Objective 1

Question 1

Process of verifying an identity bound to the person asserting it

Answer 1

Identification and Authentication Process

Question 2

Act of presenting an identity to a system

Answer 2

Identification

Question 3

Validation of a claimed identity

Answer 3

Authentication

Question 4

Use of two or more authentication factors

Answer 4

multi-factor authentication

Question 5

Most common authenticator factor

Answer 5

Something you know

Question 6

Hardest authentication factor to trick

Answer 6

Something you are

Question 7

Closely related to “something you know” authentication factor

Answer 7

Something you do

Question 8

Grants access based upon identity

Answer 8

Authorization

Question 9

Magnetization left behind after information has been removed from a piece of magnetic media

Answer 9

Magnetic Remanence

Question 10

Use of prescribed safeguards and controls taken to prevent reconstruction of magnetic remanence

Answer 10

Remanence Security Methods

Question 11

Process of eradicating data on media before reused in an environment providing an acceptable level of protection for data

Answer 11

Clearing

Question 12

Process of recording new data on top of already stored data thus destroying old data

Answer 12

Overwriting

Question 13

Trained individual (not overwriter) randomly samples 20% of disk

Answer 13

Overwrite Verification

Question 14

Removes information from media rendering it unrecoverable by technical means

Answer 14

Sanitizing

Question 15

Process of erasing magnetic media by eliminating any remnant magnetic fields. The preferred method of of sanitizing magnetic media

Answer 15

Degaussing

Question 16

Act of physically destroying media making it unusable by no exploitation method

Answer 16

Physical Destruction

Question 17

Methods of physical destruction include…?

Answer 17

Shredding, burning, crushing, acid wash, breaking, and surface scratching

Question 18

What are the 3D0X2 roles?

Answer 18

Prevent accidental disclosure of processed or stored sensitive information, and must be knowledgeable of clearing, sanitizing, and destruction procedures and have tools available

Question 19

Systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation

Answer 19

Certification & Accreditation Process

Question 20

AF C&A program is defined in…?

Answer 20

AFI 33-210

Question 21

Comprehensive assessment of the management, operational, and technical security controls in an information system

Answer 21

Certification

Question 22

Official management decision given by senior agency
official authorizing operation of information system and to explicitly accept risk to agency operations, assets, or individuals

Answer 22

Accreditation

Question 23

Non-regulatory federal agency with mission to promote US innovation and industrial competitiveness

Answer 23

NIST (National Institute of Standards of Technology)

Question 24

Risk-based approach to selection of security controls

Answer 24

NIST RMF (National Institute of Standards of Technology Risk Management Framework)

Question 25

What are the NIST RMF process steps?

Answer 25

Categorize, Select, Implement, Assess, Authorize, Monitor

Question 26

Ensures continuity of operations as changes are validated, approved, and implemented

Answer 26

Change Management