page and, if applicable, on the front cover, titlepage and outside back cover.


Where must every classified document show theagency, office of origin and date of origin? (462)

On the first page, title page or front cover.


In addition to the agency, office of origin and date oforigin, what must you include on the first page, title pageor front cover of every originally classified document?Every derivatively classified document? (462-463)

Include a "Classified by" line that identifies the OriginalClassification Authority (OCA). Mark "Derived from," withthe source document and date derived. If derived from multiplesources, note "Multiple Sources" and attach a completelist.


When is information declassified? (463)

As soon as it no longer meets classification standards orwhen public interest in its disclosure outweighs the need toprotect it.


List the four separate and parallel systems that canlead to the declassification of information. ( 463)

1) When the declassification date, determined at the time ofclassification by the original classifier, is reached; 2) automaticallyon the 25th anniversary of classification, for informationof permanent historical value (unless specifically keptclassified); 3) after review for possible declassification, uponrequest; and 4) during systematic reviews for possible declassification.


What should you do if there is substantial evidencethat a document has been classified erroneously? (463)

Submit challenges of classification to the security manageror the classifier of the information.


Who is responsible for protecting classified informationand material in their possession or control? (463)

Everyone granted access to it.


Classified information must be protected at all timesby doing what? (463)

Storing it in an approved security container or facility orhaving it under the personal observation and control of anauthorized individual.


What should you do with items containing classifiedinformation? (463)

Destroy them immediately after they have served their purposeor protect them as required for the level of classifiedinformation they contain.


Who establishes a system of security checks at theclose of each work day to ensure area security? (463)

Heads of activities that deal with classified information.


What forms are used to record end-of-day securitychecks of classified material? (463)

SF 701, Activity Security Checklist, and SF 702, SecurityContainer Check Sheet.


When may a person have access to classified information?(463)

When he or she has the proper security clearance, need toknow and a signed nondisclosure agreement.


Who has the final responsibility for determining if aperson's official duties require access to classified informationand if the person is granted the appropriate securityclearance? (463)

The individual authorized possession, knowledge or controlof the information.


How is Top Secret information controlled and accountedfor? (463)

Through Top Secret control account systems established byunit commanders and staff agency chiefs.


All transactions for Top Secret material must beconducted through the Top Secret Control Officer(TSCO). T/F (463)

True. (The unit commander or staff agency chief designatesthe TSCO.)


How is secret information controlled? (463)

Internally according to Air Force policy, as specified by unitcommanders or staff agency chiefs.


When are receipts necessary for secret information?(463)

When transm1ttmg through the US Postal Service or approvedpackage delivery services, or when an employee isdesignated as a courier to hand-carry information.


How is Confidential information controlled? (464)

Through routine administrative procedures.


What must you do if you find classified material outof proper control? (464)

1) Take custody of and safeguard the material, if possible;and 2) immediately notify the appropriate security authorities.


What should you do if classified information appearsin the public media? (464)

Be careful not to make any statement or comment that wouldconfirm the accuracy or verify the classified status of theinformation.


What sanctions are DoD military and civilian personnelsubject to if they knowingly, willfully or negligentlydisclose classified information to unauthorized persons?(464)

Sanctions include, but are not limited to: warning, reprimand,suspension without pay, forfeiture of pay, removal,discharge, loss or denial of access to classified information,removal of classification authority, and actions taken underthe UCMJ and under applicable criminal laws.


Action for unauthorized disclosure of classified informationmay be taken under the UCMJ. T/F (464)

True. (It may also be taken under applicable criminal law.)


What program determines the reliability, trustworthiness,good conduct and character of individuals beforethey have access to classified information or are assignedto sensitive duties? (464)

The Personnel Security Program.


Once you receive a security clearance, are you subjectto continuing assessment of trustworthiness? (464)

Yes. (Commanders and supervisors continually observe andevaluate subordinates and immediately report any unfavorableconduct or conditions that may bear on subordinates'trustworthiness or eligibility.)


Who grants, denies and revokes security clearanceeligibility? ( 464)

The Air Force Central Adjudication Facility. (If it is deniedor revoked, individuals receive due process and may appeal.)


Personnel security clearances are recorded withinwhat system? (464)

The Joint Personnel Adjudication System (JPAS).


What is the Air Force policy on industrial security?(464)

To specify in its classified contracts government informationand sensitive resources that must be protected against compromiseor loss while entrusted to industry.


Which AFI assigns functional responsibilities andestablishes a system of review that identifies outdated,inappropriate and unnecessary contractual security requirements?(464)

AFI 31-601, Industrial Security Program Management. (Policyalso provides guidance for establishing on-base integratedcontractor visitor groups.)


To whom do the industrial security policies, requirementsand procedures identified in AFI 31-601 apply?(464)

Air Force personnel and on-base DoD contractors performingservices under the terms of a properly executed contractand associated security agreement or similar document, asdetermined appropriate by the installation commander.


What does the Air Force Integrated Defense (ID)Program use to mitigate potential risks and defeat adversarythreats within the Base Boundary (BB) and BaseSecurity Zone (BSZ)? (464)

Multidisciplinary active, passive, offensive and defensivecapabilities.


Why is it critical to integrate the Air Force IntegratedDefense (ID) Program with other Air Force capabilities?(464)

To achieve synergistic effects using an all-hazards approach.


Name eight threats and hazards that the Air ForceIntegrated Defense (ID) Program protects against. (464)

1) Terrorist insiders; 2) criminals; 3) Foreign Intelligenceand Security Services (FISS); 4) Chemical, Biological, Radiological,Nuclear and High-Yield Explosive (CBRNE) attacks;5) natural and man-made disasters; 6) major accidents;7) release of hazardous materials; and 8) toxic industrialmaterials or chemicals.


Integrated Defense (ID) is a fundamental battlecompetency. T/F (464)



The teaming of Integrated Defense (ID) forces createsa united, seamless defense stronger than the defensiveefforts of individuals or individual units. What doesthis ensure? (464)

That all Airmen are trained to defend themselves and integrateinto defense operations while in garrison or deployed.


Describe the four-step process installation commandersuse to implement Integrated Defense (ID) operations.(465)

1) Determine and prioritize installation assets; 2) analyzethreats and the operating environment; 3) assess installationvulnerabilities; and 4) make prudent ID decisions based onrisk estimates.


Why is risk management during the Integrated DefenseRisk Management Process (IDRMP) critical? (465)

It allows the installation commander to make the best use oflimited resources and personnel to achieve the ID mission.


The goal of Integrated Defense (ID) is to __ securitythreats throughout the Base Boundary (BB) to ensureunhindered Air Force operations. (465)



Through Integrated Defense (ID), commanders mustminimize mission degradation from threat activity withinthe Base Boundary (BB). What else must they do? (465)

l) Coordinate necessary security operations support withinthe Base Security Zone (BSZ) (when the BSZ is not congruentwith the BB); 2) minimize injury and loss of life fromthreat activity; and 3) protect government property and personnel.


Whose coordinated effort is required to provide aseamless progression of protection programs to protectand defend an air base? (465)

Emergency Management (EM), Antiterrorism (AT) and othermission support function forces under the Force Protection(FP) umbrella.


The Base Boundary (BB) is not necessarily the baseperimeter. Upon what factors is the BB established? (465)

Mission, Enemy, Terrain and Weather, Troops and Support Available, Time available, Civil Considerations (METT-TC)


While the Base Boundary (BB) may not necessarilycoincide with the fenced perimeter, property lines or legalboundaries, the Defense Force Commander (DFC)will strictly adhere to legal, jurisdictional, host nationconstraints, commander's intent and higher echelon ordersand directives when conducting operations. T/F(465)



What Air Force-specific concept and term is used todescribe the area of concern around an air base and tosupport the establishment and adjustment of the BaseBoundary (BB)? (465)

Base Security Zone (BSZ).


The Base Security Zone (BSZ) is the area outside thebase perimeter from which a threat can launch an attackusing __ threats (mortars, rockets and Man PortableAerial Defense Systems (MANP ADS)) against personnel,resources or aircraft approaching/departing. (465)

The installation commander should identify the BaseSecurity Zone (BSZ). With whom should they coordinatevia the operational chain of command for the BSZ to beidentified as the Base Boundary (BB)? (465)


Local, state, federal agencies in the CONUS or host nation orarea commander OCONUS.

Local, state, federal agencies in the CONUS or host nation orarea commander OCONUS.


What is the installation commander responsible forif the Base Boundary (BB) does not include all of the BaseSecurity Zone (BSZ) terrain? (465)

Mitigating through local, state, federal agencies in theCONUS or host nation or area commander OCONUS, oraccepting the risks of enemy attack.


What will vary in the Integrated Defense (ID) continuumfrom peacetime to wartime, regardless of the locationof our installations? (465)



The Base Security Zone (BSZ) and the Base Boundary(BB) are always the same. T/F (465)

False. (The BSZ may incorporate more geographical area,including key terrain from which adversaries can impact airoperations.)


Who should coordinate with local, state, federalagencies in the CONUS or host nation or area commanderOCONUS to conduct base defense tasks in the terrainoutside the Base Boundary (BB), but within the Base SecurityZone (BSZ)? (466)

The Defense Force Commander (DFC).


If forces/agencies are not available to coordinate base defense tasks within the Base Security Zone (BSZ),who should the Defense Force Commander (DFC) coordinatewith? (466)

The appropriate area commander via their operational chainof command.


Who should exercise Tactical Control (T ACON) overdefense forces operating outside the Base Boundary(BB)? (466)

The appropriate Areas of Operation (AO) commander.


Joint and coalition forces entering the Base Boundary(BB) should inform the Areas of Operation (AO)commander before entering, and monitor the Base DefenseOperations Centers (BDOC) communication netwhile operating in the area. T/F (466)

False. (Inform the BDOC.)


The Base Defense Operations Center (BDOC) is thecommand and control center for __ operations duringroutine and emergency operations. (466)

Integrated Defense {ID) operations.


At all locations, home station and deployed, the__ performs the functions of Central Security Control,Law Enforcement Desk or other Security ForcesControl Center. (466)

Base Defense Operations Center (BDOC).


What are the nine desired effects of Integrated Defense(ID)? (466)

1) Anticipate; 2) deter; 3) detect; 4) assess; 5) warn; 6) defeat;7) delay; 8) defend; and 9) recover.


131. How do commanders achieve the Integrated Defense(ID) effect of anticipation? (466)

Through intelligence analysis.


__ is an Integrated Defense (ID) effect achievedthrough professionally and persistently executing securityTactics, Techniques and Procedures (TTP). (466)



Commanders achieve the Integrated Defense (ID)effect of detect using a variety of __ processes andobservation technologies. (466)



To achieve the Integrated Defense (ID) effect of assess,commanders ensure all Air Force personnel arecognizant, ready and aware, and understand threat Tactics,Techniques and Procedures (TTP). T/F (466)



How do commanders achieve the Integrated Defense(ID) effect of warn? (466)

Through standardized, reliable communications among andbetween units and personnel.


Commanders achieve the Integrated Defense (ID)effect of __ by applying a multitude of relevant forceapplications to the threat. (466)



__ is an Integrated Defense (ID) effect achieved bydeliberately layering defensive applications to progressivelyweaken or hinder the enemy's efforts. (466)



How do commanders achieve the Integrated Defense(ID) effect of defend? (466)

Through the coordinated and synchronized force applicationof all Airmen's united efforts against the enemy.


__ is an Integrated Defense (ID) effect achievedusing prudent logistics and consequence managementplanning. (466)



The nine Integrated Defense (ID) effects utilize innovativeand reliable Tactics, Techniques and Procedures(TTP) based on what? (467)

Integrated Defense Risk Management Process (IDRMP) andanalysis.


The __ is an action group in which the SecurityForces Staff (S-2) intelligence function coordinates withSubject Matter Experts (SME) from the Intelligence andAir Force OSI communities to collaborate and conductIntelligence Preparation of the Operational Environment(IPOE). (467)

Intelligence Fusion Cell (IFC).


What is the goal of the Intelligence Fusion Cell(IFC)? (467)

To leverage information and intelligence to support timelyidentification of indicators and warnings of emerging localizedthreats.


Who does the Intelligence Fusion Cell (IFC) and itsproducts directly support in making immediate, proactivedecisions for Integrated Defense (ID) planning byproviding information? (467)

The Defense Force Commander (DFC).


In relation to Integrated Defense (ID) desired effects,it is preferred to __ a threat, but if that doesn't succeed,the next ideal effect would be to __ the threat.(467)

Deter; detect.


Immediate retaliation by forces occurs when a threathas been detected. T/F (467)

False. (Assessment occurs.)


What actions do friendly forces take when a threatcan't be eliminated or defeated? (467)

The threat must be delayed.


Defensive measures must be taken to mitigate theeffects of the threat if unable to delay. __ actions arethen implemented to consolidate and reorganize friendlyforces and restore operations. (467)

Recovery actions.


Intelligence Preparation of the Operational Environment(IPOE) is an analytical methodology that providespredictive intelligence to warfighters for what purpose?(467)

Planning and executing operations.


Intelligence Preparation of the Operational Environment(IPOE) supports operational decisions byproviding analyzed information regarding a threat andenvironment, achieving the Integrated Defense (ID) desiredeffect of __ . (467)



Intelligence Preparation of the Operational Environment(IPOE) enables the commander to visualize thespectrum of friendly and adversarial capabilities, weaknessesand what else? (467)

How they are affected by environmental factors and the logicalpredictions of the most likely and most dangerous EnemyCourse of Action (ECOA).


What are the four continuous parts of the IntelligencePreparation of the Operational Environment(IPOE) process? (467)

1) Define the operating environment; 2) describe the operatingenvironment's effects; 3) evaluate the enemy; and 4) determineEnemy Course of Action (ECOA).


The first part in the Intelligence Preparation of theOperational Environment (IPOE) process is comprised ofcomprehensive lists, dispositions and capabilities of forcesthat contribute to installation security and are availableduring enemy surges. What else does it consist of?(467)

Background data on the operating environment, includinghistory, demographics, socioeconomic data, religious groups,terrain, weather, etc.


What should be identified in Part 1 of the IntelligencePreparation of the Operational Environment(IPOE) process for later consideration during wargaming conducted in IPOE Part 4?

Incident and emergency response plans.


In Part 2 of the Intelligence Preparation of the OperationalEnvironment (IPOE) process, the collected datais analyzed and the factors affecting operations, equipmentand personnel are described. Use color-coded __charts when possible. (467)

Stoplight charts. (In yellow, green and red.)


Historical data, existing intelligence analyses andother reports about adversaries operating in the geographicarea of concern are collected during Part 3 of theIntelligence Preparation of the Operational Environment(IPOE) process. What must be considered about eachspecific group or adversary? (467)

Their capabilities and weaknesses, without assuming that allenemy forces collaborate, and the effects of the operatingenvironment.


In Part 4 of the Intelligence Preparation of the OperationalEnvironment (IPOE) process, establish a predictionof the most likely and most dangerous EnemyCourse of Action (ECOA) and then establishCourse of Action (COA) through a process ofwargaming. (467)



To whom does the Integrated Defense Risk ManagementProcess (IDRMP) provide the ability to produceeffects-based Integrated Defense Plans (IDP) by using astandardized model to identify risks and develop riskmanagement strategies? (467)

Installation commanders, Integrated Defense WorkingGroups (IDWG), Defense Force Commanders (DFC) anddefense planners.


The Integrated Defense Risk Management Process(IDRMP) identifies at-risk assets and aids the __ ingenerating the Criticality Assessment (CA) and the RiskAssessment (RA) products. (467)

Integrated Defense Working Groups (IDWG).


What is an Integrated Defense Risk ManagementProcess (IDRMP) risk reduction decision based upon?(467)

A clear understanding of what is important, the estimatedthreat and how the asset might be damaged or destroyed.


The Integrated Defense Risk Management Process(IDRMP) analyzes an installation's defense capabilitiesand provides options to mitigate security risks. What aresome examples of these options? (468)

Additional Tactics, Techniques and Procedures (TTP), facility hardening and technology insertion.


What are the four main Integrated Defense RiskManagement Process (IDRMP) components influencedby the evolving situation monitored through the IntelligencePreparation of the Operational Environment(IPOE) cycle? (468)

1 )Risk Assessment (RA); 2) risk tolerance decision; 3)Course of Action (COA) determination; and 4) decision andimplementation.


The four components of the Integrated Defense RiskManagement Process (IDRMP) are performed in sevensteps. Name them. (468)

ep I: Develop the Criticality Assessment (CA); Step 2&3:Develop the Threat Assessment (TA) and Vulnerability Assessment(VA); Step 4: Develop the Risk Assessment (RA);Step 5: Risk Tolerance Decision; Step 6: Present CountermeasureCourse of Actions (COAs); and Step 7: Decisionand Implementation.


What is accomplished in Step 1 of the IntegratedDefense Risk Management Process (IDRMP)? (468)

The Criticality Assessment (CA) identifies assets worthy ofprotection whose loss or damage would have a negative impacton the mission.


What types of criteria are fundamental to the evaluationin Step 1 of the Integrated Defense Risk ManagementProcess (IDRMP)? (468)

Mission criticality, impact on national defense,replaceability, monetary value and relative (or intrinsic) value.


During which step(s) of the Integrated Defense RiskManagement Process (IDRMP) are Threat Assessments(TA) and Vulnerability Assessments developed? (468)

Steps 2 and 3.


Information is required about the operational capability,intentions, activity, operating environment andhistory to know if adversaries pose a threat. What aresome examples of adversaries and their tactics? (468)

Hackers, terrorists, criminals and protestors.


__ are weaknesses that can be exploited by anadversary because of inadequate security, lax or complacentpersonnel trends, vulnerable software or hardware,and insufficient security policies or procedures. (468)



Identification and evaluation of existing threats andvulnerabilities may be supplemented with other documents,such as Antiterrorism (AT) Vulnerability Assessments.When are these threats identified? (468-Note)

During Parts 1 through 3 of the Intelligence Preparation ofthe Operational Environment (IPOE) process.


During which step of the Integrated Defense RiskManagement Process (IDRMP) is the risk assessmentdeveloped? (468)

Step 4.


What equation is used to determine a quantitativemeasurement of risk in Step 4 of the Integrated DefenseRisk Management Process (IDRMP)? (468)

Risk = asset criticality multiplied by (threat multiplied byvulnerability).


If information required to assess risks is deficient inStep 5 of the Integrated Defense Risk Management Process(IDRMP) process, what should be developed or modifiedto guide the intelligence community's collection efforts?(468)

A command critical intelligence requirement.


In today's resource-constrained environment, somerisks must be accepted. T/F (468)



Why are some risks intolerable during Step 5 of theIntegrated Defense Risk Management Process (IDRMP)?(468)

Due to their frequency or severity of consequence.


In Step 5 of the Integrated Defense Risk Manage- Vment Process (IDRMP), the installation commander'sintent for __ will define the level of tolerance. (468)

Integrated Defense (ID).


During which step of the Integrated Defense RiskManagement Process (IDRMP) will the Integrated DefenseWorking Groups (IDWG) develop countermeasureCourses of Action (COA) to remove or mitigate vulnerabilitiesand reduce unacceptable risks? (468)

Step 6.


An estimate of risk deduction can be prepared, alongwith showing the costs associated with __ implementation,during Step 6 of the Integrated Defense RiskManagement Process (IDRMP). (468)

Course of Action (COA) implementation.


What is the most important step in the IntegratedDefense Risk Management Process (IDRMP)? (468)

Decision and Implementation.


What will the installation commander do duringStep 7 of the Integrated Defense Risk Management Process(IDRMP)? (468)

They will select the Course of Action (COA) that will reduce \....Irisks to tolerable levels and direct resources to implement thedecision.


What is closely tied with Step 7 in the Integrated Defense Risk Management Process (IDRMP)? (468)

Continuous assessment.


What can decisionmakers do during Step 7 of theIntegrated Defense Risk Management Process (IDRMP)by immediately identifying changes to the installation'scritical assets, threats and vulnerabilities? (468)

Continually refine the installation's risk posture.


Integrated Defense (ID) provides flexible planningand execution opportunities that allow owners or users ofProtection Level 1 (PLl), Protection Level 2 (PL2), ProtectionLevel 3 (PL3) and Protection Level 4 (PL4) assetsto become actively involved in what? (468)

he defense of their areas.


The Integrated Defense Risk Management Process(IDRMP) provides a more precise understanding of howthe three risk factors of threat, vulnerability and assetcriticality relate to each other. Why should commandersunderstand these relationships? (468)

It will assist in mitigating, accepting and reducing risks.


Operationalize __ to maintain optimal situationalawareness throughout the Base Boundary (BB) and BaseSecurity Zone (BSZ), by developing a robust intelligence/information collaboration, analysis and fusion capability.(469)

Force Protection Intelligence (FPI).


What protection level is assigned to resources whoseloss, theft, destruction, misuse or compromise would resultin great harm to US strategic capability? (469)

Protection Level 1 (PL!).


Give examples of Protection Level 1 (PLl) resources.(469)

Nuclear weapons in storage, mated to a delivery system, orin transit; designated Command, Control, and Communications(C3) facilities; and aircraft designated to transport thePresident of the US.


Which protection level provides maximum means todetect, intercept and defeat a hostile force before it is ableto seize, damage or destroy resources? (469)

Protection Level 1 (PL!).


Which protection level is assigned to resources whoseloss, theft, destruction, misuse or compromise wouldcause significant harm to US warfighting capability?(469)

rotection Level 2 (PL2).


Give examples of Protection Level 2 (PL2) resources.(469)

Nonnuclear alert forces; designated space and launch systems;expensive, few in number or one-of-a-kind systems orfacilities; and intelligence-gathering systems.


What protection level is assigned to resources whoseloss, theft, destruction, misuse or compromise woulddamage US warfighting capability? (469)

Protection Level 3 (PL3).


Give examples of Protection Level 3 (PL3) resources.(469)

Nonalert resources that can be generated to alert status suchas F-16 fighters; selected Command, Control, and Communications(C3) facilities, systems and equipment; andnonlaunch-critical or nonunique space launch systems.


Which protection level is assigned to resources thatdo not meet the definitions of the other protection levels,but whose loss, theft, destruction, misuse or compromisewould adversely affect Air Force operational capability?(469)

Protection Level 4 (PL4).


Give examples of Protection Level 4 (PL4) resources.(469)

Facilities storing Category I, II or III sensitive conventionalarms, ammunition and explosives; fuels and liquid oxygenstorage areas; and Air Force accounting and finance vaultareas.


How are Protection Level 4 (PL4) resources secured?(469)

By containing them in controlled areas patrolled by armedsecurity forces.


Who is responsible for providing physical protectionfor (PL4) resources? (469)

Unit commanders.


How does the Air Force Antiterrorism (AT) Programdeter or mitigate terrorist acts? (469)

1) giving guidance on collecting and disseminating timelythreat information; 2) training all Air Force members; 3)developing comprehensive plans to deter and counter terroristincidents; 4) allocating funds and personnel; and 5) implementingAT measures.


At least annually, commanders conduct comprehensivefield and staff training to exercise Antiterrorism(AT) plans. This training includes what two measures?(469)

AT physical security measures and Emergency Management(EM) plans.


Antiterrorism (AT) training and exercises (particularlypre-deployment training) must be as heavily emphasizedas combat task training. What else must it do?(469)

1) Identify shortfalls affecting the protection of personnel,assets and information; 2) be supported by measurable standards;and 3) include credible deterrence and response, Tactics,Techniques, and Procedures (TTP) and lessons learned.


Installations and self-supported separate facilitiesannually exercise the current baseline through ForceProtection Condition (FPCON) Charlie measures. T/F(469)



Who gathers, analyzes and disseminates terroristthreat information? (469)

Appropriate organizations tasked by their commanders.


Forces are continually trained in what three factorsregarding threat information collection and analysis?(469-470)

1) Maximizing the use of information derived from law enforcementliaison, intelligence and Counterintelligence (CI);2) intelligence procedures for handling priority intelligencerequests; and 3) implementing intelligence preparation of thebattlefield and mission analysis.


What is the first step in developing an effective Antiterrorism(AT) Program? (470)

Identifying potential terrorism threats to DoD personnel andassets.


What is required for a terrorism threat assessment?(470)

Identification of the full range of known or estimated terroristthreat capabilities.


What should commanders at all levels do in additionto tasking appropriate agencies to collect informationregarding terrorist threats? (470)

Encourage personnel under their command to report informationon individuals, events or situations that could pose athreat to the security of DoD personnel, families, facilitiesand resources.


Who is responsible for ensuring the timely collectionprocessing, analysis, production and dissemination ofcurrent, foreign and national-level intelligence regarding terrorism and force protection issues?

The Deputy Chief of Staff Intelligence, Surveillance andReconnaissance (HQ USAF/A2).


The Air Force OSI collects, investigates, analyzesand responds to terrorist, criminal activity, foreign intelligenceand security services threats. What is its focus?(470)

Countering adversary intelligence collection and acting asthe single point of contact with all law enforcement, Counterintelligence(CI) and security agencies.


Why do installation commanders develop and implementa Random Antiterrorism Measure (RAM) Program?(470)

To provide random, multiple security measures that consistentlychange the look of an installation's Antiterrorism (AT)Program.


How do Random Antiterrorism Measures (RAM)prevent terrorist surveillance attempts from accuratelypredicting our actions? (470)

By introducing uncertainty to an installation's overall forceprotection program.


The Random Antiterrorism Measure (RAM) pro- \.....;gram is included in __ plans and ties directly with allForce Protection Conditions (FPCON). (470)

Antiterrorism (An plans.


Who monitors, tracks and analyzes Random AntiterrorismMeasure (RAM) implementation efforts? (470)

Antiterrorism Officer (A TO). (Installation commanders ensureRAMs are conducted and reported.)


List at least five general Antiterrorism (AT) personalprotection measures. (470)

Any five of the following: 1) keep a low profile; 2) avoidgoing out in large groups; 3) be unpredictable and vary routines;4) be alert for anything suspicious or out of place; 5)avoid giving unnecessary personal details; 6) be alert tostrangers on government property for no apparent reason; 7)don't meet strangers outside your workplace; 8) advise familymembers or associates of your destination and anticipatedarrival time when leaving your home or office; 9) report unsolicitedcontacts; 10) don't open doors to strangers; 11)memorize key telephone numbers; 12) be cautious aboutgiving out information regarding travel plans or securitymeasures; and 13) learn key phrases in the local language ifoverseas.


Spouses and children do not need to practice basic security protective measures. T/F (470)



Family members should regularly review protectivemeasures and techniques and know what to do in anemergency. List three other basic security measures tofollow. (470)

Any three of the following: 1) restrict the possession ofhouse keys; 2) lock entrances at night; 3) keep the houselocked at all times even when home; 4) destroy documents orother items that show name, rank or other personal information;5) remove name and rank from mailboxes; 6) watchfor unfamiliar vehicles cruising or parked frequently in thearea; and 7) be familiar with local terrorist threats.


What emergency telephone numbers should youpreprogram and post on the telephone itself? (470)

Security forces, local police, fire department, hospitals andambulances.


In telephone security, never answer the phone withyour name and grade. T/F (470)



Report any threatening phone calls to security officialsand the telephone company. What informationshould you try to ascertain about the caller? (470)

Any pertinent information, such as background noise, accent,nationality or location.


Any pertinent information, such as background noise, accent,nationality or location.

Any three of the following: 1) travel in small groups; 2) remaininconspicuous in public transportation and facilities; 3)avoid spontaneous gatherings and demonstrations; 4) stayaway from known trouble; 5) dress and act like locals; 6)know emergency phone numbers and local dialing instructions;and 7) ensure family members carry a list of telephonenumbers at all times.


Give at least five characteristics of a suspiciouspackage or mail. (471)

Any five of the following: 1) unusual/unknown place oforigin or no return address; 2) excessive postage; 3) mismatchedpostmark and return address; 4) handwritten labels;5) misspelled words, incorrect titles or titles with no name;6) special instruction markings; 7) excessive security material;8) abnormal size, shape, weight or odor; 9) protrudingstrings, aluminum foil or wires; 10) springiness in the top orbottom; 11) inflexibility or crease marks; 12) discoloration oroily stains; 13) ticking, beeping or other sounds; and 14)evidence of powder or other contaminants.


What should you do if you receive a suspicious package?(471)

Never cut the tape, string or other wrappings of the package.Place it in a plastic bag, if it has been moved, to preventleakage.


What should you do if you touched a package suspectedof containing chemical or biological contaminants?(471)

Wash your hands thoroughly with soap and water.


What should you report immediately along with anysuspicious mail? (471)

A list of personnel present when the mail was identified.


Where do criminal or terrorist attacks against individualsusually occur? (471)

Outside the home after victim's habits have been established,particularly on the route traveled from home to place of dutyor other frequented local facilities.


What should you check your vehicle for before youenter it? (471)

Signs of tampering on its interior and exterior. Examine thetires and trunk for fingerprints or smudges. (Contact localauthorities and never touch your vehicle if you detect somethingsuspicious.)


List three travel precautions you should take whileOS. (471)

Any three of the following: 1) select plain cars; 2) avoidgovernment vehicles, if possible; 3) don't display decals withmilitary affiliations; 4) don't openly display military equipment;5) keep the doors locked at all times; and 6) travel witha companion.


What three precautions should you take when travelingvia taxi OS? (471)

1) Do not let someone you do not know guide you to a specific taxi; 2) make sure it is licensed and has safety equipment(seatbelts at a minimum); and 3) ensure the driver'sface matches the picture on their license.


What document should you consult before travelingOS to ensure you know and meet all requirements fortravel to a particular country? (471)

DD 4500.54-G, DoD Foreign Clearance Guide.


Before traveling OS, get an Area of Responsibility(AOR) specific threat briefing from your security officer, Antiterrorism Officer (A TO) or appropriate Counterintelligence(CI) or security organization. This briefingmust occur within __ months of travel. (471)

Three months.


Name five precautions you should take when travelingOS via commercial air transportation. (471)

Any five of the following: I) use office symbols on yourorders or leave authorization if words would reveal a sensitiveposition; 2) use military contractor US flag carriers; 3)avoid high-risk areas; 4) don't use rank or military address ontickets; 5) sit in the center of the aircraft, if possible; 6) don'tdiscuss military affiliation; 7) have proper identification; 8)don't carry classified documents unless absolutely missionessential;9) dress conservatively but not in distinctive militaryitems; 10) cover any US-affiliated tattoos; and 11) carryplain civilian luggage.


__ is derived from information collected and providedby human sources. (471)

Human Intelligence (HUMIND.


What is Counterintelligence (Cl)? (471)

Information gathered and activities conducted to protectagainst espionage, other intelligence activities, sabotage orassassinations conducted by or on behalf of foreign governments,organizations or persons or international terrorist activities.


What are the four Human Intelligence (HUMINT)and Counterintelligence (Cl) threat areas? (471)

1) Espionage; 2) subversion; 3) sabotage; and 4) terrorism.


__ is the act of obtaining, delivering, transmitting,communicating or receiving information about thenational defense with intent or reason to believe the informationmay be used against the US orr to the advantageof a foreign nation. (471)



What Human Intelligence (HUMINT) and Counterintelligence(CI) threat area arises from any action designedto undermine the military, economic, psychologicalor political strength or morale of a regime? (471)



What term describes any action intended to injure,interfere with or obstruct the national defense by willfullyinjuring, destroying or attempting to injure or destroynational defense or war material (including human andnatural resources)? (471)



Define terrorism. (472)

The calculated use of unlawful violence or threat of unlawfulviolence to instill fear.


What is the intent of terrorism? (472)

To coerce or intimidate governments or societies in the pursuitof goals that are generally political, religious or ideological.


__ is a systematic effort to procure informationthrough direct and indirect questioning of a person incustody. (472)

Interrogation. (Information may be provided willingly orunwittingly.)


Human Intelligence (HUMINT) sources who makeunsolicited first contact are known as sources.(472)

"Walk-in" sources.


Which Human Intelligence (HUMINT) sources arecontacted over a period of time and provide informationbased on operational requirements? (472)

Developed sources.


Regarding Human Intelligence (HUMINT), what isdebriefing? (472)

The process of questioning cooperating human sources consistentwith applicable law. (The source is usually not in custody.)


If properly processed and exploited, what can captureddocuments and media provide? (472)

1) The adversary's plans and intentions; 2) force locations; 3)equipment capabilities; and 4) logistical status.


Captured documents and media are primary HumanIntelligence (HUMINT) sources. T/F (472)

False. (However, they do provide valuable information.)


You must report Human Intelligence (HUMINT) orCounterintelligence (CI) contacts or information to AirForce OSI within __ days, either verbally or in writing.(472)

30 days.


How does AFI 71-101, Volume 4, Counterintelligence,define Human Intelligence (HUMINT) or Counterintelligence(CI) contacts? (472)

Any exchange of information directed to an individual, includingsolicited or unsolicited telephone calls, e-mail, radiocontact and face-to-face meetings.


List three examples of Human Intelligence(HUMINT) or Counterintelligence (CI) contacts or informationthat must be reported to the Air Force OSI.(472)

Any three of the following: 1) contact with a foreign diplomaticestablishment not related to official duties; 2) requestsfor illegal or unauthorized access to classified or unclassifiedcontrolled information; 3) persons who suggest they mayhave been targeted for intelligence exploitation; and 4) indicationsthat military members, civilian employees or DoDcontractors have contemplated, attempted or effected thedeliberate compromise or unauthorized release of classifiedor unclassified controlled information.


__ initiates and conducts all Counterintelligence(CI) investigations, operations, collections and other relatedactivities for the Air Force. (472)

Air Force OSI. (They are also the installation-level trainingagency for CI awareness briefings and the sole repository forthe collection and retention of reportable information.)


Air Force OSI coordinates with the FBI and CIAoutside the US, if appropriate. T/F (472)

True. (It collaborates with the FBI inside the US.)


Who has a special obligation to report informationpertaining to the protection of the President of the UnitedStates to the Secret Service? (473)

Individuals affiliated with the Armed Services. (This is byformal agreement between the DoD and United States SecretService.)


Who must you notify of information concerning thesafety of anyone under the protection of the US Secret Service?

Your commander, supervisor or the Air Force OSI.


List the people the US Secret Service protects. (473)

The President and Vice President, the President- and VicePresident-elect, all former Presidents and their wives or widows,and any visiting foreign head of state.


What information regarding the safety of those underSecret Service protection must be reported? (473)

1) Threats, incidents or demonstrations against foreign diplomaticmissions; 2) use or attempted use of bodily harm,assassination or kidnapping as a political weapon; 3) civildisturbances that may require the use of federalized NationalGuard or US military personnel; 4) US citizens or residentswho have renounced (or indicated a desire to renounce) theUS government, who are characterized by emotional instability,violent anti-US sentiment or a propensity toward violence;and 5) military members or civilian employees of thearmed forces being separated, discharged or retired who aredeemed a threat by a competent authority.


Who is the point of contact between the Air Forceand the US Secret Service? (473)

Air Force OSI.


Security is the responsibility of all members of theAir Force at all times. T/F (473)