Chapter 18 - Security

Question 1

The purpose of __________________ is to reduce the vulnerability of Air Force missions by eliminating or reducing successful adversary collection and exploitation of critical information.

Answer 1

Operations Security

OPSEC

Question 2

Is a process of identifying, analyzing, and controlling critical information that applies to all activities used to prepare, sustain, or employ forces during all phases of operations

Answer 2

Operations Security

OPSEC

Question 3

Provides decision-makers with a means of weighing the risk to their operations

Answer 3

Operations Security Analysis

Question 4

Is enhanced when commanders and other decision-makers apply operations security from the earliest stages of planning

Answer 4

Operational Effectiveness

Question 5

Operations security principles must be integrated into________, _________, __________, _____________, ________________ to ensure a seamless transition to contingency operations

Answer 5

• Operational
• Support
• Exercise
• Acquisition planning
• Day-to-day activities

Question 6

The operations security process consists of the following five distinct steps

Answer 6

• Identify critical information
• Analyze threats
• Analyze vulnerabilities
• Assess risk
• Apply appropriate operations security countermeasures

Question 7

Are friendly, detectable actions and open-source information that can be interpreted or pieced together by an adversary to derive critical information

Answer 7

Operations Security Indicators

Question 8

Is a characteristic of an indicator that is identifiable or stands out

Answer 8

Signature

In relation to OPSEC

Question 9

Is the relationship of an indicator to other information or activities

Answer 9

Signature

In relation to OPSEC

Question 10

Is used to map the local operating environment and capture process points that present key signatures and profiles with critical information value

Answer 10

Profiling Process

In relation to OPSEC

Question 11

Is any difference observed between an activity’s standard profile and most recent or current actions

Answer 11

Contrasts

In relation to OPSEC

Question 12

Refers to when and for how long an indicator is observed

Answer 12

Exposure

In relation to OPSEC

Question 13

Is a subset of the Air Force security enterprise and consists of the core security disciplines (personnel, industrial, and information security) used to determine military, civilian, and contractor personnel eligibility to access classified information, ensure the protection of classified information released or disclosed to industry in connection with classified contracts, and protect classified information and controlled unclassified information that, if subject to unauthorized disclosure, could reasonably be expected to cause damage to national security

Answer 13

Information protection

Question 14

Provide the guidance for managing classified information and controlled unclassified information

Answer 14

• DoD Manual 5200.01, Department of Defense Information Security Program
• AFI 16-1404, Air Force Information Security Program

Question 15

Is designated accordingly to protect national security

Answer 15

Classified Information

Question 16

Three levels of information classification

Answer 16

• Confidential
• Secret
• Top Secret

Question 17

Shall be applied to information that the unauthorized disclosure of which reasonably could be expected to cause damage to the national security that the original classification authority is able to identify or describe

Answer 17

Confidential

Question 18

Shall be applied to information that the unauthorized disclosure of which reasonably could be expected to cause “serious” damage to the national security that the original classification authority is able to identify or describe

Answer 18

Secret

Question 19

Shall be applied to information that the unauthorized disclosure of which reasonably could be expected to cause “exceptionally grave” damage to the national security that the original classification authority is able to identify or describe

Answer 19

Top Secret

Question 20

Is the most commonly used controlled unclassified information category. Is used as a dissemination control applied by the Department of Defense to unclassified information when disclosure to the public of that particular record, or portion thereof, would reasonably be expected to cause a foreseeable harm to an interest as identified in the Freedom of Information Act

Answer 20

For Official Use Only Information (FOUO)

Question 21

Is information that requires access and distribution controls and protective measures, and may be referred to accordingly as: for official use only, law enforcement sensitive, Department of Defense unclassified controlled nuclear information, and limited distribution

Answer 21

Controlled Unclassified Information

Question 22

Is the initial decision by an original classification authority that an item of information could reasonably be expected to cause identifiable or describable damage to the national security subjected to unauthorized disclosure and requires protection in the interest of national security

Answer 22

Original Classification

Question 23

Is the incorporating, paraphrasing, restating, or generating classified information in a new form or document

Answer 23

Derivative Classification

Question 24

All classified information shall be clearly identified by marking, designation, or electronic labelling in accordance with

Answer 24

DoD Manual 5200.01, Vol 2, Department of Defense Information Security Program: Marking of Classified Information

Question 25

Every classified document must be marked to show the

Answer 25

Highest classification of information contained within the document (In relation to Classification markings)

Question 26

Are personally responsible for taking proper precautions to ensure unauthorized persons do not gain access to classified information

Answer 26

Everyone who works with classified information

Question 27

Access to classified information

Answer 27

(1) security clearance eligibility (2) a signed SF 312, Classified Information Non-Disclosure Agreement (3) a need-to-know

Question 28

Forms used to cover classified information outside of storage

Answer 28

- SF 705, Confidential - SF 704, Secret - SF 703, Top Secret

Question 29

To record the end of the day security checks

Answer 29

SF 701, Activity Security Checklist

Question 30

Anyone finding classified material out of proper control must take custody of and safeguard the material and immediately notify their

Answer 30

commander, supervisor, or security manager | In relation to classified material out of proper control

Question 31

Is a security incident involving failure to comply with requirements which cannot reasonably be expected to, and does not, result in the loss, suspected compromise, or compromise of classified information

Answer 31

Infraction | In relation to classified material

Question 32

Are security incidents that indicate knowing, willful negligence for security regulations, and result in, or could be expected to result in, the loss or compromise of classified information

Answer 32

Violation | In relation to classified material

Question 33

Is a security incident (violation) in which there is an unauthorized disclosure of classified information

Answer 33

Compromise | In relation to classified material

Question 34

Occurs when classified information cannot be physically located or accounted for

Answer 34

Loss | In relation to classified material

Question 35

Occur when classified data is introduced either onto an unclassified information system, to an information system with a lower level of classification, or to a system not accredited to process data of that restrictive category

Answer 35

``` Data Spills (In relation to classified material) ```

Question 36

Is to identify, in classified contracts, specific information and sensitive resources that must be protected against compromise or loss while entrusted to industry

Answer 36

Industrial Security | Air Force Policy

Question 37

Entails policies and procedures that ensure military, civilian, and contractor personnel who access classified information or occupy a sensitive position are consistent with interests of national security

Answer 37

The Personnel Security Program

Question 38

Is the designated authority to grant, deny, and revoke security clearance eligibility using the Department of Defense 13 adjudicative guidelines, while applying the whole person concept and mitigating factors

Answer 38

The Department of Defense Central Adjudication Facility

Question 39

Establishes a code of fair information practices that govern the collection, maintenance, use, and dissemination of personal information about individuals that is maintained in a system of records by federal agencies

Answer 39

The Privacy Act of 1974

Question 40

Prohibits the disclosure of information from a system of records without the written consent of the subject individual

Answer 40

The Privacy Act | In relation to Disclosure of Information

Question 41

Limits the collection of information to what the law or executive orders authorize

Answer 41

The Privacy Act | In relation to information collection

Question 42

Is a group of any records under the control of any agency from which information is retrieved by the individual’s name, number, or unique identifier

Answer 42

Privacy Act | System of Records

Question 43

Must be safeguarded to ensure “an official need to know” access of the records and to avoid actions that could result in harm, embarrassment, or unfairness to the individual

Answer 43

Personally Identifiable Information

Question 44

Provides access to federal agency records (or parts of these records) except those protected from release by specific exemptions

Answer 44

The Freedom of Information Act

Question 45

The Freedom of Information Act imposes mandatory time limits of

Answer 45

20 workdays to either deny the request or release the requested records. The law permits an additional 10-workday extension in the event that specific unusual circumstances exist

Question 46

Is defined as the prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications systems, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation

Answer 46

Cybersecurity

Question 47

This strategy must ensure that the confidentiality, integrity, and availability of all information owned or held in trust by the Air Force is protected

Answer 47

Cybersecurity Program Risk Management Strategy

Question 48

The Air Force Cybersecurity Program encompasses the five functions

Answer 48

- Identify - Protect - Detect - Respond - Recover (In relation to CYBERSEC)

Question 49

Consists of measures and controls that ensure confidentiality, integrity, and availability of information systems assets including: hardware, software, firmware, and information being processed, stored, and communicated

Answer 49

Computer security

Question 50

Government-provided hardware and software are for

Answer 50

- Official use | - Limited authorized personal use onl

Question 51

Is a discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.

Answer 51

Information Systems

Question 52

Is any action, device, procedure, or technique that meets or opposes (counters) a threat, vulnerability, or attack by eliminating, preventing, or minimizing damage, or by discovering and reporting the event so corrective action can be taken

Answer 52

Countermeasures

Question 53

Include, but are not limited to, any circumstance or event with the potential to adversely impact any operation or function through an information system via unauthorized access, destruction, disclosure, modification of information, or denial of service

Answer 53

Threats

Question 54

Three steps involved in protecting information systems from viruses

Answer 54

- Infection - Detection - Reaction

Question 55

Are information systems, such as portable electronic devices, laptops, smartphones, and other handheld devices that can store data locally and access Air Force managed networks through mobile access capabilities

Answer 55

Mobile computing devices

Question 56

Refers to measures and controls taken to deny unauthorized persons information derived from information systems of the U.S. Government related to national security and to ensure the authenticity of such information systems

Answer 56

Communications Security

Question 57

Is a component of communications security resulting from the provision and proper use of technically sound cryptosystems

Answer 57

Cryptosecurity

Question 58

Is a component of communications security resulting from the application of measures designed to protect transmissions from interception and exploitation by means other than cryptoanalysis

Answer 58

Transmission Security

Question 59

Is communications security resulting from the use of all physical measures necessary to safeguard communications security material from access by unauthorized persons

Answer 59

Physical Security

Question 60

Formerly known as emissions security, is protection resulting from all measures taken to deny unauthorized persons information of value that may be derived from the interception and analysis of compromising emanations from cryptographic equipment, information systems, and telecommunications systems

Answer 60

TEMPEST

Question 61

Are responsible for ensuring the timely collection processing, analysis, production, and dissemination of foreign intelligence, current intelligence, and national-level intelligence information concerning terrorist activities, terrorist organizations, and force protection issues

Answer 61

- Deputy Chief of Staff for Intelligence, Surveillance and Reconnaissance (Air Force/A2) - Director for Intelligence, Surveillance, and Reconnaissance Strategy, Doctrine and Force Development (Air Force/A2D)

Question 62

Is the lead Air Force agency for collection, investigation, analysis, and response for threats arising from terrorists, criminal activity, foreign intelligence, and security services

Answer 62

Air Force Office of Special Investigations (AFOSI)

Question 63

A terrorism threat assessment requires

Answer 63

The identification of a full range of known or estimated terrorist threat capabilities (including the use or threat of use of chemical, biological, radiological, nuclear, or high-yield explosives and weapons of mass destruction)

Question 64

At least annually, commanders conduct

Answer 64

Comprehensive field and staff training to exercise antiterrorism plans, to include antiterrorism physical security measures, continuity of operations, critical asset risk management, and emergency management plans

Question 65

Shall develop and implement a random antiterrorism measures program that will include all units on the installation

Answer 65

Installation commanders

Question 66

Introduce uncertainty to an installation’s overall force protection program to defeat surveillance attempts and to make random antiterrorism measures difficult for a terrorist to accurately predict our actions

Answer 66

Random antiterrorism measures

Question 67

Suspicious Packages or Mail

Answer 67

Unusual or unknown place of origin; no return address; excessive amount of postage; abnormal size or shape; protruding strings; aluminum foil; wires; misspelled words; differing return address and postmark; handwritten labels; unusual odor; unusual or unbalanced weight; springiness in the top or bottom; inflexibility; crease marks; discoloration or oily stains; incorrect titles or title with no name; excessive security material; ticking, beeping, or other sounds; or special instruction markings, such as “personal, rush, do not delay, or confidential” on any packages or mail received

Question 68

Is a category of intelligence derived from information collected and provided by human sources and collectors, and where the human being is the primary collection instrument

Answer 68

Human intelligence

Question 69

Is the systematic effort to procure information to answer specific collection requirements by direct and indirect questioning techniques of a person who is in the custody of the forces conducting the questioning

Answer 69

Interrogation

Question 70

Is the process of questioning cooperating human sources to satisfy intelligence requirements, consistent with applicable law

Answer 70

Debriefing

Question 71

Human Intelligence Threat Areas

Answer 71

- Espionage - Subversion - Sabotage - Terrorism

Question 72

Is defined as any exchange of information directed to an individual, including solicited or unsolicited telephone calls, e-mail, radio contact, and face-to-face meetings

Answer 72

Contact | In relation to intelligence

Question 73

Armed Forces have a special obligation to report information regarding the safety and protection of the U.S. President or anyone else anyone under the protection of the U.S. Secret Service

Answer 73

AFI 71-101, Volume 2, Protective Service Matters