Casey Neville
Quiz by , created more than 1 year ago

QUESTIONS FROM THE STUDENT GUIDES

1798
3
0
Casey Neville
Created by Casey Neville over 2 years ago
Close

CYBER Quiz

Question 1 of 76

1

What regulations will DoD follow for cybersecurity policy? Select the best answer.

Select one of the following:

  • DIACAP

  • DoD 8500 Series

  • DCID 6/3

  • DoD 6500 Series

Explanation

Question 2 of 76

1

What policy partnerships has DoD developed to standardize cybersecurity and protect the unique
requirements of DoD missions and warfighters? Select the best answer.

Select one of the following:

  • CNSS and NIST

  • Tier 1, Tier 2, and Tier 3

  • DIACAP and RMF

  • Platform, Process, and Organization

Explanation

Question 3 of 76

1

What factors do organizations need to take into account when implementing a holistic approach
to organizational risk management? Select all that apply.

Select one or more of the following:

  • Strategic Goals and Objectives

  • Relationships between mission/business process

  • Supporting Information Systems

  • Organizational culture and infrastructure

Explanation

Question 4 of 76

1

PIT systems refer to: Select the best answer.

Select one of the following:

  • Priority Information Technology

  • Proprietary Information Technology

  • Platform Information Technology

  • Process Information Technology

Explanation

Question 5 of 76

1

What broad groups does DoD use to categorize information technology? Choose the best answer.

Select one of the following:

  • Information Systems and PIT

  • Information Systems and Products

  • PIT and Services

  • (a) and (b )

  • (b) and (c )

Explanation

Question 6 of 76

1

In what Step of the Risk Management Framework is continuous monitoring employed? Select the
best answer.

Select one of the following:

  • Step 1

  • Step 4

  • Step 5

  • Step 6

Explanation

Question 7 of 76

1

Match the following Steps of the Risk Management Framework to "Step 1 Categorize System"

Select one of the following:

  • Register System with DoD

  • Common Control Identification

  • Implement Control Solutions

  • Develop & Approve Security Assessment
    Plan

  • AO Conducts Final Risk Determination

  • Determine Impact of changes to the system
    & environment

Explanation

Question 8 of 76

1

Match the following Steps of the Risk Management Framework to "Step 2 Select Security Controls"

Select one of the following:

  • Register System with DoD

  • Common Control Identification

  • Implement Control Solutions

  • Develop & Approve Security Assessment
    Plan

  • AO Conducts Final Risk Determination

  • Determine Impact of changes to the system
    & environment

Explanation

Question 9 of 76

1

Match the following Steps of the Risk Management Framework to "Step 3 Implement Security Controls"

Select one of the following:

  • Register System with DoD

  • Common Control Identification

  • Implement Control Solutions

  • Develop & Approve Security Assessment
    Plan

  • AO Conducts Final Risk Determination

  • Determine Impact of changes to the system
    & environment

Explanation

Question 10 of 76

1

Match the following Steps of the Risk Management Framework to "Step 4 Assess Security Controls"

Select one of the following:

  • Register System with DoD

  • Common Control Identification

  • Implement Control Solutions

  • Develop & Approve Security Assessment
    Plan

  • AO Conducts Final Risk Determination

  • Determine Impact of changes to the system
    & environment

Explanation

Question 11 of 76

1

Match the following Steps of the Risk Management Framework to "Step 5 Authorize System"

Select one of the following:

  • Register System with DoD

  • Common Control Identification

  • Implement Control Solutions

  • Develop & Approve Security Assessment
    Plan

  • AO Conducts Final Risk Determination

  • Determine Impact of changes to the system
    & environment

Explanation

Question 12 of 76

1

Match the following Steps of the Risk Management Framework to "Step 6 Monitor Security Controls Activities"

Select one of the following:

  • Register System with DoD

  • Common Control Identification

  • Implement Control Solutions

  • Develop & Approve Security Assessment
    Plan

  • AO Conducts Final Risk Determination

  • Determine Impact of changes to the system
    & environment

Explanation

Question 13 of 76

1

What activities occur in Step 4 of the Risk Management Framework (RMF), Assess Security Controls?

Select one of the following:

  • Conduct final risk determination

  • Prepare the Plan of Action and Milestones (POA&M)

  • Prepare Security Assessment Report (SAR)

  • All of the above

Explanation

Question 14 of 76

1

Select ALL of the correct responses. What is included in the security authorization package?

Select one or more of the following:

  • Plan of Action and Milestones (POA&M)

  • Security Assessment Report (SAR)

  • Security Plan

  • None of the above

Explanation

Question 15 of 76

1

Select ALL of the correct responses. What does the information owner do when determining the impact of changes?

Select one or more of the following:

  • Document in SAR for the AO to review

  • Provide written and signed report

  • Reports significant changes in the security posture of the system

  • Continuously monitors the system or information environment

  • Periodically assesses the quality of the security controls

Explanation

Question 16 of 76

1

Select ALL of the correct responses. What types and levels of vulnerabilities should you consider?

Select one or more of the following:

  • Information system level

  • Physical security

  • Mission/business process level

  • People

  • Organization level

  • None of the above

Explanation

Question 17 of 76

1

Confidentiality, integrity, availability, authentication, and non-repudiation are all attributes of cybersecurity.

Select one of the following:

  • True

  • False

Explanation

Question 18 of 76

1

What Risk Management Framework (RMF) step is designed to assess risk?

Select one of the following:

  • Implement Security Controls

  • Categorize System

  • Authorize System

  • Assess Security Controls

Explanation

Question 19 of 76

1

What is the last step in the Risk Management Framework (RMF)?

Select one of the following:

  • Implement Security Controls

  • Authorize System

  • Assess Security Controls

  • Categorize System

  • Select Security Controls

  • Monitor Security Controls

Explanation

Question 20 of 76

1

Where is the implementation of security controls documented?

Select one of the following:

  • DoD architectures and standards

  • System Security Plan (SSP)

  • Security Technical Implementation Guide (STIG)

  • Security Requirements Guide (SRG)

Explanation

Question 21 of 76

1

Why do you need to be aware of cybersecurity?

Select one of the following:

  • To account for and eliminate all risk

  • To appropriately manage risk by mitigating threats and vulnerabilities

  • To ensure all appropriate measures are taken to protect a designated space and ensure only people with permission enter and leave it

  • To uphold all elements of the National Industrial Security Program Operating Manual

Explanation

Question 22 of 76

1

Select ALL of the correct responses. What are all cybersecurity attributes susceptible to?

Select one or more of the following:

  • Disclosure

  • Authorization

  • Vulnerabilities

  • Threats

Explanation

Question 23 of 76

1

Which steps of the Risk Management Framework (RMF) are designed to evaluate risk?

Select one or more of the following:

  • Monitor Security Controls

  • Authorize System

  • Assess Security Controls

  • None of the above

  • All of the above

Explanation

Question 24 of 76

1

Evaluation ensures that new risks arising from changes are noticed and assessed.

Select one of the following:

  • True

  • False

Explanation

Question 25 of 76

1

Select ALL of the correct responses. Which policies and DoD regulations set our cybersecurity standards?

Select one or more of the following:

  • DoD 8530.01, Cybersecurity Activities Support to DoD Information Network Operations

  • DoDI 8510.01, Risk Management Framework for DoD Information Technology

  • DoDI 8500.01, Cybersecurity

  • None of the above

Explanation

Question 26 of 76

1

Which of the following are areas within cybersecurity?

Select one of the following:

  • Procedural security

  • Physical security

  • Personnel security

  • All of the above

Explanation

Question 27 of 76

1

Adversarial threats are

Select one of the following:

  • natural or man-made disasters, unusual natural events, or an infrastructure failure or outage.

  • unintentional threats made by a single user or privileged user or administrator when performing their everyday responsibilities.

  • from individual, group, organization, or nation-state seeking to exploit the organization's dependence on cyber resources.

  • failures of equipment, environmental controls, or software due to aging, resource depletion, or other circumstances.

Explanation

Question 28 of 76

1

Select ALL of the correct responses. Security personnel need to have which of the following skills?

Select one or more of the following:

  • New Technology and Equipment

  • System Categorization

  • Training Others

  • Compilation and Data Aggregation

Explanation

Question 29 of 76

1

Which of the following provides an overarching methodology to follow when managing cybersecurity risks?

Select one of the following:

  • Security Assessment Report (SAR)

  • Risk Management System

  • Security Technical Implementation Guide (STIG)

  • Department of Defense Security Skill Standard

Explanation

Question 30 of 76

1

Engagement and collaboration between security, information technology, and cybersecurity personnel should be proactive and continuous.

Select one of the following:

  • True

  • False

Explanation

Question 31 of 76

1

What are the cybersecurity attributes?

Select one or more of the following:

  • Confidentiality

  • Integrity

  • Availability

  • Authentication

  • Non-repudiation

Explanation

Question 32 of 76

1

What is the primary responsibility of security personnel?

Select one of the following:

  • Direct the operation of and assure the security of the global DoD network

  • Coordinate all DoD network operations

  • Protect classified information and controlled unclassified information from unauthorized disclosure

  • Monitor, evaluate, and provide advice to the Secretary of Defense

Explanation

Question 33 of 76

1

Why do you need to be aware of cybersecurity?

Select one of the following:

  • To uphold all elements of the national Security Program Operating Manual.

  • To appropriately manage risk by mitigating threats and vulnerabilities.

  • To examine your own actions and activities to uphold personal accountability

  • To ensure all appropriate measures are taken to protect a place and ensure only people with permission enter and leave it.

Explanation

Question 34 of 76

1

What is Security personnel’s primary skill in relationship to cybersecurity?

Select one of the following:

  • Analyze

  • Manage Risk

  • Execute Training

  • Respond to Incidents

Explanation

Question 35 of 76

1

What are the components of the Risk Management System?

Select one or more of the following:

  • Revision

  • Mitigation

  • Assessment

  • Evaluation

Explanation

Question 36 of 76

1

What are the cybersecurity drivers?

Select one or more of the following:

  • NIST 800-30 Rev 1, Guide for conducting Risk Assessments

  • DoD 8530.01, Cybersecurity Activities Support to DoD Information Network Operations

  • DoD 8510.01, Risk Management Framework

  • DoD 8500.01, Cybersecurity

  • DoD Security Policy

Explanation

Question 37 of 76

1

What are the steps in the Risk Management Framework (RMF)?

Select one or more of the following:

  • Monitor Security Controls

  • Categorize System

  • Authorize System

  • Assess Security Controls

  • Select Security Controls

  • Implement Security Controls

Explanation

Question 38 of 76

1

Which skills do security personnel need?

Select one or more of the following:

  • Protect information systems

  • Identify all cybersecurity concepts

  • Identify fundamentals cybersecurity concepts that are related to the protection of classified and controlled unclassified information.

  • Examine their role in protecting DoD’s information systems and the information they process, transmit, and store.

Explanation

Question 39 of 76

1

What threat environments should you consider?

Select one or more of the following:

  • Adversarial

  • Environmental

  • Structural

  • Accidental

Explanation

Question 40 of 76

1

Which of the following are the activities that occur when performing RMF Step 2, Select Security Controls?

Select one or more of the following:

  • Common Control Identification

  • Monitoring Strategy

  • Security Baseline and Overlay Selection

  • Security Plan Review Approval

Explanation

Question 41 of 76

1

What activities occur during implementation of security controls?

Select one or more of the following:

  • Create appropriate training and communication plans

  • Ensure consistency with DoD architectures

  • Document security control implementation in the security plan

  • Identify Security controls available for inheritance

Explanation

Question 42 of 76

1

What should you look for when assessing vulnerabilities?

Select one or more of the following:

  • Residual Risk

  • Ease

  • Likelihood

  • Related Threats

  • Rewards

Explanation

Question 43 of 76

1

Which steps of the RMF are designed to mitigate risk?

Select one or more of the following:

  • Assess Security Controls

  • Monitor Security Controls

  • Select Security Controls

  • Authorize System

  • Implement Security Controls

  • Categorize System

Explanation

Question 44 of 76

1

Which steps of the RMF are designed to evaluate risk?

Select one or more of the following:

  • Select Security Controls

  • Assess Security Controls

  • Monitor Security Controls

  • Authorize System

  • Categorize System

  • Implement Security Controls

Explanation

Question 45 of 76

1

What activities occur when assessing security controls?

Select one or more of the following:

  • Prepare the Plan of Action and Milestones (POA&M)

  • Conduct final risk determination

  • Develop, plan, and approve Security Assessment Plan

  • Prepare Security Assessment Report (SAR)

Explanation

Question 46 of 76

1

Select ALL of the correct responses. Which of the following forms the basis for remediation actions?

Select one or more of the following:

  • Ongoing monitoring activities

  • Outstanding items in the Plan of Action and Milestones (POA&M)

  • Risk assessment

  • Authorizing Official (AO) report

Explanation

Question 47 of 76

1

What activities occur when authorizing the system?

Select one or more of the following:

  • Implement decommissioning strategy

  • Develop, review, and approve Security Assessment Plan

  • Prepare the Plan of Action and Milestones (POA&M)

  • Submit security authorization package

Explanation

Question 48 of 76

1

Which of the following are areas within cybersecurity?

Select one of the following:

  • Procedural security

  • Physical security

  • Personnel security

  • All of the above

Explanation

Question 49 of 76

1

What activities occur when monitoring security controls?

Select one or more of the following:

  • Prepare the Plan of Action and Milestones

  • Develop, review, and approve Security Assessment Plan

  • Implement decommissioning strategy

  • Determine impact of changes

Explanation

Question 50 of 76

1

Select ALL of the correct responses. What are the DoD cybersecurity policies?

Select one or more of the following:

  • Operational Resilience

  • Risk Management

  • Performance

  • Identity Assurance

  • Mission Partners

Explanation

Question 51 of 76

1

Select ALL of the correct responses. Which of the following are cybersecurity skill standards needed by security personnel?

Select one or more of the following:

  • Conduct assessment and evaluation of all IT systems

  • Identify and manage all cybersecurity concepts

  • Explain their role in protecting DoD's information systems

  • Identify fundamental cybersecurity concepts that are related to the protection of classified and controlled unclassified information

Explanation

Question 52 of 76

1

After you complete a risk management system component, you should constantly reassess as you deploy new solutions.

Select one of the following:

  • True

  • False

Explanation

Question 53 of 76

1

Confidentiality is the only attribute susceptible to threats and vulnerabilities.

Select one of the following:

  • True

  • False

Explanation

Question 54 of 76

1

Cybersecurity is important so that risk is eliminated.

Select one of the following:

  • True

  • False

Explanation

Question 55 of 76

1

Categorize System is the RMF step designed to assess risk.

Select one of the following:

  • True

  • False

Explanation

Question 56 of 76

1

Who prepares the Security Assessment Report (SAR)?

Select one of the following:

  • USCYBERCOM

  • Security Controls Assessor (SCA)

  • Security Personnel

  • DoD CIO

Explanation

Question 57 of 76

1

Select ALL of the correct responses. What are the attributes of cybersecurity?

Select one or more of the following:

  • Confidentiality

  • Non-repudiation

  • Authentication

  • Integrity

  • Availability

  • Authorization

Explanation

Question 58 of 76

1

Select ALL of the correct responses. When performing risk assessment, security personnel do which of the following?

Select one or more of the following:

  • Identify countermeasures to eliminate risk

  • Identify and evaluate risks, impacts, and countermeasures

  • Determine the extent of threat

Explanation

Question 59 of 76

1

How do security personnel protect classified information and controlled unclassified information?

Select one of the following:

  • Minimize vulnerabilities

  • Manage threats

  • Respond to incidents swiftly and appropriately

  • All of the above

Explanation

Question 60 of 76

1

Select ALL of the correct responses. Which steps of the Risk Management Framework (RMF) are designed to evaluate risk?

Select one or more of the following:

  • Authorize System

  • Implement Security Controls

  • Assess Security Controls

  • Categorize System

  • Monitor Security Controls

  • Select Security Controls

Explanation

Question 61 of 76

1

Which role monitors, evaluates, and provides advice?

Select one of the following:

  • Security personnel

  • US Cyber Command (USCYBERCOM)

  • DoD Chief Information Officer (CIO)

  • Authorizing Official (AO)

Explanation

Question 62 of 76

1

Which policies and DoD regulations set our cybersecurity standards?

Select one of the following:

  • DoDI 8500.01, Cybersecurity

  • DoDI 8510.01, Risk Management Framework for DoD Information Technology

  • NIST 800-30 Rev 1, Guide for Conducting Risk Assessments

  • All of the above

Explanation

Question 63 of 76

1

Select ALL of the correct responses. Which activities occur during Step 2, Select Security Controls?

Select one or more of the following:

  • Security Plan Review and Approval

  • Unique Control Identification

  • Security Plan Creation

  • Monitoring Strategy

  • Common Control Identification

Explanation

Question 64 of 76

1

Select ALL of the correct responses. Impact levels are used to perform which of the following?

Select one or more of the following:

  • Overlay selection

  • Document the security plan

  • Security baseline

Explanation

Question 65 of 76

1

When mitigating risk, what are your options?

Select one of the following:

  • Limitation

  • Acceptance

  • Avoidance

  • All of the above

Explanation

Question 66 of 76

1

What are the implied skills of security personnel?

Select one of the following:

  • Counsel stakeholders on security-related concerns

  • Execute security awareness training

  • Analysis

  • All of the above

Explanation

Question 67 of 76

1

Security controls should not consider legacy security plans.

Select one of the following:

  • True

  • False

Explanation

Question 68 of 76

1

What evolving threats are attempts by hackers to damage or destroy a computer network or system?

Select one of the following:

  • Insider Threat

  • Social Media

  • Cyber Attack

  • Mobile Computing

Explanation

Question 69 of 76

1

Select ALL of the correct responses. What are the Risk Management Framework (RMF) steps designed to mitigate risk?

Select one or more of the following:

  • Assess Security Controls

  • Implement Security Controls

  • Categorize System

  • Select Security Control

Explanation

Question 70 of 76

1

Who is responsible for final review and authorization?

Select one of the following:

  • Security Controls Assessor (SCA)

  • Chief Information Officer (CIO)

  • Security personnel

  • Authorizing Official (AO)

Explanation

Question 71 of 76

1

Select Security Controls is the only Risk Management Framework (RMF) step designed to mitigate risk.

Select one of the following:

  • True

  • False

Explanation

Question 72 of 76

1

The risk management system provides an overarching methodology to follow when managing cybersecurity risks.

Select one of the following:

  • True

  • False

Explanation

Question 73 of 76

1

Select ALL of the correct responses. What should you look for when assessing vulnerabilities?

Select one or more of the following:

  • Related threats

  • Rewards

  • Residual risk

  • Likelihood

  • Ease

Explanation

Question 74 of 76

1

Security personnel must be able to identify all cybersecurity concepts.

Select one of the following:

  • True

  • False

Explanation

Question 75 of 76

1

Vulnerabilities are weaknesses that could be exploited to gain unauthorized access to information on an information system.

Select one of the following:

  • True

  • False

Explanation

Question 76 of 76

1

In which step of the Risk Management Framework (RMF) would you implement the decommissioning strategy?

Select one of the following:

  • Step 3 - Implement security controls

  • Step 4 – Assess security controls

  • Step 5 – Authorize system

  • Step 6 – Monitor security controls

Explanation