Section 4 Flashcards

1
Q

What are the steps of the OPSEC process

A

Identification of critical information - identify your most critical assets

Analysis of threats - analyze any threats related to the critical information you identified

Analysis of Vulnerabilties - analyzing the vulnerabilities in the protections you’ve put in place to secure your information assets.

Assessment of Risks - decide what issues you need to address in the rest of the operations security process.

Application of Countermeasures - Once you’ve discovered risks to your critical information, you can put measures in place to mitigate them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are countermeasures in OPSEC

A

putting controls in place to mitigate risks to your critical information. When you construct a countermeasure for a risk, you need to mitigate either the threat or the vulnerability at the bare minimum.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the “laws of OPSEC”

A

First Law: Know the Threats

Second Law: Know What to Protect

Third Law: Protect the Information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is competitive intelligence

A

conducting intelligence gathering and analysis to support business decisions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is human intelligence (HUMINT)

A

data gathered by talking to people that might include personal observations, people’s schedules, sensitive information, or any of a number of other similar items.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is open source intelligence (OSINT)

A

information collected from publicly available sources, such as job postings and public records.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is metadata

A

is the data about data found in almost any file that can reveal not only mundane information such as timestamps and file statistics but also more interesting data such as usernames, server names, network file paths, and deleted or updated information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is EXIF data

A

image and video file metadata that includes information such as the camera settings and hardware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What does Maltego do?

A

an intelligence-gathering tool that uses relationships between particular points of data, called transforms, to discover information related to information that you already have.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does Shodan do?

A

a web-based search engine that looks for information saved on internet-connected devices. allows you to search for specific information, such as particular hardware, software, or open ports.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What does EnCase do

A

has features that can recover and read metadata

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What does ExifTool do

A

allows you to view and edit EXIF data from videos and photos

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is pretexting

A

attackers use information they’ve gathered to assume the guise of a manager, customer, reporter, co-worker’s family member, or other trusted person.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is phishing

A

a social engineering technique in which an attacker uses electronic communications such as email, texting, or phone calls to collect the target’s personal information or install malware on their system, often by convincing the target to click a malicious link.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is spear phishing

A

targeted attacks against specific companies, organizations, or people.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is tailgaiting

A

the act of following someone through an access control point, such as secure door, instead of using the credentials, badge, or key normally needed to enter.

17
Q

What is the Interagency OPSEC Support Staff (IOSS) responsible for

A

responsible for a wide variety of OPSEC awareness and training efforts.