M1 Flashcards

1
Q

What are the five pillars of information assurance?

A

Confidentiality - Unauthorized persons are not able to access information

Integrity - Information is not modified, altered, or changed in any way

Availability - Information system is usable and the information is accessible

Authentication - Person who is accessing the information is who they say they are.

Non-repudiation - No one can later deny their role in communications or that they accessed the information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is COMPUSEC?

A

Computer Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a GFE?

A

Government Furnished Equipment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How long should you keep a password?

A

Up to 180 days

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How many characters minimum should a secure password have?

A

14

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How many consecutive characters should a secure password have?

A

No more than 3 consecutive characters

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

When making a new password, how many characters should change at a minimum from the last password?

A

Minimum 4 characters

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

You should stray away from ________ information and _____ phrases or __________ words when making a password.

A

personal information
common phrases
dictionary words

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the difference between Sensitive and Critical information?

A

Sensitive information is information that the mishandling of could adversely affect the national interest, but that has not been specifically authorized to be kept secret (Sensetive, important but not specifically secret)

Critical information is the information needed by adversaries for them to plan so as to guarantee the failure of friendly missions. (Critical, helps bad guys guarantee our failure)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the OPSEC Five-Step Planning Process?

A
  1. Identify Critical Information (what info)
  2. Analyze Threats (Who wants info)
  3. Analyze Vulnerabilities (Where’s the weakness)
  4. Assess Risk (level of impact to the mission)
  5. Apply Countermeasures (smarter ways of doing task)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What does Confidentiality mean in the OPSEC Five-Step Planning Process?

A

Unauthorized persons are not able to access information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What does Integrity mean in the OPSEC Five-Step Planning Process?

A

Information is not modified, altered, or changed in any way

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does Availability mean in the OPSEC Five-Step Planning Process?

A

Information system is usable and the information is accessible

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What does Authentication mean in the OPSEC Five-Step Planning Process?

A

Person who is accessing the information is who they say they are.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What does Non-repudiation mean in the OPSEC Five-Step Planning Process?

A

No one can later deny their role in communications or that they accessed the information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the Executive Order dealing with Insider Threat?

A

EO 13587 directs U.S. Government executive branch departments to assess the effectiveness of insider threat programs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are the three main types of Phishing?

A

Phishing
Spear Phishing
Whaling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is Phishing?

A

Suspicious e-mails or pop-ups that induce individuals to reveal personal information (broad target)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is Spear Phishing?

A

A type of Phishing attack that targets specific individuals, groups of people, or organizations (narrow target)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is Whaling?

A

A complex and targeted phishing attack against high-level personnel (extremely specific and high-value)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Intelligence efforts focus on detecting and countering what threats?

A

Espionage, Terrorism, and Weapons of Mass Destruction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is Intelligence Oversight?

A

Intelligence Oversight is the process that ensures intelligence-related activities are in accordance with the constitution, law, executive orders, and DOD directives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What are the two main objectives of Intelligence Oversight?

A

Ensure the DOD can conduct Intelligence and CI missions

Protect the statutory and constitutional rights of U.S. persons

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is EO 12333?

A

EO 12333 establishes that the U.S. intelligence effort shall provide POTUS, NSC, HSC information concerning national interests and the development of policies from foreign security threats

25
What does DoD manual 5240.01 establish?
Procedures to enable DoD to conduct intel activities to protect U.S. persons
26
What are the two authorized intelligence activities?
Foreign Intelligence | Counterintelligence (CI)
27
What is foreign intelligence?
Information relating to the capabilities, intentions, and activities of foreign powers.
28
What is Counterintelligence?
Information used to identify, deceive, exploit, disrupt, or protect against espionage, sabotage, or assassinations conducted on behalf of foreign powers
29
What does DoD manual 5240.01 outline?
It outlines the DoD Intelligence Oversight program.
30
What is Title 50?
Titled War and National Defense, it governs foreign intelligence efforts
31
What is Title 10?
Titled Armed Forces, governs establishment, training, equipping, and readiness of the Armed Forces to conduct offensive operations when ordered by POTUS
32
What is Title 32?
Titled National Guard, governs the strength and organization of the Army and Air National guard.
33
What is NSD 42?
National Security Directive 42 establishes cybersecurity guidelines to secure national security systems, and assigns agency responsibilities
34
What is the purpose of the Intelligence Cycle?
To collect information and develop intelligence for use by IC customers
35
What are the six steps of the Intelligence Cycle?
``` Planning and Direction Collection Processing and Exploitation Analysis and Production Dissemination Evaluation and Feedback ```
36
What is Data?
A set of values or quantitive variables
37
What is Information?
Collected data processed into an intelligible form
38
What is Intelligence?
Information giving new insight to a given situation.
39
In the Intelligence Cycle, what is Planning and Direction?
Policymakers determine what issues need to be addressed and set intelligence priorities
40
In the Intelligence Cycle, what is Collection?
Collection refers to collecting information
41
In the Intelligence Cycle, what is Processing and Exploitation?
using highly trained and specialized personnel and equipment to turn large amounts of raw data into usable information
42
In the Intelligence Cycle, what is Analysis and Production?
Analysts examine and evaluate collected information, add context, and integrate findings into complete products
43
In the Intelligence Cycle, what is Dissemination?
Delivering the information to the people who make decisions based off of the information
44
In the Intelligence Cycle, what is Evaluation and Feedback?
Evaluate the product for relevance, bias, accuracy, and timeliness and to see if the process to ensure thoroughness and efficiency. Feedback helps adjust and refine activities and outputs to help meet the customers' information needs.
45
What is the definition of Disseminate?
To scatter or spread widely; broadcast; disperse
46
What are the six basic intelligence disciplines for collection?
``` GEOINT HUMINT IMINT MASINT OSINT SIGINT ```
47
What does CRITIC refer to?
Critical information
48
When should CRITIC reporting be based solely on unclassified information?
When that information is unlikely to be readily available to the President and the National Security Council.
49
What are events that meet CRITIC reporting requirements?
- Hostile Acts (attack/sabotage against US or allies; war; WMD; infrastructure; cyber attacks that affect Command+control, govt, or essential services; emergency cyber action) - Terrorist Acts - Political Disruption/Instability - Cyber attacks that create immediate major humanitarian, environmental, or economic crises
50
Who is the DNI?
Director of National Intelligence, head of the IC
51
What does IC mean?
Intelligence Community
52
What is a SCC?
Service Cryptologic Component, relating to Armed Forces crypto activities
53
What are the five SCCs?
(Navy) - US Fleet Cyber Command (USFCC)/Commander Tenth Fleet (C10F) (USMC) - Marine Cryptologic Support Battalion (MCSB) Coast Guard Cryptologic Group (CGCG) US Army Intelligence and Security Command (INSCOM) Sixteenth Air Force (16 AF)
54
What is a CC?
Cryptologic Center, they perform critical SIGINT and cybersecurity mission ops focused on analysis and production
55
Where are the four CCs?
Colorado Georgia Hawaii Texas
56
What is referred to when someone mentions the "five eyes"?
The NSA and its partners, Australia, Canada, New Zealand, and the United Kingdom
57
What are the NSA's foreign second-party partners?
Australia Canada New Zealand United Kingdom
58
What is a CCMD?
Combatant Command
59
What is the UCP?
Unified Command Plan, establishes mission responsibility and geographic areas of responsibility to each CCMD