107 Information Assurance

Question 1

Define IA

Answer 1

Information Assurance- protect and defend data and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation

Question 2

Certification

Answer 2

meets a set of specified security requirements

Question 3

Accreditation

Answer 3

Formal declaration that an info system is approved to operate at an acceptable level of risk

Question 4

DAA

Answer 4

Designated Approval Authority- official with authority to formally assume responsibility for operating a system at an acceptable level of risk

Question 5

System Security Plan

Answer 5

formal document prepared by the information system owner that provides an overview of the security requirements for the system and describes the security controls in place or planned for meeting those requirements

Question 6

System Security Authorization Agreement

Answer 6

a living document that represents the formal agreement between the DAA, the Certification Authority, the Program Manager, and the user representative

Question 7

ATO

Answer 7

Approval to Operate- authorize operation of an information system and to explicitly accept the residual risk to agency operations

Question 8

IATO

Answer 8

Interim Approval to Operate- temporary authorization

Question 9

Configuration Management

Answer 9

identifies, controls, accounts for, and audits all changes to a site or information system during its design, development, and operational lifecycle

Question 10

Performing cross-domain transfers

Answer 10

Interconnections between DoD information systems of different security domains or with other US Govt system of different security domains shall be employed only to meet compelling operational requirements

Question 11

Risk Management

Answer 11

Process that allows IT managers to balance the operational and economic costs of protective measures and achieve gains in mission capability by protecting IT systems and data that support their organizations missions

Question 12

Five attributes of IA

Answer 12

(CIANA)
Confidentiality
Integrity
Availability
Non-repudiation
Authentication

Question 13

9 categories of computer incidents

Answer 13

(RUDMUNRIE)

1. Root Level Intrusion
2. User Level Intrusion
3. Denial of Service
4. Malicious Code
5. Unsuccessful Activity Attempt
6. Non-compliance Activity
7. Reconnaissance
8. Investigating
9. Explained Anomaly

Question 14

Describe the DoN World Wide Web Security Policy

Answer 14

SECNAVINST 5720.47B

Question 15

IAVA

Answer 15

IA Vulnerability Alerts- address severe network vulnerabilities resulting in immediate and potentially severe threats

Question 16

IAVB

Answer 16

IA Vulnerability Bulletins- address new vulnerabilities that do not pose a immediate risk to DoN systems, but are significant enough that noncompliance with the corrective action could escalate the risk

Question 17

IAVT

Answer 17

IA Vulnerability Technical Advisories- address new vulnerabilities that are generally categorized as low risk to DoN systems

Question 18

CTO

Answer 18

Communications Tasking Orders- intended to direct the execution of specific actions in order to mitigate security threats to the GIG

Question 19

NTD

Answer 19

Navy Telecommunications Directive- issued by COMNAVNETWARCOM to provide policies and guidance on specific security issues within the DoN

Question 20

Service Pack

Answer 20

collection of updates, fixes, and/or enhancements to a software program delivered in the form of a single installable package

Question 21

Vulnerability Assessment

Answer 21

a testing process used to evaluate the network infrastructure, software and users in order to identify known weaknesses

Question 22

Vulnerability vs. Threat

Answer 22

Vulnerability- any weakness, administrative process, or act or physical exposure that makes an information asset susceptible to exploit by threat
Threat- potential cause of an unwanted impact to a system or organization

Question 23

Responsibilities of the IAM

Answer 23

Information Assurance Manager- responsible for the IA program within a command, site, system, or enclave

Question 24

Define CCRI

Answer 24

Command Cyber Readiness Inspection- improves overall security posture of the GIG through a formal inspection process

Question 25

NAVCYBERFOR’s role in a CCRI

Answer 25

Mission is to organize and prioritize manpower, training, modernization and maintenance requirements, and capabilities of command and control architecture and networks