Book 2

Question 1

State the function of JTF-GNO and discuss their relationship with NNWC

Answer 1

Plans, coordinates, integrates, synchronizes, and conducts activities to direct the operations and defense of specified DoD information networks. USCYBERCOM issues Orders & Directives to DoD and NNWC pushes them out to the Navy

Question 2

Who is currently designated as the Navy’s Level 2 accredited CNDSP?

Answer 2

NCDOC

Question 3

State who JTF-GNO reports to directly:

Answer 3

USSTRATCOM

Question 4

Explain what a CNDS Certification Authority (CNDS/CA) is.

Answer 4

Responsible for CNDSP Accreditation

Question 5

Explain who the central manager for all DoD Enterprise incident sets is.

Answer 5

DISA

Question 6

State who the Area Coordinators are for NCDOC and NNWC.

Answer 6

SWO, BWC, and DCOWO

Question 7

State who has TACON of NCDOC watch floor personnel and is responsible directly to the Commanding Officer, Operations Officer, and the Commander USSTRATCOM, via the JTF-GNO Network Defense Watch Officer.

Answer 7

Commanding Officer of 10th Fleet

Question 8

Name the DoD agency that is tasked with handling Electronic Spillage issues and incidents.

Answer 8

NCDOC/NNWC

Question 9

In the event of Electronic Spillage originating at NCDOC, list the personnel or agencies that should be contacted in order.

Answer 9

NCDOC watch standers create ticket. ISSM and SSO is informed.

Question 10

State who has tactical control over NCDOC and NNWC:

Answer 10

10th Fleet

Question 11

JTF-GNO is dual-hatted IRT CND operations at NCDOC and NNWC. Explain what these two positions are.

Answer 11

CO is commander of NCDOC and CTF 1020 (NIOCS, NCTAMS, etc.)

Question 12

State who, by direction of the Operations Officer, is responsible to the Commanding Officer for the assignment and general supervision of all NCDOC watch standers.

Answer 12

SWO (Senior Watch Officer)

Question 13

List the duties and responsibilities of the Senior Watch Officer (SWO)

Answer 13

Manning of the watch, delegate tasks to DCOWO, as well as liaise with BWC from NNWC.

Question 14

Define Computer Network Attack (CNA).

Answer 14

Operations to disrupt, deny, degrade, or destroy information resident on computers and computer networks or the computers and networks themselves

Question 15

Explain the standard reporting procedures for reporting a computer network incident

Answer 15

Depends on the type of incident as to overall mitigation, however, CER is created, analysis is conducted of activity, PCAP is pulled as necessary, and upon QC, an NCD is created and passed to Incident Handling to be communicated to site for remediation

Question 16

Define deconfliction as it applies to CND operations

Answer 16

Deconfliction is the communication that occurs between NCDOC and satellite locations (other NIOCs, EDU sites, etc.) to ensure that duplicate efforts are eliminated.

Question 17

Define Incident Handling as it applies to Computer Network Operations (CNO).

Answer 17

Provides CND with the following:
1. Protect
2. Monitor, analyze, and detect
3. Respond

Question 18

List the four phases of CNDS Certification and Accreditation:
Phase 1

Answer 18

Registration: initiates the CNDS C&A process

Question 19

List the four phases of CNDS Certification and Accreditation:
Phase 2

Answer 19

Verification: includes activities related to the on-site C&A evaluation.

Question 20

List the four phases of CNDS Certification and Accreditation:
Phase 3

Answer 20

Validation: the evaluation team prepares a Deficiency Report and a Certification Report for CNDSICA review.

Question 21

List the four phases of CNDS Certification and Accreditation:
Phase 4

Answer 21

Post Accreditation: includes activities by the Provider to maintain C&A status, monitor changes to the CNDS mission, and prepare and apply for recertification.

Question 22

State what the Commander’s Critical Information Requirements (CCIR) identify

Answer 22

Identify events that require immediate or time-sensitive reporting or notification

Question 23

State what a NAR is, and name what department creates and maintains them.

Answer 23

Network Analysis Report, Threat Analysis is typically tasked with their creation and maintenance.

Question 24

List the four steps in creating a Network Analysts Report

Answer 24

1. Assessment
2. Research
3. Analysis
4. Reporting

Question 25

Explain what a Cyber Alert is (CA).

Answer 25

Provides initial analysis of unusual activity, threats, or mass malware outbreaks on the Navy Network. This type of report serves as a time sensitive notification for mitigation of potential threats, and may include preliminary, unfinished assessments.

Question 26

Name where listings of all NAR’s, CA’s, and CCIR’s can be found?

Answer 26

Within the SIPR Threat Analysis share folder.

Question 27

List the 3 firewall types used to protect Navy Networks

Answer 27

1. Network firewalls
2. Host-based firewalls
3. Hybrid firewalls (combination of network & host-based)

Question 28

Explain what an Intrusion Detection System is (IDS) and what mode it functions in.

Answer 28

Is a passive system designed to monitor network activity and operates in promiscuous mode.

Question 29

Explain what an Intrusion Prevention System is (IPS) and what mode it functions in.

Answer 29

Is an active system that monitors network activity and makes attempts to stop potential attacks and operates in inline mode

Question 30

State what Thinnet (10Base2) is.

Answer 30

Uses coaxial cable with BNC connectors. Maximum transmission speed of 10Mbps, IEEE 802.3 standard.

Question 31

Class A IP Range

Answer 31

1.0.0.0 to 126.255.255.25

Question 32

Class B IP Range

Answer 32

128.0.0.0 to 191.255.255.255

Question 33

Class C IP Range

Answer 33

192.0.0.0 to 223.255.255.255

Question 34

OSI to TCP/IP:
Transportation

Answer 34

Transportation

Question 35

OSI to TCP/IP:
DATA

Answer 35

Application, Presentation, Session

Question 36

OSI to TCP/IP:
Internet

Answer 36

Network

Question 37

OSI to TCP/IP:
Network Interface

Answer 37

Physical & Data Link

Question 38

List 2 types of fiber mode.

Answer 38

1. Single-mode Fiber
2. Multi-mode Fiber

Question 39

Name the most secure transmission medium

Answer 39

Fiber optics

Question 40

Explain the difference between Vulnerability and Exploit.

Answer 40

1. Vulnerability is a weakness that could potentially be taken advantage of by an attacker.
2. Exploit is the act of taking advantage of a vulnerability.

Question 41

Describe two methods of attachment filtering

Answer 41

1. Filtering based on file name or file name extension.
2. Filtering based on file MIME content type.

Question 42

With reference to network security, explain what is meant by CIA.

Answer 42

1. Confidentiality
2. Integrity
3. Availability

Question 43

Explain the importance of log file analysis

Answer 43

Looking at logs proactively helps organizations to better realize the value of their existing security infrastructure

Question 44

State why Network Defense important

Answer 44

To manage and protect information through logical security with system configurations, passwords & data encryption

Question 45

Define “Defense in Depth”.

Answer 45

A practical strategy for achieving Information Assurance in today’s highly networked environments. It is a “best practices” strategy. Add Layers of security.

Question 46

State the current reporting system for IAVM compliancy

Answer 46

Vulnerability Remediation Asset Manager (VRAM)

Question 47

Define RC-4

Answer 47

most used stream cipher use in protocols such as SSL and WEP

Question 48

Define RC-6

Answer 48

symmetric key block cipher derived from RC-5. Meets AES requirements and supports 128, 192, and 256-bit keys. 128-bit block size.

Question 49

Define SHA-1

Answer 49

Secure Hash Algorithm. Cryptographic hash function designed by NSA, most widely used of the SHA has functions. Produces 160-bit message digest

Question 50

Define AES

Answer 50

Advanced Encryption Standard. Symmetric-key encryption standard. Comprises three block ciphers, AES-128, AES-192, and AES-256. Originally published as Rijndael, which was a 128-bit block size

Question 51

Define Blowfish

Answer 51

a keyed, symmetric block cipher. 64-bit block size with a variable key length from 1 bit up to 448 bits

Question 52

3-DES IRT

Answer 52

Triple Data Encryption Algorithm, block cipher which applies the Data Encryption Standard (DES). Uses a key bundle which uses three keys, each of 56 bits. Encrypts one block of 64 bits of data.

Question 53

List the most commonly known types and columns of Log Server File Analysis (Splunk)

Answer 53

a. Date
b. Time
c. Source IP address
d. Destination IP address
e. Domain Name
f. HTTP Response Code
g. URI
h. Port
i. Protocol

Question 54

State who has overall responsibility of Information Assurance Vulnerability Management (IAVM)

Answer 54

Assistant Secretary of Defense (Networks & Information Integration)

Question 55

Who can serve as the Command Security Manager:

Answer 55

a. Every command in the Navy and Marine Corps eligible to receive classified information is required to designate a security manager in writing.
b. Anyone who is a GS-11 or above, or an officer appointed by the Commanding Officer can be a CSM. The CO must sign a designation letter officially appointing someone to be responsible as the CSM.

Question 56

Command Security Manager duties.

Answer 56

a. Serves as the commanding officer’s advisor and direct representative in matters pertaining to the security of classified information held at the command as well as the eligibility of personnel to access classified information and to be assigned to sensitive duties.
b. Develops written command information and personnel security procedures, including an emergency plan which integrates emergency destruction bills where required.
c. Formulates and coordinates the command’s security awareness and education program.
d. Ensures all personnel execute a Classified Information Nondisclosure Agreement (SF 312) prior to granting initial access to classified information.

Question 57

Define the following message codes
(R),(P),(O),(Z)

Answer 57

A. R Routine – within 6 hours
B. P Priority – within 3 hours
C. O Immediate – within 30 minutes
D. Z Flash – within 10 minutes

Question 58

Name the current system for transmitting naval messages.

Answer 58

C2OIX

Question 59

State what a Plain Language Address is (PLA) and what its purpose is.

Answer 59

Used to address Naval Messages to specific commands

Question 60

State the primary difference between IPV-4 and IPV-6.

Answer 60

IPV-6 offers a larger number of IP addresses than IPV-4

Question 61

Give the purpose of Active Directory.

Answer 61

Provides Domain Services, Rights Management Services, Federation Services, Certificate Services, and Lightweight Directory Services. Integrated with Windows Server, gives out-of-the-box functionality needed to centrally configure and administer system, user, and application settings.

Question 62

State the purpose of the token ring protocol and the IEEE standard associated with it.

Answer 62

Token ring LAN technology is a local area network protocol which resides at the data-link layer of the OSI model. It uses a special three-byte frame called a token that travels around the ring. One system transmits what it needs to and passes that information and the token to the next computer in line until its data reaches its destination. This is one of the oldest data communication protocols and utilizes IEEE 802.5.

Question 63

State what IEEE is and state its purpose.

Answer 63

IEEE’s (Institute of Electrical and Electronics Engineers) core purpose is to foster technological innovation and excellence for the benefit of humanity. The main function of IEEE is to create a set of standards for the interoperability of equipment and software to enable the sharing of information. This includes the prominent IEEE 802.11 standards for wireless networking.