SECNAVINST 5239.3B, DON IA POLICY

Question 1

Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation.

Answer 1

INFORMATION ASSURANCE

Question 2

Who must complete DoD IA approved training as a condition of access?

Answer 2

All authorized users of DON Information Systems

Question 3

Who must control remote access to DON information systems and networks?

Answer 3

Commanders of DON organizations

Question 4

What is the primary method for remote client-side authentication?

Answer 4

DoD PKI certificates, protected by a hardware token, such as the CAC

Question 5

All computers used for remote access must have what approved protection including automated updates?

Answer 5

DoD approved antivirus and firewall protection

Question 6

Who will centrally manage and monitor DON IDS/IPS systems?

Answer 6

Navy Cyber Defense Operations Command(NCDOC) and Marine Corps Network Operations and Security
Center(MCNOSC)

Question 7

Unless otherwise superseded by another SSIC, how long shall DON network audit records shall be retained for how long?

Answer 7

1 year (12 mos)

Question 8

What is the preferred method to ensure confidentiality and integrity of remote connections?

Answer 8

Virtual Private Networks(VPNs)

Question 9

All remote access to DON classified systems or networks shall utilize what approved COMSEC and keying material?

Answer 9

NSA-approved

Question 10

What is the primary identity credential support interoperable physical access to DON installations, facilities, buildings, and controlled spaces, and logon access to all unclassified DON networks?

Answer 10

Common access card(CAC)

Question 11

All e-mail containing an attachment or embedded active content must contain what?

Answer 11

Digital Signature

Question 12

How often shall a Contingency Plan be exercised?

Answer 12

Annually

Question 13

What process is designed to provide positive control of the vulnerability notification and corrective action process in the DoD?

Answer 13

Information Assurance Vulnerability Management(IAVM)

Question 14

How often shall all information systems must undergo information security reviews ?

Answer 14

Annually

Question 15

What is the ability to maintain the confidentiality and integrity of DON classified information and unclassified information that has not been approved for public release?

Answer 15

Communications Security (COMSEC)

Question 16

Who reports to the Secretary of the Navy(SECNAV) IA/CND issues and significant incidents?

Answer 16

DON CIO

Question 17

Who conducts all investigations regarding operations, practive programs, and related analyses of cyber incidents and targeting involving DON IT assets?

Answer 17

Director, NCIS

Question 18

Who collects, tracks, and reports threats to DON IT assets and disseminates the information to other law enforcement agencies, Department of Defense, Department of the Navy, DON CIO, and other national agencies as needed?

Answer 18

Director, NCIS