Section 4

Question 1

Operations security process

Answer 1

1. identification of critical information
2. analysis of threats
3. analysis of vulnerabilities
4. assessment of risks
5. application of countermeasures

Question 2

The process of intelligence gathering and analysis to support business decisions.

Answer 2

competitive intelligence

Question 3

first law: know the threats

Answer 3

• if you don’t know the threat, how do you know what to protect?

Question 4

second law: know what to protect

Answer 4

if you don’t know what to protect, how do you know you are protecting it

Question 5

third law: protect the information

Answer 5

if you are not protecting the information, the dragon wins

Question 6

Which term refers to the practice of managing information gathering activities directed at an organization?

Answer 6

competitive counterintelligence

Question 7

What is the responsibility of the Interagency OpSec Support Staff (IOSS)?

Answer 7

Provide multiple agencies with a wide variety of security awareness and training.

Question 8

Which type of social engineering attack utilizes credible scenarios to lure people into disclosing sensitive information?

Answer 8

pretexting

Question 9

What does endpoint protection help reduce?

Answer 9

malware

Question 10

Which part of a security awareness program locks down sensitive information before exiting?

Answer 10

clean desk policy