Week 1

Question 1

Computer environment connected to one or more internal networks under control of a single authority.

Answer 1

Enclave

Question 2

What does an enclave consist of?

Answer 2

• incident detection and response
• key management
• delivery of application

Question 3

what are two environments of an enclave?

Answer 3

NE: networking environment
CE: computing environment

Question 4

Give an example of a network environment

Answer 4

Switches, routers, networking backbone

Question 5

What kind of users are at IAT Level 2 and what do they do?

Answer 5

SYSADMINS. They focus on threats and vulnerabilities

Question 6

What is a high priority alert that needs to be fixed by a certain date?

Answer 6

IAVA

Question 7

What are he two categories of threats?

Answer 7

Environmental

Human

Question 8

What is a vulnerability?

Answer 8

A weakness that has the POTENTIAL to be exploited.

Question 9

How many DIsA severity codes are there?

Answer 9

4

Question 10

Which DISA severity code is the most severe?

Answer 10

CAT 1

Question 11

How many days do you have to fix a CAT 2?

Answer 11

90

Question 12

How many days do you have to fix a CAT 3?

Answer 12

180

Question 13

How many days do you have to fix a CAT 4?

Answer 13

1 year

Question 14

Who tries to exploit vulnerabilities on a system or network?

Answer 14

Hacker

Question 15

What kind of people encore fear?

Answer 15

Cyber terrorists

Question 16

What is self replicating and needs to be attached to something in order to affect a system?

Answer 16

Virus

Question 17

What is self-propagating and does NOT need any user interaction?

Answer 17

Worm

Question 18

What is a time and code related virus?

Answer 18

Logic bomb

Question 19

What is an attempt to get credit card details and whatnot via email?

Answer 19

Phishing

Question 20

What is a prompt to forward emails?

Answer 20

Internet hoax

Question 21

What are some password crackers,

Answer 21

Dictionary (thesaurus)

Hybrid

Question 22

What are actions that need to be taken to continue operations if a disaster happens. Before during and after.

Answer 22

Contingency Plan

Question 23

What are the steps of risk management?

Answer 23

Assessment
Mitigation
Evaluation and continual assessment

Question 24

What is the first step of risk management?

Answer 24

Assessment

Question 25

What is the second step of risk management?

Answer 25

Mitigation

Question 26

What is the third step of risk management?

Answer 26

Evaluation and continual assessment

Question 27

What is step of risk assessment and what does it do?

Answer 27

Control Recommendations. It reduces the risk to an IS to an acceptable level of risk

Question 28

What is the purpose of risk mitigation?

Answer 28

The analysis of safeguards

Question 29

What does configuration management do?

Answer 29

Manage the effects of changes or differences in configurations in a network

Question 30

What are the CM Steps?

Answer 30

``` Identify Change Evaluate Change Request Implement Decision Implement Approved Change Request Continuous Monitoring ```

Question 31

What kind of fields does EMCON reduce?

Answer 31

Electromagnetic and acoustic

Question 32

How often should scans be done?

Answer 32

Monthly

Question 33

What CTO states how often scans should be done?

Answer 33

CTO 11-16

Question 34

What are the two scanning tools?

Answer 34

ACAS | SCCVI

Question 35

What is ACAS?

Answer 35

A SCAP compliant tool that meets federal requirements

Question 36

What are the two components of ACAS?

Answer 36

Security Center Admin Suite | Nessus Professional Scanner

Question 37

what is a government owned database for vulnerabilities?

Answer 37

NVD: national vulnerability database

Question 38

What is a non-government vulnerability database?

Answer 38

OSVDB: open source vulnerability database

Question 39

What is FISMA 2002?

Answer 39

DOH is responsible for federal systems guidance and security baselines

Question 40

What kind of custom role are accessible to every organization within their security container?

Answer 40

Admin user

Question 41

What would you find in an attribute set? Or what would kind of information would you enter?

Answer 41

Unit name Region AOR

Question 42

What file types are reports generated?

Answer 42

.pdf .csv .rtf

Question 43

Where are results from ACAS uploaded to?

Answer 43

VRAM: vulnerability remediation asset manager

Question 44

What are the types of CASREPS?

Answer 44

Initial Update Correct Cancel

Question 45

What are the troubleshooting steps?

Answer 45

1. Symptom Recognition 2. Symptom Elaboration 3. Listing the Probable Faulty Functions 4. Localize the Probable Faulty Function 5. Localize the Probably Faulty Component 6. Failure Analysis

Question 46

What are two ways to fix a problem?

Answer 46

Alleviate: temporary fix Remediate: permanent fix

Question 47

What should a trouble ticket include?

Answer 47

``` Name Location Cause Event Date Error code Systems affected If there is any fix or not ```

Question 48

What is done at the application later of the TCP/IP model?

Answer 48

- Facilitate communications between software and lower level network services - session connection and data encryption

Question 49

What layer provides the application layer with session and data gram communication services?

Answer 49

Transport Layer

Question 50

What is stateless and transfers HTML documents?

Answer 50

HTTP

Question 51

What is stateless and gets IPs from the host name?

Answer 51

DNS

Question 52

What does ARP do?

Answer 52

Gets MAC address from IP address

Question 53

In network mapping, what is done to get ports, procedures, and policies of a network?

Answer 53

OS fingerprinting

Question 54

How does a hacker try and maintain access once in the system?

Answer 54

Covert channels Backdoors Rootkits

Question 55

Who does the hacking? Legally? In the military?

Answer 55

NIOC

Question 56

Two types of information gathering

Answer 56

Passive | Active

Question 57

Provide some examples of passive information gathering

Answer 57

Web search Job searching Social networking

Question 58

Provide some examples of active information gathering

Answer 58

Requires probing | SMTP headers

Question 59

What must audit records include and how long are they kept for?

Answer 59

``` Kept for 1 year minimum Events Remote system access Audit files access Password hanged Device settings ```

Question 60

What UNIX command is used to change permissions?

Answer 60

chmod

Question 61

What does a SF-702 do?

Answer 61

Open/close check sheet for space or safe

Question 62

What is an SF-70 used for?

Answer 62

Security checklist, daily check requirements

Question 63

What are the three levels of COMSEC destruction?

Answer 63

Emergency Precautionary Plan Emergency Relocation Plan Emergency Destruction Plan

Question 64

What SF is the UNCLASS sticker?

Answer 64

SF-710

Question 65

What SF is the SECRET sticker?

Answer 65

SF-707

Question 66

What can be done to assist in the EAP process?

Answer 66

- make as much as possible electronic - consolidate - reduce amount of material on hand

Question 67

An unread notification on ACAS will show up as what?

Answer 67

Blue Dot