CJCSM 6510.01B, CYBER INCIDENT HANDLING PROGRAM Flashcards

1
Q

Federal agencies are required to have in place cyber incident handling mechanisms in accordance with which act?

A

FISMA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How many services does the Department of Defense require Tier II Computer Network Defense Service Providers (CNDSPs) to provide?

A

3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which program was developed by the Department of Defense to provide specific guidance for CC/S/A/Fas regarding the requirements for cyber incident handling and reporting?

A

Cyber Incident Handling Program

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Joint Staff and CC/S/A/FAs will comply with DoD Cyber Incident Handling Program responsibilities in accordance with which reference?

A

CJCSI 6510.01

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which agency must Joint Staff and CC/S/A/FAs ensure that Tier II CNDSPs are registered with to provide CND services for CC/S/A/FA information networks and ISs?

A

DISA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which command must Joint Staff and CC/S/A/FAs coordinate with on cyber incidents prior to taking action outside the Department of Defense?

A

USCYBERCOM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which command directs the operation and defense of DoD information networks IAW the UCP?

A

USSTRATCOM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What must USSTRATCOM coordinate with on matters relating to the governance, secure operations, and defense of the IC networks?

A

IC-IRC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What directs the actions taken, within the Department of Defense, to protect, monitor, analyze, detect, and respond to unauthorized activity within DoD information networks and ISs?

A

CND

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How many different tiers is the Department of Defense organized into to conduct CND?

A

3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which tier provides DoD-wide CND operational direction or support to CC/S/A/FAs?

A

Tier 1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which tier provides DoD component-wide CND operational direction or support?

A

Tier 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which tier provides local CND operational direction or support?

A

Tier 3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which type of data gives the Department of Defense the ability to sense changes in DoD information networks?

A

AS&W

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which type of data gives the Department of Defense the ability to sense changes in adversary activities?

A

I&W

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which community investigates criminal activity and disseminates threat data that may pertain to domestic or foreign individuals and groups who constitute threats to the Department of Defense?

A

LE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which CND response service identifies several critical elements of an incident to determine and characterize its possible effects on DoD information networks, operational missions, and other defense programs?

A

Cyber Incident Analysis

18
Q

What ensures the acquisition and preservation of data required for tactical analysis, strategic analysis, and/or LE investigations?

A

Cyber Incident Response

19
Q

What is the DoD system of record for lessons learned?

A

JLLIS

20
Q

What is the primary vehicle for reporting and recording all cyber incidents and reportable events?

A

JIMS

21
Q

Security classifications of cyber incidents are determined in accordance with which publication?

A

DoDI O-3600.02

22
Q

How many different types of initial cyber incident reporting are there?

A

2

23
Q

What is the minimum security requirement when sending e-mails reporting a cyber incident?

A

Digital signature

24
Q

What includes the coordinated and initial actions taken to protect the information network or IS from any further malicious activity and to acquire the data required for further analysis?

A

Preliminary response

25
Q

What will Cyber incident containment be coordinated with?

A

CNDSP

26
Q

Which type of data is RAM considered?

A

Volatile

27
Q

Which type of data are system images and malware considered to be?

A

Persistent

28
Q

Which type of data is the configuration around the system considered to be?

A

Environmental

29
Q

What is defined as a series of analytical steps taken to find out what happened in an incident?

A

Cyber incident analysis

30
Q

What should any software artifacts suspected of being malware be submitted to?

A

Joint Malware Catalog (JMC)

31
Q

What is the primary path or method used by the adversary to cause the cyber incident or even to occur?

A

Delivery vector

32
Q

What expands upon the identified delivery vectors and system weaknesses by precisely identifying the sets of conditions allowing the incident to occur?

A

Root cause identification

33
Q

What refers to an incidents detrimental impact on the technical capabilities of the organization ?

A

Technical impact (TI)

34
Q

What refers to a detrimental impact on an organization’s ability to perform its mission?

A

Operational Impact (OI)

35
Q

What must actions that potentially affect traffic on the DoD Protected Traffic List be coordinated with?

A

USCYBERCOM

36
Q

What involves understanding and accurately characterizing the relationship of incidents reported and providing awareness of the cyber security trends as observed by the affected parties?

A

Trending analysis

37
Q

ISs having which categories of cyber incidents must be rebuilt from trusted media and have up-to-date AV software loaded and configured IAW STIGs and WARNORDs prior to connecting the IS to the information network?

A

1, 2, and 7

38
Q

What is used to document the technical and operational impact of the cyber incident on the organization?

A

BDA

39
Q

Within how many hours after the cyber incident has been resolved must the JIMS incident record be updated with the BDA?

A

24

40
Q

What are lessons learned, initial root cause, problems with executing COAs, and missing policies and procedures all part of?

A

Post-incident analysis

41
Q

Where are cyber incidents sent that require a postmortem?

A

USCYBERCOM

42
Q

What is defined as a set of scripts, programs, and other resources used to safely acquire, examine, and preserve volatile and non volatile data from an IS?

A

First responder toolkit