Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

March 2017 E-6 IT1 Exam > CJCSM 6510.01B, Encl. E > Flashcards

CJCSM 6510.01B, Encl. E Flashcards

1
Q

What is defined as an organized and coordinated series of steps to resolve or mitigate a reported
incident?

A

Incident Response

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What have the primary objective to halt or minimize attack effects or damage while maintaining
operational mission continuity?

A

Response Actions (RAs)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How many different types of response activities can occur?

A

3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which type of RAs involve containment or eradication of any risks or threats associated with the cyber
incident, and the rebuilding or restoring of affected ISs to a normal operational state?

A

Technical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which type of RAs require some type of administrative, supervisory, or management intervention,
notification, interaction, escalation, or approval as part of any response?

A

Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What include the actions necessary to respond to the reportable cyber event or incident, fix the IS, return
the IS to operations, and assess the risk for the IS or information network?

A

Courses of Action (COAs)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which command reserves the right to direct and assist CC/S/A/FAs with response actions for incidents
that fall into a DoD enterprise incident set or when actions otherwise affect multiple theater or Service
information networks?

A

USCYBERCOM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is defined as short term, tactical actions to stop an intruder’s access to a compromised IS, limit the
extent of an intrusion, and prevent an intruder from causing further damage?

A

Containment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is defined as using network access controls at the perimeter or enclave boundary to prevent the
attacker from connecting to other DoD information networks, ISs, or DoD data and services?

A

Blocking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which type of blocks are specific to the component behind the firewall?

A

Enclave

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What involves the use of network access controls to logically segment the network and restrict access to the affected hosts?

A

Network Isolation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is defined as the steps required to eliminate the root cause(s) of an intrusion?

A

Eradication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Where must any malware that is uncovered throughout the incident response process be cataloged?

A

JMC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is defined as the steps necessary to restore the integrity of affected ISs, return the affected data,
ISs, and information networks to an operational state, and implement follow up strategies to prevent the
incident from happening again?

A

Recovery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

All ISs having which categories of incidents must be erased and rebuilt from trusted media, then
patched and updated prior to connecting the IS to the information network?

A

1, 2, or 7

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is defined as a review of the incident, including the detection, analysis, and response phases?

A

Postmortem

March 2017 E-6 IT1 Exam (83 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions