RESPONSIBILITIES
MANAGEMENT
PROGRAM & POLICY
THREATS
AUTHENICATION
100


Who responsibility is it to report lost/stolen flash drive?

Lesson 4.1.1

User responsibilities 

100

What confidentiality impact level can cause severe or catastrophic adverse effect on organizational operations, assets, individuals, organizations, or the national security interests of the U.S.

Lesson 4.1.2

High

100

What is the purpose of Patch Management Process?

Lesson 4.1.5

systematic notification, identification, deployment, installation, and verification of operating system and application software code revision

100

what NAVY preferred method is used for destruction both classified and unclassified hard drives?

Lesson 4.1.7

Shipping to the NSA

100

Which area is jeopardized by failure to comply with vulnerability reporting?

Lesson 4.1.3

ATO

200

T/F 48 hours is the timeframe which must be set to detect multiple attempts to use removable media within DLP? Lesson 4.1.1

True

200


Which activity must ISSMs track and report to leadership to ensure proper reports

Lesson 4.1.2

CTO Compliance 

200

Defined this process, user authentication to the network using DOD PKI certificates on a hardware token

Lesson 5.1.2

CLO

200

NESSUS is a component of what scanning software?

Lesson 4.1.4

ACAS

200

eMASS consume outputs from external vendor scanning tools and maps results to information systems through what application?

Lesson 7.1.1

Asset manager

300


Which personnel are responsible for monitoring sites, or site groups to ensure the security posture of the networks are being maintained
Lesson 4.1.2

Staff Users

300

Locked out status occurs on a system when you are unable to verify what type of updates?

Lesson 4.1.11

Antivirus signatures

300

What broad scope of activities designed IS plan should be utilized to sustain and recover critical system services following an emergency event

Lesson 4.1.8

IS contingency planning

300

What tier includes buses, posts, camps, and stations managing and controlling information networks, ISs, and services, either deployed or fixed at DoD installations?

Lesson 6.1.1

Tier III

300

Describe Risk Management

Lesson 4.1.8

applies framework across all continuity efforts to identify and assess potential hazards, determine what levels of risk are acceptable, and prioritize and allocate resources among organizations

400

What is the periodicity required to maintain antivirus definitions?

Lesson 4.1.11

7 days

400

DOD PKI supports escrow and recovery of private keys associated with encryption certificates. This is consider what type of service?

Lesson 5.1.1

Key recovery

400

T/F Risk assessment addresses the likelihood and magnitude of harm resulting from the unauthorized access, use, disclosure, disruption, modification, or destruction of the IS

Lesson 4.1.5

True 

400

What is purpose of Host-based application blocking

Lesson 4.1.10

system prevents applications from executing pieces of code and from crossing in to the memory space of another running program

400

T/F. MAC Address must be included in the Systems Security Plan diagrams.

Lesson 7.1.2

False

500

What application shows an attack that generated an alert including a description of the attack, the user/client computer where the attack occurred, the attack, and time/date of intercept?

Lesson 4.1.10

Intrusion detection alerts

500

What procedures ensures that the reporting, identification, investigation of violations of DTA are documented?

Lesson 4.1.9

Training and incident handling

500

Assist with the handling of incidents and provides fixes to mitigate the operational and/or technical impact of an incident is what designed action?

Lesson 6.1.1

Technical reporting

500

Inspects user actions regarding sensitive content in their work environment is what layer of defense?

Lesson 4.1.6

Data loss prevention

500

What is the PURPOSE of SOVT

Lesson 4.1.4

To ensure asset compliance, commands must make sure system baselines are maintained and that they comply with SPAWAR baseline instructions contained in the