CJCSM 6510.01B, Encl. B

Question 1

What is the DoD system of record for lessons learned?

Answer 1

JLLIS

Question 2

What is the primary vehicle for reporting and recording all cyber incidents and reportable events?

Answer 2

JIMS

Question 3

Security classifications of cyber incidents are determined in accordance with which publication?

Answer 3

DoDI O-3600.02

Question 4

How many different types of initial cyber incident reporting are there?

Answer 4

2

Question 5

What is the minimum security requirement when sending e-mails reporting a cyber incident?

Answer 5

Digital Signature

Question 6

What includes the coordinated and initial actions taken to protect the information network or IS from any further malicious activity and to acquire the data required fro further analysis?

Answer 6

Preliminary response

Question 7

What will Cyber incident containment be coordinated with?

Answer 7

CNDSP

Question 8

Which type of data is RAM considered?

Answer 8

Volatile

Question 9

Which type of data are system images and malware considered to be?

Answer 9

Persistent

Question 10

Which type of data is the configuration around the system considered to be?

Answer 10

Environmental

Question 11

What is defined as a series of analytical steps taken to find out what happened in an incident?

Answer 11

Cyber incident analysis

Question 12

What should any software artifacts suspected of being malware be submitted to?

Answer 12

Joint Malware Catalog (JMC)

Question 13

What is the primary path or method used by the adversary to cause the cyber incident or even to occur?

Answer 13

Delivery vector

Question 14

What expands upon the identified delivery vectors and system weaknesses by precisely identifying the
sets of conditions allowing the incident to occur?

Answer 14

Root cause identification

Question 15

What refers to an incident’s detrimental impact on the technical capabilities of the organization?

Answer 15

Technical Impact (TI)

Question 16

What refers to a detrimental impact on an organization’s ability to perform its mission?

Answer 16

Operational Impact (OI)

Question 17

What must actions that potentially affect traffic on the DoD Protected Traffic List be coordinated with?

Answer 17

USCYBERCOM

Question 18

What involves understanding and accurately characterizing the relationship of incidents reported and providing awareness of the cyber security trends as observed by the affected parties? (Page

Answer 18

Trending analysis

Question 19

ISs having which categories of cyber incidents must be rebuilt from trusted media and have up-to-date
AV software loaded and configured IAW STIGs and WARNORDs prior to connecting the IS to the
information network?

Answer 19

1, 2, and 7

Question 20

What is used to document the technical and operational impact of the cyber incident on the organization?

Answer 20

BDA

Question 21

Within how many hours after the cyber incident has been resolved must the JIMS incident record be
updated with the BDA?

Answer 21

24

Question 22

What are lessons learned, initial root cause, problems with executing COAs, and missing policies and
procedures all part of?

Answer 22

Post-incident analysis

Question 23

Where are cyber incidents sent that require a postmortem?

Answer 23

USCYBERCOM

Question 24

What is defined as a set of scripts, programs, and other resources used to safely acquire, examine, and
preserve volatile and non volatile data from an IS?

Answer 24

First responder toolkit