CANES 2

Question 1

Main references for CANES Core

Answer 1

CANES SW4 IETM – EE689-2X-IEM-004- AN/USQ-208C(V)

Question 2

C5ISR

Answer 2

Navy Command, Control, Communications, Computers, Combat Systems, Intelligence, Surveillance, and Reconnaissance

Question 3

Navy Command, Control, Communications, Computers, Combat Systems, Intelligence, Surveillance, and Reconnaissance (C5ISR) consists of:

Answer 3

Navy Command, Control, Communications, Computers, Combat Systems, Intelligence, Surveillance, and Reconnaissance (C5ISR) consists of:

Question 4

2 CANES online resources

Answer 4

Naval Information Warfare Systems Command (NAVWAR) Acquisition Integrated Logistics Online Repository (SAILOR)
Navy Enterprise Service Desk (NESD)

Question 5

CDS provides

Answer 5

Cross Domain Solutions (CDS) provides client access to the UNCLAS, SR, and SECRET enclaves
CDS Transfer Guard provides the capability to disseminate data from systems accredited at the same or lower classification levels
Sanitizes and downgrades data for release to systems withdifferent classification levels

Question 6

Fault Isolation Strategy Six Step Process:

Answer 6

• Recognize symptom(s)
• Define symptom(s)
• List probable faulty function
• Localize the faulty function
• Localize trouble to the faulty component
• Analyze the failure

Question 7

The hardware components used in CANES can be broken down into the following four functional areas:

Answer 7

Data Processing
Data Storage
Data Transfer
Power Distribution

Question 8

Servers are installed in the CANES equipment racks and provide VMware vSAN storage for hoste apps and virtual machines.

Answer 8

The HP DL380 G10

Question 9

One of this is the Witness server and is installed in the SECRET enclave only. It enables MAC-1 failover/failback to occur automatically.
As such it is considered critical equipment and must always remain powered on.

Answer 9

HP DL20 G10 this unit is located in the VTC rack (Unit 51 or 52) depending on the installation

Question 10

Answer 10

Most likely not connected

Question 11

The Line Console 0 (con 0) in the Cisco IOS represents the physical console port, and is configured via the Line Interface:

Answer 11

Access the Line Interface from Global Config Mode by typing: Line Con 0 followed by the Enter key
Changing the Line Interface configuration without required proper approvals in not authorized
To verify the configuration is unchanged from baseline settings
From Privileged EXEC mode type: show running-config | begin line
Compare the Line Con 0 configs to the ship’s network template

Question 12

Viewing Local Accounts
Cisco Switch and Router

Answer 12

From Privilege EXEC mode, type: show run | include username
Verify local accounts list and privilege level

Question 13

Cisco Default Privilege Levels

Answer 13

Level 0: log out, enable, disable, help, and exit commands
Level 1: Read-only access
Level 15: Full router or switch control

Question 14

Cisco Local Account Creation

Answer 14

From Global Config mode, type: Username <new> privilege <privilege> password <new></new></privilege></new>

Local Account Deletion
From Global Config mode, type: no username <username></username>

Question 15

Show Running Config | Section OSPF

Answer 15

command shows the OSPF section of the running configuration
Results can be used to compare baseline settings

Question 16

Show IP OSPF Neighbors

Answer 16

command shows the state of adjacency; OSPF requires full adjacency to function
Results show ip address ospf neighbors’ connecting interface – the CANES Border Firewall interface that connects to the Backbone router-switch

Question 17

Show IP OSPF Interface

Answer 17

command: shows OSPF information per interface

Question 18

Show IP OSPF Database

Answer 18

command: shows all router IDs in the OSPF area

Question 19

Show IP Route

Answer 19

command: shows directly connected, static, link local, and OSPF learned network routes

Question 20

Exchange Troubleshooting
The _____ Diagram is a helpful resource when errors occur

Answer 20

Exchange Troubleshooting
The Email and Calendar Service Troubleshooting Fault Isolation Diagram is a helpful resource when errors occur

Question 21

Exchange Toolbox is installed on

Answer 21

CANES EX01/02 and IAEXET

Question 22

It is a Microsoft Management Console (MMC) snap-in that you can use to view information about and act on queues and messages in queues

Answer 22

Exchange Toolbox includes Queue Viewer

Question 23

System Admins can use Queue Viewer to perform the following actions

Answer 23

Remove messages
Suspend messages
Resume messages
Redirect messages

Question 24

Accessing Queue Viewer

Answer 24

Log in to IAEXET with System Administrator credentials
Navigate to Start > Microsoft Server Exchange 2016 > Exchange Toolbox and click on Queue Viewer
Click on Queue Viewer under Mailflow Tools

Question 25

Exchange Troubleshooting (cont.)
There are five areas of importance

Answer 25

Network
Hardware
Services
Configurations
Off ship Connectivity

Question 26

Exchange Troubleshooting
Configuration Items to monitor from the Security Information and Event Management (SIEM) or the Systems Center Operations Management (SCOM) dashboard

Answer 26

Mail transport - Replication
Name resolution service
Encryption Service - Processes
Message Application Programming Interface (MAPI) and Mail submission
Active Directory Remote Procedure Call (RPC) Access
Directory Inquiry
Rights management
Alternate client access for Standard Mail Transfer Protocol (SMTP) Clients
Active directory Global catalogue
EdgeSync
Hub transport
Directory Queries
Lightweight Directory Access Protocol (LDAP) global catalogue queries
Registry access
Clustering

Question 27

CANES is preconfigured to support the implementation of River City procedures in all enclaves
There are four OPSECON groups

Answer 27

OPSECON 1 - CO, XO, CMC, TAO
OPSECON 2 - OPS, EMO, CHENG
OPSECON 3 - All Officers, All Chiefs
OPSECON 4 - E-6 and Junior

Question 28

Generating and Exporting ACAS Report to VRAM

Answer 28

From ACAS SecurityCenter, navigate to Scans > Active Scans and select desired scan to upload
Select Post Scan and then select the report configured to publish
Click Submit to save the scan, and then navigate to Reporting Report > Results to access report
Select report and click Download to save locally with a meaningful name
Select Submit button and a dialog box is displayed, indicating the upload has been sent

Question 29

Server that bypasses wsav

Answer 29

ADNS

Question 30

Encryption for CANES

Answer 30

Symantec Endpoint Encryption Manager > Symantec Endpoint Encryption Software Setup > Removable Media Encryption is used to restore removable drive encryption to reimaged computers

Question 31

Disk encryption recovery with BitLocker:

Answer 31

BitLocker Recovery Key is found under Active Directory Users and Computers (ADUC) in the Trusted Platform Module (TPM)
Access the ADUC <FQDN> CANES Users and Computers > Computers
Select the computer and click on the BitLocker Recovery tab to find the BitLocker Recovery Key</FQDN>

Question 32

All Federal DoD information systems are required to use devices protected by the _____ and maintain encryption standard of _____ encryption Federal Information Processing Standards (FIPS)-140-2n

Answer 32

All Federal DoD information systems are required to use devices protected by the TPM and maintain encryption standard of AES 256-bit encryption Federal Information Processing Standards (FIPS)-140-2n

Question 33

SEE

Answer 33

Symantec Endpoint Encryption

Question 34

Is used for hard drive encryption

Answer 34

Bitlocker

Question 35

Is used for removable media encryption

Answer 35

WinZip Secure Burn

Question 36

DAR

Answer 36

Data at rest

Question 37

Three Bitlocker status

Answer 37

Protection Status 0 – Protection OFF
Protection Status 1 – Protection ON (Unlocked)
Protection Status 2 – Protection ON (Locked)

Question 38

is used to restore removable drive encryption to reimaged computers

Answer 38

Symantec Endpoint Encryption Manager > Symantec Endpoint Encryption Software Setup > Removable Media Encryption

Question 39

NCVI

Answer 39

Navy Certificate Validation Infrastructure

Question 40

CLO

Answer 40

Cryptographic Logon

Question 41

UNCLAS enclave CLO logon uses certificates on

Answer 41

the CAC

Question 42

SECRET enclave CLO logon uses a

Answer 42

Secret Internet Protocol Router Network (SIPRNet) Token

Question 43

3 ways to login wsav CLI

Answer 43

• Putty: port 22 SSH (wsav.<FQDN>)</FQDN>
• vSphere: remote MRDS, vcsa select UNCLASS_WSAV
• Remote MRDS: Cisco WSAV Management Console Shortcut

Question 44

SCSM

Answer 44

Microsoft system Center Service Manager software that manages incidents and problems

Question 45

View the connectors that transfer data to SCSM

Answer 45

MRDS01 > Microsoft System Center > Service Manager Console > Administration > Connectors

Question 46

SCOM

Answer 46

System Center Operations Manager

Question 47

SCOM uses _____ to monitor communication channels between an agent and its management server

Answer 47

If heartbeats stop, no data is transmitted to the management server
A heartbeat is a packet of data sent by an agent every 60 seconds
Three missed heartbeats generate an alert, prompting the management server to ping the computer
If the computer does not respond to the ping, an alert is generated

Question 48

MECM

Answer 48

Microsoft Endpoint Configuration Manager

Question 49

Are groups of devices or users that can be created so they can be managed as a group

Answer 49

Collections

Question 50

MECM dashboards have several options to visually represent system data

Answer 50

Navigate to MECM > Monitoring > Overview > Client Status > Client > Activity Dashboard

Question 51

SIEM and SAM are the names of Virtual Machines (VMs).
What are the applications installed on those VMs?

Answer 51

Sentinel Server and Sentinel Agent Manager are the applications installed on those VMs.

Question 52

SIEM heartbeat checking

Answer 52

Checks heartbeat every five minutes
Analysis begins after 12 mins of no heartbeat
Unknown status after 18 days of no heartbeat

Question 53

Sentinel is the security and system log collector and

Answer 53

analyzer application for CANES.

Question 54

for SW4 is the addition of two VMs

Answer 54

New in NetIQ SIEM

Question 55

Microsoft System Center > Operations Console.
If the Server name field is blank

Answer 55

type: EM01 and click Connect.

Question 56

Troubleshooting VoSIP/VoIP Phones – Basic and Factory Reset (cont.)
Prerequisites for Factory Reset and steps

Answer 56

For SCI enclave, the phone must be on a DHCP-enabled network
For SCI enclave, a valid TFTP server must be set in DHCP option 150 or option 66
The term62.default.loads file or the term42.default.loads and the files specified in that file should be available on the TFTP server that is specified by the DHCP packet
Unplug the power cable from the phone and then plug it back in
While the phone is powering up, and before the speaker button flashes on and off, press and hold #
Continue to hold # until each line button flashes (amber) on and off in sequence
Release # and press 123456789*0#
Once the factory reset is completed, perform the steps in the IETM for Manual Cisco SCI VoIP Phone Configuration

Question 57

VTC

Answer 57

Video Teleconference

Question 58

Force-Level ships support VTC on:

Answer 58

UNCLAS
SECRET
Sensitive Compartmented Information (SCI)

Question 59

CANES VTC service includes the Cisco Precision High Definition (HD) camera that works with the

Answer 59

Cisco WEBEX CODEC in SW4 to provide full teleconferencing services to CANES

Question 60

VTC interfaces with Network Operations Center (NOC), Broadcast Control Authority (BCA), and

Answer 60

Force-level platforms to exchange audio and video

Question 61

All SCI VTCs, except for the SCI VTC testing conducted by the Global Helpdesk, are scheduled through the

Answer 61

Joint Worldwide Intelligence Communications System (JWICS) VTC Scheduling system via http://vcwizard.dodiis.ic.gov
Download Rules of Engagement and VTC Scheduling guides
Open a web browser and navigate to: http://www.jwics.ic.gov
Download the VTC Scheduling Guide by clicking VTC Engineering > Documents tab > VTC Scheduling Guide
This document will assist with navigating the scheduling wizard to set up an SCI VTC

Question 62

VTC VLANs

Answer 62

UNCLAS: VLAN 183
SECRET: VLAN 283
SCI: VLAN 513 (Force-level ships only)
SCI: VLAN 520 (Force-level ships only)

Question 63

VTC Operations

Answer 63

Most teleconferences will use a gatekeeper, meaning participants will call into a central location to join the conference
It may be necessary to bypass the gatekeeper to do a point-to-point teleconference
Before any underway, the VTC should be tested to ensure that all equipment and the connectivity of the system is in good working order
Prior to any scheduled VTC, testing of the equipment should be done the day prior and at least 30 minutes before the call
River City conditions may have to be made to control how much bandwidth a platform uses during a VTC

Question 64

World Wide Web Publishing service

Answer 64

is required for web browsing

Question 65

Half of people by name have issues with exchange

Answer 65

check the databases are mounted in ex01 and ex02

Question 65

A new user doesn’t have access to USA User folders

Answer 65

User nationality might be wrong and the account has to be made again

Question 66

Where to edit river city?

Answer 66

MRDS01 > WSAV

Question 67

Web App doesn’t open

Answer 67

check the service WWW

Question 68

Server time is out of sync

Answer 68

restart “Windows Time” service. run command w32tm /resync

Question 69

Remote Procedure Call Error

Answer 69

Check network adapter from vSphere vcsa

Example in replication error check RODC

Question 70

Quickest trouble shoot procedure when server goes down

Answer 70

Restart from last snapshot in vShere vcsa

Question 71

Quickest trouble shoot procedure when server goes down

Answer 71

Restart from last snapshot in vShere vcsa

Question 72

Services to check in NSIPS server (4)

Answer 72

PeopleSoft D:Apps, PeopleSoft PIA, OracleServiceNEDB, Oracle…Listener

Question 73

User’s browser fix for NSIPS

Answer 73

Clear browsing cache

Question 74

If account does’t show at “create user” after NSIPS “NSIPS Self-Service (New Users)”

Answer 74

Let admin know

Question 75

IMS bandaid

Answer 75

Stop IMS message agent service
Stop process within IMS
Restart IMS message agent

Question 76

People cannot access their emails

Answer 76

Check mounted data base

Servers > data base > ellipsis

Question 77

View if anything is stuck in the outbox que

Answer 77

Check Queue Viewer in Exchange Toolbox

Question 78

For in-depth Exchange settings
Create Scripts

Answer 78

Active Directory Administrative Center

Question 79

2 River City components

Answer 79

WSAV and Exchange

Question 80

How to access WSAV

Answer 80

MRDS01 wsav.FDQN
Web security manager
Policy groups
Disable River City
by diabling all groups (1-4)
To set River City 1 disable policy river city 2, 3, 4

Question 81

When to look for SOPA watchwill

Answer 81

Tuesdays

Question 82

Explore ship’s browsing

Answer 82

WSAV
monitor/wsa_user_report

Question 83

How to set River City

Answer 83

MRDS01 wsav.FDQN
Web security manager
Policy groups
Disable River City
by diabling all groups (1-4)
To set River City 1 disable policy river city 2, 3, 4

Question 84

Starting ACS services

Answer 84

Page 28 in PDF ACS 3.4 System Admin (CANES folder) <admin> sysadmin
- Will have to get to indicated directory
-omit services</admin>

Question 85

Where to look for passwords

Answer 85

_CANES install

Question 86

Where to update cyber 12 o’clocks

Answer 86

vram.navy.mil per network
Cybersecurity Readiness
- Last date scan, total, current , valid, percent scanned, RA NRA VPH

Question 87

RA, NRA VPH

Answer 87

Remediation Available, No RA
Vulnerability per Host

Question 88

Command to reset Cisco switch once Putty’d

Answer 88

reload

Question 88

Break down RA/ NRA VPH (common remediation)

Answer 88

Detail View (windows updates/ sailor.com updates)

Question 89

Personal for

Answer 89

Print out take it to captain annotate it on special handling log

Question 90

Smell smoke

Answer 90

Cut power source
Report class and place to CSOOW
Test agent 45 second CO2 bottle
“The fire appears to be out”
Duty electrician determines when a Charlie fire is out
SIPR: COMMPLAN
Order of restoring: Enclosure 11 Overall restoral priority
Break down: Enclosure 12 Circuit Restoral Priority

Question 91

First action during flooding?

Answer 91

Try closing valve

Question 92

If abandoning space what to take with you?

Answer 92

Visitor’s log
Message log
Crypto inventory

Question 93

CO2 bottle specs

Answer 93

4-6 feet
45 seconds
test
ground

Question 94

Say fire is out:

Answer 94

“The fire appears to be out”

Question 95

Who can determine a class Charlie fire is out

Answer 95

Duty electrician

Question 96

Overall restoral priority found at

Answer 96

Enclosure 11, COMMS PLAN