What regulations will DoD follow for cybersecurity policy? Select the best answer.
DIACAP
DoD 8500 Series
DCID 6/3
DoD 6500 Series
What policy partnerships has DoD developed to standardize cybersecurity and protect the unique requirements of DoD missions and warfighters? Select the best answer.
CNSS and NIST
Tier 1, Tier 2, and Tier 3
DIACAP and RMF
Platform, Process, and Organization
What factors do organizations need to take into account when implementing a holistic approach to organizational risk management? Select all that apply.
Strategic Goals and Objectives
Relationships between mission/business process
Supporting Information Systems
Organizational culture and infrastructure
PIT systems refer to: Select the best answer.
Priority Information Technology
Proprietary Information Technology
Platform Information Technology
Process Information Technology
What broad groups does DoD use to categorize information technology? Choose the best answer.
Information Systems and PIT
Information Systems and Products
PIT and Services
(a) and (b )
(b) and (c )
In what Step of the Risk Management Framework is continuous monitoring employed? Select the best answer.
Step 1
Step 4
Step 5
Step 6
Match the following Steps of the Risk Management Framework to "Step 1 Categorize System"
Register System with DoD
Common Control Identification
Implement Control Solutions
Develop & Approve Security Assessment Plan
AO Conducts Final Risk Determination
Determine Impact of changes to the system & environment
Match the following Steps of the Risk Management Framework to "Step 2 Select Security Controls"
Match the following Steps of the Risk Management Framework to "Step 3 Implement Security Controls"
Match the following Steps of the Risk Management Framework to "Step 4 Assess Security Controls"
Match the following Steps of the Risk Management Framework to "Step 5 Authorize System"
Match the following Steps of the Risk Management Framework to "Step 6 Monitor Security Controls Activities"
What activities occur in Step 4 of the Risk Management Framework (RMF), Assess Security Controls?
Conduct final risk determination
Prepare the Plan of Action and Milestones (POA&M)
Prepare Security Assessment Report (SAR)
All of the above
Select ALL of the correct responses. What is included in the security authorization package?
Plan of Action and Milestones (POA&M)
Security Assessment Report (SAR)
Security Plan
None of the above
Select ALL of the correct responses. What does the information owner do when determining the impact of changes?
Document in SAR for the AO to review
Provide written and signed report
Reports significant changes in the security posture of the system
Continuously monitors the system or information environment
Periodically assesses the quality of the security controls
Select ALL of the correct responses. What types and levels of vulnerabilities should you consider?
Information system level
Physical security
Mission/business process level
People
Organization level
Confidentiality, integrity, availability, authentication, and non-repudiation are all attributes of cybersecurity.
True
False
What Risk Management Framework (RMF) step is designed to assess risk?
Implement Security Controls
Categorize System
Authorize System
Assess Security Controls
What is the last step in the Risk Management Framework (RMF)?
Select Security Controls
Monitor Security Controls
Where is the implementation of security controls documented?
DoD architectures and standards
System Security Plan (SSP)
Security Technical Implementation Guide (STIG)
Security Requirements Guide (SRG)
Why do you need to be aware of cybersecurity?
To account for and eliminate all risk
To appropriately manage risk by mitigating threats and vulnerabilities
To ensure all appropriate measures are taken to protect a designated space and ensure only people with permission enter and leave it
To uphold all elements of the National Industrial Security Program Operating Manual
Select ALL of the correct responses. What are all cybersecurity attributes susceptible to?
Disclosure
Authorization
Vulnerabilities
Threats
Which steps of the Risk Management Framework (RMF) are designed to evaluate risk?
Evaluation ensures that new risks arising from changes are noticed and assessed.
Select ALL of the correct responses. Which policies and DoD regulations set our cybersecurity standards?
DoD 8530.01, Cybersecurity Activities Support to DoD Information Network Operations
DoDI 8510.01, Risk Management Framework for DoD Information Technology
DoDI 8500.01, Cybersecurity
Which of the following are areas within cybersecurity?
Procedural security
Personnel security
Adversarial threats are
natural or man-made disasters, unusual natural events, or an infrastructure failure or outage.
unintentional threats made by a single user or privileged user or administrator when performing their everyday responsibilities.
from individual, group, organization, or nation-state seeking to exploit the organization's dependence on cyber resources.
failures of equipment, environmental controls, or software due to aging, resource depletion, or other circumstances.
Select ALL of the correct responses. Security personnel need to have which of the following skills?
New Technology and Equipment
System Categorization
Training Others
Compilation and Data Aggregation
Which of the following provides an overarching methodology to follow when managing cybersecurity risks?
Risk Management System
Department of Defense Security Skill Standard
Engagement and collaboration between security, information technology, and cybersecurity personnel should be proactive and continuous.
What are the cybersecurity attributes?
Confidentiality
Integrity
Availability
Authentication
Non-repudiation
What is the primary responsibility of security personnel?
Direct the operation of and assure the security of the global DoD network
Coordinate all DoD network operations
Protect classified information and controlled unclassified information from unauthorized disclosure
Monitor, evaluate, and provide advice to the Secretary of Defense
To uphold all elements of the national Security Program Operating Manual.
To appropriately manage risk by mitigating threats and vulnerabilities.
To examine your own actions and activities to uphold personal accountability
To ensure all appropriate measures are taken to protect a place and ensure only people with permission enter and leave it.
What is Security personnel’s primary skill in relationship to cybersecurity?
Analyze
Manage Risk
Execute Training
Respond to Incidents
What are the components of the Risk Management System?
Revision
Mitigation
Assessment
Evaluation
What are the cybersecurity drivers?
NIST 800-30 Rev 1, Guide for conducting Risk Assessments
DoD 8510.01, Risk Management Framework
DoD 8500.01, Cybersecurity
DoD Security Policy
What are the steps in the Risk Management Framework (RMF)?
Which skills do security personnel need?
Protect information systems
Identify all cybersecurity concepts
Identify fundamentals cybersecurity concepts that are related to the protection of classified and controlled unclassified information.
Examine their role in protecting DoD’s information systems and the information they process, transmit, and store.
What threat environments should you consider?
Adversarial
Environmental
Structural
Accidental
Which of the following are the activities that occur when performing RMF Step 2, Select Security Controls?
Monitoring Strategy
Security Baseline and Overlay Selection
Security Plan Review Approval
What activities occur during implementation of security controls?
Create appropriate training and communication plans
Ensure consistency with DoD architectures
Document security control implementation in the security plan
Identify Security controls available for inheritance
What should you look for when assessing vulnerabilities?
Residual Risk
Ease
Likelihood
Related Threats
Rewards
Which steps of the RMF are designed to mitigate risk?
Which steps of the RMF are designed to evaluate risk?
What activities occur when assessing security controls?
Develop, plan, and approve Security Assessment Plan
Select ALL of the correct responses. Which of the following forms the basis for remediation actions?
Ongoing monitoring activities
Outstanding items in the Plan of Action and Milestones (POA&M)
Risk assessment
Authorizing Official (AO) report
What activities occur when authorizing the system?
Implement decommissioning strategy
Develop, review, and approve Security Assessment Plan
Submit security authorization package
What activities occur when monitoring security controls?
Prepare the Plan of Action and Milestones
Determine impact of changes
Select ALL of the correct responses. What are the DoD cybersecurity policies?
Operational Resilience
Risk Management
Performance
Identity Assurance
Mission Partners
Select ALL of the correct responses. Which of the following are cybersecurity skill standards needed by security personnel?
Conduct assessment and evaluation of all IT systems
Identify and manage all cybersecurity concepts
Explain their role in protecting DoD's information systems
Identify fundamental cybersecurity concepts that are related to the protection of classified and controlled unclassified information
After you complete a risk management system component, you should constantly reassess as you deploy new solutions.
Confidentiality is the only attribute susceptible to threats and vulnerabilities.
Cybersecurity is important so that risk is eliminated.
Categorize System is the RMF step designed to assess risk.
Who prepares the Security Assessment Report (SAR)?
USCYBERCOM
Security Controls Assessor (SCA)
Security Personnel
DoD CIO
Select ALL of the correct responses. What are the attributes of cybersecurity?
Select ALL of the correct responses. When performing risk assessment, security personnel do which of the following?
Identify countermeasures to eliminate risk
Identify and evaluate risks, impacts, and countermeasures
Determine the extent of threat
How do security personnel protect classified information and controlled unclassified information?
Minimize vulnerabilities
Manage threats
Respond to incidents swiftly and appropriately
Select ALL of the correct responses. Which steps of the Risk Management Framework (RMF) are designed to evaluate risk?
Which role monitors, evaluates, and provides advice?
Security personnel
US Cyber Command (USCYBERCOM)
DoD Chief Information Officer (CIO)
Authorizing Official (AO)
Which policies and DoD regulations set our cybersecurity standards?
NIST 800-30 Rev 1, Guide for Conducting Risk Assessments
Select ALL of the correct responses. Which activities occur during Step 2, Select Security Controls?
Security Plan Review and Approval
Unique Control Identification
Security Plan Creation
Select ALL of the correct responses. Impact levels are used to perform which of the following?
Overlay selection
Document the security plan
Security baseline
When mitigating risk, what are your options?
Limitation
Acceptance
Avoidance
What are the implied skills of security personnel?
Counsel stakeholders on security-related concerns
Execute security awareness training
Analysis
Security controls should not consider legacy security plans.
What evolving threats are attempts by hackers to damage or destroy a computer network or system?
Insider Threat
Social Media
Cyber Attack
Mobile Computing
Select ALL of the correct responses. What are the Risk Management Framework (RMF) steps designed to mitigate risk?
Select Security Control
Who is responsible for final review and authorization?
Chief Information Officer (CIO)
Select Security Controls is the only Risk Management Framework (RMF) step designed to mitigate risk.
The risk management system provides an overarching methodology to follow when managing cybersecurity risks.
Select ALL of the correct responses. What should you look for when assessing vulnerabilities?
Related threats
Residual risk
Security personnel must be able to identify all cybersecurity concepts.
Vulnerabilities are weaknesses that could be exploited to gain unauthorized access to information on an information system.
In which step of the Risk Management Framework (RMF) would you implement the decommissioning strategy?
Step 3 - Implement security controls
Step 4 – Assess security controls
Step 5 – Authorize system
Step 6 – Monitor security controls
