Casey Neville
Quiz por , criado more than 1 year ago

QUESTIONS FROM THE STUDENT GUIDES

1799
3
0
Casey Neville
Criado por Casey Neville mais de 2 anos atrás
Fechar

CYBER Quiz

Questão 1 de 76

1

What regulations will DoD follow for cybersecurity policy? Select the best answer.

Selecione uma das seguintes:

  • DIACAP

  • DoD 8500 Series

  • DCID 6/3

  • DoD 6500 Series

Explicação

Questão 2 de 76

1

What policy partnerships has DoD developed to standardize cybersecurity and protect the unique
requirements of DoD missions and warfighters? Select the best answer.

Selecione uma das seguintes:

  • CNSS and NIST

  • Tier 1, Tier 2, and Tier 3

  • DIACAP and RMF

  • Platform, Process, and Organization

Explicação

Questão 3 de 76

1

What factors do organizations need to take into account when implementing a holistic approach
to organizational risk management? Select all that apply.

Selecione uma ou mais das seguintes:

  • Strategic Goals and Objectives

  • Relationships between mission/business process

  • Supporting Information Systems

  • Organizational culture and infrastructure

Explicação

Questão 4 de 76

1

PIT systems refer to: Select the best answer.

Selecione uma das seguintes:

  • Priority Information Technology

  • Proprietary Information Technology

  • Platform Information Technology

  • Process Information Technology

Explicação

Questão 5 de 76

1

What broad groups does DoD use to categorize information technology? Choose the best answer.

Selecione uma das seguintes:

  • Information Systems and PIT

  • Information Systems and Products

  • PIT and Services

  • (a) and (b )

  • (b) and (c )

Explicação

Questão 6 de 76

1

In what Step of the Risk Management Framework is continuous monitoring employed? Select the
best answer.

Selecione uma das seguintes:

  • Step 1

  • Step 4

  • Step 5

  • Step 6

Explicação

Questão 7 de 76

1

Match the following Steps of the Risk Management Framework to "Step 1 Categorize System"

Selecione uma das seguintes:

  • Register System with DoD

  • Common Control Identification

  • Implement Control Solutions

  • Develop & Approve Security Assessment
    Plan

  • AO Conducts Final Risk Determination

  • Determine Impact of changes to the system
    & environment

Explicação

Questão 8 de 76

1

Match the following Steps of the Risk Management Framework to "Step 2 Select Security Controls"

Selecione uma das seguintes:

  • Register System with DoD

  • Common Control Identification

  • Implement Control Solutions

  • Develop & Approve Security Assessment
    Plan

  • AO Conducts Final Risk Determination

  • Determine Impact of changes to the system
    & environment

Explicação

Questão 9 de 76

1

Match the following Steps of the Risk Management Framework to "Step 3 Implement Security Controls"

Selecione uma das seguintes:

  • Register System with DoD

  • Common Control Identification

  • Implement Control Solutions

  • Develop & Approve Security Assessment
    Plan

  • AO Conducts Final Risk Determination

  • Determine Impact of changes to the system
    & environment

Explicação

Questão 10 de 76

1

Match the following Steps of the Risk Management Framework to "Step 4 Assess Security Controls"

Selecione uma das seguintes:

  • Register System with DoD

  • Common Control Identification

  • Implement Control Solutions

  • Develop & Approve Security Assessment
    Plan

  • AO Conducts Final Risk Determination

  • Determine Impact of changes to the system
    & environment

Explicação

Questão 11 de 76

1

Match the following Steps of the Risk Management Framework to "Step 5 Authorize System"

Selecione uma das seguintes:

  • Register System with DoD

  • Common Control Identification

  • Implement Control Solutions

  • Develop & Approve Security Assessment
    Plan

  • AO Conducts Final Risk Determination

  • Determine Impact of changes to the system
    & environment

Explicação

Questão 12 de 76

1

Match the following Steps of the Risk Management Framework to "Step 6 Monitor Security Controls Activities"

Selecione uma das seguintes:

  • Register System with DoD

  • Common Control Identification

  • Implement Control Solutions

  • Develop & Approve Security Assessment
    Plan

  • AO Conducts Final Risk Determination

  • Determine Impact of changes to the system
    & environment

Explicação

Questão 13 de 76

1

What activities occur in Step 4 of the Risk Management Framework (RMF), Assess Security Controls?

Selecione uma das seguintes:

  • Conduct final risk determination

  • Prepare the Plan of Action and Milestones (POA&M)

  • Prepare Security Assessment Report (SAR)

  • All of the above

Explicação

Questão 14 de 76

1

Select ALL of the correct responses. What is included in the security authorization package?

Selecione uma ou mais das seguintes:

  • Plan of Action and Milestones (POA&M)

  • Security Assessment Report (SAR)

  • Security Plan

  • None of the above

Explicação

Questão 15 de 76

1

Select ALL of the correct responses. What does the information owner do when determining the impact of changes?

Selecione uma ou mais das seguintes:

  • Document in SAR for the AO to review

  • Provide written and signed report

  • Reports significant changes in the security posture of the system

  • Continuously monitors the system or information environment

  • Periodically assesses the quality of the security controls

Explicação

Questão 16 de 76

1

Select ALL of the correct responses. What types and levels of vulnerabilities should you consider?

Selecione uma ou mais das seguintes:

  • Information system level

  • Physical security

  • Mission/business process level

  • People

  • Organization level

  • None of the above

Explicação

Questão 17 de 76

1

Confidentiality, integrity, availability, authentication, and non-repudiation are all attributes of cybersecurity.

Selecione uma das seguintes:

  • True

  • False

Explicação

Questão 18 de 76

1

What Risk Management Framework (RMF) step is designed to assess risk?

Selecione uma das seguintes:

  • Implement Security Controls

  • Categorize System

  • Authorize System

  • Assess Security Controls

Explicação

Questão 19 de 76

1

What is the last step in the Risk Management Framework (RMF)?

Selecione uma das seguintes:

  • Implement Security Controls

  • Authorize System

  • Assess Security Controls

  • Categorize System

  • Select Security Controls

  • Monitor Security Controls

Explicação

Questão 20 de 76

1

Where is the implementation of security controls documented?

Selecione uma das seguintes:

  • DoD architectures and standards

  • System Security Plan (SSP)

  • Security Technical Implementation Guide (STIG)

  • Security Requirements Guide (SRG)

Explicação

Questão 21 de 76

1

Why do you need to be aware of cybersecurity?

Selecione uma das seguintes:

  • To account for and eliminate all risk

  • To appropriately manage risk by mitigating threats and vulnerabilities

  • To ensure all appropriate measures are taken to protect a designated space and ensure only people with permission enter and leave it

  • To uphold all elements of the National Industrial Security Program Operating Manual

Explicação

Questão 22 de 76

1

Select ALL of the correct responses. What are all cybersecurity attributes susceptible to?

Selecione uma ou mais das seguintes:

  • Disclosure

  • Authorization

  • Vulnerabilities

  • Threats

Explicação

Questão 23 de 76

1

Which steps of the Risk Management Framework (RMF) are designed to evaluate risk?

Selecione uma ou mais das seguintes:

  • Monitor Security Controls

  • Authorize System

  • Assess Security Controls

  • None of the above

  • All of the above

Explicação

Questão 24 de 76

1

Evaluation ensures that new risks arising from changes are noticed and assessed.

Selecione uma das seguintes:

  • True

  • False

Explicação

Questão 25 de 76

1

Select ALL of the correct responses. Which policies and DoD regulations set our cybersecurity standards?

Selecione uma ou mais das seguintes:

  • DoD 8530.01, Cybersecurity Activities Support to DoD Information Network Operations

  • DoDI 8510.01, Risk Management Framework for DoD Information Technology

  • DoDI 8500.01, Cybersecurity

  • None of the above

Explicação

Questão 26 de 76

1

Which of the following are areas within cybersecurity?

Selecione uma das seguintes:

  • Procedural security

  • Physical security

  • Personnel security

  • All of the above

Explicação

Questão 27 de 76

1

Adversarial threats are

Selecione uma das seguintes:

  • natural or man-made disasters, unusual natural events, or an infrastructure failure or outage.

  • unintentional threats made by a single user or privileged user or administrator when performing their everyday responsibilities.

  • from individual, group, organization, or nation-state seeking to exploit the organization's dependence on cyber resources.

  • failures of equipment, environmental controls, or software due to aging, resource depletion, or other circumstances.

Explicação

Questão 28 de 76

1

Select ALL of the correct responses. Security personnel need to have which of the following skills?

Selecione uma ou mais das seguintes:

  • New Technology and Equipment

  • System Categorization

  • Training Others

  • Compilation and Data Aggregation

Explicação

Questão 29 de 76

1

Which of the following provides an overarching methodology to follow when managing cybersecurity risks?

Selecione uma das seguintes:

  • Security Assessment Report (SAR)

  • Risk Management System

  • Security Technical Implementation Guide (STIG)

  • Department of Defense Security Skill Standard

Explicação

Questão 30 de 76

1

Engagement and collaboration between security, information technology, and cybersecurity personnel should be proactive and continuous.

Selecione uma das seguintes:

  • True

  • False

Explicação

Questão 31 de 76

1

What are the cybersecurity attributes?

Selecione uma ou mais das seguintes:

  • Confidentiality

  • Integrity

  • Availability

  • Authentication

  • Non-repudiation

Explicação

Questão 32 de 76

1

What is the primary responsibility of security personnel?

Selecione uma das seguintes:

  • Direct the operation of and assure the security of the global DoD network

  • Coordinate all DoD network operations

  • Protect classified information and controlled unclassified information from unauthorized disclosure

  • Monitor, evaluate, and provide advice to the Secretary of Defense

Explicação

Questão 33 de 76

1

Why do you need to be aware of cybersecurity?

Selecione uma das seguintes:

  • To uphold all elements of the national Security Program Operating Manual.

  • To appropriately manage risk by mitigating threats and vulnerabilities.

  • To examine your own actions and activities to uphold personal accountability

  • To ensure all appropriate measures are taken to protect a place and ensure only people with permission enter and leave it.

Explicação

Questão 34 de 76

1

What is Security personnel’s primary skill in relationship to cybersecurity?

Selecione uma das seguintes:

  • Analyze

  • Manage Risk

  • Execute Training

  • Respond to Incidents

Explicação

Questão 35 de 76

1

What are the components of the Risk Management System?

Selecione uma ou mais das seguintes:

  • Revision

  • Mitigation

  • Assessment

  • Evaluation

Explicação

Questão 36 de 76

1

What are the cybersecurity drivers?

Selecione uma ou mais das seguintes:

  • NIST 800-30 Rev 1, Guide for conducting Risk Assessments

  • DoD 8530.01, Cybersecurity Activities Support to DoD Information Network Operations

  • DoD 8510.01, Risk Management Framework

  • DoD 8500.01, Cybersecurity

  • DoD Security Policy

Explicação

Questão 37 de 76

1

What are the steps in the Risk Management Framework (RMF)?

Selecione uma ou mais das seguintes:

  • Monitor Security Controls

  • Categorize System

  • Authorize System

  • Assess Security Controls

  • Select Security Controls

  • Implement Security Controls

Explicação

Questão 38 de 76

1

Which skills do security personnel need?

Selecione uma ou mais das seguintes:

  • Protect information systems

  • Identify all cybersecurity concepts

  • Identify fundamentals cybersecurity concepts that are related to the protection of classified and controlled unclassified information.

  • Examine their role in protecting DoD’s information systems and the information they process, transmit, and store.

Explicação

Questão 39 de 76

1

What threat environments should you consider?

Selecione uma ou mais das seguintes:

  • Adversarial

  • Environmental

  • Structural

  • Accidental

Explicação

Questão 40 de 76

1

Which of the following are the activities that occur when performing RMF Step 2, Select Security Controls?

Selecione uma ou mais das seguintes:

  • Common Control Identification

  • Monitoring Strategy

  • Security Baseline and Overlay Selection

  • Security Plan Review Approval

Explicação

Questão 41 de 76

1

What activities occur during implementation of security controls?

Selecione uma ou mais das seguintes:

  • Create appropriate training and communication plans

  • Ensure consistency with DoD architectures

  • Document security control implementation in the security plan

  • Identify Security controls available for inheritance

Explicação

Questão 42 de 76

1

What should you look for when assessing vulnerabilities?

Selecione uma ou mais das seguintes:

  • Residual Risk

  • Ease

  • Likelihood

  • Related Threats

  • Rewards

Explicação

Questão 43 de 76

1

Which steps of the RMF are designed to mitigate risk?

Selecione uma ou mais das seguintes:

  • Assess Security Controls

  • Monitor Security Controls

  • Select Security Controls

  • Authorize System

  • Implement Security Controls

  • Categorize System

Explicação

Questão 44 de 76

1

Which steps of the RMF are designed to evaluate risk?

Selecione uma ou mais das seguintes:

  • Select Security Controls

  • Assess Security Controls

  • Monitor Security Controls

  • Authorize System

  • Categorize System

  • Implement Security Controls

Explicação

Questão 45 de 76

1

What activities occur when assessing security controls?

Selecione uma ou mais das seguintes:

  • Prepare the Plan of Action and Milestones (POA&M)

  • Conduct final risk determination

  • Develop, plan, and approve Security Assessment Plan

  • Prepare Security Assessment Report (SAR)

Explicação

Questão 46 de 76

1

Select ALL of the correct responses. Which of the following forms the basis for remediation actions?

Selecione uma ou mais das seguintes:

  • Ongoing monitoring activities

  • Outstanding items in the Plan of Action and Milestones (POA&M)

  • Risk assessment

  • Authorizing Official (AO) report

Explicação

Questão 47 de 76

1

What activities occur when authorizing the system?

Selecione uma ou mais das seguintes:

  • Implement decommissioning strategy

  • Develop, review, and approve Security Assessment Plan

  • Prepare the Plan of Action and Milestones (POA&M)

  • Submit security authorization package

Explicação

Questão 48 de 76

1

Which of the following are areas within cybersecurity?

Selecione uma das seguintes:

  • Procedural security

  • Physical security

  • Personnel security

  • All of the above

Explicação

Questão 49 de 76

1

What activities occur when monitoring security controls?

Selecione uma ou mais das seguintes:

  • Prepare the Plan of Action and Milestones

  • Develop, review, and approve Security Assessment Plan

  • Implement decommissioning strategy

  • Determine impact of changes

Explicação

Questão 50 de 76

1

Select ALL of the correct responses. What are the DoD cybersecurity policies?

Selecione uma ou mais das seguintes:

  • Operational Resilience

  • Risk Management

  • Performance

  • Identity Assurance

  • Mission Partners

Explicação

Questão 51 de 76

1

Select ALL of the correct responses. Which of the following are cybersecurity skill standards needed by security personnel?

Selecione uma ou mais das seguintes:

  • Conduct assessment and evaluation of all IT systems

  • Identify and manage all cybersecurity concepts

  • Explain their role in protecting DoD's information systems

  • Identify fundamental cybersecurity concepts that are related to the protection of classified and controlled unclassified information

Explicação

Questão 52 de 76

1

After you complete a risk management system component, you should constantly reassess as you deploy new solutions.

Selecione uma das seguintes:

  • True

  • False

Explicação

Questão 53 de 76

1

Confidentiality is the only attribute susceptible to threats and vulnerabilities.

Selecione uma das seguintes:

  • True

  • False

Explicação

Questão 54 de 76

1

Cybersecurity is important so that risk is eliminated.

Selecione uma das seguintes:

  • True

  • False

Explicação

Questão 55 de 76

1

Categorize System is the RMF step designed to assess risk.

Selecione uma das seguintes:

  • True

  • False

Explicação

Questão 56 de 76

1

Who prepares the Security Assessment Report (SAR)?

Selecione uma das seguintes:

  • USCYBERCOM

  • Security Controls Assessor (SCA)

  • Security Personnel

  • DoD CIO

Explicação

Questão 57 de 76

1

Select ALL of the correct responses. What are the attributes of cybersecurity?

Selecione uma ou mais das seguintes:

  • Confidentiality

  • Non-repudiation

  • Authentication

  • Integrity

  • Availability

  • Authorization

Explicação

Questão 58 de 76

1

Select ALL of the correct responses. When performing risk assessment, security personnel do which of the following?

Selecione uma ou mais das seguintes:

  • Identify countermeasures to eliminate risk

  • Identify and evaluate risks, impacts, and countermeasures

  • Determine the extent of threat

Explicação

Questão 59 de 76

1

How do security personnel protect classified information and controlled unclassified information?

Selecione uma das seguintes:

  • Minimize vulnerabilities

  • Manage threats

  • Respond to incidents swiftly and appropriately

  • All of the above

Explicação

Questão 60 de 76

1

Select ALL of the correct responses. Which steps of the Risk Management Framework (RMF) are designed to evaluate risk?

Selecione uma ou mais das seguintes:

  • Authorize System

  • Implement Security Controls

  • Assess Security Controls

  • Categorize System

  • Monitor Security Controls

  • Select Security Controls

Explicação

Questão 61 de 76

1

Which role monitors, evaluates, and provides advice?

Selecione uma das seguintes:

  • Security personnel

  • US Cyber Command (USCYBERCOM)

  • DoD Chief Information Officer (CIO)

  • Authorizing Official (AO)

Explicação

Questão 62 de 76

1

Which policies and DoD regulations set our cybersecurity standards?

Selecione uma das seguintes:

  • DoDI 8500.01, Cybersecurity

  • DoDI 8510.01, Risk Management Framework for DoD Information Technology

  • NIST 800-30 Rev 1, Guide for Conducting Risk Assessments

  • All of the above

Explicação

Questão 63 de 76

1

Select ALL of the correct responses. Which activities occur during Step 2, Select Security Controls?

Selecione uma ou mais das seguintes:

  • Security Plan Review and Approval

  • Unique Control Identification

  • Security Plan Creation

  • Monitoring Strategy

  • Common Control Identification

Explicação

Questão 64 de 76

1

Select ALL of the correct responses. Impact levels are used to perform which of the following?

Selecione uma ou mais das seguintes:

  • Overlay selection

  • Document the security plan

  • Security baseline

Explicação

Questão 65 de 76

1

When mitigating risk, what are your options?

Selecione uma das seguintes:

  • Limitation

  • Acceptance

  • Avoidance

  • All of the above

Explicação

Questão 66 de 76

1

What are the implied skills of security personnel?

Selecione uma das seguintes:

  • Counsel stakeholders on security-related concerns

  • Execute security awareness training

  • Analysis

  • All of the above

Explicação

Questão 67 de 76

1

Security controls should not consider legacy security plans.

Selecione uma das seguintes:

  • True

  • False

Explicação

Questão 68 de 76

1

What evolving threats are attempts by hackers to damage or destroy a computer network or system?

Selecione uma das seguintes:

  • Insider Threat

  • Social Media

  • Cyber Attack

  • Mobile Computing

Explicação

Questão 69 de 76

1

Select ALL of the correct responses. What are the Risk Management Framework (RMF) steps designed to mitigate risk?

Selecione uma ou mais das seguintes:

  • Assess Security Controls

  • Implement Security Controls

  • Categorize System

  • Select Security Control

Explicação

Questão 70 de 76

1

Who is responsible for final review and authorization?

Selecione uma das seguintes:

  • Security Controls Assessor (SCA)

  • Chief Information Officer (CIO)

  • Security personnel

  • Authorizing Official (AO)

Explicação

Questão 71 de 76

1

Select Security Controls is the only Risk Management Framework (RMF) step designed to mitigate risk.

Selecione uma das seguintes:

  • True

  • False

Explicação

Questão 72 de 76

1

The risk management system provides an overarching methodology to follow when managing cybersecurity risks.

Selecione uma das seguintes:

  • True

  • False

Explicação

Questão 73 de 76

1

Select ALL of the correct responses. What should you look for when assessing vulnerabilities?

Selecione uma ou mais das seguintes:

  • Related threats

  • Rewards

  • Residual risk

  • Likelihood

  • Ease

Explicação

Questão 74 de 76

1

Security personnel must be able to identify all cybersecurity concepts.

Selecione uma das seguintes:

  • True

  • False

Explicação

Questão 75 de 76

1

Vulnerabilities are weaknesses that could be exploited to gain unauthorized access to information on an information system.

Selecione uma das seguintes:

  • True

  • False

Explicação

Questão 76 de 76

1

In which step of the Risk Management Framework (RMF) would you implement the decommissioning strategy?

Selecione uma das seguintes:

  • Step 3 - Implement security controls

  • Step 4 – Assess security controls

  • Step 5 – Authorize system

  • Step 6 – Monitor security controls

Explicação