Pretending to be someone or something other than yourself is known as what?
Spoofing
Decryption
This type of authentication factor can include physical tokens, codes sent via text or email.
Something you have
This type of authentication factor can include your password or PIN.
Something you know.
This allows network admins to configure a Windows OS by changing what Windows features are available to users and to manage a system security.
Group Policy Object
This individual is the first user to identify and react to an incident
First responder
What are some examples of good network user habits?
Firewalls, running antivirus and security scans, good password habits, software updates, etc.
This is the easiest way for our adversaries to gain information about military operations
Social media
Vulnerability
What is open-source information that can be pieced together by an adversary to derive critical information?
Indicator
With utilizing the log on of users authenticating to the network once and having access to multiple servers versus one without needing to reauthenticate if the account is compromised a hacker can now access multiple servers. What type of log on is this known as?
Single sign on (SSO)
Every electronic device emits what to some degree? It can also radiate strongly enough to interfere with or compromise comms.
Electromagnetic interference (EMI)
This zone is where you should place any servers that need to be reached by the public such as your SMTP or DNS servers
DMZ - Demilitarized zone
This incident category is used practice and prepare for a response to an incident. (Both category number and name)
CAT 0: Training/Exercise
Cyber hygiene
Process of converting data into an unreadable format
Encryption
This type of attack or threat is by someone gaining unauthorized or illegitimate access is known as what?
Outside Attack.
BONUS (100 Points): This type of action is used in outside attacks and is turns compromised computers into robots to be used by attackers.
The intentional deception to unlawfully deprive the USAF of something of value or for an individual to secure an unentitled benefit is what?
Fraud, Waste and Abuse (FWA)
Presenting information about yourself to a system by utilizing username or a smartcard is known as what?
Identification
DOD computers have USB ports disabled to prevent what? (Two part answer!)
What is an example of a hardware firewall?
Packet filtering, stateful packet inspection, application layer (proxies) or linux.
This is considered to be any observable occurrence in a system or network. It sometimes provides indication that an incident is occurring.
Event
This references how often your service is up.
Site reliability
This security program can have vulnerabilities that can lead to compromising emanations.
TEMPEST - Transient Electromagnetic Pulse Emanation Surveillance Technology.
An attack against a specific individual that utilizes messaging that appeals to that person.
Spear Phishing
This ensures that transmitted data has not been altered in transit. Can be done by hashing, digital signature, digital certificate or nonrepudiation.
Integrity.
This AAA protocol utilizes Transmission Control Protocol for a more reliable and secure communication service.
DIAMETER.
Bonus (100 Points)- Which AAA protocol uses User Datagram Protocol (UDP)?
What action should be done for server room floors for theft prevention?
Controlled access
Software-based firewall.
This is an assessed occurrence on the network that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system.
Incident.
Creating passwords you should do these items (list one item)
Longer (min 12 characters), mix of characters, don't use dictionary words or obvious substitutions and do not use the same password for multiple logins.
This level of classified information if disclosed can lead to exceptionally grave damage to national security and requires the highest degree of protection.
Top Secret
BONUS (100 points) - This level of classified information if disclosed can lead to serious damage to national security and requires a substantial degree of protection.
Within social engineering by targeting this individual the hacker is trying to get a higher payoff. What type of social engineering would this be?
Whaling
The core security discipline within information protection that is designed to identify and protect classified national security information and controlled unclassified information in accordance with DOD policy falls under what security program?
INFOSEC - Information Security
This verification process requires individuals to identify and for a system to then verify they are who they say they are is known as what?
Authentication.
BONUS (100 points) - After an account has been verified a user now has what to access the network?
This team member of the incident response team will know the laws and regulations that organizations must follow when it comes to computer forensics and incident response.
Legal advisor
Network admins use this to divide their network into segments referenced as what for protection?
Zones or security zones
This document created by every organization will define team member roles and responsibilities, incident categories, and will identify how/when users are supposed to report potential security incidents.
Incident Response Plan
This provides a starting point for all future assessment by measuring a system's current state of security readiness.
Baseline
This security program is for the protection of three goals, the CIA Triad.
COMPUSEC (Computer security)
BONUS (100 points): What does the CIA acronym stand for?
This type of social engineering preys on curiosity and greed by having a user to perform some action or download malware by tricking users.
Baiting. What is another example of how someone can bait the user?
Within the third party process we can leave information systems vulnerable to explotation or carelessness by granting what two types of access?
This type of network access control will utilize software that is installed on the clients. From there it authenticates the client to the NAC before scanning and allowing network access.
Agent-Based
Bonus (100 points): This type of network access control does not require the software to be installed on a client.
This final step of the Software Development Life Cycle phase involves users providing feedback to developers and for any problems that were reported to be fixed.
Maintenance.
What is placed in the private or intranet zone?
Local area network
If an incident occurs and during the initial identification it cannot be determined what caused it what category of event would you utilize until cause is determined?
CAT 8: Investigating
After an initial baseline is complete on a system future baselines can measure and look for what after changes are made?
Deviations
This is the use of coding systems to encrypt and decrypt information
Cryptography
BONUS (100 points): The scient of breaking that coding system is known as what?
What are three different types of social engineering?
Phishing, baiting, spear phishing, whaling
This focuses on an incident, group of incidents or network activity or on a foreign individual, group, or organization identified as a threat or potential threat to the DoD network.
Network Intelligence Report (NIR)
This type of Network Access Control will run a scan for current status of the system but does not remain installed on the system.
Dissolvable Agent.
BONUS (100 Points): This type of Network access control is permanent and will continuously monitor the system it is installed on.
Under the CIA triad of confidentiality what is an example of how the confidentiality of information is maintained?
Access control/permissions. Encryption. Steganography.
This zone is not controlled by the admin and contains the internet.
Public zone
Within the incident response team this member will ensure all team members known their role when a security incident occurs as well as building relationships with outside resources that may be called upon
By providing this benefit within configuration management we ensure that we can easily provision and add more resources to our running application by knowing a good state of our service.
Easier scaling
This provides measures designed to protect intentional transmissions from interception and explotation by means other than crypto analysis
TRANSEC, Transmission Security
Type of computer virus that is able to replicate itself without user activation.
Worm
Utilizing items like cloud computing relies on a third party. What does that third party need to do as a prerequisite when considering cloud computing?
Securing data
Utilizing a combination of two or more authentication factors is known as what?
Multifactor authentication
This type of threat is prevented by disabling booting from a secondary drive.
Boot sequence threat.
By implementing permissions of files and folders allows a network admin to do what?
Secure the network
BONUS (100 pts): Permissions can be done via what type of list?
While completing the incident analysis steps what must be done FIRST?
Gathering information by all involved personnel.
This benefit of configuration management allows us to go back to the state of our software before the change.
Disaster Recovery
This is the copper cabling engineering principle for meticulously separating cryptographic system signals containing sensitive plain text info from encrypted signals
Red/black separation
This type of computer virus is installed on system software and will allow software to act normally until a pre-defined event occurs.
Logic bomb
What is the network security solution that allows control of access based on predefined conditions that systems much meet prior to being granted onto a network. An example of a predefined condition is scanning a system for operating system updates before allowing it onto a network.
Network access control (NAC)
This type of Software Development Life Cycle is not receptive to customer feedback as backtracking is not permitted through the steps.
Waterfall.
Vulnerabilities occur when we fail to use the proper system for what type of transmissions?
Intentional transmissions
This is a type of firewall that controls outbound communication and provides security, privacy and web filtering.
Proxy server
This is a series of analytical steps taken to find out what happened in an incident to include the root cause of the incident or event.
Incident Analysis or Root Cause Analysis
When utilizing configuration management by doing this action it can lead to poor performance, inconsistencies or noncompliance of systems
Misconfigurations
What is an example of safeguard for COMSEC physical security?
Physical barriers, limiting COMSEC access, storing COMSEC in a GSA approved safe.
This malicious software is hidden on your computer and will collect your data to be sent to a hacker.
Spyware
This is a middleman providing to the end user a product or service to support the mission set of an organization.
Third Party
By disabling this action in your browser you are preventing cross-site request forgery prevention.
Remember me
By doing this during application security you are ensuring that no keyboard characters can leave room for manipulation by hackers and also ensuring that when data is entered into an application the desired result happens.
Input validation.
On a new fire this type of rule is set to deny all traffic unless otherwise specified?
Default rule
During the Incident Handling Process in the Preliminary Response process step you have contained the incident/threat, begin chain of custody docs and what else must be done to allow for further incident analysis?
Preserve the data
There are several benefits to using configuration management tools to include disaster recovery, uptime/site reliability and what?
Easier scaling
The purpose of this security program is to reduce mission vulnerabilities by eliminating or reducing an adversaries collection of critical information
OPSEC (Operations Security)