General NBT

Question 1

What is the purpose of Navy Blue Team?

Answer 1

Assess and evaluate the security posture of Navy networks.

Question 2

What is Directive 527-1?

Answer 2

Guidance on INFOCON levels

Question 3

What is Appendix 12 to Appendix C OPORD 05-01?

Answer 3

DOD INFOCON execution procedures

Question 4

What is DOD 8530-1?

Answer 4

Establishes CND certification and accreditation

Question 5

What is SURFORREDMAN (COMNAVSURF PAC INST 3502.3)?

Answer 5

Dictates NBT assesments and CND guide for afloat units

Question 6

What can be found on HTTS://SAILOR.NMCI.NAVY.MIL?

Answer 6

IAVA downloads, CND-OSE downloads, software patches, and baseline configs for ISNS/ADNS

Question 7

What can be found on WWW.NCDOC.NAVY.SMIL.MIL?

Answer 7

Incident reports, FAMS, CTO’s, and DNS black hole list

Question 8

What can be found on INFOSEC.NAVY.MIL?

Answer 8

SIPRNET antivirus updates and VRAM link

Question 9

What can be found on WWW.CYBERCOM.SMIL.MIL?

Answer 9

INFOCON guidance and directives, CTO’s and CYBERCOM info

Question 10

What is an IAVA?

Answer 10

Information Assurance Vulnerability Alert

Question 11

What is an IAVB?

Answer 11

Information Assurance Vulnerability Bulletin

Question 12

What is an IAVT?

Answer 12

Information Assurance Vulnerability Technical Advisory

Question 13

What is a CTO?

Answer 13

Computer Tasking Order- Implements changes and dictates what can and cannot be done on networks

Question 14

What is the function of VRAM?

Answer 14

Assess and upload scans from scans from VRAM

Question 15

What is INFOCON?

Answer 15

The level of protection for information systems based on perceived or actual threats. Levels 1 (greatest) thru 5 (least).

Question 16

NNWC

Answer 16

Naval Network Warfare Command. NETWARCOM Operations.

Question 17

USCYBERCOM

Answer 17

Overall boss for anything cyber related. Phase 3 assessments.

Question 18

USSTRATCOM

Answer 18

strategic operations. may impact cyber readiness.

Question 19

NSA

Answer 19

all SIGINT operations. NSA/CSS threat operations center.

Question 20

NCDOC

Answer 20

ISP and CND provider for the Navy

Question 21

ACERT

Answer 21

Army Cyber Emergency Readiness Team

Question 22

AFCERT

Answer 22

Air Force Cyber Emergency Readiness Team

Question 23

NCIS

Answer 23

Investigates cybercrimes for the Navy

Question 24

MCNOSC

Answer 24

Marine Corp NCDOC

Question 25

USCYBERFOR

Answer 25

Tenant Command of 10th Fleet. Phase 2 Assessments.

Question 26

10th Fleet

Answer 26

Navy Element of CYBERCOM. Does inspections.

Question 27

Who is authorized to make changes to NON_POR equipment?

Answer 27

Ship’s IT’s

Question 28

Who is authorized to modify POR equipment?

Answer 28

Only the programmer

Question 29

What is the difference between Stage II and Stage III?

Answer 29

Stage II is completed by CYBERFOR. There is an assist and train report after assessment. Stage III is completed by CYBERCOM and is the final score.

Question 30

Why do assessment laptops require their own OU in ADUC? What happens if this is not done correctly?

Answer 30

Blocks inheritance and prevents Compose from pushing data to the laptop

Question 31

What is DNS traffic logging and why is it important during data analysis?

Answer 31

Shows possible beaconing to where and how often

Question 32

What is port security? How does this affect Blue Team assessments?

Answer 32

Where a switch port is assigned to a specific MAC address or computer. If port security is on, the Blue Team laptop will not be able to connect to the ships domain.

Question 33

Explain the relationship between the UNIX virtual machine and the windows host:

Answer 33

VM runs from Windows OS and allows for NMAP and Darkether scans. All collected data is held on windows C:/ drive

Question 34

How do you enable the shared folder on the VM?

Answer 34

In VM – VM settings – options – advanced options – select always enable – select the folder – APPLY

Question 35

What script is used to collect infrastructure device configurations?

Answer 35

Darkether_local

Question 36

What script is used to organize all XML output files into Multi Verse upload folder?

Answer 36

Darkether_run

Question 37

What is the purpose of NIPPER?

Answer 37

A tool to check configurations in Cisco IOS for vulnerabilities.

Question 38

What command line is used to shutdown/restart a machine?

Answer 38

INIT 0 and INIT 6

Question 39

What is Compose and how does it integrate with Windows and Active Directory?

Answer 39

SPAWAR specific software installed on top of windows

Question 40

What does SQL stand for?

Answer 40

Structured Query Language

Question 41

What is MySQL?

Answer 41

free program that interfaces with SQL databases

Question 42

What is MSSQL?

Answer 42

program used by HBSS. Made by Microsoft.

Question 43

What are the default security groups?

Answer 43

administrators, domain administrators, enterprise administrators, remote desktop users, and schema admins

Question 44

What is the purpose of the “host diagnostics” scan and what is it composed of?

Answer 44

Used to see which hosts in active directory are live. Remote registry, ping, DNS resolve, WMI, and admin shares.

Question 45

What is the difference between a Scan and a Payload?

Answer 45

Scan- network intensive, done with constant contact with host.
Payload- sent to a host, collects all requested data, then sends the information back to the requester.

Question 46

What are the important files created by the “NMAP_SCAN2.PL” scan?

Answer 46

XML port scans, device info, OS info

Question 47

What is XREF?

Answer 47

Cross reference file

Question 48

What is MULTIVERSE.JAR?

Answer 48

Java executable to launch multiverse

Question 49

What is an XCCDF file?

Answer 49

STIG data and checks baseline security for compliance

Question 50

Explain Windows user account scan?

Answer 50

Check for local user accounts on a windows host

Question 51

Explain virus definitions scan?

Answer 51

Checks to see if the most recent virus definitions are installed

Question 52

Explain windows software scan?

Answer 52

Checks which version of windows is installed

Question 53

Explain RECENTITEMS scan?

Answer 53

Checks recent items directory on a windows host

Question 54

What is Event Logs Plus?

Answer 54

Checks for event logs

Question 55

Explain Windows running process scan?

Answer 55

Checks all running processes on a windows host

Question 56

What is autorun enforcer?

Answer 56

Checks to see if auto runs are disabled

Question 57

Explain Autoruns payload:

Answer 57

Checks if host automatically runs devices or programs

Question 58

Explain XCCDF payload:

Answer 58

STIG checks and XREF scan

Question 59

Explain computer identification payload:

Answer 59

Collects host name and OS version

Question 60

Explain REGRAIDER payload:

Answer 60

Parses registry and collects specific registry keys

Question 61

Explain file audit plus payload:

Answer 61

Collects files with specific extensions

Question 62

Explain SNARF payload:

Answer 62

Collects MD5 hash values of files and checks for known goods

Question 63

Explain wireless connections payloads:

Answer 63

checks a host for enabled wireless devices

Question 64

Explain Handle payload:

Answer 64

collects handler information

Question 65

Explain REGDUMP payload:

Answer 65

Collects a hosts registry

Question 66

Explain LOGON status payload:

Answer 66

Checks current logons

Question 67

Explain open ports plus:

Answer 67

Checks open ports on a host and processes

Question 68

What payloads have to be executed in order to execute the cross-reference script?

Answer 68

CPE Name and XCCDF

Question 69

What is the Navy Blue Team Report composed of?

Answer 69

Ships Info, Team Member, Team Member contact info, score, violations, findings, mitigations, supporting documents, and comments

Question 70

What is Pythagoras?

Answer 70

The scoring criteria for blue team assessments

Question 71

What is the difference between a finding and a poor security practice?

Answer 71

FINDING- violated a CTO or instruction

POOR SECURITY PRACTICE- doesn’t violate any CTO or instruction but could be harmful to the network

Question 72

What is SNARF?

Answer 72

Scan Network And Report Findings. Only scans system root and C: FOR HASHES. Looks for malicious software. References “knowns”. Exe’s and DLL’s only.