Chapter 5

Question 1

A method of sanitization that applies logical techniques to sanitize data in all user-addressable storage locations for protection against simple non-invasive data recovery techniques; typically applied through the standard Read and Write commands to the storage device, such as by rewriting with a new value or using a menu option to reset the device to the factory state (where rewriting is not supported).

Answer 1

Clear

Question 2

A predetermined set of instructions or procedures that describe how an organization’s mission-essential functions will be sustained within 12 hours and for up to 30 days as a result of a disaster event before returning to normal operations.

Answer 2

Continuity of Operations Plan (COOP)

Question 3

To reduce the magnetic flux to virtual zero by applying a reverse magnetizing field.

Answer 3

Degauss

Question 4

A method of sanitization that renders target data recovery infeasible using state-of-the-art laboratory techniques and results in the subsequent inability to use the media for storage of data.

Answer 4

Destroy

Question 5

Management policy and procedures used to guide an enterprise response to a major loss of enterprise capability or damage to its facilities.

Answer 5

Disaster Recovery Plan (DRP)

Question 6

Management policy and procedures used to guide an enterprise response to a major loss of enterprise capability or damage to its facilities.

Answer 6

Disaster Recovery Plan (DRP)

Question 7

A written plan for recovering one or more information systems at an alternate facility in response to a major hardware or software failure or destruction of facilities

Question 8

A written plan for recovering one or more information systems at an alternate facility in response to a major hardware or software failure or destruction of facilities.

Answer 8

Disaster Recovery Plan (DRP)

Question 9

The documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of a malicious cyber-attack against an organization’s information systems.

Answer 9

Incident Response Plan

Question 10

Magnetic representation of residual information remaining on a magnetic medium after the medium has been cleared.

Answer 10

Magnetic Remanence

Question 11

The actions taken to render data written on media unrecoverable by both ordinary and extraordinary means.

Answer 11

Media Sanitization

Question 12

A software component that, when installed, directly modifies files or device settings related to a different software component without changing the version number or release details for the related software component.

Answer 12

Patch

Question 13

The systematic notification, identification, deployment, installation, and verification of operating system and application software code revisions.

Answer 13

Patch Management

Question 14

The systematic notification, identification, deployment, installation, and verification of operating system and application software code revisions.

Answer 14

Purge

Question 15

A process to render access to target data on the media infeasible for a given level of effort.

Answer 15

Sanitize

Question 16

A method of erasing electronically stored data, cryptographic keys, and credential service providers (CSPs) by altering or deleting the contents of the data storage to prevent recovery of the data.

Answer 16

Zeroization

Question 17

To remove or eliminate the key from a cryptographic equipment or fill device.

Answer 17

Zeroize

Question 18

Include the incorporation of new or modified services, the removal or termination of services, and all coordination to ensure continuity in the security posture of the system while addressing service availability issues.

Answer 18

Service Availability

Question 19

Include the number, qualifications, and scheduling of operators, contingency operations, and all associated training, competency, regulatory, and compliance needs.

Answer 19

Staffing Strategy for Operators

Question 20

Preserve the security posture of the system and address the timing and methods to securely incorporate services, revisions, patches, and enhancements in accordance with strategic plans and in response to on-demand needs.

Answer 20

Release and Reacceptance Criteria

Question 21

Address the security posture of the system, inclusive of its security functions, across the defined modes of operation.

Answer 21

Operational and Contingency, Degraded, Alternative, and Other Modes of Operation

Question 22

Include the shutdown and or halted, standby, normal, degraded, reduced capacity, training, simulation, test, and other operations or sustainment modes specific to the system and its intended uses.

Answer 22

Mode of Operation

Question 23

Defined by a security configuration and behavior that includes all defined transitions within and between modes.

Answer 23

Mode of Operation

Question 24

System operators need to be made aware of the security aspects of performance and be trained to detect and determine when security performance levels are not being met or when other system performance issues impact security performance.

Answer 24

Measures for Operation that Provide Insight into Performance Levels

Question 25

Addressing what the system is not to do in terms of how the system is not to behave, the interactions that are not to occur, and the outcomes that the system should not produce.

Answer 25

Safety Considerations

Question 26

Include data and information collection for security situational awareness assessment.

Answer 26

Monitoring for Changes in Hazards and Threats and the Results of Operational Monitoring Activities

Question 27

Provides insight into variances in the knowledge of disruption, hazard, and threat events in the environment and how they combine with operations to provide vulnerability with potential security-relevant consequences.

Answer 27

Data Collection

Question 28

Include determination of the limits of certainty about the data and information collected; the inherent uncertainty of conclusions and decisions made as a result of the monitoring activities; and the effectiveness, limitations, and constraints of monitoring activities.

Answer 28

Monitoring for Changes in Hazards and Threats and the Results of Operational Monitoring Activities

Question 29

Key elements include: (i) identifying the minimum monitoring frequency of controls, (ii) establishing the control assessment approach, (iii) describing how the monitoring will be conducted, and (iv) may also include privacy reporting.

Answer 29

Continuous Monitoring Strategy

Question 30

Phases include: (i) preparation; (ii) detection and analysis; (iii) containment, eradication, and recovery; and (iv) post-incident activity.

Answer 30

Incident Response Lifecycle

Question 31

The first phase of the IR lifecycle; during this phase, an incident response capability is established, and incident prevention capabilities are put into place.

Answer 31

Preparation

Question 32

The second phase of the IR lifecycle; includes: (i) identification of attacked vectors, (ii) recognizing signs of an incident, (iii) understanding sources of incident precursors and indicators, and (iv) incident documentation,

Answer 32

Detection and Analysis

Question 33

The third phase of the IR lifecycle; includes: (i) choosing a containment strategy, (ii) evidence gathering and handling, (iii) identifying the attacking host, and (iv) eradication and recovery from the incident.

Answer 33

Containment, Eradication, and Recovery

Question 34

The fourth (last) phase of the IR lifecycle; includes: (i) identifying lessons learned, (ii) using collected incident data, and (iii) retaining evidence.

Answer 34

Post-incident Activity

Question 35

Include: (i) shutting down the system, (ii) disconnecting it from the network, or (iii) disabling certain functions.

Answer 35

Containment Options

Question 36

Purpose is to sustain the capability of a system to provide a service.

Answer 36

Maintenance Process

Question 37

Helps to reduce operational security incidents and protect the availability of the system to perform its purpose and provide a service.

Answer 37

Maintenance Strategy

Question 38

The security aspects of the maintenance strategy are developed.

Answer 38

Maintenance Process Outcome

Question 39

The security aspects of maintenance and logistics that constrain system requirements, architecture, or design are identified.

Answer 39

Maintenance Process Outcome

Question 40

Any enabling systems or services needed to support the security aspects of system maintenance and logistics are available.

Answer 40

Maintenance Process Outcome

Question 41

Replaced, repaired, or modified system elements are available in consideration of their security aspects.

Answer 41

Maintenance Process Outcome

Question 42

The need for changes to address security-relevant corrective, perfective, or adaptive maintenance is reported.

Answer 42

Maintenance Process Outcome

Question 43

Security-relevant aspects, failure, and lifetime data, including associated costs, are determined.

Answer 43

Maintenance Process Outcome

Question 44

Traceability of the security aspects of the maintained elements is established.

Answer 44

Maintenance Process Outcome

Question 45

Prepare for security aspects of maintenance.

Answer 45

Develop Secure Maintenance Strategy Action

Question 46

Perform security aspects of maintenance.

Answer 46

Develop Secure Maintenance Strategy Action

Question 47

Perform security aspects of logistics.

Answer 47

Develop Secure Maintenance Strategy Action

Question 48

Manage results of security aspects of maintenance and logistics.

Answer 48

Develop Secure Maintenance Strategy Action

Question 49

Define the security aspects of the maintenance strategy.

Answer 49

Prepare for the Security Aspects of Maintenance Task

Question 50

Identify the system constraints.

Answer 50

Prepare for the Security Aspects of Maintenance Task

Question 51

Identify trades.

Answer 51

Prepare for the Security Aspects of Maintenance Task

Question 52

Identify, plan for, and obtain enabling systems or services.

Answer 52

Prepare for the Security Aspects of Maintenance Task

Question 53

Review incident and problem reports to identify security relevance and associated maintenance needs.

Answer 53

Perform the Security Aspects of Maintenance Task

Question 54

Record the security aspects of maintenance incidents and problems and track their resolution.

Answer 54

Perform the Security Aspects of Maintenance Task

Question 55

Implement the procedures for the correction of random faults or scheduled replacement of system elements to ensure the ability to deliver system security functions and services.

Answer 55

Perform the Security Aspects of Maintenance Task

Question 56

Implement action to restore the system to secure operational status when a random fault causes a system failure.

Answer 56

Perform the Security Aspects of Maintenance Task

Question 57

Perform preventive maintenance by replacing or servicing system elements prior to failure with security-related impact.

Answer 57

Perform the Security Aspects of Maintenance Task

Question 58

Perform failure identification actions when security noncompliance has occurred in the system.

Answer 58

Perform the Security Aspects of Maintenance Task

Question 59

Identify when security-relevant adaptive or perfective maintenance is required.

Answer 59

Perform the Security Aspects of Maintenance Task

Question 60

Perform the security aspects of acquisition logistics.

Answer 60

Perform the Security Aspects of Logistics Task

Question 61

Perform the security aspects of operational logistics.

Answer 61

Perform the Security Aspects of Logistics Task

Question 62

Implement any secure packaging, handling, storage, and transportation needed during the life cycle of the system.

Answer 62

Perform the Security Aspects of Logistics Task

Question 63

Confirm that security aspects incorporated into logistics actions satisfy the required protection levels so that system elements are securely stored and able to meet repair rates and planned schedules.

Answer 63

Perform the Security Aspects of Logistics Task

Question 64

Confirm that the security aspects of logistics actions include security supportability requirements that are planned, resourced, and implemented.

Answer 64

Perform the Security Aspects of Logistics Task

Question 65

Record the security aspects of maintenance and logistics results and any security anomalies encountered.

Answer 65

Manage Results of the Security Aspects of Maintenance and Logistics Task

Question 66

Record operational security incidents and security problems and track their resolution.

Answer 66

Manage Results of the Security Aspects of Maintenance and Logistics Task

Question 67

Identify and record the security-related trends of incidents, problems, and maintenance and logistics actions.

Answer 67

Manage Results of the Security Aspects of Maintenance and Logistics Task

Question 68

Maintain traceability of system elements and the security aspects of maintenance actions and logistics actions performed.

Answer 68

Manage Results of the Security Aspects of Maintenance and Logistics Task

Question 69

Provide security-relevant configuration items from system maintenance to baselines.

Answer 69

Manage Results of the Security Aspects of Maintenance and Logistics Task

Question 70

A collection of activities focused on establishing and maintaining the integrity of products and systems, through control of the processes for initializing, changing, and monitoring the configurations of those products and systems.

Answer 70

Configuration Management (CM)

Question 71

An identifiable part of a system (e.g., hardware, software, firmware, documentation, or a combination thereof) that is a discrete target of configuration control processes.

Answer 71

Configuration (CI)

Question 72

A set of specifications for a system, or configuration item within a system, that has been formally reviewed and agreed on at a given point in time, and which can be changed only through change control procedures. The baseline configuration is used as a basis for future builds, releases, and/or changes.

Answer 72

Baseline Configuration

Question 73

A comprehensive description of the roles, responsibilities, policies, and procedures that apply when managing the configuration of products
and systems.

Answer 73

Configuration Management Plan (CM Plan)

Question 74

Establishment of and charter for a group of qualified people with responsibility for the process of controlling and approving changes throughout the development and operational lifecycle of products and systems; may also be referred to as a change control board.

Answer 74

Configuration Control Board

Question 75

Methodology for selecting and naming configuration items that need to be placed under CM.

Answer 75

Configuration Item Identification

Question 76

Process for managing updates to the baseline configurations for the configuration item.

Answer 76

Configuration Change Control

Question 77

Process for assessing or testing the level of compliance with the established baseline configuration and mechanisms for reporting on the configuration status of items placed under CM.

Answer 77

Configuration Monitoring

Question 78

Basic parts include: (i) configuration control board, (ii) configuration item identification, (iii) configuration change control, and (iv) configuration monitoring.

Answer 78

Configuration Management Plan

Question 79

Involves the systematic proposal, justification, implementation, testing, review, and disposition of changes to the systems, including system upgrades and modifications.

Answer 79

Configuration Change Control

Question 80

Includes four phases: (i) planning, (ii) identifying and implementing configurations, (iii) controlling configuration changes, and (iv) monitoring.

Answer 80

Security-focused Configuration Management

Question 81

The policy and procedures documenting what is required for SecCM are completed.

Answer 81

SecCM Planning Phase

Question 82

The secure baseline for the system is developed, reviewed approved and implemented.

Answer 82

SecCM Identifying and Implementing Configuration

Question 83

The information system security engineer focuses on managing change to that the system remains in a secure operational state.

Answer 83

SecCM Controlling Configuration Changes

Question 84

The system is validated to ensure that it meets and is in compliance with organizational policy procedures.

Answer 84

SecCM Monitoring

Question 85

Performed after a change to ensure the system is still operating as intended and in a secure manner.

Answer 85

Verification & Validation

Question 86

Performed to verify the functionality and impact of a change.

Answer 86

Regression Testing

Question 87

A collection of activities focused on establishing and maintaining the integrity of products and systems, through control of the processes for initializing, changing, and monitoring the configurations of those products and systems.

Answer 87

Configuration Management (CM)

Question 88

Include: (i) purge, (ii) clear, and (iii) destroy.

Answer 88

Key Sanitization Methods

Question 89

Uses software or hardware products to overwrite storage space; goal is to replace target data with non-sensitive data; not useable with flash media.

Answer 89

Clear

Question 90

Includes overwrite, block erase, and cryptographic erase though the use of dedicated standardized device sanitize commands that apply media specific techniques to bypass the abstraction inherent in typical read and write commands; can’t be used on non-volatile non-magnetic storage.

Answer 90

Purge

Question 91

Includes the use of different types, techniques, and procedures to render data retrieval infeasible.

Answer 91

Destroy

Question 92

Addresses (i) permanent termination of system functions and delivery of services; (ii) permanent termination of personnel; (iii) transform the system and environment to an acceptable state; (iv) concerns for material, data, and information; and (v) transition the system and system elements for future use.

Answer 92

Formal Disposal Strategy

Question 93

Should be created to document the disposal results.

Answer 93

Certificate of Media Disposition