IA/ Cyber Security Flashcards

1
Q

Define IA

A

information operations that protect and defend information systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Define Cert

A

the evaluation of a technical and non- technical security features of an information system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Define Accreditation

A

is the official management decision to operate an information system in a specified environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Define DAA

A

the official who assumes formal responsibility for operating a system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Define System Security plan

A

system security plan is the formal document prepared by the information system owner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

ATO

A

authority to operate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

IATO

A

interim authourity to operate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Risk management

A

allows IT managers to balance the cost of protective measures while achieving mission capability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Five attributes of IA

A

confidentiality, authentication, availability, non-repudiation, integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Catagories of computer incidents:

A

malicious logic, user level intrusion, root level intrusion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

IAVA

A

information assurance vulnerability alert

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

IAVB

A

information assurance vulnerability bulletin

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

IAVT

A

information assurance vulnerability technical advisory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

MALICIOUS CODE

A

ANY CODE THAT IS PART OF A SOFTWARE SYSTEM THAT IS INTENDED TO CAUSE SECURITY BREACHES OR DAMAGE TO A SYSTEM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

ZOMBIE

A

A COMPUTER THAT HAS BEEN COMPROMISED AND USED TO PERFORM MALICIOUS TASKS UNDER REMOTE DIRECTION

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

BOT

A

USED TO SPREAD EMAIL SPAM AND LAUNCH DENIAL-OF-SERVICE ATTACKS. SOFTWARE APPLICATION THAT RUN AUTOMATIC TASKS OVER THE INTERNET

17
Q

BOTNET

A

COLLECTION OF ZOMBIE WORKSTATIONS RUNNING BOTS (SOFTWARE APPLICATIONS THAT RUN AUTOMATIC TASKS OVER THE INTERNET) TO SPREAD EMAIL SPAM AND LAUNCH DOS

18
Q

ZERO DAY EXPLOIT

A

THREAT OR ATTACK THAT EXPLOITS A PREVIOUSLY UNKNOWN VULNERABILITY IN A COMPUTER APPLICATION OR OPERATING SYSTEM THAT DEVELEPORS HAVE NOT HAD TIME TO ADDRESS AND PATCH.

19
Q

SPYWARE

A

SOFTWARE THAT AIDS IN GATHERING INFORMATION ABOUT A PERSON OR ORGANIZATION WITHOUT THEIR KNOWLEDGE. SENDS INFORMATION TO OTHER ENITITES.

20
Q

LOGIC BOMB

A

A CODE INTENTIONALLY INSERTED INTO A SOFTWARE SYSTEM THAT WILL SET OFF A MALICIOUS FUNCTION WHEN SPECIFIC CONDITIONS ARE MET.

21
Q

KEYLOGGERS

A

SOFTWARE THAT LOGS EVERY KEYSTROKE AND WRITES IT TO A FILE.

22
Q

PRIVELAGE ESCALATORS

A

USER WHO GAINS ELEVATED ACCESS TO RESOURCES THAT ARE NORMALLY PROTECTED FROM AN APPLICATION OR USE.

23
Q

DENIAL-OF-SERVICE

A

AN ATTEMPT TO MAKE A MACHINE OR NETWORK RESOURCE UNAVAILABLE TO ITS INTENDED USERS. PING OF DEATH.

24
Q

DISTRIBUTED-DENIAL-OF-SERVICE

A

LARGE SCALE DENIAL OF SERVICE

25
Q

EXPLOIT

A

SOFTWARE THAT TAKES ADVANTAGE OF A BUG, GLITCH, OR VULNERABILITY. CAUSES UNINTENDED BEHAVIOUR.

26
Q

GLOBAL INFORMATION GRID

A

AN ALL ENCOMPASSING COMMUNICATION PROJECT OF THE UNITED STATES DoD

27
Q

IAM

A

IN CHARGE OF IA PROGRAM. OVERSEE ALL IAO’S, IAVA’S, SECURITY MEASURES, EVALUATIONS AND ACCREDITATIONS.

ENSURES SECURITY INTRUCTIONS, GUIDANCE AND SOP’S ARE MAINTAINED AND IMPLEMENTED

28
Q

IAO

A

APPLIES EVERYTHING (IN TO EFFECT) THAT THE IAM OVERSEES.

29
Q

NCDOC (NAVY CYBER DEFENSE OPERATIONS COMMAND)

A

IN CHARGE OF INCIDENTS, MONITORS NETWORK ACTIVITY FOR MALICIOUS EVENTS.

30
Q

BLUE TEAM

A

PROTECT FROM THE INSIDE. TEAM COMES TO THE SHIP AND SCANS THE ENTIRE NETWORK LOOKING FOR VULNERABILITIES. ONCE IDENTIFIED THEY INFORM THE COMMAND, AND THE COMMAND IS RESPONSIBLE FOR FIXING THE DISCREPANCIES. CTN’S

31
Q

RED TEAM

A

ATTEMPTS TO PENETRATE IA VULNERABILITES.

32
Q

INTRUSION DETECTION SYSTEM (IDS)

A

A DEVICE OR SOFTWARE APPLICATION THAT MONITORS NETWORS OR SYSTEM ACTIVITIES FOR MALICIOUS ACTIVITY OR POLICY VIOLATIONS AND PRODUCES REPORTS TO A MANAGEMENT STATION.
ACTIVE: IDS AUTO-RESPONDS TO THE SUSPICIOUS ACTIVITY BY RESETTING THE CONNECTION OR BY REPROGRAMMING THE FIREWAL TO BLOCK THE TRAFFIC.

33
Q

INTRUSION PREVENTION SYSTEM (IPS)

A

SOFTWARE THAT PREVENTS SUSPICIOUS ACTIVITY BY RESETTING THE CONNECTION OR BLOCKING NETWORK TRAFFIC FROM THE MALICIOUS SOURCE.

34
Q

HOST-BASED SECURITY SYSTEM (HBSS)

A

SOFTWARE APPLICATIONS USED WITHIN THE DEPARTMENT OF DEFENSE (DOD) TO MONITOR, DETECT, AND COUNTERATTACK AGAINST THREATS TO DOD COMPUTER NETWORKS AND SYSTEMS.

35
Q

HOST BASED SECURITY SYSTEM (HBSS)

A

SOFTWARE APPLICATIONS USED WITHIN THE DEPARTMENT OF DEFENSE (DOD) TO MONITOR, DETECT, AND COUNTERATTACK AGAINST THREATS TO DOD COMPUTER NETWORKS AND SYSTEMS.

36
Q

WINDOWS SERVER UPDATE SERVICES (WSUS) ON SERVERS

A

A PROGRAM THAT ENABLES ADMINISTRATORS TO MANAGE THE DISTRIBUTION OF UPDATES AND HOT FIXES. THESE ARE RELEASED BY SPAWAR.