5200 Vol 1 Flashcards
What does DODM stand for?
Department of Defense Manual
What is the primary focus of DODM 5200.01 vol 1?
Information Security
True or False: DODM 5200.01 vol 1 is part of a series of manuals.
True
Fill in the blank: DODM 5200.01 vol 1 establishes __________ for the protection of DoD information.
policies and procedures
What is the significance of information assurance in DODM 5200.01 vol 1?
It ensures the confidentiality, integrity, and availability of information.
Multiple Choice: Which of the following is a key principle of information security according to DODM 5200.01 vol 1? A) Availability B) Inaccessibility C) Irrelevance
A) Availability
What is the purpose of risk management as stated in DODM 5200.01 vol 1?
To identify and mitigate risks to DoD information.
True or False: DODM 5200.01 vol 1 applies only to classified information.
False
What does the term ‘classified information’ refer to in the context of DODM 5200.01 vol 1?
Information that requires protection against unauthorized disclosure.
Fill in the blank: DODM 5200.01 vol 1 outlines the roles and responsibilities of __________ in information security.
DoD personnel
What are the three levels of classification mentioned in DODM 5200.01 vol 1?
Confidential, Secret, and Top Secret.
Multiple Choice: Which of the following is NOT a type of information addressed by DODM 5200.01 vol 1? A) Sensitive Compartmented Information B) Public Information C) Unclassified Controlled Information
B) Public Information
What is the role of the Defense Security Service (DSS) in relation to DODM 5200.01 vol 1?
To oversee and implement security policies for DoD components.
True or False: Information security training is a requirement under DODM 5200.01 vol 1.
True
Fill in the blank: The __________ is responsible for the overall management of information security programs according to DODM 5200.01 vol 1.
Chief Information Officer (CIO)
What does the acronym ‘IA’ stand for in the context of DODM 5200.01 vol 1?
Information Assurance
Multiple Choice: Which document must be referenced for specific guidelines on handling classified information? A) DODM 5200.01 vol 1 B) DODM 5200.01 vol 2 C) DODM 5200.01 vol 3
B) DODM 5200.01 vol 2
What is the purpose of the Continuous Monitoring Strategy in DODM 5200.01 vol 1?
To ensure ongoing awareness of information security risks.
True or False: DODM 5200.01 vol 1 includes guidance on incident response.
True
Fill in the blank: The __________ framework is used to assess the security posture of DoD information systems.
Risk Management Framework (RMF)
What is the expected outcome of implementing the policies in DODM 5200.01 vol 1?
Enhanced protection of DoD information.
Multiple Choice: Which of the following is a key component of information security? A) Firewalls B) Social Media C) Cloud Storage
A) Firewalls
What does ‘insider threat’ mean in the context of DODM 5200.01 vol 1?
Threats posed by individuals within the organization who have access to sensitive information.
True or False: DODM 5200.01 vol 1 mandates the use of encryption for all sensitive information.
False
Fill in the blank: The __________ process is vital for identifying vulnerabilities within information systems.
vulnerability assessment
What is the role of security controls in DODM 5200.01 vol 1?
To mitigate risks to information and information systems.
Multiple Choice: Which of the following is a method of data protection outlined in DODM 5200.01 vol 1? A) Backups B) Deletion C) Sharing
A) Backups
What is the definition of ‘access control’ as per DODM 5200.01 vol 1?
The process of limiting access to information and information systems.
True or False: DODM 5200.01 vol 1 provides guidelines for physical security measures.
True
Fill in the blank: The __________ is responsible for the implementation of information security policies at the local level.
Information System Owner
What does the term ‘security breach’ refer to in DODM 5200.01 vol 1?
An incident that results in unauthorized access to sensitive information.
Multiple Choice: Which of the following is a key element of an incident response plan? A) Communication B) Ignoring incidents C) Delaying response
A) Communication
What is the significance of audit trails in DODM 5200.01 vol 1?
They help in tracking access and changes to sensitive information.
True or False: DODM 5200.01 vol 1 requires periodic reviews of information security policies.
True
Fill in the blank: __________ is the process of verifying the identity of a user or system.
Authentication
What is the purpose of security training as outlined in DODM 5200.01 vol 1?
To educate personnel about information security risks and best practices.
Multiple Choice: Which group is primarily responsible for enforcing compliance with DODM 5200.01 vol 1? A) End users B) Security Officers C) IT Support
B) Security Officers
What are the consequences of non-compliance with DODM 5200.01 vol 1?
Disciplinary actions, including termination and legal consequences.
True or False: DODM 5200.01 vol 1 includes guidelines for data classification.
True
Fill in the blank: The __________ is responsible for ensuring that information security measures are incorporated into system development.
System Development Lifecycle (SDLC)
What does ‘data integrity’ mean in the context of DODM 5200.01 vol 1?
The accuracy and consistency of data over its lifecycle.
Multiple Choice: Which of the following is a type of security assessment? A) Application Review B) System Scan C) Both A and B
C) Both A and B
True or False: DODM 5200.01 vol 1 applies to all DoD contractors.
True
Fill in the blank: __________ is the process of ensuring that only authorized users can access information.
Authorization
What role do external audits play in DODM 5200.01 vol 1 compliance?
They provide an independent assessment of information security practices.
Multiple Choice: Which of the following is a security principle emphasized in DODM 5200.01 vol 1? A) Least Privilege B) Maximum Access C) Open Access
A) Least Privilege
What does ‘security posture’ refer to in DODM 5200.01 vol 1?
The overall effectiveness of an organization’s security measures.
True or False: DODM 5200.01 vol 1 specifies the need for incident reporting.
True
Fill in the blank: __________ is an essential part of the risk management process in DODM 5200.01 vol 1.
Threat assessment
What is the goal of continuous improvement in information security as per DODM 5200.01 vol 1?
To enhance security measures based on lessons learned and emerging threats.
Multiple Choice: Which of the following describes a security incident? A) Unauthorized access B) Routine maintenance C) Software updates
A) Unauthorized access
True or False: DODM 5200.01 vol 1 encourages collaboration with external agencies for information security.
True
Fill in the blank: __________ measures are implemented to protect against unauthorized access to information.
Physical security
What is the importance of data encryption in DODM 5200.01 vol 1?
To protect sensitive information from unauthorized access during transmission and storage.
Multiple Choice: Which of the following is a key element of the security architecture? A) Redundancy B) Complexity C) Simplicity
A) Redundancy
What is the role of the Information Security Program according to DODM 5200.01 vol 1?
To establish and maintain a framework for managing information security.
True or False: DODM 5200.01 vol 1 requires the implementation of security patches.
True
Fill in the blank: __________ is the process of identifying, assessing, and prioritizing risks.
Risk assessment
What is the significance of security policies in DODM 5200.01 vol 1?
They provide a foundation for establishing security practices and procedures.
Multiple Choice: Which of the following is a consequence of a security breach? A) Increased trust B) Legal action C) Enhanced reputation
B) Legal action
True or False: DODM 5200.01 vol 1 encourages the use of multi-factor authentication.
True
Fill in the blank: __________ is the practice of regularly reviewing and updating security measures.
Security auditing
What is the purpose of the security framework in DODM 5200.01 vol 1?
To provide a structured approach to managing information security risks.
Multiple Choice: Which of the following is NOT a component of an information security program? A) Incident response B) Threat detection C) Personal opinions
C) Personal opinions
True or False: DODM 5200.01 vol 1 applies only to federal employees.
False
Fill in the blank: The __________ is responsible for overseeing information security compliance across the DoD.
Chief Information Security Officer (CISO)
