Risks, Threats and Vulnerabilities
Dino DNA
Is your network even secure?
Probably Not.
Firewalls and Security Zones
Incident Response
Have you brushed your keyboard today?
Cyber Security
100

Pretending to be someone or something other than yourself is known as what?

Spoofing

100
This is the restoration of encrypted data to its original readable state.

Decryption

100

This type of authentication factor can include physical tokens, codes sent via text or email. 

Something you have

100

This type of authentication factor can include your password or PIN.

Something you know.

100

This allows network admins to configure a Windows OS by changing what Windows features are available to users and to manage a system security.

Group Policy Object

100

This individual is the first user to identify and react to an incident

First responder

100

What are some examples of good network user habits?

Firewalls, running antivirus and security scans, good password habits, software updates, etc.

100

This is the easiest way for our adversaries to gain information about military operations

Social media

200
Something within a system's design that could potentially be exploited to violate the system's security policy.

Vulnerability

200

What is open-source information that can be pieced together by an adversary to derive critical information?

Indicator

200

With utilizing the log on of users authenticating to the network once and having access to multiple servers versus one without needing to reauthenticate if the account is compromised a hacker can now access multiple servers. What type of log on is this known as?

Single sign on (SSO)

200

Every electronic device emits what to some degree? It can also radiate strongly enough to interfere with or compromise comms.

Electromagnetic interference (EMI)

200

This zone is where you should place any servers that need to be reached by the public such as your SMTP or DNS servers

DMZ - Demilitarized zone

200

This incident category is used practice and prepare for a response to an incident. (Both category number and name)

CAT 0: Training/Exercise

200
Practices and steps that maintain system health and improve online security is known as what?

Cyber hygiene

200

Process of converting data into an unreadable format

Encryption

300

This type of attack or threat is by someone gaining unauthorized or illegitimate access is known as what?


Outside Attack.  

BONUS (100 Points): This type of action is used in outside attacks and is turns compromised computers into robots to be used by attackers.

300

The intentional deception to unlawfully deprive the USAF of something of value or for an individual to secure an unentitled benefit is what?

Fraud, Waste and Abuse (FWA)

300

Presenting information about yourself to a system by utilizing username or a smartcard is known as what?

Identification

300

DOD computers have USB ports disabled to prevent what? (Two part answer!)

Data theft and worms from spreading.
300

What is an example of a hardware firewall?

Packet filtering, stateful packet inspection, application layer (proxies) or linux.

300

This is considered to be any observable occurrence in a system or network. It sometimes provides indication that an incident is occurring. 

Event

300

This references how often your service is up.

Site reliability

300

This security program can have vulnerabilities that can lead to compromising emanations.

TEMPEST - Transient Electromagnetic Pulse Emanation Surveillance Technology.

400

An attack against a specific individual that utilizes messaging that appeals to that person.

Spear Phishing

400

This ensures that transmitted data has not been altered in transit. Can be done by hashing, digital signature, digital certificate or nonrepudiation.

Integrity.

400

This AAA protocol utilizes Transmission Control Protocol for a more reliable and secure communication service.

DIAMETER.


Bonus (100 Points)- Which AAA protocol uses User Datagram Protocol (UDP)?

400

What action should be done for server room floors for theft prevention?

Controlled access

400
Another name for application based firewall, host based firewall or personal firewall is what?

Software-based firewall.

400

This is an assessed occurrence on the network that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system.

Incident.

400

Creating passwords you should do these items (list one item)

Longer (min 12 characters), mix of characters, don't use dictionary words or obvious substitutions and do not use the same password for multiple logins. 

400

This level of classified information if disclosed can lead to exceptionally grave damage to national security and requires the highest degree of protection.

Top Secret


BONUS (100 points) - This level of classified information if disclosed can lead to serious damage to national security and requires a substantial degree of protection.

500

Within social engineering by targeting this individual the hacker is trying to get a higher payoff. What type of social engineering would this be?

Whaling

500

The core security discipline within information protection that is designed to identify and protect classified national security information and controlled unclassified information in accordance with DOD policy falls under what security program?

INFOSEC - Information Security 

500

This verification process requires individuals to identify and for a system to then verify they are who they say they are is known as what?

Authentication.


BONUS (100 points) - After an account has been verified a user now has what to access the network?

500

This team member of the incident response team will know the laws and regulations that organizations must follow when it comes to computer forensics and incident response.

Legal advisor

500

Network admins use this to divide their network into segments referenced as what for protection?

Zones or security zones

500

This document created by every organization will define team member roles and responsibilities, incident categories, and will identify how/when users are supposed to report potential security incidents.

Incident Response Plan

500

This provides a starting point for all future assessment by measuring a system's current state of security readiness.

Baseline

500

This security program is for the protection of three goals, the CIA Triad.

COMPUSEC (Computer security)

BONUS (100 points): What does the CIA acronym stand for?

600

This type of social engineering preys on curiosity and greed by having a user to perform some action or download malware by tricking users. 

Baiting. What is another example of how someone can bait the user?

600

Within the third party process we can leave information systems vulnerable to explotation or carelessness by granting what two types of access?

Virtual and physical
600

This type of network access control will utilize software that is installed on the clients. From there it authenticates the client to the NAC before scanning and allowing network access.

Agent-Based

Bonus (100 points): This type of network access control does not require the software to be installed on a client.

600

This final step of the Software Development Life Cycle phase involves users providing feedback to developers and for any problems that were reported to be fixed.

Maintenance.

600

What is placed in the private or intranet zone?

Local area network

600

If an incident occurs and during the initial identification it cannot be determined what caused it what category of event would you utilize until cause is determined?

CAT 8: Investigating 

600

After an initial baseline is complete on a system future baselines can measure and look for what after changes are made?

Deviations

600

This is the use of coding systems to encrypt and decrypt information

Cryptography 

BONUS (100 points): The scient of breaking that coding system is known as what?

700

What are three different types of social engineering?

Phishing, baiting, spear phishing, whaling 

700

This focuses on an incident, group of incidents or network activity or on a foreign individual, group, or organization identified as a threat or potential threat to the DoD network.

Network Intelligence Report (NIR)

700

This type of Network Access Control will run a scan for current status of the system but does not remain installed on the system.

Dissolvable Agent.  

BONUS (100 Points): This type of Network access control is permanent and will continuously monitor the system it is installed on.


700

Under the CIA triad of confidentiality what is an example of how the confidentiality of information is maintained?

Access control/permissions. Encryption. Steganography. 

700

This zone is not controlled by the admin and contains the internet.

Public zone

700

Within the incident response team this member will ensure all team members known their role when a security incident occurs as well as building relationships with outside resources that may be called upon

Team Leader
700

By providing this benefit within configuration management we ensure that we can easily provision and add more resources to our running application by knowing a good state of our service.

Easier scaling

700

This provides measures designed to protect intentional transmissions from interception and explotation by means other than crypto analysis

TRANSEC, Transmission Security

800

Type of computer virus that is able to replicate itself without user activation.

Worm

800

Utilizing items like cloud computing relies on a third party. What does that third party need to do as a prerequisite when considering cloud computing?

Securing data

800

Utilizing a combination of two or more authentication factors is known as what?

Multifactor authentication

800

This type of threat is prevented by disabling booting from a secondary drive.

Boot sequence threat. 

800

By implementing permissions of files and folders allows a network admin to do what?

Secure the network


BONUS (100 pts): Permissions can be done via what type of list?

800

While completing the incident analysis steps what must be done FIRST?

Gathering information by all involved personnel.

800

This benefit of configuration management allows us to go back to the state of our software before the change.

Disaster Recovery

800

This is the copper cabling engineering principle for meticulously separating cryptographic system signals containing sensitive plain text info from encrypted signals

Red/black separation

900

This type of computer virus is installed on system software and will allow software to act normally until a pre-defined event occurs.

Logic bomb

900

What is the network security solution that allows control of access based on predefined conditions that systems much meet prior to being granted onto a network. An example of a predefined condition is scanning a system for operating system updates before allowing it onto a network.

Network access control (NAC)

900

This type of Software Development Life Cycle is not receptive to customer feedback as backtracking is not permitted through the steps.

Waterfall.

900

Vulnerabilities occur when we fail to use the proper system for what type of transmissions?

Intentional transmissions

900

This is a type of firewall that controls outbound communication and provides security, privacy and web filtering.

Proxy server

900

This is a series of analytical steps taken to find out what happened in an incident to include the root cause of the incident or event.

Incident Analysis or Root Cause Analysis

900

When utilizing configuration management by doing this action it can lead to poor performance, inconsistencies or noncompliance of systems

Misconfigurations

900

What is an example of safeguard for COMSEC physical security?

Physical barriers, limiting COMSEC access, storing COMSEC in a GSA approved safe.

1000

This malicious software is hidden on your computer and will collect your data to be sent to a hacker.

Spyware

1000

This is a middleman providing to the end user a product or service to support the mission set of an organization. 

Third Party

1000

By disabling this action in your browser you are preventing cross-site request forgery prevention.

Remember me

1000

By doing this during application security you are ensuring that no keyboard characters can leave room for manipulation by hackers and also ensuring that when data is entered into an application the desired result happens.

Input validation. 

1000

On a new fire this type of rule is set to deny all traffic unless otherwise specified?

Default rule

1000

During the Incident Handling Process in the Preliminary Response process step you have contained the incident/threat, begin chain of custody docs and what else must be done to allow for further incident analysis?

Preserve the data

1000

There are several benefits to using configuration management tools to include disaster recovery, uptime/site reliability and what?

Easier scaling

1000

The purpose of this security program is to reduce mission vulnerabilities by eliminating or reducing an adversaries collection of critical information

OPSEC (Operations Security)

M
e
n
u