107 Cyber Security

Question 1

Define IA

Answer 1

Information Assurance- are measures that protect and defend information systems

Question 2

Define DCO

Answer 2

Defensive cyber operations- passive and active cyberspace operations intended to preserve the ability to utilize friendly cyberspace

Question 3

Define OCO

Answer 3

Offensive Cyberspace Operations- cyberspace operations intended to project power by force through cyberspace

Question 4

Certification

Answer 4

evaluation of the security features of an IS to see if they meet certain security requirements

Question 5

Accreditation

Answer 5

Process where certification on competency, authority, or credibility is presented

Question 6

NAO

Answer 6

Navy Authorizing Official- responsible for authorizing the systems operation based on achieving and maintaining an acceptable risk posture

Question 7

System Security Plan

Answer 7

provides an overview of the security requirements of the system

Question 8

ATO

Answer 8

Authority to Operate- official decision to authorize the operation of a system

Question 9

IATO

Answer 9

Interim authority to operate- temporary authorization granted by NAO for an information system based on preliminary results of an evaluation

Question 10

Configuring Management

Answer 10

management of security features and assurances through control of changes to the systems through their lifecycle

Question 11

Risk Management

Answer 11

The process that allows IT managers to balance the operational and economic costs of protective measures and achieve gains in the mission by protecting the IT systems

Question 12

5 attributes of Cyber Security

Answer 12

confidentiality
integrity
availability
non-repudiation
authentication

Question 13

9 categories of computer incidents

Answer 13

root level incident
user level incident
denial of service incident
malicious logic incident
unsuccessful activity attempt event
non compliance activity event
reconnaissance event
investigating event
explained anomaly event

Question 14

DoN World Wide Web security policy

Answer 14

everything posted online must be reviewed as to not violate OPSEC

Question 15

IAVA

Answer 15

Information Assurance Vulnerability Alert- addressed severe network vulnerabilities resulting in immediate and sever threats

Question 16

IAVB

Answer 16

Information Assurance Vulnerability Bulletin- addresses new vulnerabilities that do not pose an immediate risk

Question 17

CTO

Answer 17

Computer Tasking Order- A formal tasking that contains detailed guidance and missions for each component to complete

Question 18

NTD

Answer 18

Navy Telecommunications Directive- A widely disseminated naval message detailing directions about a certain IT function that needs to be complied with

Question 19

Service Pack

Answer 19

A collection of updates to a software program delivered in the form of a single installable package

Question 20

Patch

Answer 20

A fix for a vulnerability or operational enhancement

Question 21

Vulnerability Assessment

Answer 21

An examination of the ability of a system to withstand assault

Question 22

Vulnerability VS threat

Answer 22

Vulnerability- Weakness in a systems security scheme

Threat- Person, event, or circumstance with potential to cause harm to a system

Question 23

ISSM

Answer 23

Information System Security Manager-
The principle advisor on all matters involving the security of an IS under purview

Question 24

ISSO

Answer 24

Information System Security Manager-
Supports the ISSM to implement security requirements an mandated NISP and NAO

Question 25

CSWF

Answer 25

Cyber Security Work Force

Question 26

CSWF codes

Answer 26

Specialties a person is trained for found on TWMS
21-digital forensics
72-ISSO
53- incident response
44- network services

Question 27

Navy Red and Blue Teams

Answer 27

Red Team- performs penetration testing of systems/networks to identify vulnerabilities

Blue- performs detection and hardening of systems/networks to preempt attack vectors

Question 28

CCORI

Answer 28

Command Cyber Operational Readiness Inspection- Graded event by FLTCYBERCOM every 24 months to evaluate the overall security of a command to include physical technical and administrative

Question 29

Why does the Navy only use “.MIL” email addresses

Answer 29

because the DoD has exclusive use of this domain