IDW: Network/IA

Question 0

How many networks do we have onboard?

Answer 0

6: NIPR, SIPR, CENTRIX, JWICS, PPLAN, MCMS

Question 1

What is defense in depth in regards to IA?

Answer 1

A concept of multi-layered security; multi layers to prove that you are authorized.

Question 2

What is the biggest threat to the network and how do we mitigate it?

Answer 2

User awareness and training.

Question 3

What is compliance in regards to patching?

Answer 3

If a computer on the network isn’t fully patched then there’s a loophole that can be exploited.

Question 4

How does inventory effect compliance?

Answer 4

If you don’t know where a non-compliant computer is, you can’t fix it and have vulnerability.

Question 5

What is the ISSM and their responsibilities?

Answer 5

Information Systems Security Manager; serves as the point of contact for all command IA matters and implements IA program. Designated in writing by CO.

Question 6

What is the ISSO and their responsibilities?

Answer 6

Designated system administrator for a system (GCCS, AIS, TMIP). They oversee compliance inventories and other requirements assigned by ISSM.

Question 7

TASO responsibilities

Answer 7

Share drive folder and file management

SAAR form management

Cyber Awareness training management

Evaluate and report security vulnerabilities and problems

Complete and maintain inventories of all IT equipment

Notify ADP of equipment changes

Train and submit division requests for new equipment.

Ensure electrical safety checks conducted

Inform ADP of personnel changes

Assist with creating Outlook PST files

Assist uses in mapping drives

Assist Combat Systems with (Information Security) IS inspections

Communicate news from meetings with leadership.

Question 8

What is a network violation?

Answer 8

Auto-forwarding Navy email to commercial email

Bypass firewalls

Use unauthorized software

Relocate or change equipment

Upload/download files

Using personal hardware

Misuse of IT resourcesto adversely reflect on Navy

Question 9

What are spillage procedures?

Answer 9

Report to CoC, electronic spillage report must go out every 24hrs to every command involved.

Question 10

What’s NETSEC responsible for?

Answer 10

All data security,assurance policy, network configuration management, spillage reporting

Question 11

How often is anti-virus done

Answer 11

7 days

Question 12

What did Private Manning do?

Answer 12

Copied classified classified info and uploaded to Internet.

Question 13

What did Edward Snowden do?

Answer 13

Copied classified material to external hard drive and released it to the public.

Question 14

Information Assurance

Answer 14

Practice of assuring information and managing risks related to the use, storage, and transmission of information or data.

Question 15

Interim Authority To Operate

Answer 15

Has authorized termination date within 180 days; can’t have consecutive IATO totaling more than 360 days.

Question 16

Authority To Operate (ATO)

Answer 16

Issued for 3 years; DAA authorized to run Information Systems at an acceptable level of risk

Question 17

Public-key infrastructure (PKI)

Answer 17

Crypto technique that enables users to communicate on an insecure public network verify users identity by digital signatures.

Question 18

Information Assurance Vulnerability Alert (IAVA)

Answer 18

Announcement of a computer vulnerability notification. IAVA’s require acknowledgement and compliance.

Question 19

Public-key infrastructure (PKI)

Answer 19

Crypto technique that allows users to securely communicate on an insecure network using digital signatures to verify.

Question 20

Information Assurance Vulnerability Bulletin (IAVB)

Answer 20

Announcement of a computer vulnerability. IAVBs require acknowledgement.

Question 21

Information Assurance Vulnerability Technical (IAVT)

Answer 21

Announcement of a computer vulnerability. IAVT require notification only.

Question 22

Computer Tracking Order (CTO)

Answer 22

Document sent out to change network posture of the fleet.

Question 24

Information Assurance Manager (IAM)

Answer 24

Responsible for ensuring commands Information Systems are operated, used, maintained and disposed of

Question 25

Virus

Answer 25

Harmful program in disguise

Question 26

Worm

Answer 26

Self-replicating sub-viruses

Question 27

Network Enumeration

Answer 27

Process of extracting valid account or exported resource names from systems using active connections and desires queries

Question 27

Trojans

Answer 27

Harmful program disguised as a legit application

Question 29

Network Enumeration

Answer 29

Extracting valid account or exported resource names from systems using active connections and desires queries

Question 30

SQL Injection

Answer 30

Code injection technique; used to attack data-driven applications.

Question 31

Privilege Escalation

Answer 31

Using a flaw to increase privilege level

Question 32

Social Engineering

Answer 32

Deception to get sensitive information.

Question 33

Host-Based Security System

Answer 33

Can detect and counter, in real time, against known cyber threats.

Question 33

Dictionary attack

Answer 33

Using all words in dictionary to crack a code

Question 34

Brute Force Attack

Answer 34

Using all possible methods to crack a code

Question 35

Assured Compliance Assessment Solution (ACAS)

Answer 35

Used to scan the network for compliance of the latest patches in conjunction with VRAM.

Question 36

Information Operation Condition (INFOCON)

Answer 36

5 levels; 1 is most dangerous and 5 is least dangerous. We are currently at 3.

Question 37

Electronic Spillage

Answer 37

Placing sensitive material on a less sensitive network. Ex. Can’t go from high to low.

Question 38

Navy Cyber Defense Operations Command (NCDOC)

Answer 38

Ensuring proper internet usage on-board USN Afloat Commands.

Question 39

MSG Server

Answer 39

Provides 2 basic services on an enterprise firewall and a web proxy/cache server.

Question 40

Non-classified Internet Protocol Router Network (NIPRNET)

Answer 40

Unclassified network. Ex: Facebook

Question 41

Secret Internet Protocol Router Network (SIPRNET)

Answer 41

Classified network.

Question 42

Joint Worldwide Intelligence Communications Systems (JWICS)

Answer 42

TS/SCI network

Question 43

Virtual Local Area Network (VLAN)

Answer 43

Group of workstations, servers and network devices that appear to be on the same LAN despite geographical location

Question 44

Domain Name System

Answer 44

Converting computer host names and domain names into IP addresses.

Question 45

Dynamic Host Control Protocol (DHCP)

Answer 45

Provides IP addresses to computers.

Question 46

Domain Controllers

Answer 46

Run Active Directory, Dynamic Host Configuration Protocol (DHCP), Domain Name System. We have 2 per network

Question 47

Active Directory

Answer 47

Used to create, manage and edit objects on the network.

Question 48

IPv4 address space

Answer 48

32 bit field and can support up to 4.3 billion IP addresses.

Question 49

IPv6

Answer 49

Uses 128 bit addresses.

Question 50

Common UDP/TCP Ports

Answer 50

20/21 - File Transfer Protocol (20 is data, 21 is control)

23 - Telnet

25 - Simple Mail Transfer Protocol

80 - Hypertext Transfer Protocol

443 - Hypertext Transfer Protocol w/ Secure Sockets Layer

Question 51

Web Tier

Answer 51

Aka Web User Groups. Used to control bandwidth.

Question 52

Web Tier

Answer 52

Web User Groups. Used to control bandwidth. We have 3 (low, medium and high)

Question 53

DOS Commands

Answer 53

Ping: Used to reach the ability of a host on a IP network.

Trace Route: used to determine the path taken to a destination across a network.

IPCONFIG: Tool used to view network interface configurations.

Question 54

Navy Information Application Product Suite (NIAPS)

Answer 54

Deliver maintenance, logistics, administrative, training and management applications to users at sea.

NKO Afloat, FEDLOG, Distance Support

Question 55

Navy Tactical Command Support System (NTCSS)

Answer 55

Provides a full range of of standardized mission support ADP hardware and software.

Question 56

NTCSS Applications include:

Answer 56

R-Supply: Relation supply provides Navy and Marines tools and functions needed to perform daily tasks.

OMMS-NG (Organizational Maintenance Management System-Next Generation: Provides quick, convenient access to the maintenance information needed for readiness

R-ADM (Relational Administrative Data Management): Personnel management

NALCOMIS (Naval Logistics Command Management Information System): Provides aviation maintenance and material management with information.

Question 57

TMIP-M (Theater Medical Information Program-Maritime)

Answer 57

AHLTA: Utilized for sick call information and dr’s notes

SAMS: Holds shot records, and transit data off ship to NMO

Question 58

FLTNOC (Fleet Network Operations Centers)

Answer 58

ECRNOC: European; Naples, Italy

IONOC: Indian Ocean; Bahrain.

PRNOC: Pacific; Wahiawa, HI

UARNOC: Unified Atlantic; Norfolk, VA

Question 59

DCGS-N (Distributed Common Ground System-Navy):

Answer 59

Provides real time imagery in support of fleet intelligence.

Question 60

CENTRIXS (Combined Enterprise Regional Information Exchange System):

Answer 60

Global data network for U.S. and petter forces to share classified operational and intelligence information.

Question 61

GCCS-M (Global Command and Combat System-Maritime)

Answer 61

Provides afloat joint and allied commanders a single integrated C4I with intelligence and environmental information.

Question 62

Who is the ships Information Assurance Manager (IAM)

Answer 62

LT Johnson and ITC Brown

Question 63

How many layers are there in the OSI model

Answer 63

7

Question 64

Layer 1 of OSI Model

Answer 64

Physical

Question 65

Layer 2 of OSI Model

Answer 65

Data Link

Question 66

Layer 3 of OSI Model

Answer 66

Network

Question 67

Layer 4 of OSI Model

Answer 67

Transport

Question 68

Layer 5 of OSI Model

Answer 68

Session

Question 69

Layer 6 of OSI Model

Answer 69

Presentation

Question 70

Layer 7 of OSI Model

Answer 70

Application