Risks, Threats and Vulnerabilities
This is written to do harm and be classified into many categories based on how they propagate and behave.
What is the type of Software Development Life Cycle Phase that allows for customer feedback and you can permit backtracking through the steps?
Agile
What allows network administrators to configure a Windows Operating System by changing what Windows features are available to users and to manage a security system?
Group Policy Object (GPO)
In what zone should you place your local area network?
Private zone aka private LAN or intranet zone
What is the terminology used for secure network user habits?
Cyber hygiene
This level of classification requires the highest degree of protection and the damage to nationally security is exceptionally grave
Top Secret
Pretending to be something or someone other than yourself.
Spoofing
Before a user connects to a network they need to supply what before the connection is allowed?
Valid credentials
What helps provide security, privacy and web filtering?
Proxy Server
This document created by every organization will define team member roles and responsibilities, incident categories, and will identify how/when users are supposed to report potential security incidents.
Incident Response Plan
What is an example of good network user habits?
Use firewalls, update virus definitions, running security scans, select and maintain passwords, update software and back up data
This can limit who can delete data to help maintain availability.
Permissions
Virus that is able to replicate itself without user activation.
Worm
Single Sign On (SSO)
Network administrators will help secure a network by implementing what on files and folders?
Permissions (falls under access control lists)
If an incident occurs and during the initial identification it cannot be determined what caused it what category of event would you utilize until cause is determined?
CAT 8: Investigating
Within the security program COMPUSEC you are employing countermeasures for the protection of what three goals? (What the acronym stands for!)
Confidentiality, Integrity, and Availability (CIA Triad)
Social security numbers, age, salary, address.
An attack against a specific individual that utilizes messaging that appeals to that person.
Spear Phishing
For authentication factors what would fall under the category for something you have?
Physical tokens or codes sent via text
Controlled access (Done to prevent theft)
While completing the incident analysis steps what must be done FIRST?
Gathering information by all involved personnel.
By releasing this level of classification materials this can cause serious damage to national security and requires a substantial degree of protection.
Secret
One of the easiest ways for adversaries to gain information on military operations is through what?
Social media
A nontechnical or low technology confidence trick often involving trickery or fraud.
Social Engineering
Network access control does what?
Scans a system for the operating system updates before allowing it onto the network.
By disabling this action in your browser you are preventing cross-site request forgery prevention.
"Remember me"
This focuses on an incident, group of incidents or network activity or on a foreign individual, group, or organization identified as a threat or potential threat to the DoD network.
Network Intelligence Report (NIR)
TEMPEST (Transient Electromagnetic Pule Emanation Surveillance Technology)
Within this security program it has a possibility for vulnerabilities to occur when we fail to use the proper system for intentional tranmissions.
Transmission Security (TRANSEC)
By granting either either physical or virtual access to an organization's information system can leave them what?
Vulnerable to exploitation or carelessness.
DIAMETER is a newer AAA protocol that gives more reliable and secure communication services through what protocol?
Transmission Control Protocol (TCP).
data theft and prevent worms from spreading
During the Incident Handling Process in the Preliminary Response process you contain the incident/threat, begin chain of custody docs and what else must be done to allow for further incident analysis?
Preserve data
This security program is utilized to reduce mission vulnerabilities by eliminating or reducing adversaries collection of critical information
OPSEC (Operations Security)
The science of trying to break a coding system so that the information can be revealed to an unauthorized user.