Objective 3d

Question 1

Defined as a weakness in an information system, cryptographic system, or components that could be exploited

Answer 1

Vulnerabilities

Question 2

Using common, well-known code, software, operating systems, or hardware increases probability an attacker can exploit

Answer 2

Familiarity

Question 3

Using weak passwords can be easily discovered using brute force

Answer 3

Password Management Flaws

Question 4

Programs that do not check user input can allow for unintended or direct execution of commands or SQL statements

Answer 4

Unchecked User Inputs

Question 5

Software packages that scan systems or networks for weaknesses

Answer 5

AF Vulnerability Assessment Tools (VATs)

Question 6

Automatically identifies configuration vulnerabilities threatening the security of DoD’s computer systems

Answer 6

Assured Compliance Assessment Solutions (ACAS)

Question 7

Single Console access used by ACAS to manage Nessus scans at the enterprise network level, provides real-time detection of anomalies and critical events

Answer 7

Security Center

Question 8

Comprehensive vulnerability scanner which performs configuration scans of servers, network devices, and databases to test for specific policy settings and compliance

Answer 8

Nessus

Question 9

Monitors the network in real-time, searches out new hosts, applications, and vulnerabilities

Answer 9

Passive Vulnerability Scanner (PVS)

Question 10

DoD information system used to record, track, and disseminate critical vulnerability information

Answer 10

Vulnerability Management System (VMS)

Question 11

Provide system and network administrators with proactive tools that can be used to identify vulnerabilities before an adversary can find them

Answer 11

Security Scans

Question 12

Can detect out-of-date software, validate compliance, deviation from security policies.

Answer 12

Scanning

Question 13

Piece of software designed to update or fix problems with a computer program or its supporting data

Answer 13

Patch

Question 14

Applied to stand alone machine; time consuming, tedius

Answer 14

Local Patch

Question 15

Uses an automated means to apply patches or

security fixes. Most efficient

Answer 15

Remote Patch

Question 16

Change applied to an asset to correct the weakness described by a vulnerability

Answer 16

Security Fix

Question 17

Prohibits the disclosure of information from a system
of records absent the written consent of the subject individuals unless the disclosure is pursuant of the twelve statutory exceptions

Answer 17

Privacy Act

Question 18

The intentional misleading or deceitful conduct that

deprives the Government of its resources or rights

Answer 18

Fraud

Question 19

The extravagant, careless or needless expenditure of

Government resources, resulting from improper or deficient practices, systems, controls or decisions

Answer 19

Waste

Question 20

The intentional, wrongful or improper use of Government resources

Answer 20

Abuse