Unit 2b

Question 1

Purpose of various incident and vulnerability reporting processes is to improve overall security posture of AF Enterprise Network (AFEN), AF information systems, and stand-alone computing devices through quick positive control and reporting of network as well as information system incidents

Answer 1

Incident Response

Question 2

Includes network/system incidents such as intrusions, scans, probes, and malicious logic events

Answer 2

Incident

Question 3

Weakness in information system, cryptographic system, or components that could be exploited

Answer 3

Vulnerabilities

Question 4

End users and AF network professionals must report all identified incidents and vulnerabilities, which groups should be informed?

Answer 4

Network Operations & Security Center (NOSC) and NCC personnel, Functional System Administrators (FSA), Work Group Managers, Information System Security Officers (ISSO), Information Systems Security Managers (ISSM)

Question 5

Mark all unclassified reports as “For Official Use Only” (FOUO) and
protect report from public distribution under Freedom of Information
Act.

Answer 5

Unclassified Report Guidance

Question 6

Include attempted entry, unauthorized entry, and attacks on information system

Answer 6

Incident Categories

Question 7

Review of critical audit logs by network professionals

Answer 7

Incident Detection

Question 8

NCCs, NOSCs, and AFNOSC record suspicious and unauthorized network as well as information systems access and activity

Answer 8

Incident Reporting

Question 9

ASIM sensors utilized to monitor various enclaves that make up AFEN

Answer 9

ASIM-Identified Incidents

Question 10

All end users accessing AFEN are required to report unusual network, information system, and stand-alone computing device events suspected to stem from some form of malicious logic

Answer 10

Malicious Logic Incidents