IA (mand)

Question 1

Define CERTIFICATION.

Answer 1

eval of the technical and non tech security features of an information system, meets a set of security requirements.

Question 2

Define ACCREDITATION.

Answer 2

formal declaration by the DESIGNATED APPROVING AUTHORITY (DAA) that the information system is APPROVED TO OPERATE.

Question 3

What is ATO?

Answer 3

AUTHORITY TO OPERATE

Question 4

IATO.

Answer 4

temporary authorization granted by the DESIGNATED APPROVING AUTHORITY

Question 5

RISK MANAGEMENT.

Answer 5

balances the operational and economic cost for protective measures and gains of mission capability protecting the data

Question 6

5 attributes of IA.

Answer 6

CAAIN

1. confidentiality
2. integrity
3. availability
4. non re repudiation
5. authentication

Question 7

Categories of CPU incidents.

Answer 7

9 total/ IM RRUUDE N! 
INVESTIGATION 
MALICIOUS 
ROOT LEVEL
RECON
USER LEVEL
UNSUCCESSFUL 
DENIAL OF SERVICES 
EXPLAINED ANOMALY 
NON COMPLIANCE

Question 8

IAVA.

Answer 8

Information Assurance Vulnerability Alert: addresses severe network vulnerabilities and potentially severe threats, CORRECTIVE ACTION OF THE HIGHEST PRIORITY

Question 9

IAVB.

Answer 9

Information Assurance Vulnerability Bulletin: addresses new vulnerabilities and do not pose immediate risk but non compliance could escalate the risk.

Question 10

IAVT.

Answer 10

Information Assurance Vulnerability Technical Advisory: new risks but classified as low risk

Question 11

CTO.

Answer 11

Communications Tasking Order- urgent request coming for the Naval Network Warfare Command CDR (NETWARCOM)

Question 12

Define Service Pack.

Answer 12

single install package for fixing software problems

Question 13

Difference between Vulnerability and Threat.

Answer 13

Threat is an actual event that can mess up operations and an vulnerability is a weakness in a info system ( but can be fixed)

Question 14

IAM.

Answer 14

Information Assurance Manager, responsible for the IA program