7 - Cyber Systems Flashcards

Question 1

Q

Standard Computer Capabilities and Characteristics
– Four

Answer

A

Speed
Accuracy
Diligence
Versatility

Question 2

Q

Computer Speed
– Limits
– Comparison

Answer

A

Fastest possible = Speed of Light
Limited by algorithm efficiency
Thousands of times faster than humans

Question 3

Q

Computer Accuracy

Answer

A

High accuracy
Errors due to human error/inaccurate data

Question 4

Q

Computer Diligence

Answer

A

Computers don’t suffer fatigue, lapse in concentration, etc. regardless of number of calculations

Question 5

Q

Computer Versatility

Answer

A

Perform multiple tasks at once w/ multi-processing
Perform various types of tasks

Question 6

Q

Workstation
– Other names
– Types

Answer

A

Personal computer/client workstation
Two Types
– Thin Client
– Thick Client

Question 7

Q

Thin Client

Answer

A

Software or computer relying on another computer to do most of the work
Acts as interface connecting to network server doing the actual processing

Question 8

Q

Thick Client

Answer

A

Functions independent of the server
May pull some data from server or run without being connected at all

Question 9

Q

Server

Answer

A

Computer managing shared resources for other network systems
Common Types
– Application
– Catalog
– Database
– DHCP
– File
– Mail
– Proxy
– Web

Question 10

Q

Vulnerability

Answer

A

Weakness in a computer system that is open to exploitation

Question 11

Q

Threat

Answer

A

Possible danger that may take advantage of a vulnerability
Could be an individual, an event, etc.

Question 12

Q

Risk

Answer

A

Likelihood that a threat will take advantage of a vulnerability

Question 13

Q

Virus

Answer

A

Code that spreads from one computer to another by attaching itself to other files

Question 14

Q

Worms

Answer

A

Code that spreads from one computer to another on its own
Does not attach to another file

Question 15

Q

Logic Bombs

Answer

A

Code that sits dormant on a target computer until it’s triggered by a specific event
Ex: Specific date/time or starting specific process

Question 16

Q

Spyware

Answer

A

Stealthily installed malicious software
Intended to track/report data defined by author from a target system

Question 17

Q

Adware

Answer

A

Software that automatically displays or downloads ads
“Not all malicious”

Question 18

Q

Rootkits

Answer

A

Code intended to take full or partial control of a system at low levels

Question 19

Q

Botnets

Answer

A

Collection of software robots run by a C2 program, controlled by a person

Question 20

Q

Common Vulnerability Causes

Answer

A

Configuration / Familiarity
Implementation
Design

Question 21

Q

Configuration / Familiarity (Vulnerability Cause)

Answer

A

Misconfigured system/app
– Ex: bad firewall rules
Using well-known software increases probability of vulnerability/exploit
– Ex: Default PW from application user manual

Question 22

Q

Implementation (Vulnerability Cause)

Answer

A

Lack of input validation
– Program assumes all user input is safe, allowing attacks such as XSS or SQL injection

Question 23

Q

Design (Vulnerability Cause)

Answer

A

Inherent in a protocol, application, or architecture
– Ex: Using Telnet or FTP to administer a network

Question 24

Q

Unstructured Threat

Answer

A

“Script Kiddy”
Unfocused attack often by individuals w/ limited skills
– “Unfocused” - system isn’t specifically targeted

Question 25

Q

Structured Threat

Answer

A

“CWO”
Focused attack by individual(s) w/ high skills against specific system
Tend to be motivated by specific cause
– Money, politics, etc.

Question 26

Q

Internal Threat

Answer

A

Originate from individuals who have/had authorized access
– Disgruntled/opportunistic employee

Question 27

Q

External Threat

Answer

A

Originate outside the organization, often through the internet

Question 28

Q

Common Vulnerability and Exposure (CVE)

Answer

A

Developed by MITRE in 1999
– Non-profit research and dev organization
List of vulnerabilities, each containing:
– ID number
– Description
– At least one public reference
ID format: CVE-YYYY-NNNN

Question 29

Q

U.S. National Vulnerability Database (NVD)

Answer

A

Launched by NIST in 2005
Vulnerability database built upon and sychronized w/ CVE
Provides Common Vulnerability Scoring System (CVSS)

Question 30

Q

Exploit Database

Answer

A

Maintained by Offensive Security
Archive of exploits, shellcode, and security papers

Question 31

Q

Motherboard

Answer

A

Main electronic circuit board housing other sub-components
– CPU
– Chipsets
– Bus
– System Clock
– Expansion Slots
– BIOS
– CMOS

Question 32

Q

CPU

Answer

A

Brain of computer
Controls number of simultaneous tasks and task completion speed

Question 33

Q

Chipsets

Answer

A

Circuitry responsible for managing specific hardware components

Question 34

Q

Bus

Answer

A

Controls speed at which data is transferred between hardware components

Question 35

Q

System Clock

Answer

A

Synchronizes and controls timing of computer ops

Question 36

Q

Expansion Slots

Answer

A

Small plastic slots used to install additional devices such as video or network cards
1-6 in long x 1/2 in wide

Question 37

Q

BIOS

Answer

A

Translates processor requests into instructions
Executes POST

Question 38

Q

CMOS

Answer

A

Contains computer’s inventory list and advanced setup options
Stores data read by BIOS

Question 39

Q

Memory

Answer

A

2 Types

Random Access Memory (RAM)
– Volatile
– Temporary data storage which may be quickly accessed by CPU
Read Only Memory (ROM)
– Non-volatile
– Stores programs the same way RAM does, but once the data is stored it cannot be changed (hence, read only)
– Stores frequently used instructions and data, often for things such as BIOS

Question 40

Q

Hard Drives

Answer

A

Stores changing data in relatively permanent form
Most popular drives today are SCSI, SAS, and SATA

Question 41

Q

Operating System

Answer

A

Significant impact on overall performance
Ex:
– Windows
– Red Hat
– Solaris

Question 42

Q

Distributed System Architectures (2)

Answer

A

Client-Server Model (Centralized Environment)
Peer-to-Peer Model (Decentralized Environment

Question 43

Q

Client-Server Model

Answer

A

Smart clients contact server for data, then format/display it for user
Permanent changes at the client are committed back to the server

Question 44

Q

Peer-to-Peer Model

Answer

A

No special machines providing a service or managing network resources
All responsibilities divided among all machines
Peers can be both clients and servers

Question 45

Q

CIA Triad

Answer

A

Confidentiality - Protect data from being accessed by unauthorized parties
Integrity - Ensure data authenticity
Availability - Ensure data accessibility for authorized users

Question 46

Q

Enforce System Policies/Procedures

Answer

A

Policy Statement
– Outlines a plan for the user security component
Standards
– Defines how to measure the level of adherence to the policy
Guidelines
– Recommendations or best practices for how to meet the policy standard
Procedures
– Step-by-step instructions that detail how to implement the components of the policy

Question 47

Q

Four A’s

Answer

A

Authentication
– Uniquely ID’ing a particular individual/entity
Authorization
– Determining what rights/privileges a particular entity has
Access Control
– Determining and assigning privileges to resources, data, etc.
Auditing or Accounting
– Tracking & recording system activities / resource access

Question 48

Q

System Hardening

Answer

A

Eliminate as many security risks as possible
– Disable unnecessary services/accounts
– Protect management interfaces/apps
– Password protection

Question 49

Q

Vulnerability Management

Answer

A

Ongoing, comprehensive process or program that aims at managing an organization’s vulnerabilities in a holistic and continuous manner
– Asset Management - devices
– Software Management - software
– Vulnerability Assessment - continuous vuln scans/remediation
– Patch Management - obtaining, evaluating, testing, deploying new patches
– Change Management - approving/executing change to assure CIA

Question 50

Q

Due Care

Answer

A

Describes how individuals should use/maintain organization-issued hardware/software
Includes both using equipment safely and in an approved manner

Question 51

Q

Due Diligence

Answer

A

Investigating/researching all issues and options relating to a particular subject
Ensure security policies/practices are effective
Ensure no violation of laws, statutes, or human rights

Question 52

Q

Due Process

Answer

A

Organization does not assume an individual is guilty w/o due process

Question 53

Q

Operations Continuity Plan

Answer

A

Defines how an org will maintain normal day-to-day ops during disruption or crisis

Question 54

Q

Disaster Recovery Plan

Answer

A

Defines how people and resources will be protected in the case of a natural or man-made disaster

Question 55

Q

Benefits of Websites

Answer

A

Reduces communication costs
Enhances communication and coordination
Accelerates the distribution of knowledge
Improves customer service and customer satisfaction

Question 56

Q

Database Capabilities and Benefits

Answer

A

Improved data sharing
Improved data security
Effective data integration
DBMS minimize data inconsistency
Better access to data
Increase in productivity of end user
Quick decision making

Question 57

Q

10 Most Critical Security Risks

Answer

A

Injection
Broken Authentication
Sensitive Data Exposure
XML External Entities (XXE)
Broken Access Control
Security Misconfiguration
Cross-Site Scripting (XSS)
Insecure Deserialization
Using Components with Known Vulnerabilities
Insufficient Logging and Monitoring

Question 58

Q

Injection

Answer

A

Untrusted data sent to an interpreter as part of command or query
Tricks interpreter into accessing data w/o proper authorization

Question 59

Q

Broken Authentication

Answer

A

Assuming another user’s identity temporarily or permanently

Question 60

Q

Sensitive Data Exposure

Answer

A

Lack of encryption for data at rest or in transit

Question 61

Q

XML External Entities (XXE)

Answer

A

Older or poorly configured XML
Ability to upload hostile XML content, exploiting vulnerable code or dependencies

Question 62

Q

Broken Access Control

Answer

A

Exploitation of access control
Failing to enforce authenticated user restrictions

Question 63

Q

Security Misconfiguration

Answer

A

Exploiting Default configurations or unpatched flaws

Question 64

Q

Cross-Site Scripting (XSS)

Answer

A

Insufficient input validation
Attacker able to add malicious content to a website; content executed on other victim’s browser

Answer 65

A

Existing data structures used but content changed
Serialization used for persistence/caching

Answer 66

A

Using preconfigured client/server-side components
Not understsanding component patch state

Answer 67

A

Not validating logging and monitoring capabilities

Answer 68

A

Web Page
Web Content
Websites
Web Browser
Web Application
Browser Engine

Answer 69

A

Computer file suitable for the world wide web / a web browser
Two types
– Static - Flat/stationary page
– Dynamic - Controlled by Application Server processing server-side scripts and Client Web Browser processing client-side scripts

Answer 70

A

Textual, visual, or aural content that is encountered as part of the user experience

Answer 71

A

Collection of related web pages
Common domain name
Published on at least one web server
Accessible by URL

Answer 72

A

Application for accessing info on WWW
Retrieves web page and content by distinct URLs

Answer 73

A

Client-server program which client runs in a web browser
– Ex: Webmail

Answer 74

A

Core software component of every major web browser
Ex:
– Blink - Used in Chrome and Chromium
– EdgeHTML - Used in MS Edge and Universal Windows Platform
– WebKit - Used in Safari and Adobe AIR apps

Answer 75

A

Recorded facts and figures
Characteristics
– Persistent - Remains unchanged until acted upon
– Integrated - Interacts and corresponds w/ other data
– Shared - Ability to be accessed/manipulated by multiple users

Answer 76

A

Collection of meaningful information
Organized for searching and retrieving info

Answer 77

A

Logical layout of the database

Answer 78

A

Set of programs/utilities used to create, process, and administer a database

Answer 79

A

Data
- Known facts and implicit meaning
Hardware
- Equipment needed to maintain DB
Users
- Individuals manipulating/maintaining the DB
Software - DBMS and programs supporting it

Answer 80

A

Modern system for annotating a document in a way syntactically distinguishable from text
Three general categories
– Presentational
– Procedural
– Descriptive
Most Common Languages
– HTML
– XHTML
– XML

Answer 81

A

Form of separation of presentation and content for web design
Defines visual layout/style
Example Languages
– CSS
– Extensible Stylesheet Language (XSLT)

Answer 82

A

Computer programs on the web executed client side instead of server side
Used to turn static content into dynamic content
Ex
– AJAX
– DOM
– ActionScript
– JavaScript
– VBScript

Answer 83

A

Executed by web server when user requests a document
Ex
– ASP/ASP.NET
– ColdFusion
– JSP
– Perl
– PHP
– Python
– Ruby

Answer 84

A

Retrieve data from database
Often embedded in server side scripts
Ex
– MS-SQL
– MySQL
– Oracle
– PostgrSQL
– Derby
– MongoDB
– SQLite

Answer 85

A

Only One large table
Contains records w/ no structured relationships
Ex
– Tables found in MS Excel and Apple Numbers

Answer 86

A

Numerous tables containing rows and columns of data
Tables relate to one another through shared data values
Ex
– Two separate tables of data (Pay Records and Course Grades) linked by SSN (used to find and retrieve data from both)

Answer 87

A

Entity (Table Name)
– Refers to storing info about an object
– Data on members associated w/ a “CPT”
– “CPT” would be the entity/table name
Attribute (Column Name)
– Characteristic or property of the entity that will be stored

Answer 88

A

Derive security reqs from industry standards, applicable laws, and vulnerability history

Answer 89

A

Guard against security-related design and implementation flaws by covering for lack of sufficient developer knowledge/time/budget

Answer 90

A

Secure access to all data stores
Consider securing queries, configuration, authentication, and communication

Answer 91

A

Defensive techniques meant to stop injection attacks

Answer 92

A

Programming technique
Ensures only properly formatted data may enter a software system

Answer 93

A

Using Authentication and Session Management

Answer 94

A

Granting or denying specific requests from a user, program, or process

Answer 95

A

Protect sensitive data (passwords, health records, etc.)

Answer 96

A

Log security and app
Monitor security and app logs

Answer 97

A

Allowing an application to respond to errors correctly
Critical to making code reliable and secure

Answer 98

A

Provides 24/7/365 awareness, management, and control of the AF domain
Ensures unfettered access, mission assurance, and joint warfighter use of networks and info processing systems to accomplish worldwide ops
Provides operational level C2 and SA of AF cyberspace forces, networks, and mission systems

Answer 99

A

Provides 24/7/365 NetOps and Management functions
Enables enterprise services within AF unclassified and classified networks
Supports DCO within those AF networks

Answer 100

A

Manages top-level boundary and entry point into the AFIN
Controls flow of all external and inter-base traffic - 16 gateways
Consists of two Integrated Management Suites (IMS)

Answer 101

A

Prevents, detects, responds to, and provides forensics of intrusions into unclassified and classified AF networks

Answer 102

A

Monitors, collects, analyzes, and reports on sensitive info released from friendly unclassified systems

Answer 103

A

Executes vulnerability, compliance, pen-testing, and hunter missions on AF and DoD networks/systems
Hunter ops characterize and then eliminate threats for the purpose of mission assurance
Performs defensive sorties world-wide via remote or on-site access

Answer 104

A

The primary path or method used by the adversary to cause an incident or event to occur

Answer 105

A

Accessible information used to characterize systems, apps, networks, and users
Sub Categories
– Information Gathering and Data Mining - Gather publicly available information
– Network Scan - Targeting multiple IP addresses (horizontal scan)
– System Scan - Target single IP address across range of ports (vertical scan)

Answer 106

A

User w/authorized access took specific actions that resulted in jeopardizing systems or data
Sub Categories
– Purposeful - Authorized user knowingly took specific actions
– Accidental - Authorized user took actions that had consequences over and above the intentions

Answer 107

A

Human interaction (social skills) or deception used to gain access
Sub Categories
– E-mail - Used to deliver malicious payload/gain access
– Website - Used to deliver malicious payload/gain access
– Other - Target deceived or manipulated in a way other than email/website

Answer 108

A

Compromise resulting from inadequate or improper config of a system
Sub Categories
– Network - Improperly/inadequately configured network system/service
– OS - OS improperly/inadequately configured
– App - App improperly/inadequately conifgured

Answer 109

A

Vulnerability in the software that allows for unauthorized use of or access to a system
Sub Categories
– Exploited new vulnerability - Vuln unknown prior to event or w/o mechanism to prevent it
– Exploited known vulnerability - vuln known prior to event and w/ a mechanism to prevent it

Answer 110

A

Compromise resulting from the implicit or explicit trust relationship between security domains
Sub Categories
– Other IS compromise - Compromise resulting from access previously gained by another system
– Masquerading - Compromise resulting from the unauthorized use of valid credentials

Answer 111

A

Consumption of system resources that prevent legitimate users from accessing resources
Sub Categories
– Non-Distributed Network Activity - Activity from single IP that overwhelms system
– Distributed Network Activity - Activity from multiple IP that overwhelms system

Answer 112

A

Unauthorized physical access to resources
Sub Categories
– Mishandled or Lost Resource - Equipment was lost, stolen, or left accessible to unauthorized parties
– Local Access to System - Unauthorized user provided local physical access to a DoD information network resource
– Abuse of Resources - Physical destruction of an information resource by an unauthorized party

Answer 113

A

Delivery vector not covered by other methods

Answer 114

A

Delivery vector could not be determined w/ info available

Answer 115

A

Operated By

JBSA-Lackland
– 616th Ops Center (AD)
– 854th Combat Ops Sq (R)
McGhee Tyson
– 119 COS (R)

Sub Components

Situational Awareness
– Produce a cyber operational picture
ISR
– Enable integration of cyberspace actionable intel products into other sub-components
Planning
– Leverage SA to develop long and short term plans to execute OCO, DCO, and DoDIN ops
Execution
– Ability to leverage plans to generate and track Cyber Tasking Orders (CTO)
Integration
– Provides ability to integrate AF-generated cyber effects w/ other C2 nodes

Answer 116

A

Operated By

Joint Base Langley-Eustis
– 83 NOS (AD)
– 860 NOS (R)
Peterson
– 561 NOS (AD)
– 960 NOS (R)
Pearl Harbor-Hickam
– 690 COS (AD)
Ramstein
– 691 COS (AD)
McConnell
– 299 NOS (R)

Sub Components

DoDIN Ops and Management
– Activities designed to maintain and protect base-level operational networks
Enterprise Services
– Provides network application hosting and storage management w/in AF networks

Answer 117

A

Operated By

Gunter Annex
– 26 NOS (AD)

Sub Components

Defense-in-Depth
– Delivers an enterprise-wide layered approach by integrating the gateway and boundary devices
Situational Awareness
– Delivers network data flow, traffic patterns, utilization rates, and in-depth research of historical traffic for anomaly resolution
Proactive Defense
– Conducts continuous monitoring of AF network traffic
Network Standardization
– Creates and maintains standards and policies

Answer 118

A

Operated By

JBSA-Lackland
– 33 NWS (AD)
– 426 NWS (R)
Quonset ANGB
– 102 NWS (R)

Sub Discipline Areas

Incident Prevention
– Protecting against malware by assessing/mitigating known vulnerabilities
Incident Detection
– Monitoring classified/unclassified AF networks
Incident Response
– Determines extent of intrusions and develops COAs to mitigate the threat
Computer Forensics
– Conducting in-depth analysis to determine threats from ID’d incidents

Answer 119

A

Operated By

JBSA-Lackland
– 68 NWS (AD)
Offutt
– 860 NWF (AD)
– 960 NWF (R)

Sub Discipline Areas

Telephony
– Monitor & assess unclassified voice networks
Radio Frequency
– Monitor and assess various frequency bands
Email
– Monitor and assess email traffic w/in AFNet
Internet Based Capabilities
– Monitor and assess info that originated w/in AFNet that is posted to publicly accessible websites
Cyberspace Op Risk Assessment
– Assess data compromised through AFNet intrusion and determine Ops impact
Web Risk Assessment
– Assess info posted on unclassified AF-owned, leased, or operated public and private websites

Answer 120

A

Operated By

6 AD Units
– JBSA-Lackland
– Scott
12 ANG Units
1 Reserve Unit
– Scott

Sub Components

Mobile Interceptor Platform (MIP)
– Laptop
Deployable Interceptor Platform (DIP)
– 2 servers and 5 network sensors used for remote ops
Garrison Interceptor Platform (GIP)
– Security ops floor for remote ops
Information Ops Platform (IOP) Flyaway Kit
– Boundary defense device placed in-line w/ network traffic

Answer 121

A

Enclave
– Collection of computing environments (including personnel and physical security) connected by one or more internal networks
– Under control of single authority
– Ex: NIPR, SIPR

Answer 122

A

Private IP network
Unclassified
Provides access to internet, email, file storage, etc
Comprised of routers and nodes owned by the DoD
Largest private network in the world
Part of Defense Information System Network (DISN)

Answer 123

A

SECRET private IP network
Provides access to DoD’s classified intranet services
Utilized outside the military
– Ex: Department of State

Answer 124

A

Objective
– Collect relevant data/information in/on the AO
Tasks
– Collect/monitor network infrastructure
– Collect/monitor network user characteristics/trends
– Collect/monitor data from individual systems

Answer 125

A

Objective
– Collect relevant data/information on threats in the AO
Tasks
– Find and track specified enemies, adversaries, and threats
– Understand and characterize specified enemies, adversaries, and threats

Answer 126

A

Objective
– Provide sufficient access for supported cyber forces
Tasks
– Configure firewall rules/policies
– Routing config changes
– Provision/configure accounts
– Configuring permissions

Answer 127

A

Objective
– Damage or destroy an objective or capability
Tasks
– Destroying resident adversary/malicious code or other assigned artifacts
– Quarantining malicious code and/or preventing code execution
– Manipulating, denying, degrading, or disrupting adversary network traffic

Answer 128

A

Objective
– Provide defensive support to cyber weapon systems or mission partners conducting primary missions in the AO
Tasks
– Deploy countermeasures
– Ensure all required forces have the necessary level of access to assigned AO during mission vulnerability window

Answer 129

A

Objective
– Conduct strike coordination and reconnaissance in response to adversary activity w/in the AO
Tasks
– Patrolling the AO, or a portion of the AO
– Conduct or support strike and/or follow-on Intelligence Preparation of the Environment (IPOE) missions

Answer 130

A

Objective
– Enhance the Defenses of the assigned AO in response to active threats
Tasks
– Enhance defense of cyber key terrain
– Reconfigure network appliances to a more secure config in response to active threats

Answer 131

A

Objective
– Replicate realistic TTP of specific cyber threats to evaluate cyber defenses
Tasks
– Emulate known adversary TTP
– Identify unmitigated vulnerabilities
– Assesses defensive posture and processes

Answer 132

A

Worldwide collection of interconnected public telephone networks
Circuit-switching to allow users to make landline telephone calls

Answer 133

A

Able to deliver voice communications/multimedia over the internet
Packet-switched network to allow users to make calls

Answer 134

A

World-wide non-secure voice, secure voice, data, facsimile, and video teleconferencing services for DoD C2 elements
Assures non-blocking service for users w/ flash and flash override precedence capabilities

Answer 135

A

Communication network w/ last link being wireless
Able to connect to PSTN and Internet

Answer 136

A

PSTN vulnerability
Reverse engineering the system of tones used to route long-distance calls
Recreate tones to route free calls

Answer 137

A

PSTN Vulnerability
Technique to automatically scan a list of telephone numbers
Usually dialing every number in a local area code to search for modems

Answer 138

A

PSTN Vulnerability
Overlooked “backdoor” through a PSTN into another IT network
Used by admins to remote into Control System equipment

Answer 139

A

VoIP Vulnerability
Rogue device registers as Registration Server by impersonating a valid user

Answer 140

A

VoIP Vulnerability
Enumeration
– Means to ID SIP systems
Fuzzing
– Type of DoS attack used to send malformed data packets to crash the SIP system
Man-in-the-Middle
– Attacker intercepts SIP call-signaling traffic
– Attacker masquerades as both calling and called parties
– Hijacks calls via redirection server

Answer 141

A

Cellular Network Vulnerability
Attack ID’s bug in Base Transceiver Station software services
Attacker exploits vulnerability and takes over the tower transceiver

Answer 142

A

Cellular Network Vulnerability
Incorrect system permission settings granting great access to other areas of the device
Exposed internal communication protocols that pass messages internally within the device to itself or other apps

Answer 143

A

Class 4 (Toll Office)
– Connects to multiple Class 5 offices
– Connects to other Class 4 offices and Class 1 (Regional Center) office
Class 5 (End Office)
– ONLY office that connects to individual or business subscribers
– Connects to other Class 5 offices and Class 4 office
Local Loop (“Last Mile”)
– Physical connection between a carrier’s Class 5 and the subscribers’ premises
Private Branch Exchange (PBX)
– Telephone exchange typically owned by the customer
– Calls made within PBX are at no cost

Answer 144

A

IP Phone/Software (Skype, etc.)
– Uses VoIP tech allowing telephone calls to be made over an IP network
Registration Server
– Entity that receives registrations from a UAC
– Extracts info about current location and stores it (IP address, port, username)
Proxy Server
– Forwards requests on behalf of the endpoint by consulting the registrar
– Handles Session Initiation Protocol (SIP) requests for the User Agent
Redirect Server
– Accepts a request, maps the address, and returns to the client
– DOES NOT pass the request on to other servers
Call Manager
– Provides consolidated services
– Sets up and monitors calls, maintains the dial plan, performs phone number translations
Media Gateway
– Interfacing IP network based voice communications w/ traditional circuit-switched network

Answer 145

A

DSN Backbone Switches
– Route calls to other nodal switches
– Multifunction switch, similar to PSTN Class 4 and 5 combined
Installation Switches
– Switches at bases, posts, camps, and stations
End Office (EO)
– Primary Switch for long distance services for either an installation or group of installations in a geographic area
Small End Office (SMEO)
– Switch that serves as primary switch
– Used at smaller DoD installations
– Will not serve installations with critical missions
Private Branch Exchange (PBX)
– PBX-1 - Switches w/ MLPP capabilities
– PBX-2 - Switches without MLPP capabilities
Remote Switch Unit (RSU)
– Switching capability that is connected to a host as a remote
– Dependent upon the host switch for software control

Answer 146

A

Base Transceiver Station (BTS)
– Considered the “Radio Tower” with “RF”
Base Station Controller (BSC)
– Controls one or more BTS
– Think of as a cell
Base station System (BSS)
– Acts like a PTSN Local Loop for Cell Networks
– Combines the BTS and BSC
Mobile Switching Center (MSC)
– Connects to a Base Station Controller
– Acts like a PTSN Class 5 but for Cell Networks
Mobile Telephone Switching Office (MTSO)
– Considered the PTSN Central Office equivalent
– Each carrier in each city runs one office

Answer 147

A

Local Access and Transport (LATA)
– Represents an area within which a divested Regional Bell Operating Company (RBOC)
– Permitted to offer exchange telecommunications and exchange access services
North American Numbering Plan (NANP)
– System used to direct telephone calls to a particular region
– Provides telephone numbering scheme
—- Three-digit area code
—- Seven-digit telephone number

Answer 148

A

Session Initiation Protocol (SIP)
– Call set up (INVITE) and terminate/transfer (BYE)
– Two types of messages (request and response)
– Port 5060
– Similar to TCP three-way handshake, but more steps
Realtime Transport Protocol (RTP)
– Media protocol
– Describes the packet format for the actual data

Answer 149

A

GSM (Global System for Mobile Communication)
– World standard
– Subscriber ID Module (SIM) cards used for different providers in different countries
TDMA (Time Division Multiplexing)
– American Standard
– Assigns each call a certain portion of time on a designated frequency
CDMA (Code Division Multiple Access)
– American Standard
– Gives a unique code to each call and spreads it over available frequencies
Network Data Technologies
– 1G
– 2G
– 3G
– 4G (Long Term Evolution, LTE)
– 5G

Answer 150

A

Physical Security
Network Security

Answer 151

A

Physical Security
Layer-2 Network Segregation
Layer-3 IP Segregation

Encryption

Voice over Secure IP (VoSIP)
– Unencrypted voice over encrypted network
Secure VoIP
– Encrypted voice over non-secure network
Secure Voice over Secure IP (SVoSIP)
Encrypted voice over Encrypted network

Answer 152

A

Physical Security
Mobile Device
– Patch Management
– Treat it like a computer
– Encryption
– Two-factor auth
—- Preferably not SMS due to ease of spoofing

Answer 153

A

Computerized system that is capable of gathering and processing data and applying operational controls over long distances
Used to control dispersed assets
Designed to collect field information, transfer it to central computer facility, and display to operator
Allows operator to monitor or control an entire system

Answer 154

A

Control achieved by intelligence that is distributed about the process to be controlled
Used to control production systems within the same geographic location
– Usually process control or discrete part control systems

Answer 155

A

Manufacturing Industries

Process-based
– Continuous manufacturing process
—- Runs continuously, often w/ transitions for different product grades
– Batch Manufacturing Process
—- Distinct processing steps
Discrete-based
– Series of steps on a single device to create an end product
Manufacturing systems usually located w/in confined area
– LAN

Distribution Industries

Used to control geographically dispersed assets
– Water distribution, gas pipelines, etc.
Distribution systems spread over large area
– WAN, wireless, RF

Answer 156

A

System of Systems
– multiple, independent systems combined to form larger more complex system
Interconnected and mutually dependent in complex ways
– Both physically and through info/comms
Cascading failure in electric power grid

Answer 157

A

Control Loops

Utilizes sensors, actuators, and controllers to manipulate some controlled process
– Sensors measure a physical property
– Controllers interpret the signal and generate corresponding variables
– Actuators (valves, switches, motors, etc.) directly manipulate the controlled process

Human-Machine Interface (HMI)

Used by operators/engineers to monitor/configure elements of controllers/actuators
Displays process status info and historical info

Remote Diagnostics

Used to prevent, ID, and recover from abnormal operation/failure

Answer 158

A

Control timing Requirements
– Wide range of time-related reqs
– Human reliability/consistency vs automated controllers
– Computation proximity to sensor (as close as possible)
Geographic Distribution
– Varying degrees of distribution
– Small local process control vs wide area/mobile comms
Hierarchy
– Provides human operators w/ comprehensive view
Control Complexity
– Reliance on controllers and preset algorithms
– Higher complexity requires human operators (such as ATC)
Availability
– High up-time reqs = more redundancy
Impact of failures
– What’s affected if system fails
– Higher impacts require continued ops through redundancy/degraded state ops
Safety
– Systems need ability to detect unsafe conditions
– Human oversight in safety critical ops

Answer 159

A

Control Center
Comm Equipment
Remote Terminal Units (RTUs)
Programmable Logic Controllers (PLC)

Answer 160

A

Primary controller in smaller control system configs, used to control discrete processes
– Ex: automobile assembly lines
Generally lack a central control server/HMI
– closed-loop control w/o human involvement

Answer 161

A

ICS control physical world
IT systems manage data
Different risks/priorities
Different performance/reliability reqs
ICS may use OSs and apps that may be unconventional in typical IT network

Answer 162

A

One of the most effective architectural concepts to protect ICS
Determine critical parts of network that need segregation
Goal is to minimize access to sensitive info
No system should be dual-NIC’d
Methods
– Logical Network Separation (minimum separation) (VLANs, VPNs, unidirectional gateways)
– Physical Network Separation
– Network Traffic Filtering (IP/route, ports, protocols, applications, etc.)

Answer 163

A

Transfer of info between domains = Risk
Boundary devices are key to enforcement of security policies
Can be used to isolate ICS and enterprise components
– Limits unauthorized info flow
Includes
– Gateways, routers, firewalls, IDS, etc.

Answer 164

A

Control flow of traffic between networks
Typically deployed between ICS and enterprise networks
All connections between networks should go through firewall
Special considerations:
– Possible addition of delay to ICS comms
– Lack of experience in the design of rule sets for ICS

Answer 165

A

Single security product can’t do it all
Utilize overlapping security mechanisms
– Firewall, DMZ, IDS, etc
– Policies, training, incident response, physical security
Requires a thorough understanding of adversary tactics

Answer 166

A

Deny all except for traffic absolutely required
– Difficult to implement in reality
– Basic premise
Best Practices (examples)
– Base rule set - deny all, permit none
– All “permit” rules should be address and port specific
– All rules should restrict traffic to specific IP or range

Answer 167

A

Disallow DNS requests
Disallow HTTP from public/corporate to the control network
Block TFTP, allow FTP for outbound sessions only
Use SSH over Telnet

Answer 168

A

Data Historians
Remote Support Access
Multicast Traffic
Unidirectional Gateways
Single Points of Failure
Redundancy and Fault Tolerance
Preventing Man-in-the-Middle Attacks
Authentication and Authorization
Monitoring, Logging, and Auditing
Incident Detection, Response, and System Recovery

Answer 169

A

Introduced because of incomplete, inappropriate, or nonexistent security policy
Ex:
– Inadequate security policy for ICS
– No formal ICS security training/awareness program
– Lack of redundancy for critical components

Answer 170

A

Can occur in hardware, firmware, and software
Can occur in large complex systems and networks
Sources:
– Design Flaws
– Development Flaws
– Misconfigurations
– Poor Maintenance
– Poor Administration
– Connections w/ other systems and networks

Answer 171

A

Architecture and Design
– Insecure architecture allowed to evolve; no security perimeter defined
Configuration and Maintenance
– Inadequate testing of security changes, data unprotected
Physical
– Unauthorized personnel have physical access
Software Development
– Improper Data Validation
Comm and Network Config
– Firewalls nonexistent or improperly configured

Answer 172

A

Denial of Control Action
Control Devices Reprogrammed
Spoofed System Status Info
Control Logic Manipulation
Safety Systems Modified
Malware on Control Systems

Answer 173

A

Adversarial Events
– Worcester Air Traffic Communications
– Stuxnet Worm
Structural Events
– CSX Train Signaling System
– Browns Ferry-3 PLC Failure
Environmental Events
– Fukushima Daiichi Nuclear Disaster
Accidental Events
– Vulnerability Scanner Incidents
– Penetration Testing Incident