INFORMATION ASSURANCE

Question 1

IA

Answer 1

Information Assurance; Information operations that protect and defend data and IS by ensuring availability, integrity, authentication, confidentiality and non-repudiation.

Question 2

ATO

Answer 2

Authority to Operate; usually over one year

Question 3

IATO

Answer 3

Interim Authority to Operate; Usually 6 months

Question 4

CROSS-DOMAIN TRANSFERS

Answer 4

Information must be scanned and verified prior to transferring.

Question 5

5 ATTRIBUTES OF IA

Answer 5

Confidentiality
Integrity
Availability
Non-repudiation
Authentication

Question 6

CONFIDENTIALITY

Answer 6

Information or IS have been or may have been accessed, used, copied, or disclosed by someone who was not authorized to have access to the information.

Question 7

INTEGRITY

Answer 7

Protection against unauthorized modification or destruction of information.

Question 8

AVAILABILITY

Answer 8

Information the computing systems used to process the information and the security controls used to protect the information are all available and functioning correctly when the information is needed.

Question 9

NON-REPUDIATION

Answer 9

Implies that one party of a transaction cannot deny having received a transaction nor can the other party deny having sent a transaction.

Question 10

AUTHENTICATION

Answer 10

Security measure designed to establish the validity of a transmission, message, or originator, or means of verifying an individual’s authorization to receive specific categories of information.

Question 11

9 CATEGORIES OF COMPUTER INCIDENTS

Answer 11

User Level Intrusion
Denial of Service
Malicious Logic
Unsuccessful Activity
Attempt
Non-Compliance Activity
Reconnaissance
Investigating
Explained Anomaly

Question 12

IAVA

Answer 12

Information Assurance Vulnerability Alert

Question 13

IAVB

Answer 13

Information Assurance Vulnerability Bulletin

Question 14

CTO

Answer 14

Communication Tasking Order

Question 15

NTD

Answer 15

Navy Telecommunications Directive

Question 16

SERVICE PATCHES

Answer 16

A collection of updates fixes and/or patches

Question 17

DIFFERENCE BETWEEN VULNERABILITY AND THREAT

Answer 17

Vulnerability: refers to the susceptibility of a person, group, society, or system to physical or emotional injury or attack.
Threat: An act of coercion wherein an act is proposed to elicit a negative response.

Question 18

CSI

Answer 18

Cyber Security Inspection

Question 19

DEFENSE-IN-DEPTH

Answer 19

Integrates People and Technology to establish barriers across networks.

Question 20

MALICIOUS CODE

Answer 20

Code in any part of software or script that is intended to cause undesired effects, security breaches or damage to a system.

Question 21

GIVE 5 TYPES OF MALICIOUS ACTIVITY

Answer 21

Zombie
Bot
Zero Day Exploit
Spyware
Logic Bomb

Question 22

ZOMBIE

Answer 22

Computer controlled by another person without user knowledge. Typically used for spam or illegal activities.

Question 23

BOT

Answer 23

Malware that gives attacker full control of a computer

Question 24

ZERO DAY EXPLOIT

Answer 24

A hole in software that is unknown to the vendor and is exploited by hackers.

Question 25

SPYWARE

Answer 25

Software that enables a user to obtain covert information about another’s computer activities by transmitting data covertly from their hard drive.

Question 26

LOGIC BOMB

Answer 26

A set of instructions secretly incorporated into a program so that if a particular condition is satisfied they will be carried out, usually with harmful effects.

Question 27

KEY LOGGERS

Answer 27

Tracks key strokes

Question 28

PRIVILEGE ESCALATORS

Answer 28

Exploiting a design flaw to gain elevated access

Question 29

EXPLOIT

Answer 29

Taking advantage of a vulnerability

Question 30

GLOBAL INFORMATION GRID

Answer 30

DoD’s globally interconnected network of information capabilities.

Question 31

MITIGATION

Answer 31

Actions taken to reduce the effect of a network attack

Question 32

PENETRATION

Answer 32

Unauthorized attack bypassing security

Question 33

PROBE

Answer 33

Used to learn about a network

Question 34

PORT SCAN

Answer 34

Scans networks for open ports for potential exploitation

Question 35

PKI

Answer 35

Public Key Infrastructure

Question 36

Digital Signatures

Answer 36

Assures originator (sender) authenticity

Question 37

IAM

Answer 37

Information Assurance Manager

Question 38

IAO

Answer 38

Information Assurance Officer

Question 39

Electronic Spillage

Answer 39

EX: putting SECRET information on UNCLASSIFIED systems.

Question 40

Navy Blue Team

Answer 40

Solidifies Naval Networks

Question 41

Navy Red Team

Answer 41

Simulates attacks on Naval Networks

Question 42

IDS

Answer 42

Intrusion Detection System

Question 43

Two Types of IDS

Answer 43

Active – automatically takes action and denies intrusion

Passive – Logs information but does not take action

Question 44

IPS

Answer 44

Intrusion Prevention System

Question 45

HBSS

Answer 45

Host Based Security System – Detect and counter real time threats

Question 46

Anti-virus

Answer 46

Computer software used to detect, prevent and remove malicious software.