CANES 2 Flashcards

Question 1

Q

Main references for CANES Core

Answer

A

CANES SW4 IETM – EE689-2X-IEM-004- AN/USQ-208C(V)

Question 2

Q

C5ISR

Answer

A

Navy Command, Control, Communications, Computers, Combat Systems, Intelligence, Surveillance, and Reconnaissance

Question 3

Q

Navy Command, Control, Communications, Computers, Combat Systems, Intelligence, Surveillance, and Reconnaissance (C5ISR) consists of:

Answer

A

Navy Command, Control, Communications, Computers, Combat Systems, Intelligence, Surveillance, and Reconnaissance (C5ISR) consists of:

Question 4

Q

2 CANES online resources

Answer

A

Naval Information Warfare Systems Command (NAVWAR) Acquisition Integrated Logistics Online Repository (SAILOR)
Navy Enterprise Service Desk (NESD)

Question 5

Q

CDS provides

Answer

A

Cross Domain Solutions (CDS) provides client access to the UNCLAS, SR, and SECRET enclaves
CDS Transfer Guard provides the capability to disseminate data from systems accredited at the same or lower classification levels
Sanitizes and downgrades data for release to systems withdifferent classification levels

Question 6

Q

Fault Isolation Strategy Six Step Process:

Answer

A

Recognize symptom(s)
Define symptom(s)
List probable faulty function
Localize the faulty function
Localize trouble to the faulty component
Analyze the failure

Question 7

Q

The hardware components used in CANES can be broken down into the following four functional areas:

Answer

A

Data Processing
Data Storage
Data Transfer
Power Distribution

Question 8

Q

Servers are installed in the CANES equipment racks and provide VMware vSAN storage for hoste apps and virtual machines.

Answer

A

The HP DL380 G10

Question 9

Q

One of this is the Witness server and is installed in the SECRET enclave only. It enables MAC-1 failover/failback to occur automatically.
As such it is considered critical equipment and must always remain powered on.

Answer

A

HP DL20 G10 this unit is located in the VTC rack (Unit 51 or 52) depending on the installation

Question 10

Q

Answer

A

Most likely not connected

Question 11

Q

The Line Console 0 (con 0) in the Cisco IOS represents the physical console port, and is configured via the Line Interface:

Answer

A

Access the Line Interface from Global Config Mode by typing: Line Con 0 followed by the Enter key
Changing the Line Interface configuration without required proper approvals in not authorized
To verify the configuration is unchanged from baseline settings
From Privileged EXEC mode type: show running-config | begin line
Compare the Line Con 0 configs to the ship’s network template

Question 12

Q

Viewing Local Accounts
Cisco Switch and Router

Answer

A

From Privilege EXEC mode, type: show run | include username
Verify local accounts list and privilege level

Question 13

Q

Cisco Default Privilege Levels

Answer

A

Level 0: log out, enable, disable, help, and exit commands
Level 1: Read-only access
Level 15: Full router or switch control

Question 14

Q

Cisco Local Account Creation

Answer

A

From Global Config mode, type: Username <new> privilege <privilege> password <new></new></privilege></new>

Local Account Deletion
From Global Config mode, type: no username <username></username>

Question 15

Q

Show Running Config | Section OSPF

Answer

A

command shows the OSPF section of the running configuration
Results can be used to compare baseline settings

Question 16

Q

Show IP OSPF Neighbors

Answer

A

command shows the state of adjacency; OSPF requires full adjacency to function
Results show ip address ospf neighbors’ connecting interface – the CANES Border Firewall interface that connects to the Backbone router-switch

Question 17

Q

Show IP OSPF Interface

Answer

A

command: shows OSPF information per interface

Question 18

Q

Show IP OSPF Database

Answer

A

command: shows all router IDs in the OSPF area

Question 19

Q

Show IP Route

Answer

A

command: shows directly connected, static, link local, and OSPF learned network routes

Question 20

Q

Exchange Troubleshooting
The _____ Diagram is a helpful resource when errors occur

Answer

A

Exchange Troubleshooting
The Email and Calendar Service Troubleshooting Fault Isolation Diagram is a helpful resource when errors occur

Question 21

Q

Exchange Toolbox is installed on

Answer

A

CANES EX01/02 and IAEXET

Question 22

Q

It is a Microsoft Management Console (MMC) snap-in that you can use to view information about and act on queues and messages in queues

Answer

A

Exchange Toolbox includes Queue Viewer

Question 23

Q

System Admins can use Queue Viewer to perform the following actions

Answer

A

Remove messages
Suspend messages
Resume messages
Redirect messages

Question 24

Q

Accessing Queue Viewer

Answer

A

Log in to IAEXET with System Administrator credentials
Navigate to Start > Microsoft Server Exchange 2016 > Exchange Toolbox and click on Queue Viewer
Click on Queue Viewer under Mailflow Tools

Question 25

Q

Exchange Troubleshooting (cont.)
There are five areas of importance

Answer

A

Network
Hardware
Services
Configurations
Off ship Connectivity

Question 26

Q

Exchange Troubleshooting
Configuration Items to monitor from the Security Information and Event Management (SIEM) or the Systems Center Operations Management (SCOM) dashboard

Answer

A

Mail transport - Replication
Name resolution service
Encryption Service - Processes
Message Application Programming Interface (MAPI) and Mail submission
Active Directory Remote Procedure Call (RPC) Access
Directory Inquiry
Rights management
Alternate client access for Standard Mail Transfer Protocol (SMTP) Clients
Active directory Global catalogue
EdgeSync
Hub transport
Directory Queries
Lightweight Directory Access Protocol (LDAP) global catalogue queries
Registry access
Clustering

Question 27

Q

CANES is preconfigured to support the implementation of River City procedures in all enclaves
There are four OPSECON groups

Answer

A

OPSECON 1 - CO, XO, CMC, TAO
OPSECON 2 - OPS, EMO, CHENG
OPSECON 3 - All Officers, All Chiefs
OPSECON 4 - E-6 and Junior

Question 28

Q

Generating and Exporting ACAS Report to VRAM

Answer

A

From ACAS SecurityCenter, navigate to Scans > Active Scans and select desired scan to upload
Select Post Scan and then select the report configured to publish
Click Submit to save the scan, and then navigate to Reporting Report > Results to access report
Select report and click Download to save locally with a meaningful name
Select Submit button and a dialog box is displayed, indicating the upload has been sent

Question 29

Q

Server that bypasses wsav

Question 30

Q

Encryption for CANES

Answer

A

Symantec Endpoint Encryption Manager > Symantec Endpoint Encryption Software Setup > Removable Media Encryption is used to restore removable drive encryption to reimaged computers

Question 31

Q

Disk encryption recovery with BitLocker:

Answer

A

BitLocker Recovery Key is found under Active Directory Users and Computers (ADUC) in the Trusted Platform Module (TPM)
Access the ADUC <FQDN> CANES Users and Computers > Computers
Select the computer and click on the BitLocker Recovery tab to find the BitLocker Recovery Key</FQDN>

Question 32

Q

All Federal DoD information systems are required to use devices protected by the _____ and maintain encryption standard of _____ encryption Federal Information Processing Standards (FIPS)-140-2n

Answer

A

All Federal DoD information systems are required to use devices protected by the TPM and maintain encryption standard of AES 256-bit encryption Federal Information Processing Standards (FIPS)-140-2n

Question 33

Q

SEE

Answer

A

Symantec Endpoint Encryption

Question 34

Q

Is used for hard drive encryption

Answer

A

Bitlocker

Question 35

Q

Is used for removable media encryption

Answer

A

WinZip Secure Burn

Question 36

Q

DAR

Answer

A

Data at rest

Question 37

Q

Three Bitlocker status

Answer

A

Protection Status 0 – Protection OFF
Protection Status 1 – Protection ON (Unlocked)
Protection Status 2 – Protection ON (Locked)

Question 38

Q

is used to restore removable drive encryption to reimaged computers

Answer

A

Symantec Endpoint Encryption Manager > Symantec Endpoint Encryption Software Setup > Removable Media Encryption

Question 39

Q

NCVI

Answer

A

Navy Certificate Validation Infrastructure

Question 40

Q

CLO

Answer

A

Cryptographic Logon

Question 41

Q

UNCLAS enclave CLO logon uses certificates on

Question 42

Q

SECRET enclave CLO logon uses a

Answer

A

Secret Internet Protocol Router Network (SIPRNet) Token

Question 43

Q

3 ways to login wsav CLI

Answer

A

Putty: port 22 SSH (wsav.<FQDN>)</FQDN>
vSphere: remote MRDS, vcsa select UNCLASS_WSAV
Remote MRDS: Cisco WSAV Management Console Shortcut

Question 44

Q

SCSM

Answer

A

Microsoft system Center Service Manager software that manages incidents and problems

Question 45

Q

View the connectors that transfer data to SCSM

Answer

A

MRDS01 > Microsoft System Center > Service Manager Console > Administration > Connectors

Question 46

Q

SCOM

Answer

A

System Center Operations Manager

Question 47

Q

SCOM uses _____ to monitor communication channels between an agent and its management server

Answer

A

If heartbeats stop, no data is transmitted to the management server
A heartbeat is a packet of data sent by an agent every 60 seconds
Three missed heartbeats generate an alert, prompting the management server to ping the computer
If the computer does not respond to the ping, an alert is generated

Question 48

Q

MECM

Answer

A

Microsoft Endpoint Configuration Manager

Question 49

Q

Are groups of devices or users that can be created so they can be managed as a group

Answer

A

Collections

Question 50

Q

MECM dashboards have several options to visually represent system data

Answer

A

Navigate to MECM > Monitoring > Overview > Client Status > Client > Activity Dashboard

Question 51

Q

SIEM and SAM are the names of Virtual Machines (VMs).
What are the applications installed on those VMs?

Answer

A

Sentinel Server and Sentinel Agent Manager are the applications installed on those VMs.

Question 52

Q

SIEM heartbeat checking

Answer

A

Checks heartbeat every five minutes
Analysis begins after 12 mins of no heartbeat
Unknown status after 18 days of no heartbeat

Question 53

Q

Sentinel is the security and system log collector and

Answer

A

analyzer application for CANES.

Question 54

Q

for SW4 is the addition of two VMs

Answer

A

New in NetIQ SIEM

Question 55

Q

Microsoft System Center > Operations Console.
If the Server name field is blank

Answer

A

type: EM01 and click Connect.

Question 56

Q

Troubleshooting VoSIP/VoIP Phones – Basic and Factory Reset (cont.)
Prerequisites for Factory Reset and steps

Answer

A

For SCI enclave, the phone must be on a DHCP-enabled network
For SCI enclave, a valid TFTP server must be set in DHCP option 150 or option 66
The term62.default.loads file or the term42.default.loads and the files specified in that file should be available on the TFTP server that is specified by the DHCP packet
Unplug the power cable from the phone and then plug it back in
While the phone is powering up, and before the speaker button flashes on and off, press and hold #
Continue to hold # until each line button flashes (amber) on and off in sequence
Release # and press 123456789*0#
Once the factory reset is completed, perform the steps in the IETM for Manual Cisco SCI VoIP Phone Configuration

Question 57

Q

VTC

Answer

A

Video Teleconference

Question 58

Q

Force-Level ships support VTC on:

Answer

A

UNCLAS
SECRET
Sensitive Compartmented Information (SCI)

Question 59

Q

CANES VTC service includes the Cisco Precision High Definition (HD) camera that works with the

Answer

A

Cisco WEBEX CODEC in SW4 to provide full teleconferencing services to CANES

Question 60

Q

VTC interfaces with Network Operations Center (NOC), Broadcast Control Authority (BCA), and

Answer

A

Force-level platforms to exchange audio and video

Question 61

Q

All SCI VTCs, except for the SCI VTC testing conducted by the Global Helpdesk, are scheduled through the

Answer

A

Joint Worldwide Intelligence Communications System (JWICS) VTC Scheduling system via http://vcwizard.dodiis.ic.gov
Download Rules of Engagement and VTC Scheduling guides
Open a web browser and navigate to: http://www.jwics.ic.gov
Download the VTC Scheduling Guide by clicking VTC Engineering > Documents tab > VTC Scheduling Guide
This document will assist with navigating the scheduling wizard to set up an SCI VTC

Question 62

Q

VTC VLANs

Answer

A

UNCLAS: VLAN 183
SECRET: VLAN 283
SCI: VLAN 513 (Force-level ships only)
SCI: VLAN 520 (Force-level ships only)

Question 63

Q

VTC Operations

Answer

A

Most teleconferences will use a gatekeeper, meaning participants will call into a central location to join the conference
It may be necessary to bypass the gatekeeper to do a point-to-point teleconference
Before any underway, the VTC should be tested to ensure that all equipment and the connectivity of the system is in good working order
Prior to any scheduled VTC, testing of the equipment should be done the day prior and at least 30 minutes before the call
River City conditions may have to be made to control how much bandwidth a platform uses during a VTC

Question 64

Q

World Wide Web Publishing service

Answer

A

is required for web browsing

Answer 63

A

check the databases are mounted in ex01 and ex02

Answer 64

A

User nationality might be wrong and the account has to be made again

Answer 65

A

MRDS01 > WSAV

Answer 66

A

check the service WWW

Answer 67

A

restart “Windows Time” service. run command w32tm /resync

Answer 68

A

Check network adapter from vSphere vcsa

Example in replication error check RODC

Answer 69

A

Restart from last snapshot in vShere vcsa

Answer 70

A

Restart from last snapshot in vShere vcsa

Answer 71

A

PeopleSoft D:Apps, PeopleSoft PIA, OracleServiceNEDB, Oracle…Listener

Answer 72

A

Clear browsing cache

Answer 73

A

Let admin know

Answer 74

A

Stop IMS message agent service
Stop process within IMS
Restart IMS message agent

Answer 75

A

Check mounted data base

Servers > data base > ellipsis

Answer 76

A

Check Queue Viewer in Exchange Toolbox

Answer 77

A

Active Directory Administrative Center

Answer 78

A

WSAV and Exchange

Answer 79

A

MRDS01 wsav.FDQN
Web security manager
Policy groups
Disable River City
by diabling all groups (1-4)
To set River City 1 disable policy river city 2, 3, 4

Answer 80

A

WSAV
monitor/wsa_user_report

Answer 81

A

MRDS01 wsav.FDQN
Web security manager
Policy groups
Disable River City
by diabling all groups (1-4)
To set River City 1 disable policy river city 2, 3, 4

Answer 82

A

Page 28 in PDF ACS 3.4 System Admin (CANES folder) <admin> sysadmin
- Will have to get to indicated directory
-omit services</admin>

Answer 83

A

_CANES install

Answer 84

A

vram.navy.mil per network
Cybersecurity Readiness
- Last date scan, total, current , valid, percent scanned, RA NRA VPH

Answer 85

A

Remediation Available, No RA
Vulnerability per Host

Answer 86

A

Detail View (windows updates/ sailor.com updates)

Answer 87

A

Print out take it to captain annotate it on special handling log

Answer 88

A

Cut power source
Report class and place to CSOOW
Test agent 45 second CO2 bottle
“The fire appears to be out”
Duty electrician determines when a Charlie fire is out
SIPR: COMMPLAN
Order of restoring: Enclosure 11 Overall restoral priority
Break down: Enclosure 12 Circuit Restoral Priority

Answer 89

A

Try closing valve

Answer 90

A

Visitor’s log
Message log
Crypto inventory

Answer 91

A

4-6 feet
45 seconds
test
ground

Answer 92

A

“The fire appears to be out”

Answer 93

A

Duty electrician

Answer 94

A

Enclosure 11, COMMS PLAN

Answer 95

A

Assured Compliance Assessment Solution

Answer 96

A

Discover what is in my network
Discover what vulnerabilities my systems have
Check if my systems are compatible with STIGs
Create reports on my assessments and vulnerabilities for CMRS

Answer 97

A

The Defense Information Systems Agency (DISA) is a combat support agency of the U.S. Department of Defense (DoD). It provides secure and reliable communications, IT solutions, and cybersecurity capabilities to enable command and control, information sharing, and decision-making for military forces and other government stakeholders. DISA plays a critical role in ensuring global connectivity and interoperability for the DoD.

Answer 98

A

A Security Technical Implementation Guide or STIG is a configuration standard consisting of cybersecurity requirements for a specific product. The use of STIGs enables a methodology for securing protocols within networks, servers, computers, and logical designs to enhance overall security.

Answer 99

A

Lightweight agent installed in the clients

Answer 100

A

Pushes updates, plugins, pulls results.

Answer 101

A

Trace Route
Port Scanner
Host TTL Discovered
Ping

Answer 102

A

Configuration
Implementation
Design

Answer 103

A

Poorly Configured Firewall Rules: Allow unnecessary or overly permissive traffic through a firewall, potentially enabling attackers to access sensitive services or systems.

Web Servers Displaying Directory Contents: When no index.html or equivalent file exists, the server may expose the directory listing, revealing file names and paths that could aid attackers in identifying exploitable files.

FTP Servers with Publicly Readable/Writeable Incoming Directories: Allow unauthorized users to upload and download files, which could lead to data leaks, malware distribution, or abuse of the server for malicious purposes.

Answer 104

A

Web Forms That Do Not Sanitize Data Before Passing It to a SQL Database: This can lead to SQL Injection attacks, where malicious input can manipulate database queries, potentially exposing or altering sensitive data.

Program That Allows for Buffer Overflows: A vulnerability where a program writes more data to a buffer than it can handle, potentially allowing attackers to overwrite memory, execute arbitrary code, or crash the system.

Websites That Allow XSS (Cross-Site Scripting) or CSRF (Cross-Site Request Forgery):

XSS: Exploits web pages to inject malicious scripts that run in a user’s browser, stealing cookies or sensitive data.
CSRF: Tricks a user into performing unwanted actions on a site where they are authenticated, potentially causing unauthorized changes or data exposure.

Answer 105

A

Telnet: A protocol for remote communication that transmits data, including credentials, in plain text. This lack of encryption makes it vulnerable to eavesdropping and credential theft.

FTP (File Transfer Protocol): Like Telnet, FTP transmits data, including usernames and passwords, in plain text, making it susceptible to interception by attackers.

Berkeley “r” Services (e.g., rsh, rlogin, rexec): These services rely on trust-based authentication (like hostname-based trust), which is weak and easily spoofed. They lack encryption, exposing communication to interception and abuse.

SSH v1 (Man-in-the-Middle Attack): The first version of SSH (Secure Shell) has flaws in its key exchange process, making it vulnerable to man-in-the-middle (MITM) attacks. An attacker can intercept and alter the communication between two parties without detection. SSH v2 addresses these vulnerabilities with improved encryption and authentication mechanisms.

Answer 106

A

Nessus Attack Scripting Language

Answer 107

A

Code used by the plugins NNM- Passive Analysis Script Language for Nessus Network Monitor or Passive Scanner

Answer 108

A

log files, HTTP traffic, login processes etc

Answer 109

A

Active Scanning:
Definition: Actively interacts with the target system by sending probes or requests to gather information.
Examples: Port scanning, vulnerability scanning, or sending queries to detect open ports or services.
Impact: Can be detected by intrusion detection systems (IDS) or security logs due to the direct interaction.
Use Case: Identifying specific vulnerabilities or open services on a system.

Passive Scanning:
Definition: Observes network traffic or system activity without directly interacting with the target.
Examples: Monitoring network traffic via packet sniffing or analyzing publicly available information.
Impact: Stealthy and less likely to be detected by security measures, as it does not generate noticeable traffic.
Use Case: Gathering intelligence without alerting the target, such as during reconnaissance.

Answer 110

A

Active Scanning:
How It Works: Actively probes devices on the network (e.g., via ping sweeps, port scans, or vulnerability scanners like Nessus).
Purpose: To identify open ports, services, misconfigurations, or vulnerabilities in real time.
Impact: Generates noticeable traffic on the network and may temporarily disrupt operations if scans are too aggressive.
Example Use Case: Testing for open ports, weak passwords, or outdated software.

Passive Scanning:
How It Works: Monitors and analyzes traffic passively without sending probes (e.g., using tools like Wireshark or network intrusion detection systems).
Purpose: To observe network activity, detect anomalies, and gather intelligence without affecting network performance.
Impact: Non-intrusive, with no risk of disrupting network operations.
Example Use Case: Monitoring for unauthorized devices or suspicious traffic patterns.

Answer 111

A

Data at Rest: Data stored on devices (e.g., hard drives, databases) and not actively moving. Protected via encryption and access controls.

Data in Motion: Data being transmitted over a network. Secured with encryption (e.g., TLS) to prevent interception.

Answer 112

A

Associated Nessus Scanner

Answer 113

A

In the context of Nessus, a plugin is a script or module that performs a specific check during a scan. Plugins are used to identify vulnerabilities, misconfigurations, or compliance issues. Each plugin is tailored to detect a particular condition, such as missing patches, outdated software, or weak configurations, using techniques like banner grabbing, file checks, or service analysis. Plugins are regularly updated by Tenable to include checks for newly discovered vulnerabilities.

Answer 114

A

Tenable generally releases Security Center and NNM updates quarterly, and Nessus updates are closer to monthly or bi-monthly

Answer 115

A

DISA plugin servers and the Patch Repositories (NIPR and SIPR) are updated daily. Contractually, plugins should be updated with IAVM data within 48 hours of the IAVM announcement. Note that not all Tenable products receive daily plugin updates from the COTS vendor, however sites should update plugins daily.

Answer 116

A

Port 443 (inbound)

Answer 117

A

Port 8834 (inbound)

Answer 118

A

Port 8835 (inbound)

Answer 119

A

Port 8834

Answer 120

A

Port 8835

Answer 121

A

Optional: Port 22

Answer 122

A

Default: Port 8834
Recommended: 8934

Answer 123

A

Default: Port 8834
Recommended: 8934

Answer 124

A

No firewall or restrictions

Answer 125

A

Nessus is a product developed by Tenable, Inc., which is the company behind its creation and ongoing development. Tenable provides various cybersecurity solutions, and Nessus is one of their key offerings focused on vulnerability scanning and assessment.

Answer 126

A

Continuous Monitoring and Risk Scoring

Answer 127

A

Tenable Security Center

Answer 128

A

IAVA stands for Information Assurance Vulnerability Alert. It is a notification issued by the U.S. Department of Defense (DoD) to address and mitigate security vulnerabilities that could pose a significant risk to DoD information systems.

Answer 129

A

“Launch”

Answer 130

A

“Feeds”

Answer 131

A

Group of IP address

Answer 132

A

In the context of Tenable Security Center, a repository is a data storage container that organizes and stores vulnerability and scan data.

Answer 133

A

Tenable updates plugins to both: DoD Patch Repository is manual, DISA Plugin server is automatically. Link for DoD Patch Repository link is available in the BPG

Answer 134

A

ACAS Kickstart

Answer 135

A

In Linux virtual machines

Answer 136

A

Policies
Zones
Organization (roles)
Plugins (scripts)

Answer 137

A

repository and and definition of scan zone

Answer 138

A

Credentials
Scan Schedule
Policy
Repository
Targets
Scan Zones (static IPs)

Answer 139

A

Scan Policy Settings Spreadsheet

Answer 140

A

Assets protected from scanning

Answer 141

A

Common ports

Answer 142

A

Reports > Reports Result > Check box > Download

Answer 143

A

BPG Appendix Q

Answer 144

A

Auditors will need to see no less than 90 days’ worth of scan data or report results that demonstrate the organization is consistently performing TASKORD compliance scanning. It is recommended to store report results offline or in other systems to demonstrate historical TASKORD compliance. This report can be used to show proof of 7 days’ worth of results that demonstrate the organization is consistently performing TASKORD compliance scanning. The report should be run weekly, 3 months prior to a CORA (previously called a CCRI.)

Answer 145

A

Distribution Tab

Answer 146

A

email addresses

Brainscape's Knowledge GenomeTM

CANES 2 Flashcards

Brainscape's Knowledge Genome^TM