What is open-source information that can be pieced together by an adversary to derive critical information?

With utilizing the log on of users authenticating to the network once and having access to multiple servers versus one without needing to reauthenticate if the account is compromised a hacker can now access multiple servers. What type of log on is this known as?

Every electronic device emits what to some degree? It can also radiate strongly enough to interfere with or compromise comms.

This zone is where you should place any servers that need to be reached by the public such as your SMTP or DNS servers

This incident category is used practice and prepare for a response to an incident. (Both category number and name)

Process of converting data into an unreadable format

This type of attack or threat is by someone gaining unauthorized or illegitimate access is known as what?

The intentional deception to unlawfully deprive the USAF of something of value or for an individual to secure an unentitled benefit is what?

Presenting information about yourself to a system by utilizing username or a smartcard is known as what?

DOD computers have USB ports disabled to prevent what? (Two part answer!)

What is an example of a hardware firewall?

This is considered to be any observable occurrence in a system or network. It sometimes provides indication that an incident is occurring. 

This references how often your service is up.

This security program can have vulnerabilities that can lead to compromising emanations.

An attack against a specific individual that utilizes messaging that appeals to that person.

This ensures that transmitted data has not been altered in transit. Can be done by hashing, digital signature, digital certificate or nonrepudiation.

This AAA protocol utilizes Transmission Control Protocol for a more reliable and secure communication service.

What action should be done for server room floors for theft prevention?

This is an assessed occurrence on the network that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system.

Creating passwords you should do these items (list one item)

This level of classified information if disclosed can lead to exceptionally grave damage to national security and requires the highest degree of protection.

Within social engineering by targeting this individual the hacker is trying to get a higher payoff. What type of social engineering would this be?

The core security discipline within information protection that is designed to identify and protect classified national security information and controlled unclassified information in accordance with DOD policy falls under what security program?

This verification process requires individuals to identify and for a system to then verify they are who they say they are is known as what?

This team member of the incident response team will know the laws and regulations that organizations must follow when it comes to computer forensics and incident response.

Network admins use this to divide their network into segments referenced as what for protection?

This document created by every organization will define team member roles and responsibilities, incident categories, and will identify how/when users are supposed to report potential security incidents.

This provides a starting point for all future assessment by measuring a system's current state of security readiness.

This security program is for the protection of three goals, the CIA Triad.

This type of social engineering preys on curiosity and greed by having a user to perform some action or download malware by tricking users. 

Within the third party process we can leave information systems vulnerable to explotation or carelessness by granting what two types of access?

This type of network access control will utilize software that is installed on the clients. From there it authenticates the client to the NAC before scanning and allowing network access.

This final step of the Software Development Life Cycle phase involves users providing feedback to developers and for any problems that were reported to be fixed.

What is placed in the private or intranet zone?

If an incident occurs and during the initial identification it cannot be determined what caused it what category of event would you utilize until cause is determined?

After an initial baseline is complete on a system future baselines can measure and look for what after changes are made?

This is the use of coding systems to encrypt and decrypt information

What are three different types of social engineering?

This focuses on an incident, group of incidents or network activity or on a foreign individual, group, or organization identified as a threat or potential threat to the DoD network.

This type of Network Access Control will run a scan for current status of the system but does not remain installed on the system.

Under the CIA triad of confidentiality what is an example of how the confidentiality of information is maintained?

This zone is not controlled by the admin and contains the internet.

Within the incident response team this member will ensure all team members known their role when a security incident occurs as well as building relationships with outside resources that may be called upon

By providing this benefit within configuration management we ensure that we can easily provision and add more resources to our running application by knowing a good state of our service.

This provides measures designed to protect intentional transmissions from interception and explotation by means other than crypto analysis

Type of computer virus that is able to replicate itself without user activation.

Utilizing items like cloud computing relies on a third party. What does that third party need to do as a prerequisite when considering cloud computing?

Utilizing a combination of two or more authentication factors is known as what?

This type of threat is prevented by disabling booting from a secondary drive.

By implementing permissions of files and folders allows a network admin to do what?

While completing the incident analysis steps what must be done FIRST?

This benefit of configuration management allows us to go back to the state of our software before the change.

This is the copper cabling engineering principle for meticulously separating cryptographic system signals containing sensitive plain text info from encrypted signals

This type of computer virus is installed on system software and will allow software to act normally until a pre-defined event occurs.

What is the network security solution that allows control of access based on predefined conditions that systems much meet prior to being granted onto a network. An example of a predefined condition is scanning a system for operating system updates before allowing it onto a network.

This type of Software Development Life Cycle is not receptive to customer feedback as backtracking is not permitted through the steps.

Vulnerabilities occur when we fail to use the proper system for what type of transmissions?

This is a type of firewall that controls outbound communication and provides security, privacy and web filtering.

This is a series of analytical steps taken to find out what happened in an incident to include the root cause of the incident or event.

When utilizing configuration management by doing this action it can lead to poor performance, inconsistencies or noncompliance of systems

What is an example of safeguard for COMSEC physical security?