CJCSM 6510.01B, CYBER INCIDENT HANDLING PROGRAM

Question 1

Federal agencies are required to have in place cyber incident handling mechanisms in accordance with which act?

Answer 1

FISMA

Question 2

How many services does the Department of Defense require Tier II Computer Network Defense Service Providers (CNDSPs) to provide?

Answer 2

3

Question 3

Which program was developed by the Department of Defense to provide specific guidance for CC/S/A/Fas regarding the requirements for cyber incident handling and reporting?

Answer 3

Cyber Incident Handling Program

Question 4

Joint Staff and CC/S/A/FAs will comply with DoD Cyber Incident Handling Program responsibilities in accordance with which reference?

Answer 4

CJCSI 6510.01

Question 5

Which agency must Joint Staff and CC/S/A/FAs ensure that Tier II CNDSPs are registered with to provide CND services for CC/S/A/FA information networks and ISs?

Answer 5

DISA

Question 6

Which command must Joint Staff and CC/S/A/FAs coordinate with on cyber incidents prior to taking action outside the Department of Defense?

Answer 6

USCYBERCOM

Question 7

Which command directs the operation and defense of DoD information networks IAW the UCP?

Answer 7

USSTRATCOM

Question 8

What must USSTRATCOM coordinate with on matters relating to the governance, secure operations, and defense of the IC networks?

Answer 8

IC-IRC

Question 9

What directs the actions taken, within the Department of Defense, to protect, monitor, analyze, detect, and respond to unauthorized activity within DoD information networks and ISs?

Answer 9

CND

Question 10

How many different tiers is the Department of Defense organized into to conduct CND?

Answer 10

3

Question 11

Which tier provides DoD-wide CND operational direction or support to CC/S/A/FAs?

Answer 11

Tier 1

Question 12

Which tier provides DoD component-wide CND operational direction or support?

Answer 12

Tier 2

Question 13

Which tier provides local CND operational direction or support?

Answer 13

Tier 3

Question 14

Which type of data gives the Department of Defense the ability to sense changes in DoD information networks?

Answer 14

AS&W

Question 15

Which type of data gives the Department of Defense the ability to sense changes in adversary activities?

Answer 15

I&W

Question 16

Which community investigates criminal activity and disseminates threat data that may pertain to domestic or foreign individuals and groups who constitute threats to the Department of Defense?

Answer 16

LE

Question 17

Which CND response service identifies several critical elements of an incident to determine and characterize its possible effects on DoD information networks, operational missions, and other defense programs?

Answer 17

Cyber Incident Analysis

Question 18

What ensures the acquisition and preservation of data required for tactical analysis, strategic analysis, and/or LE investigations?

Answer 18

Cyber Incident Response

Question 19

What is the DoD system of record for lessons learned?

Answer 19

JLLIS

Question 20

What is the primary vehicle for reporting and recording all cyber incidents and reportable events?

Answer 20

JIMS

Question 21

Security classifications of cyber incidents are determined in accordance with which publication?

Answer 21

DoDI O-3600.02

Question 22

How many different types of initial cyber incident reporting are there?

Answer 22

2

Question 23

What is the minimum security requirement when sending e-mails reporting a cyber incident?

Answer 23

Digital signature

Question 24

What includes the coordinated and initial actions taken to protect the information network or IS from any further malicious activity and to acquire the data required for further analysis?

Answer 24

Preliminary response

Question 25

What will Cyber incident containment be coordinated with?

Answer 25

CNDSP

Question 26

Which type of data is RAM considered?

Answer 26

Volatile

Question 27

Which type of data are system images and malware considered to be?

Answer 27

Persistent

Question 28

Which type of data is the configuration around the system considered to be?

Answer 28

Environmental

Question 29

What is defined as a series of analytical steps taken to find out what happened in an incident?

Answer 29

Cyber incident analysis

Question 30

What should any software artifacts suspected of being malware be submitted to?

Answer 30

Joint Malware Catalog (JMC)

Question 31

What is the primary path or method used by the adversary to cause the cyber incident or even to occur?

Answer 31

Delivery vector

Question 32

What expands upon the identified delivery vectors and system weaknesses by precisely identifying the sets of conditions allowing the incident to occur?

Answer 32

Root cause identification

Question 33

What refers to an incidents detrimental impact on the technical capabilities of the organization ?

Answer 33

Technical impact (TI)

Question 34

What refers to a detrimental impact on an organization’s ability to perform its mission?

Answer 34

Operational Impact (OI)

Question 35

What must actions that potentially affect traffic on the DoD Protected Traffic List be coordinated with?

Answer 35

USCYBERCOM

Question 36

What involves understanding and accurately characterizing the relationship of incidents reported and providing awareness of the cyber security trends as observed by the affected parties?

Answer 36

Trending analysis

Question 37

ISs having which categories of cyber incidents must be rebuilt from trusted media and have up-to-date AV software loaded and configured IAW STIGs and WARNORDs prior to connecting the IS to the information network?

Answer 37

1, 2, and 7

Question 38

What is used to document the technical and operational impact of the cyber incident on the organization?

Answer 38

BDA

Question 39

Within how many hours after the cyber incident has been resolved must the JIMS incident record be updated with the BDA?

Answer 39

24

Question 40

What are lessons learned, initial root cause, problems with executing COAs, and missing policies and procedures all part of?

Answer 40

Post-incident analysis

Question 41

Where are cyber incidents sent that require a postmortem?

Answer 41

USCYBERCOM

Question 42

What is defined as a set of scripts, programs, and other resources used to safely acquire, examine, and preserve volatile and non volatile data from an IS?

Answer 42

First responder toolkit