Part 1

Question 1

What is a computer environment connected by one or more internal networks under the control of a single authority and security policy

Answer 1

Enclave

Question 2

What do enclaves provide?

Answer 2

Cybersecurity capabilities such as boundary defense, key management, incident response, and delivery of common applications such as automation and email.

Question 3

What is a networking backbone of an enclave responsible for connecting system devices and hosts by providing data transport capabilities such as operational or wide area and backbone networks that provides for the application of cybersecurity controls?

Answer 3

Network Environment

Question 4

What are local area networks, servers, hosts, operating systems, peripherals, and applications apart of?

Answer 4

Computing Environment

Question 5

What are the requirments for Cyber Secuity Work Force personnel?

Answer 5

Approved military training
Academic Degrees
Commercial Cyber Security Certificates
Approved Training and credentials

Question 6

What is an object or person or entity that is a danger to an information system?

Answer 6

Threat

Question 7

What are Insider Threats?

Answer 7

Junior and non trained personnel
Disgruntled personnel
System Administrators

Question 8

What are outsider threats?

Answer 8

Nation states
Hackers
Terrorists
Organized crime
Industrial competitors 
Other criminal elements
International press

Question 9

Why do Administrators pose an increased threat?

Answer 9

Access to systems
Administrative passwords
Extensive knowledge of seucrity settings
Extensive training in attack methodologies

Question 10

Why is it important to disable group accounts?

Answer 10

Group accounts remove non repudiation

Question 11

What is a weakness that can be exploited in an information system or its components?

Answer 11

Vulnerability

Question 12

What is the likelihood that a vulnerability can be exploited?

Answer 12

Risk

Question 13

How to we classify a network’s vulnerabilities?

Answer 13

DISA severity codes 
I - immediately
II - within 90 days 
III - within 180 days 
IV - within a year

Question 14

What does IAVA stand for and what is the priority associated with it?

Answer 14

Information Assurance Vulnerability Alert

High priority

Question 15

What does IAVB stand for and what is the priority associated with it?

Answer 15

Information Assurance Vulnerability Bulletin

Medium Priority

Question 16

What does IAVT stand for and what is the priority associated with it?

Answer 16

Information Assurance Vulnerability Technical Advisory

Low priority

Question 17

What is self propagating and does not require user action?

Answer 17

Worm

Question 18

What is self replicating and can corrupt or delete data and requires user interaction?

Answer 18

Virus

Question 19

What is malware that is disguised as a legitimate program, does not replicate, and requires interaction with the hacker?

Answer 19

Trojan

Question 20

What is a piece of code designed to execute when conditions are met?

Answer 20

Logic bomb

Question 21

What aquires information by social means?

Answer 21

Social Engineering

Question 22

What is phishing that appears to be from within the organization?

Answer 22

Spear phishing

Question 23

What is unsolicitated electronic messages that can be malware?

Answer 23

Spam

Question 24

What are three types of password attacks

Answer 24

Dictionary attacks- uses all the words in a dictionary or txt file
Hybrid- dictionary using alpha numberic symbols and numbers
Brute force- takes the most time, most powerful cracking method, random generation of passwords and associated hashes

Question 25

What are the risks asscoiates with Portable Electronic Devices?

Answer 25

Loss/ Theft Cellular cloning Bluetooth hacking attempts Data leaks

Question 26

What are the risks associated with Embarkables?

Answer 26

Malware | Data leaks / spillage

Question 27

What is a statement of actions to be taken before, during, and after a disaster or emergency?

Answer 27

Contingency Plan

Question 28

What are the 4 types of Accreditation decisions?

Answer 28

Authority to Operate (ATO) Interim Authority to Operate (IATO) Interim Authorization to Test (IATT) Denial of Authroization to Operate (DATO)

Question 29

What is an analysis of threats and vulnerabilities?

Answer 29

Risk assessment

Question 30

What is an analysis of trade offs?

Answer 30

Risk mitigation

Question 31

What is reactive or responsive risk management process that facilitates an investigation of and response to an incident?

Answer 31

Evaluation

Question 32

What is the goal of continual assessment?

Answer 32

To identify and assess risk and bring it to an acceptable level

Question 33

What SF is used to mark Unclassified material?

Answer 33

SF 710

Question 34

What SF is used to mark Secret classified material?

Answer 34

SF 707

Question 35

What SF form is used to mark TS classified material?

Answer 35

SF 706

Question 36

What is the process of removing information to prevent data loss (discontinued use)?

Answer 36

Sanitizing

Question 37

What is the process of wiping a hard drive through magnetic means to prevent any means of data extraction using NSA guidlines?

Answer 37

Degausing

Question 38

What type of data is not retained after removal of an electronical power source?

Answer 38

Volitale

Question 39

What type of data is retained even when loss of electrical power sources are removed

Answer 39

Non- volitile

Question 40

What is provides rapid response to threats and minimizes losses and potential spilling and outlines

Answer 40

Emergency Action Plan

Question 41

What mamanges the effects or changes or differences in the configuration of an Information System?

Answer 41

Configuration Management

Question 42

Where can the 7 configuation management codes be found?

Answer 42

NIST 800-53

Question 43

What are the 5 steps in the Configuration Management process?

Answer 43

1. Identify Change 2. Evaluate Change Request 3. Implementation Decision 4. Implement Approved Change Request 5. Continuous Monitoring

Question 44

All naval systems have associated documentation to assist in operations, administration, backup, configuration, troubleshooting, and recovery

Answer 44

``` Operation Guides and Procedures Administrator Guides Back Up Guides Configuration Guides Troubleshooting Guides Recovery Guides ```

Question 45

What are the 4 types of CASREPs?

Answer 45

Initial Update Cancel Correction

Question 46

What are the 6 steps in the 6 step troubleshooting process?

Answer 46

1. Symptom Identification 2. Symptom elaboration 3. Listing probable Faulty Functions (power, security, communications, name resolution) 4. Localizing the Probable Faulty Function 5. Localizing the Probable Faulty Component 6. Failure Analysis

Question 47

What is a remediation decision?

Answer 47

Permanent fix, altercation to the start up configuration

Question 48

What is an alleviation decision

Answer 48

Temporary fix, changes made to the running configuration

Question 49

What assists in non repudiation?

Answer 49

Logging by providing hard evidence of user or system access and modification

Question 50

Where are LINUX/ UNIX logs stored? | Where are windos logs stored?

Answer 50

/var/logs | Event viewer

Question 51

How to you change access to logs in linux? What code will give you RWX?

Answer 51

CHMOD | 777

Question 52

What is the biggest threat to physical security?

Answer 52

Sailors

Question 53

What form has the information about a security container to include model, location, and a list of contacts to notify in the event of a comprimise or unauthorized access?

Answer 53

SF 700

Question 54

What form is used to annotate the opening and closing of a security container?

Answer 54

SF 702

Question 55

What form is used for end of day checks?

Answer 55

SF 701

Question 56

What is the only approved shipping for TS

Answer 56

DCS

Question 57

What is EMCON

Answer 57

Emissions security

Question 58

What CTO annotates how often you scan with ACAS?

Answer 58

CTO 11-16 | Monthly

Question 59

What are 4 causes of non compliance?

Answer 59

1. Asset not in inventory 2. Not restarted so didnt apply 3. Installed but did not eliminate vulnerability 4. Installed, fixed, now new vulnerability exists

Question 60

What is a governement standard for benchmark files that group security settings based on OS family, type, system purpose?

Answer 60

STIG

Question 61

What is included process for SCAN PATCH SCAN?

Answer 61

``` Scan Upload Investigate Patch Reboot Scan ```

Question 62

What kind of access does RETINA need?

Answer 62

Administrative / root level access

Question 63

What types of discovery scans do SCCVI use?

Answer 63

ICMP Discovery TCP Discovery UDP Discovery

Question 64

What are the types of threat databases?

Answer 64

NVD - national vulnerability database - gov | OVSDB - Open source vulnerability database - commercial

Question 65

What is ACAS comprised of?

Answer 65

Security Center - dashboard displays results of compliance scans Nessus scans - data at rest Blue notifications are unread

Question 66

What kind of crediatials does ACAS use?

Answer 66

SSH, SMB, SNMP, KERBEROS

Question 67

What are the 3 types of scans in ACAS?

Answer 67

IAVA STIG Discovery

Question 68

What is used to fill in fields like unit name, region, AOR on Reports?

Answer 68

Add Atrribute Set

Question 69

Where do you list IP addresses for switch interfaces?

Answer 69

"Do Not Scan" List

Question 70

What are the three output types of ACAS Security Center Reports?

Answer 70

.CSV - useful for uploading to a databse .PDF - useful for adding a coversheet .RDT - looks like a word document

Question 71

Which report should you use for the weekly cyber security report?

Answer 71

Monthly Executive Report - high level overview, progress made with mitigation efforts, how long vulnerabilities have remained on network

Question 72

Where do you upload scan results?

Answer 72

Vulnerability Remediation Asset Manager | VRAM

Question 73

Who has to assign newly added assets not previously seen by VRAM?

Answer 73

System admin needs to make sure they are uploaded to the correct system / asset so the correct baseline can be used to determine vulnerability and ownership

Question 74

What is VRAM used for

Answer 74

Asset compliance

Question 75

What are 4 types of results for asset complaince in VRAM?

Answer 75

Site owned, POR owned, False positive, investigation required

Question 76

What are 4 communication errors?

Answer 76

Scans stuck in queue Scans report zero assets Failure errors Results not refreshing

Question 77

If you have communication errors what can you do?

Answer 77

Reboot | 6 step troubleshooting procesz

Question 78

Disa best practice guide recooments scanning the what interface of routers?

Answer 78

Management

Question 79

Where is the pluggin repository?

Answer 79

Disa website

Question 80

What are the 4 layers of the TCP/IP model.

Answer 80

Application Transport Internet Network interface

Question 81

What layer provides the application layer eith session and datagram communication services such as TCP / UDP operation and segmentation of data?

Answer 81

Transport layer

Question 82

What layer is reponsible for routing ip addresses and packaging and allows devices to connect to path via routing protocols?

Answer 82

Internet layer

Question 83

What are the 5 http responses?

Answer 83

1. Informational - request recieved 2. Success 3. Redirection 4. Client error 5. Server error

Question 84

What determines MAC if IP is known?

Answer 84

Address Resolution Protocol ARP

Question 85

What distributes IP addresses to destination hosts

Answer 85

Dynamic Host Configuation Protocol | DHCP

Question 86

What is the messenger service for IPs?

Answer 86

ICMP

Question 87

What is a LAN standard that can run at speeds of 200mbps and uses token passing media access on fiber optic cable?

Answer 87

FDDI

Question 88

What does the scope incoperate?

Answer 88

Services, applications, internal / perimeter devices, valuable data

Question 89

What are the 5 phases of penetration testing?

Answer 89

``` Planning Reconnaissance Vulnerability identification Exploit Clean up ```

Question 90

What goes into the assessment phase?

Answer 90

Information gathering- internet searches, social media, job searches Network mapping- OS fingerprinting, ip addresses, running services

Question 91

What is the type of penetration testing where all information is known about the system? Usually inside the perimiter?

Answer 91

White box

Question 92

What type of penetration testing is where no information of the system is known? Usually outside the boundary?

Answer 92

Black box

Question 93

What type of penetration testing has some knowledge known but not all?

Answer 93

Grey box

Question 94

What is information gathering, ip blocking info, employee info, financial history, business partnerships?

Answer 94

Passive

Question 95

What type of penetration testing makes contact with employees, uses social engineering?

Answer 95

Active

Question 96

What adds a layer of security to switches?

Answer 96

VLANs

Question 97

What controls the bundling of several physical ports together to form a single logical channel?

Answer 97

Link Aggregation Control Protocol (LACP)

Question 98

What eliminates loops and broadcast storms?

Answer 98

Spanning Tree Protocol (STP)

Question 99

What transitions a port from a blocking state directly to forwarding by passing the listening and learning states?

Answer 99

Rapid Spanning Tree Protocol (RSTP)