9 - DCO Flashcards

Question 1

Q

Insider Threat
– Definition

Answer

A

Current or former employee, contractor, or business partner who has or had authorized access to an organization’s network, system, or data and used that access to affect CIA of data or information systems

Question 2

Q

Insider Threat
– Negative Impacts

Answer

A

Financial losses
Negative publicity
Loss of man-hours
Disruption of ops
Disruption of critical services
Mission downtime
Mission failure

Question 3

Q

Insider Threat
– Methods
– Prevention/Detection Challenges

Answer

A

Methods
– Logic bombs
– Backdoors
– Steal sensitive data
– Attack internal resources
Prevention/Detection Challenges
– Human behaviour/action is unpredictable
– Not detected by traditional security measures

Question 4

Q

Insider Threat
– Warning Signs
– Behavioural Indicators

Answer

A

Warning Signs
– Greed
– Abnormal introversion
– Financial hardship
– Vulnerability to blackmail
– Reduced loyalty to US
– Destructive, narcissistic, or passive aggressive behaviour
Behavioural Indicators
– Workers coming in at unusual times w/o authorization/need
– Accessing network at odd times
– Unnecessarily copying classified materials
– Signs of vulnerability to blackmail (drug abuse, excessive gambling, other illegal activities)

Question 5

Q

Insider Threat
– Detection and prevention techniques

Answer

A

Encryption
Data Loss Prevention
– Provides information about how sensitive data is used/transferred
Data Access Monitoring
– ID who is accessing what
– Correlate network activity to certain user
– ID user trends/software usage
Log Analysis
Data Redaction
Data Access Control

Question 6

Q

Data Access Control Types

Answer

A

Discretionary (DAC) - Owner specifies who has read/write/execute rights
Mandatory (MAC) - Access control policy determined by central authority; owner cannot change access rights
Role-Based (RBAC) - Access rights determined by user’s roles within an organization

Question 7

Q

External Threats
– Definition
– Examples

Answer

A

Attack originating from outside the organization’s network

Examples

Ransomware
– One of the fastest growing malware threats
E-mail/Spear-phishing
– Focused attack on specific, usually high-interest person
– Requires minimal cost/skill to execute
Unauthorized Media
– CDs, DVDs, USB, etc.
Unauthorized Physical Access
Direct Remote Attacks
– Attacks delivered via WiFi, Ethernet, RF, Bluetooth
Botnets
Web-Based Threats
– Drive-By Attack - attack delivered through seemingly legitimate website; attack of opportunity targeting vulnerabilities in browser/device
– Watering Hole Attack - Focused drive-by attack w/ specific target
– IFrame Redirect - Malicious content embedded in a webpage
– Fake Login Pages
– Browser Plug-in and Script-Based exploits
– SQL Injection
OS/Application based exploits
DNS Cache Poisoning
Pass-the-Hash
Remote Access Tools (RAT)
Zero-Day Exploits
N-Day Exploits

Question 8

Q

China (State Sponsored Threat)

Answer

A

Noisiest threat actor
Large attack volume
Lack sophistication/creativity, but effective

Question 9

Q

North Korea (State Sponsored Threat)

Answer

A

Cyber attacks are means to “level the playing ground” against more advanced forces
Common attacks
– Spear-phishing
– Watering hole
– Intel gathering

Question 10

Q

Russia (State Sponsored Threat)

Answer

A

Home to many advanced researchers
TTPs:
– Weaponized email attachments
– Varied attack patterns, exploits, exfil methods
– Extremely effective detection evasion
– HUMINT
Attributed malware
– Zeus
– Gozi
– SpyEye
– SpyZeus
– Ligats Trojans

Question 11

Q

Middle East (State Sponsored Threats)

Answer

A

Often creative, deceptive, or novel attack methods due to lack of sophistication/brute force capes

Question 12

Q

Iran (State Sponsored Threats)

Answer

A

Cutting Sword of Justice used “Shamoon” virus to attack Saudi oil company Aramco
Operation Ababil - DDoS attacks against US financial institutions, including NY Stock Exchange

Question 13

Q

Syria (State Sponsored Threats)

Answer

A

Syrian Electronic Army (SEA)
Loyal to Syrian President
Conducts DDoS, phishing, pro-Assad defacements, and spamming campaigns
Hacked AP, BBC, Financial Times, Guardian, NY Times, Twitter, etc.

Question 14

Q

Advanced Persistent Threat
– Definition

Answer

A

Anyone conducting cyber ops on behalf of a government body
Among the most dangerous cyber threats
Often large scale hacking campaigns
Receive funding/resources from gov

Question 15

Q

APT29
– Description
– Associated Malware
– Targets

Answer

A

Russia
Hides activity on victim’s network, communicating infrequently and resembling network traffic
Monitors network defender activity
Uses compromised servers for C2
Counters attack remediation attempts
Fast malware dev cycle to hinder detection
Associated Malware
– Hammertoss
– Uploader
– tDiscoverer
Targets
– Western European governments
– Foreign policy groups
– Orgs w/ valuable info for Russia

Question 16

Q

APT28
– Description
– Associated Malware
– Targets

Answer

A

Russia
Tsar Team (FireEye)
Skilled devs/operators collecting intel on defense/geopolitical issues
Gain insider info related to governments, military, and security orgs
Associated Malware
– Chopstick
– Sourface
Targets
– Georgia and eastern European countries
– NATO

Question 17

Q

Ordinary Citizens

Answer

A

Most common threat
– “Layer 8 Issue”
Weakest link
Home end-users, employees, etc.
Mostly passive

Question 18

Q

Script Kiddies

Answer

A

Vandals/graffiti artists of the internet
Inferior knowledge of programming/security
Motivated by short-term ego-gratification
Uses existing, well-known exploits/pre-made scripts
Little thought/concern about consequences

Question 19

Q

Hackers

Answer

A

Deeper knowledge/understanding of computer tech
Concerned w/ subtle details of OSs, algorithms, config files
Few in number, highly ambitious

Question 20

Q

Patriot Hackers

Answer

A

Motive - aid or support own nation-state in ongoing conflict
Common among Chinese hackers

Question 21

Q

Cyber Terrorists

Answer

A

Use computer/network technologies to carry out attacks and cause public fear
Ex: Islamic State Hacking Division

Question 22

Q

Malware Authors

Answer

A

Specialized black-hat
Dev original malware
Highly skilled in computer programming/detection evasion
Uses malware “creation kits” for custom malware

Question 23

Q

Cyber Militia

Answer

A

Group of volunteers using cyber attacks to achieve political goal
Uses common comm channels (social media, forums, etc.)
No monetary rewards for service

Question 24

Q

Cyber Hacktivists

Answer

A

Cyber militias that can, in some sense, be seen as cyberspace equivalent to Greenpeace activists or other groups carrying out acts of civil disobedience
Ex: Anonymous
Methods:
– Web site defacement
– Internet resource redirect
– DoS
– Info theft
– Web site parodies
– Virtual sit-ins
– Cyber sabotage

Question 25

Q

Criminal Syndicates

Answer

A

Most active in Eastern Europe and West Africa
Common in areas w/ high unemployment and low salaries
Motivated by money/power

Question 26

Q

BGP Threat

Answer

A

BGP can be manipulated to route traffic from one country to another

Question 27

Q

Supply Chain Threat

Answer

A

Threats exist in both production and distribution
Affect information and communication technology devices which are manufactured, assembled, and distributed from multiple individual components and numerous distributors
Affect hardware, software, and firmware components

Question 28

Q

Advanced Computing Technologies

Answer

A

High Performing Computing (HPC)
– Russia has 6 HPC systems
Quantum Computing

Question 29

Q

Cyber Intelligence Reports

Answer

A

Provide timely access to relevant, actionable threat intelligence, including:
– IOCs
– TTPs
– Recommended actions/counter attacks

Question 30

Q

Cyber Threat Information

Answer

A

Any information that can help an organization identify, assess, monitor, and respond to cyber threats

Question 31

Q

Cyber Threat Bulletin

Answer

A

Bi-weekly report from 616th Operations Center
Designed to keep AF members up to date
Strengthens SA of threats
Can be accessed through AF portal

Question 32

Q

Mandiant’s Annual Cyber Threat Report

Answer

A

Annual report using insights, statistics, and case studies to show how TTPs of APTs have evolved since 2014
Contains threat intel from millions of VMs
Aimed at better arming the public against cyber attackers
Includes global and regional threat intel

Question 33

Q

Symantec’s Security Response Publications

Answer

A

Worldwide team develops a variety of content on the latest threats
Publications include:
– Annual Threat Report
– Monthly Threat Report
– White Papers on an array of security topics

Question 34

Q

Government Agency Reports

Answer

A

DHS Publications
FBI Internet Crime Complaint Center (IC3) Report
DHS and FBI Joint Analysis Report (JAR-16-20296A)
– Provides technical details regarding tools and infrastructure used by Russia
– GRIZZLY STEPPE
– APT28 used spear phishing/stolen creds to compromise US political party

Question 35

Q

Adversary Activity
– Requirements/resources
– Results

Answer

A

Hardware, software, data, manpower
Results:
– Resources used
– TTPs captured
– Intel gained

Question 36

Q

Categories of Activity

Answer

A

Standard Operations - Activities performed consistently on a day-to-day basis to support multiple ongoing ops
Target Operations - Activities performed in support of an operation guided by a tasking

Question 37

Q

5 Adversarial Phases

Answer

A

Phase 0: Administer - Intent and resource development
Phase 1: Prepare - Reconnaissance and staging
Phase 2: Engage - Delivery and exploitation (and C2)
Phase 3: Propagate - Internal recon, lateral movement, persistence
Phase 4: Effect - Exfil and attack

Question 38

Q

Phase 0: Administer

Answer

A

Day to day/standard ops
Provides resources to drive targeted ops
National strategy + requirements = intent
Resource development
Tasking in preparation of ops

Question 39

Q

Phase 1: Prepare

Answer

A

Research on target
Infrastructure/capabilities set up
Various types of recon/scanning/staging

Question 40

Q

Phase 2: Engage

Answer

A

Adversary action to gain initial access
Delivery
Exploitation
C2
Covering Tracks
Beacon
Covert Channels

Question 41

Q

Phase 3: Propagate

Answer

A

Guarantee ongoing/robust access
Propagate and achieve maintained persistence
Internal recon
Hashdumping
Lateral movement
Network persistence
Covering tracks

Question 42

Q

Phase 4: Effect

Answer

A

Manipulation, DoS, destruction of systems
Exfil data
Data manipulation

Question 43

Q

Primary DCO Missions (3)

Answer

A

Defend networks, systems, and information
Prepare to defend the US and its interests against cyberattacks of significant consequence
Provide integrated cyber capabilities to support mil ops and contingency plans

Question 44

Q

Defend networks, systems, and information (DCO Mission)

Answer

A

Conduct ongoing defensive ops to securely operate the DoDIN
Quick response to indications of hostile activity
Majority of DoD’s ops in cyberspace

Question 45

Q

Prepare to Defend the US and its interests (DCO Missions)

Answer

A

If directed by POTUS/SECDEF, counter imminent/ongoing attacks
Synchronize capabilities w/ other gov agencies (Law enforcement, intel agencies)

Question 46

Q

Provide Integrated cyber capabilities ISO mil ops and contingencies (DCO Missions)

Answer

A

Ensure internet remains open, secure, and prosperous and conduct ops under doctrine of restraint to protect human lives and prevent destruction of property
Conduct cyber ops to deter or defeat strategic threats in other domains

Question 47

Q

Five Strategic Goals for DCO

Answer

A

Build and maintain ready forces and capabilities
Defend the DoDIN, secure DoD data, and mitigate risks
Prepare to defend US homeland and interests from cyber attacks
Build and maintain viable cyber options and plan to use those options to control conflict escalation and shape conflict environment
Build and maintain robust international alliances to deter shared threats/increase international security

Question 48

Q

Build and maintain ready forces and capabilities (Strategic Goals for DCO)

Answer

A

Build the cyber workforce
Build technical capabilities
Validate and refine adaptive C2
Cyber modeling and simulation capabilities
Assess Cyber Mission Force capabilities

Question 49

Q

Defend the DoDIN, secure DoD data/mitigate risks (Strategic Goals for DCO)

Answer

A

Build Joint Information Environment architecture
Assess and ensure JFHQ effectiveness
Mitigate known vulnerabilities
Assess DoD’s cyber defense forces
Improve Computer Network Defense Service effectiveness
Plan network defense and resilience
Red team DoD network defenses
Mitigate risk of insider threat
Exercise Defense Support of Civil Authorities
Strengthen procurement and acquisition
Build collaboration and respond to data loss
Use counterintel to defend against intrusions
Support whole-of-government policies and capes

Question 50

Q

Be prepared to defend the US Homeland and interests (Strategic Goals for DCO)

Answer

A

Develop intel and warning capabilities
Develop and exercise capes to defend the nation
Develop innovative approaches to defense
Develop automated info sharing tools
Assess cyber deterrence posture and strategy

Question 51

Q

Build and maintain robust international alliances and partnerships (Strategic Goals for DCO)

Answer

A

Build partner capacity in key regions
Counter proliferation of malware
Work w/ international partners to plan/train for cyber ops
Strengthen cyber dialogue w/ China

Question 52

Q

Encryption Classes (2)

Answer

A

Symmetric (Shared Key)
Asymmetric (Public Key)

Question 53

Q

Symmetric Encryption
– Types
– Examples

Answer

A

Stream Ciphers
– Encrypts 1 bit/byte at a time
– Faster and smaller
– RC4
Block Ciphers
– Breaks info down into blocks and encrypts each block
– Encrypts in fixed size blocks (commonly 64 bits)
– 3DES, AES

Question 54

Q

Hash Function
– Examples
– Applications

Answer

A

MD5
SHA
Password storage protection
Data integrity checks
Data file checksums

Question 55

Q

Cryptographic Goals

Answer

A

PAIN
Privacy (Confidentiality)
Authenticity
Integrity
Non-repudiation
– Proof of delivery and assurance of sender’s identity

Question 56

Q

Secure Enclave

Answer

A

Computing environment under control of a single authority
Has personnel and physical security measures
may include sub or regional enclaves
– Sub enclave - extension of private intranet

Question 57

Q

General Business LAN (Enclave Type)

Answer

A

Used w/in an organization performing a single function with multiple managed elements operating under the same security policy
Provide services to internal users (printing, email, etc.)
Provides limited/no publicly accessible resources/services

Question 58

Q

Network Operations Center (Enclave Type)

Answer

A

Single site performing management of multiple network enclave elements
Manage and monitor different networks
Provide geographic redundancy

Question 59

Q

Data Center (Enclave Type)

Answer

A

Enterprise level network that services multiple sites
Specialized, non-traditional LAN enclave
Provides distributed, high-performance application computing for globally distributed customers
Numerous users outside the Data Center’s General Business LAN

Question 60

Q

INFOCON 5

Answer

A

Routine network ops
Normal readiness
Create good baseline
No impact to users

Question 61

Q

INFOCON 4

Answer

A

Increases DoDIN preparation for exercises
Review profiles for dormant accounts
Increased validation frequency (checking systems against baseline)
Confirm network state (unaltered or compromised)
Limited impact to users

Question 62

Q

INFOCON 3

Answer

A

Further increase in validation frequency
Minor impact to end users

Question 63

Q

INFOCON 2

Answer

A

Higher frequency of validation
Pre-planning personnel training
Pre-positioning system rebuilding utilities
Significant impact to users for short periods

Question 64

Q

INFOCON 1

Answer

A

Highest readiness
Addresses higher level intrusion techniques (such as rootkits)
Significant impact to users for short periods

Answer 65

A

Best practice security measures
Basic integrity and availability requirements
Systems handle info necessary for day-to-day business
No support for deployed/contingency forces

Answer 66

A

Additional safeguards beyond best practices
High integrity and medium availability requirements
Systems handle info important to deployed and contingency ops

Answer 67

A

Most stringent protection measures
High integrity and high availability requirements
Systems handle info vital to operational readiness, mission effectiveness, and support of deployed and contingency forces

Answer 68

A

One of the most complex parts of network design, implementation, and management
Every site must have security policy to filter traffic from external connections
SIPRNet connections must comply with SIPRNet Connection Approval Office (SCAO) requirements
Must establish a MOU or MOA before connecting to another activity

Answer 69

A

Provide non-product specific requirements to mitigate commonly encountered vulnerabilities

Answer 70

A

Provide product specific information for compliance w/ requirements defined in the SRG
Published by DISA to assist sites in securing enclaves
Provide orgs w/ an overview of the applicable policy and docs required for a secure operating environment

Answer 71

A

Evaluates an organization’s compliance w/ DOD security orders and directives
Assesses
– Network vulnerabilities
– Physical and traditional security
– User education and awareness
Provides a more threat-focused, mission-based assessment
3 levels of effort to review operational risk
– Mission
– Threat
– Vulnerabilities
Four mission analysis phases
– Site Selection
– Scoping/pre-inspection
– Inspection
– Post-inspection

Answer 72

A

Required by all enclaves connecting to DISN
Initiated in parallel w/ request fulfillment process for new/additional connections

Answer 73

A

Scanning Engine
– Software doing the scan
Vulnerability Database
– Database of vulnerabilities being scanned

Answer 74

A

Outdated Components
– Firmware/software patches not pushed to network devices
Misconfiguration Issues
– Incorrectly configured firewall
– Misconfigured user accounts

Answer 75

A

TOMS
Testing
Operations
Maintenance
System Development

Answer 76

A

Research Honeypots
– Focused on gaining intelligence information about attackers and their TTPs
Production Honeypots
– Aimed at decreasing the risk to company IT resources and providing advance warning about incoming attacks

Answer 77

A

Network device hardware
Monitoring/logging tools
Management workstation
Alerting mechanism
Keystroke logger
Packet analyzer
Forensic tools

Answer 78

A

Detection of Events
Preliminary Analysis and Identification
Preliminary Response Action
Incident Analysis
Response and Recover
Post-Incident Response

Answer 79

A

Info gathered about potential incident/vulnerability and sent for analysis and response
The point where an anomalous or unusual cyber event is first noticed

Answer 80

A

Performing initial analysis of a detected cyber event to determine if it is reportable
Ensures incidents are properly ID’d and reported

Answer 81

A

Prevent a reportable event/incident from causing further damage
Maintain control of the affected IS(s)
Ensure forensically sound acquisition of data
Maintain and update incident report and actively communicate updates

Answer 82

A

Understand technical details, root cause(s), and potential impact of incident
Understand patterns of activity to characterize the threat
ID the root cause(s) through technical analysis

Answer 83

A

Mitigate the risk or threat
Restore integrity of the IS
Implement proactive and reactive defensive measures to prevent similar incidents

Answer 84

A

Lessons learned
Initial root cause
Problems w/ executing mission
Missing policies and procedures
Inadequate infrastructure defenses
After Action Report

Answer 85

A

CJCSM 6510.01B

Answer 86

A

0 - Training and Exercises
1 - Root Level Intrusion (Incident)
2 - User Level Intrusion (Incident)
4 - DoS (Incident)
7 - Malicious Logic (Incident)
3 - Unsuccessful Activity Attempt (Event)
5 - Non-compliance Activity (Event)
6 - Reconnaissance (Event)
8 - Investigating (Event)
9 - Explained Anomaly (Event)

Answer 87

A

Training and Exercises
Ops performed for training purposes and to support exercises

Answer 88

A

Root Level Intrusion (Incident)
Unauthorized root or admin access

Answer 89

A

User Level Intrusion (Incident)
Unauthorized user-level access

Answer 90

A

Unsuccessful Activity Attempt (Event)
Deliberate attempts to gain unauthorized access that are defeated by normal defensive mechanisms

Answer 91

A

Denial of Service (Incident)
Activity that denies, degrades, or disrupts normal functionality

Answer 92

A

Non-compliance Activity (Event)
Actions (or inaction) that potentially exposes ISs to increased risk
Also includes admin activity, such as failure to apply patches, installation of vulnerable apps, etc.

Answer 93

A

Reconnaissance (Event)
Activity that seeks to gather information used to characterize ISs, apps, etc.

Answer 94

A

Malicious Logic (Incident)
Installation of software designed and/or deployed by adversaries w/ malicious intentions
Only includes malicious code that does not provide remote interactive control

Answer 95

A

Investigating (Event)
Events that are potentially malicious or anomalous activity deemed suspicious and warrant, or are undergoing, further review

Answer 96

A

Explained Anomaly (Event)

Answer 97

A

The discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications, and storage devices in a way that is admissible as evidence in the court of law

Answer 98

A

Collection
– ID, label, record, and acquire data
Examination
– Forensically processing large amounts of collected data
Analysis
– Analyze the results of the examination to derive info that addresses the questions driving the analysis
Reporting
– Present the evidence and the results of teh analysis in a court of law

Answer 99

A

NIST 800-86
Provides orgs a starting point for developing a forensic capability, in conjunction with extensive guidance from legal advisors, law enforcement officials, and management

Answer 100

A

Gathering and reviewing of all info from or about the affected IS
May include:
– Logs
– Files
– Config settings
– Currently logged on users
– Past logins/connections
– Running processes
– Open files

Answer 101

A

Data that will be lost when IS loses power or is shut down (RAM, cache, system registers)
System Data:
– IS profile
– Current date/time
– Command history
– Current uptime
– Running processes
– Open files, startup files, clipboard data
– Logged on users
– DLLs or shared libraries
Network Data
– Open connections
– Open ports and sockets
– Routing info and config
– Network interface status and config
– ARP cache

Answer 102

A

Data on hard drives and removable storage which will not be lost when powered off
Includes:
– IS Log files
– Event viewer files
– Application logs
– Disk image

Answer 103

A

Windows
Suite of computer forensics software, commonly used by law enforcement
de-facto standard in forensics
Collects data in a forensically sound manner
– Employs checksums to help detect tampering

Answer 104

A

Windows
Easy-to-use file viewer that recognizes ~300 types of files
– May find evidence on most devices
Works with media images created by several imaging utilities

Answer 105

A

Unix
Popular, free, open source forensic software
Collection of command-line tools providing media management and forensics
Supports Mac partitions and file systems

Answer 106

A

Unix
Used by law enforcement, government, military, intel agencies, forensic examiners, and private investigators

Answer 107

A

Analyzing and capturing the capabilities of software artifacts suspected of being malicious code
Must:
– Handle with care
– Catalog all artifacts
– Analyze in an isolated environment

Answer 108

A

Quick checks to characterize the sample
Includes:
– File type ID
– String extraction
– Public source analysis
– Comparative analysis
May gain:
– Strings in binary files
– Hashes
– Antivirus detection status
– File sizes
– File type
– File attribute info

Answer 109

A

Controlled execution of malware in an isolated environment
May gain:
– Network touch points (IPs, protocols, ports, etc.)
– File system and registry activity
– Vulnerabilities or weaknesses
– System service daemon interactions
– Success of remediation techniques
– Suggestions of intent

Answer 110

A

Focuses on examining and interpreting the contents of a malware sample without execution or disassembly
Includes:
– Text files
– Web page scripts
– Source
– Binary (requires reverse engineering)

Answer 111

A

Operates in iterative manner where initial reqs drive early acquisition process

Answer 112

A

First formal study in requirements process
Includes:
– Defining capability required
– Gap analysis

Answer 113

A

Next step, if CBA recommends a material solution
Documents the need for a new material approach to satisfy specific capability gaps

Answer 114

A

Analytical comparison of the operational effectiveness, suitability, risk, and life cycle cost of alternatives
Helps decision-makers understand the tradespace for new material solutions

Answer 115

A

Describes the increment and provides an outline of the overall acquisition program strategy

Answer 116

A

Outlines an affordable increment of militarily useful, logistcally supportable, and technically mature capability that is ready for production

Answer 117

A

An alteration to a configuration item (CI) that, as a minimum, changes its form, fit, function, or interface

Answer 118

A

Dynamic, agile, risk-management-based problem solving approach
Balances critical operational needs against org resource requirements/priorities
Driven by rapidity with which cyber operational needs and vulnerabilities emerge
Provides flexible framework for innovative solutions to urgent needs

Answer 119

A

Type 1 - Immediate Needs
– Urgent mission-critical OCO, DCO, or DODIN/AFIN needs
Type 2 - Known Short-Term Future Needs
– Generate capabilities to meet critical future threats or known vulnerabilities in anticipation of future OCO, DCO, or other DODIN ops

Answer 120

A

ID service specific needs during a current conflict or crisis
If needs not met, will result in unacceptable loss
Goal is to deliver fielded capability w/in 180 days

Answer 121

A

Urgent need ID’d by warfighting commander that requires synchronization across multiple service/agency providers

Answer 122

A

Ensure DoD acquires systems that work and meet specified requirements
Provides knowledge of system design, capabilities, and limitations to the acquisition community
Evaluates the capability of the system to effectively accomplish its intended mission in a realistic mission environment while meeting technical specifications
Requires full understanding of joint operational concepts

Answer 123

A

ID and help resolve deficiencies and vulnerabilities early
Verify compliance w/ specifications, standards, and contracts
Characterize system performance and military utility
Assess quality and reliability
Determine system performance against evolving reqs/threats

Answer 124

A

Determines operational effectiveness and suitability
Determines if operational capability reqs have been satisfied
Assesses system impacts to both peacetime and combat ops
IDs and helps resolve deficiencies early; IDs enhancements; and evaluates config changes that alter performance

Answer 125

A

Evaluates and characterizes systems and sub systems in the cyber domain, and access pathways of said systems
Focuses on ID’ing vulnerabilities
Should consider threat and threat severity, likelihood of discovery, likelihood of attack, and system impact

Answer 126

A

Disassembling of malware and interpretation of assembly language
Only method of analysis that can produce a definitive or complete understanding of a malware sample
May gain:
– Manual unpacking of packing executable files
– Understanding of obfuscation/encryption techniques
– Malware capes
– Characterization of sophistication
– Comparison of capes across malware samples
– Algorithms used

Answer 127

A

Takes a program’s executable binary as input and generates textual files that contain the assembly language code for part/whole of a program

Answer 128

A

Allow software developers to observe their program while it’s running
Basic features
– Ability to set breakpoints
– Ability to trace through code

Answer 129

A

Program that converts instructions into a machine-code or lower-level form so that it can be executed by a computer
Turns the ASCII source code into a binary

Answer 130

A

Tries to reverse compilation and turn a binary file back into readable high-level source code