Casey Neville
Quiz von , erstellt am more than 1 year ago

QUESTIONS FROM THE STUDENT GUIDES

1799
3
0
Casey Neville
Erstellt von Casey Neville vor mehr als 2 Jahre
Schließen

CYBER Quiz

Frage 1 von 76

1

What regulations will DoD follow for cybersecurity policy? Select the best answer.

Wähle eine der folgenden:

  • DIACAP

  • DoD 8500 Series

  • DCID 6/3

  • DoD 6500 Series

Erklärung

Frage 2 von 76

1

What policy partnerships has DoD developed to standardize cybersecurity and protect the unique
requirements of DoD missions and warfighters? Select the best answer.

Wähle eine der folgenden:

  • CNSS and NIST

  • Tier 1, Tier 2, and Tier 3

  • DIACAP and RMF

  • Platform, Process, and Organization

Erklärung

Frage 3 von 76

1

What factors do organizations need to take into account when implementing a holistic approach
to organizational risk management? Select all that apply.

Wähle eine oder mehr der folgenden:

  • Strategic Goals and Objectives

  • Relationships between mission/business process

  • Supporting Information Systems

  • Organizational culture and infrastructure

Erklärung

Frage 4 von 76

1

PIT systems refer to: Select the best answer.

Wähle eine der folgenden:

  • Priority Information Technology

  • Proprietary Information Technology

  • Platform Information Technology

  • Process Information Technology

Erklärung

Frage 5 von 76

1

What broad groups does DoD use to categorize information technology? Choose the best answer.

Wähle eine der folgenden:

  • Information Systems and PIT

  • Information Systems and Products

  • PIT and Services

  • (a) and (b )

  • (b) and (c )

Erklärung

Frage 6 von 76

1

In what Step of the Risk Management Framework is continuous monitoring employed? Select the
best answer.

Wähle eine der folgenden:

  • Step 1

  • Step 4

  • Step 5

  • Step 6

Erklärung

Frage 7 von 76

1

Match the following Steps of the Risk Management Framework to "Step 1 Categorize System"

Wähle eine der folgenden:

  • Register System with DoD

  • Common Control Identification

  • Implement Control Solutions

  • Develop & Approve Security Assessment
    Plan

  • AO Conducts Final Risk Determination

  • Determine Impact of changes to the system
    & environment

Erklärung

Frage 8 von 76

1

Match the following Steps of the Risk Management Framework to "Step 2 Select Security Controls"

Wähle eine der folgenden:

  • Register System with DoD

  • Common Control Identification

  • Implement Control Solutions

  • Develop & Approve Security Assessment
    Plan

  • AO Conducts Final Risk Determination

  • Determine Impact of changes to the system
    & environment

Erklärung

Frage 9 von 76

1

Match the following Steps of the Risk Management Framework to "Step 3 Implement Security Controls"

Wähle eine der folgenden:

  • Register System with DoD

  • Common Control Identification

  • Implement Control Solutions

  • Develop & Approve Security Assessment
    Plan

  • AO Conducts Final Risk Determination

  • Determine Impact of changes to the system
    & environment

Erklärung

Frage 10 von 76

1

Match the following Steps of the Risk Management Framework to "Step 4 Assess Security Controls"

Wähle eine der folgenden:

  • Register System with DoD

  • Common Control Identification

  • Implement Control Solutions

  • Develop & Approve Security Assessment
    Plan

  • AO Conducts Final Risk Determination

  • Determine Impact of changes to the system
    & environment

Erklärung

Frage 11 von 76

1

Match the following Steps of the Risk Management Framework to "Step 5 Authorize System"

Wähle eine der folgenden:

  • Register System with DoD

  • Common Control Identification

  • Implement Control Solutions

  • Develop & Approve Security Assessment
    Plan

  • AO Conducts Final Risk Determination

  • Determine Impact of changes to the system
    & environment

Erklärung

Frage 12 von 76

1

Match the following Steps of the Risk Management Framework to "Step 6 Monitor Security Controls Activities"

Wähle eine der folgenden:

  • Register System with DoD

  • Common Control Identification

  • Implement Control Solutions

  • Develop & Approve Security Assessment
    Plan

  • AO Conducts Final Risk Determination

  • Determine Impact of changes to the system
    & environment

Erklärung

Frage 13 von 76

1

What activities occur in Step 4 of the Risk Management Framework (RMF), Assess Security Controls?

Wähle eine der folgenden:

  • Conduct final risk determination

  • Prepare the Plan of Action and Milestones (POA&M)

  • Prepare Security Assessment Report (SAR)

  • All of the above

Erklärung

Frage 14 von 76

1

Select ALL of the correct responses. What is included in the security authorization package?

Wähle eine oder mehr der folgenden:

  • Plan of Action and Milestones (POA&M)

  • Security Assessment Report (SAR)

  • Security Plan

  • None of the above

Erklärung

Frage 15 von 76

1

Select ALL of the correct responses. What does the information owner do when determining the impact of changes?

Wähle eine oder mehr der folgenden:

  • Document in SAR for the AO to review

  • Provide written and signed report

  • Reports significant changes in the security posture of the system

  • Continuously monitors the system or information environment

  • Periodically assesses the quality of the security controls

Erklärung

Frage 16 von 76

1

Select ALL of the correct responses. What types and levels of vulnerabilities should you consider?

Wähle eine oder mehr der folgenden:

  • Information system level

  • Physical security

  • Mission/business process level

  • People

  • Organization level

  • None of the above

Erklärung

Frage 17 von 76

1

Confidentiality, integrity, availability, authentication, and non-repudiation are all attributes of cybersecurity.

Wähle eine der folgenden:

  • True

  • False

Erklärung

Frage 18 von 76

1

What Risk Management Framework (RMF) step is designed to assess risk?

Wähle eine der folgenden:

  • Implement Security Controls

  • Categorize System

  • Authorize System

  • Assess Security Controls

Erklärung

Frage 19 von 76

1

What is the last step in the Risk Management Framework (RMF)?

Wähle eine der folgenden:

  • Implement Security Controls

  • Authorize System

  • Assess Security Controls

  • Categorize System

  • Select Security Controls

  • Monitor Security Controls

Erklärung

Frage 20 von 76

1

Where is the implementation of security controls documented?

Wähle eine der folgenden:

  • DoD architectures and standards

  • System Security Plan (SSP)

  • Security Technical Implementation Guide (STIG)

  • Security Requirements Guide (SRG)

Erklärung

Frage 21 von 76

1

Why do you need to be aware of cybersecurity?

Wähle eine der folgenden:

  • To account for and eliminate all risk

  • To appropriately manage risk by mitigating threats and vulnerabilities

  • To ensure all appropriate measures are taken to protect a designated space and ensure only people with permission enter and leave it

  • To uphold all elements of the National Industrial Security Program Operating Manual

Erklärung

Frage 22 von 76

1

Select ALL of the correct responses. What are all cybersecurity attributes susceptible to?

Wähle eine oder mehr der folgenden:

  • Disclosure

  • Authorization

  • Vulnerabilities

  • Threats

Erklärung

Frage 23 von 76

1

Which steps of the Risk Management Framework (RMF) are designed to evaluate risk?

Wähle eine oder mehr der folgenden:

  • Monitor Security Controls

  • Authorize System

  • Assess Security Controls

  • None of the above

  • All of the above

Erklärung

Frage 24 von 76

1

Evaluation ensures that new risks arising from changes are noticed and assessed.

Wähle eine der folgenden:

  • True

  • False

Erklärung

Frage 25 von 76

1

Select ALL of the correct responses. Which policies and DoD regulations set our cybersecurity standards?

Wähle eine oder mehr der folgenden:

  • DoD 8530.01, Cybersecurity Activities Support to DoD Information Network Operations

  • DoDI 8510.01, Risk Management Framework for DoD Information Technology

  • DoDI 8500.01, Cybersecurity

  • None of the above

Erklärung

Frage 26 von 76

1

Which of the following are areas within cybersecurity?

Wähle eine der folgenden:

  • Procedural security

  • Physical security

  • Personnel security

  • All of the above

Erklärung

Frage 27 von 76

1

Adversarial threats are

Wähle eine der folgenden:

  • natural or man-made disasters, unusual natural events, or an infrastructure failure or outage.

  • unintentional threats made by a single user or privileged user or administrator when performing their everyday responsibilities.

  • from individual, group, organization, or nation-state seeking to exploit the organization's dependence on cyber resources.

  • failures of equipment, environmental controls, or software due to aging, resource depletion, or other circumstances.

Erklärung

Frage 28 von 76

1

Select ALL of the correct responses. Security personnel need to have which of the following skills?

Wähle eine oder mehr der folgenden:

  • New Technology and Equipment

  • System Categorization

  • Training Others

  • Compilation and Data Aggregation

Erklärung

Frage 29 von 76

1

Which of the following provides an overarching methodology to follow when managing cybersecurity risks?

Wähle eine der folgenden:

  • Security Assessment Report (SAR)

  • Risk Management System

  • Security Technical Implementation Guide (STIG)

  • Department of Defense Security Skill Standard

Erklärung

Frage 30 von 76

1

Engagement and collaboration between security, information technology, and cybersecurity personnel should be proactive and continuous.

Wähle eine der folgenden:

  • True

  • False

Erklärung

Frage 31 von 76

1

What are the cybersecurity attributes?

Wähle eine oder mehr der folgenden:

  • Confidentiality

  • Integrity

  • Availability

  • Authentication

  • Non-repudiation

Erklärung

Frage 32 von 76

1

What is the primary responsibility of security personnel?

Wähle eine der folgenden:

  • Direct the operation of and assure the security of the global DoD network

  • Coordinate all DoD network operations

  • Protect classified information and controlled unclassified information from unauthorized disclosure

  • Monitor, evaluate, and provide advice to the Secretary of Defense

Erklärung

Frage 33 von 76

1

Why do you need to be aware of cybersecurity?

Wähle eine der folgenden:

  • To uphold all elements of the national Security Program Operating Manual.

  • To appropriately manage risk by mitigating threats and vulnerabilities.

  • To examine your own actions and activities to uphold personal accountability

  • To ensure all appropriate measures are taken to protect a place and ensure only people with permission enter and leave it.

Erklärung

Frage 34 von 76

1

What is Security personnel’s primary skill in relationship to cybersecurity?

Wähle eine der folgenden:

  • Analyze

  • Manage Risk

  • Execute Training

  • Respond to Incidents

Erklärung

Frage 35 von 76

1

What are the components of the Risk Management System?

Wähle eine oder mehr der folgenden:

  • Revision

  • Mitigation

  • Assessment

  • Evaluation

Erklärung

Frage 36 von 76

1

What are the cybersecurity drivers?

Wähle eine oder mehr der folgenden:

  • NIST 800-30 Rev 1, Guide for conducting Risk Assessments

  • DoD 8530.01, Cybersecurity Activities Support to DoD Information Network Operations

  • DoD 8510.01, Risk Management Framework

  • DoD 8500.01, Cybersecurity

  • DoD Security Policy

Erklärung

Frage 37 von 76

1

What are the steps in the Risk Management Framework (RMF)?

Wähle eine oder mehr der folgenden:

  • Monitor Security Controls

  • Categorize System

  • Authorize System

  • Assess Security Controls

  • Select Security Controls

  • Implement Security Controls

Erklärung

Frage 38 von 76

1

Which skills do security personnel need?

Wähle eine oder mehr der folgenden:

  • Protect information systems

  • Identify all cybersecurity concepts

  • Identify fundamentals cybersecurity concepts that are related to the protection of classified and controlled unclassified information.

  • Examine their role in protecting DoD’s information systems and the information they process, transmit, and store.

Erklärung

Frage 39 von 76

1

What threat environments should you consider?

Wähle eine oder mehr der folgenden:

  • Adversarial

  • Environmental

  • Structural

  • Accidental

Erklärung

Frage 40 von 76

1

Which of the following are the activities that occur when performing RMF Step 2, Select Security Controls?

Wähle eine oder mehr der folgenden:

  • Common Control Identification

  • Monitoring Strategy

  • Security Baseline and Overlay Selection

  • Security Plan Review Approval

Erklärung

Frage 41 von 76

1

What activities occur during implementation of security controls?

Wähle eine oder mehr der folgenden:

  • Create appropriate training and communication plans

  • Ensure consistency with DoD architectures

  • Document security control implementation in the security plan

  • Identify Security controls available for inheritance

Erklärung

Frage 42 von 76

1

What should you look for when assessing vulnerabilities?

Wähle eine oder mehr der folgenden:

  • Residual Risk

  • Ease

  • Likelihood

  • Related Threats

  • Rewards

Erklärung

Frage 43 von 76

1

Which steps of the RMF are designed to mitigate risk?

Wähle eine oder mehr der folgenden:

  • Assess Security Controls

  • Monitor Security Controls

  • Select Security Controls

  • Authorize System

  • Implement Security Controls

  • Categorize System

Erklärung

Frage 44 von 76

1

Which steps of the RMF are designed to evaluate risk?

Wähle eine oder mehr der folgenden:

  • Select Security Controls

  • Assess Security Controls

  • Monitor Security Controls

  • Authorize System

  • Categorize System

  • Implement Security Controls

Erklärung

Frage 45 von 76

1

What activities occur when assessing security controls?

Wähle eine oder mehr der folgenden:

  • Prepare the Plan of Action and Milestones (POA&M)

  • Conduct final risk determination

  • Develop, plan, and approve Security Assessment Plan

  • Prepare Security Assessment Report (SAR)

Erklärung

Frage 46 von 76

1

Select ALL of the correct responses. Which of the following forms the basis for remediation actions?

Wähle eine oder mehr der folgenden:

  • Ongoing monitoring activities

  • Outstanding items in the Plan of Action and Milestones (POA&M)

  • Risk assessment

  • Authorizing Official (AO) report

Erklärung

Frage 47 von 76

1

What activities occur when authorizing the system?

Wähle eine oder mehr der folgenden:

  • Implement decommissioning strategy

  • Develop, review, and approve Security Assessment Plan

  • Prepare the Plan of Action and Milestones (POA&M)

  • Submit security authorization package

Erklärung

Frage 48 von 76

1

Which of the following are areas within cybersecurity?

Wähle eine der folgenden:

  • Procedural security

  • Physical security

  • Personnel security

  • All of the above

Erklärung

Frage 49 von 76

1

What activities occur when monitoring security controls?

Wähle eine oder mehr der folgenden:

  • Prepare the Plan of Action and Milestones

  • Develop, review, and approve Security Assessment Plan

  • Implement decommissioning strategy

  • Determine impact of changes

Erklärung

Frage 50 von 76

1

Select ALL of the correct responses. What are the DoD cybersecurity policies?

Wähle eine oder mehr der folgenden:

  • Operational Resilience

  • Risk Management

  • Performance

  • Identity Assurance

  • Mission Partners

Erklärung

Frage 51 von 76

1

Select ALL of the correct responses. Which of the following are cybersecurity skill standards needed by security personnel?

Wähle eine oder mehr der folgenden:

  • Conduct assessment and evaluation of all IT systems

  • Identify and manage all cybersecurity concepts

  • Explain their role in protecting DoD's information systems

  • Identify fundamental cybersecurity concepts that are related to the protection of classified and controlled unclassified information

Erklärung

Frage 52 von 76

1

After you complete a risk management system component, you should constantly reassess as you deploy new solutions.

Wähle eine der folgenden:

  • True

  • False

Erklärung

Frage 53 von 76

1

Confidentiality is the only attribute susceptible to threats and vulnerabilities.

Wähle eine der folgenden:

  • True

  • False

Erklärung

Frage 54 von 76

1

Cybersecurity is important so that risk is eliminated.

Wähle eine der folgenden:

  • True

  • False

Erklärung

Frage 55 von 76

1

Categorize System is the RMF step designed to assess risk.

Wähle eine der folgenden:

  • True

  • False

Erklärung

Frage 56 von 76

1

Who prepares the Security Assessment Report (SAR)?

Wähle eine der folgenden:

  • USCYBERCOM

  • Security Controls Assessor (SCA)

  • Security Personnel

  • DoD CIO

Erklärung

Frage 57 von 76

1

Select ALL of the correct responses. What are the attributes of cybersecurity?

Wähle eine oder mehr der folgenden:

  • Confidentiality

  • Non-repudiation

  • Authentication

  • Integrity

  • Availability

  • Authorization

Erklärung

Frage 58 von 76

1

Select ALL of the correct responses. When performing risk assessment, security personnel do which of the following?

Wähle eine oder mehr der folgenden:

  • Identify countermeasures to eliminate risk

  • Identify and evaluate risks, impacts, and countermeasures

  • Determine the extent of threat

Erklärung

Frage 59 von 76

1

How do security personnel protect classified information and controlled unclassified information?

Wähle eine der folgenden:

  • Minimize vulnerabilities

  • Manage threats

  • Respond to incidents swiftly and appropriately

  • All of the above

Erklärung

Frage 60 von 76

1

Select ALL of the correct responses. Which steps of the Risk Management Framework (RMF) are designed to evaluate risk?

Wähle eine oder mehr der folgenden:

  • Authorize System

  • Implement Security Controls

  • Assess Security Controls

  • Categorize System

  • Monitor Security Controls

  • Select Security Controls

Erklärung

Frage 61 von 76

1

Which role monitors, evaluates, and provides advice?

Wähle eine der folgenden:

  • Security personnel

  • US Cyber Command (USCYBERCOM)

  • DoD Chief Information Officer (CIO)

  • Authorizing Official (AO)

Erklärung

Frage 62 von 76

1

Which policies and DoD regulations set our cybersecurity standards?

Wähle eine der folgenden:

  • DoDI 8500.01, Cybersecurity

  • DoDI 8510.01, Risk Management Framework for DoD Information Technology

  • NIST 800-30 Rev 1, Guide for Conducting Risk Assessments

  • All of the above

Erklärung

Frage 63 von 76

1

Select ALL of the correct responses. Which activities occur during Step 2, Select Security Controls?

Wähle eine oder mehr der folgenden:

  • Security Plan Review and Approval

  • Unique Control Identification

  • Security Plan Creation

  • Monitoring Strategy

  • Common Control Identification

Erklärung

Frage 64 von 76

1

Select ALL of the correct responses. Impact levels are used to perform which of the following?

Wähle eine oder mehr der folgenden:

  • Overlay selection

  • Document the security plan

  • Security baseline

Erklärung

Frage 65 von 76

1

When mitigating risk, what are your options?

Wähle eine der folgenden:

  • Limitation

  • Acceptance

  • Avoidance

  • All of the above

Erklärung

Frage 66 von 76

1

What are the implied skills of security personnel?

Wähle eine der folgenden:

  • Counsel stakeholders on security-related concerns

  • Execute security awareness training

  • Analysis

  • All of the above

Erklärung

Frage 67 von 76

1

Security controls should not consider legacy security plans.

Wähle eine der folgenden:

  • True

  • False

Erklärung

Frage 68 von 76

1

What evolving threats are attempts by hackers to damage or destroy a computer network or system?

Wähle eine der folgenden:

  • Insider Threat

  • Social Media

  • Cyber Attack

  • Mobile Computing

Erklärung

Frage 69 von 76

1

Select ALL of the correct responses. What are the Risk Management Framework (RMF) steps designed to mitigate risk?

Wähle eine oder mehr der folgenden:

  • Assess Security Controls

  • Implement Security Controls

  • Categorize System

  • Select Security Control

Erklärung

Frage 70 von 76

1

Who is responsible for final review and authorization?

Wähle eine der folgenden:

  • Security Controls Assessor (SCA)

  • Chief Information Officer (CIO)

  • Security personnel

  • Authorizing Official (AO)

Erklärung

Frage 71 von 76

1

Select Security Controls is the only Risk Management Framework (RMF) step designed to mitigate risk.

Wähle eine der folgenden:

  • True

  • False

Erklärung

Frage 72 von 76

1

The risk management system provides an overarching methodology to follow when managing cybersecurity risks.

Wähle eine der folgenden:

  • True

  • False

Erklärung

Frage 73 von 76

1

Select ALL of the correct responses. What should you look for when assessing vulnerabilities?

Wähle eine oder mehr der folgenden:

  • Related threats

  • Rewards

  • Residual risk

  • Likelihood

  • Ease

Erklärung

Frage 74 von 76

1

Security personnel must be able to identify all cybersecurity concepts.

Wähle eine der folgenden:

  • True

  • False

Erklärung

Frage 75 von 76

1

Vulnerabilities are weaknesses that could be exploited to gain unauthorized access to information on an information system.

Wähle eine der folgenden:

  • True

  • False

Erklärung

Frage 76 von 76

1

In which step of the Risk Management Framework (RMF) would you implement the decommissioning strategy?

Wähle eine der folgenden:

  • Step 3 - Implement security controls

  • Step 4 – Assess security controls

  • Step 5 – Authorize system

  • Step 6 – Monitor security controls

Erklärung