Risks, Threats and Vulnerabilities
Network Security
Firewall and Network Security
Security Zones and Incident Response
Cyber Hygiene and Security Programs
Security Programs
100

This is written to do harm and be classified into many categories based on how they propagate and behave.

Computer virus or virus.
100

What is the type of Software Development Life Cycle Phase that allows for customer feedback and you can permit backtracking through the steps?

Agile

100

What allows network administrators to configure a Windows Operating System by changing what Windows features are available to users and to manage a security system?

Group Policy Object (GPO)

100

In what zone should you place your local area network?

Private zone aka private LAN or intranet zone

100

What is the terminology used for secure network user habits?

Cyber hygiene 

100

This level of classification requires the highest degree of protection and the damage to nationally security is exceptionally grave

Top Secret

200

Pretending to be something or someone other than yourself.

Spoofing

200

Before a user connects to a network they need to supply what before the connection is allowed?

Valid credentials

200

What helps provide security, privacy and web filtering?

Proxy Server

200

This document created by every organization will define team member roles and responsibilities, incident categories, and will identify how/when users are supposed to report potential security incidents.

Incident Response Plan

200

What is an example of good network user habits?

Use firewalls, update virus definitions, running security scans, select and maintain passwords, update software and back up data

200

This can limit who can delete data to help maintain availability.

Permissions

300

Virus that is able to replicate itself without user activation.

Worm

300
If an account is compromised by utilizing this option a hacker can now access multiple systems.

Single Sign On (SSO)

300

Network administrators will help secure a network by implementing what on files and folders?

Permissions (falls under access control lists)

300

If an incident occurs and during the initial identification it cannot be determined what caused it what category of event would you utilize until cause is determined?

CAT 8: Investigating 

300

Within the security program COMPUSEC you are employing countermeasures for the protection of what three goals? (What the acronym stands for!)

Confidentiality, Integrity, and Availability (CIA Triad)

300
What is an example of privacy act information?

Social security numbers, age, salary, address.

400

An attack against a specific individual that utilizes messaging that appeals to that person.

Spear Phishing

400

For authentication factors what would fall under the category for something you have?

Physical tokens or codes sent via text

400
What should be done in server rooms to physically protect servers?

Controlled access (Done to prevent theft)

400

While completing the incident analysis steps what must be done FIRST?

Gathering information by all involved personnel.

400

By releasing this level of classification materials this can cause serious damage to national security and requires a substantial degree of protection.

Secret

400

One of the easiest ways for adversaries to gain information on military operations is through what?

Social media

500

A nontechnical or low technology confidence trick often involving trickery or fraud.

Social Engineering

500

Network access control does what?

Scans a system for the operating system updates before allowing it onto the network.

500

By disabling this action in your browser you are preventing cross-site request forgery prevention.

"Remember me"

500

This focuses on an incident, group of incidents or network activity or on a foreign individual, group, or organization identified as a threat or potential threat to the DoD network.

Network Intelligence Report (NIR)

500
This security program is implemented due to vulnerabilities that could lead to compromising emanations?

TEMPEST (Transient Electromagnetic Pule Emanation Surveillance Technology)

500

Within this security program it has a possibility for vulnerabilities to occur when we fail to use the proper system for intentional tranmissions.

Transmission Security (TRANSEC)

600

By granting either either physical or virtual access to an organization's information system can leave them what?

Vulnerable to exploitation or carelessness.

600

DIAMETER is a newer AAA protocol that gives more reliable and secure communication services through what protocol?

Transmission Control Protocol (TCP).

600
Disabling USB data ports on DoD computers is done to prevent (two part answer!)

data theft and prevent worms from spreading

600

During the Incident Handling Process in the Preliminary Response process you contain the incident/threat, begin chain of custody docs and what else must be done to allow for further incident analysis?

Preserve data

600

This security program is utilized to reduce mission vulnerabilities by eliminating or reducing adversaries collection of critical information

OPSEC (Operations Security)

600
What is crypto anaylsis?

The science of trying to break a coding system so that the information can be revealed to an unauthorized user.

M
e
n
u