Busy. Please wait.
or

show password
Forgot Password?

Don't have an account?  Sign up 
or

Username is available taken
show password

why


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
We do not share your email address with others. It is only used to allow you to reset your password. For details read our Privacy Policy and Terms of Service.


Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.

Remove Ads
Don't know
Know
remaining cards
Save
0:01
To flip the current card, click it or press the Spacebar key.  To move the current card to one of the three colored boxes, click on the box.  You may also press the UP ARROW key to move the card to the "Know" box, the DOWN ARROW key to move the card to the "Don't know" box, or the RIGHT ARROW key to move the card to the Remaining box.  You may also click on the card displayed in any of the three boxes to bring that card back to the center.

Pass complete!

"Know" box contains:
Time elapsed:
Retries:
restart all cards




share
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

NSVT Final Test

QuestionAnswer
Addresses severe network vulnerabilities. IAVA
Information Assurance Vulnerability Bulletin, addresses new risks that do not pose immediate threat to the network. IAVB
In mobile device classification, this device consists of small electronic items used for storing, processing, or transmitting information. Portable Electronic Devices (PED)
Developement and Acquisition The system is possibly contracted and constructed according to documented procedures and requirements. Vulnerability Assessment
This vulnerability notification addresses new vulnerabilities that are generally categorized as low risk in DoD. Technical Advisory (TA)
This automated tool can be used by applications to look for evidence of data tampering. Integrity Verification Programs
Security Testing & Evaluation objectives on the system as a whole: Uncover design flaws, adequacy of security mechanisms, & assess the degree of consistency between system documentation and implementation.
You must first gain permission and guidance from these individuals before proceeding to monitor an individual. General Counsel and CO
Combatant commands, Services and Agencies (CC/S/A) ensure individual and organization accountability for implementing this vulnerability program. Information Assurance Vulnerability Management (IAVM)
Operational Stage is seperating into two stages: Maintenance Stage & Operational Stage
This type of vulnerability notification addresses new vulnerabilities that do not pose an immediate risk to DoD systems but are significant enough that noncompliance with the corrective action could escalate the risk . Infomation Assurance Vulnerability Bulletin (IAVB)
This person has overall responsibility for the implementation of IAVA program policy and procedures across all agencies. Assistant Secretary of Defense
The IAVA process begins with vulnerabilities being identified or reported to this organization. DISA
The two subdivisions contained in the operational stage of the system developement lifecycle. Operational and Maintenance
An examination or analysis of the protective measures that are placed on an information system once it is fully integrated and operational. Seccurity Test and Evaluation (STandE)
An authorized attack against a system. Penetration Testing
The communication connection data rate for Cable Modem remote access connection. 512 Kbps to 52 Mbps
The two encryption modes IPSEC supports. Transport and Tunnel
The communication connection data rate for DSL remote access connection. 256 Kbps to 8 Mbps
The three primary components of IPSEC. Authentication Header (AH), Ecapsulating Security Payload (ESP), and Internet Key Exchance (IKE)
This act contains the mechanisms, tools, and techniques that permit the identification of security events that could impact the operation of a computer facility. Monitoring
This system increases the measurable readiness of networks to match operational priorities. Information Operations Condition (INFOCON)
Organization tasked to develop and provide security configuration for IA and IA enabled IT products. DISA
This type of vulnerability notification addresses severe network vulnerabilities resulting in immediate and potentially severe threats. IAVA
This web-based DoD application is used to assist DISA in managing its internal implementation of the IAVA process. Vulnerability Compliance Tracking System
The mechanism used to formerly report the results of all risk assessment activities. Risk assessment.
A source that is adjudged to provide reliable software code or information and whose indentity can be verified by authentication. Trusted Source
After appropriate controls have been put in place for identified risks during risk mitigation, this person will sign a statement accepting any residual risk. Designated Approved Authority (DAA)
Three phases included in the risk management process. Risk assessment, Risk Mitigation, Evaluation and Continual Assessment
This plan consists of a comprehensive statement of all the actions taken before, during, and after a disaster or emergency condition, along with documented and test procedures. Contingency Plan
These are the 9 types of Security Testing Techniques. Network Scanning, Vulnerability Scanning, Password Cracking, Log Review, Integrity Checkers, Virus Detection, War Dialing, War Driving, Penetration Testing.
This type of remote access will require the most stringent security controls and users must use government owned or controlled devices. Administrative Access
In this type of VPN architecture, there is no need to perform seperate authentication just to use the VPN. Gateway to Gateway
The mode(s) of phase 1 of the security association of IKE. Main and Aggressive.
The mode(s) of phase 2 of the security association of IKE. Quick
Occurs when a clipping level is exceeded. A violation record is produced.
This access control provides authorization or clearance to access that level of data and is generally handled by the operating system. Mandatory Access Control (MAC)
The timeframe a degauser is to be certified after is has been purchased and is operational. Annually
The information included in audit data. Date, Time, USERID, system ID, and Indication of Success or Failure, Workstation ID.
The primary functions of this management tool are ensuring the user base is informed of the pending change, reduce the negative impact that changes have on computing services, and ensuring all changes are implemented in an orderly manner through formalize Configuration or Change Control
Group membership is the means by which Windows implements security throughout the network, it is also the main mechanism that implements this access control. Role-Base Access Control (RBAC)
The way in which changes to the contingency plan are indicated in documentation. Date When Archived
Reviews initial TEMPEST accreditation for facilities processing SCI. Certified Tempest Technical Authority (CTTA)
Responsible for setting forth policies concerning change management and implementing change management at the highest level for the organization. Chief Information Officer (CIO)
Most common method of physical access control. Security Access Cards
Discrepencies in information storage media audits should be reported to this person. ISSM
Provides a reference for the amount of analysis and testing performed on a product. Evaluation Assurance Level (EAL)
This tool can be used to identify intruders and create a sampling of traffic patterns. Intrusion Detection
The appropriate method of labeling a classified CD. Place filled-in SF 711 label on CD container, write number on CD.
Responsible for overseeing all aspects of information security within a specific organizational entity. ISSM
The US Goverment codename for a set of standards for limiting electronic or electromagnetic radiation emanations from electronic equipment. TEMPEST
First thing an ISSM must do before implementing a restoration plan. Risk Assessment of System
This storage medial label identigies the content of a specific media to include unclassigied, collateral-classified, and SCI. SF-711 Data Descriptor Label
This plan should contain detailed guidance and procedures for restoring a damaged system. Contingency Plan
The timeframe documents restoration procedures are to be tested. Annually
Approval for a system to process classified information. Accreditation
This entity must approve low risk software before introduction to SCI IS's. ISSPM / ISSM
Requires stringent security controls. Administrator access.
Must govern used / owned devices. Users.
3 Types of Remote Access Limited, End Use, Administrative
Satellite Speed 400 Kbps
DSL Speed 256 Kbps to 8 Mbps
DSL Speed 512 Kbps to 52 Kbps
In terms of VPN's, seperate justification to use the VPN is not needed.
Used most often to provide secure remote access. Host To Gateway
Provides Integrity protection for packets headers and data. Authenticated Header
Provides encryption for packet payload data. ESP
Automated protocol to negotiate, create and manage security associations between two computers. Internet Key Exchange (IKE)
IKE phase one has two modes. Main & Aggressive
IKE phase two has one mode. Quick Mode
Comprehensive contingency statement that includes actions to be taken: Before, During, After (disaster or emergency) as well as documenting and testing.
Risk Management Steps Risk Assessment, Mitigation, Evaluation and Continual Assessment
Common Threats are: Natural, Human, Environmental
Risk Assessment Report Reports on the effectiveness of the assessment.
Can sign a statement accepting any residual risk, to either authorize the operation of the new IS or request continued processing. DAA
Must sign software for it to be legally used. DAA
All personnel will process outgoing media or report the receipt of media to: ISSM / ISSO
SF 706 TS
707 SECRET
708 CONF.
710 UNCLASS
711 DATA DESCRIPTOR
712 SCI
Degausing machine must be certified: Annually
INFOCON Level Alpha Increased Intel watch & strengthen security measures. (Increased Risk)
INFOCON Level Beta Increased CND, specific risk of attack. (Specific Risk)
INFOCON Level Charlie Promotes further increase of CND. (Limited Success)
INFOCON Level Delta Max CND (General Attack)
If INFOCON conflict. Elevate to higher level.
Incident Respone, isolated incidents and minor infractions can be handled. Locally, in command.
Who can approve sniffers for (testing) use on the net? ISSM.
Audit Trail should include. Date, Time, USERID, Workstation ID, System ID & Indication of Success / Failure
If auto auditing is unavailable, the ISSM must get approval from _____ to do manual audit. ISSPM
What is critical architecture? Any asset the destruction of which would negatively affect the IS.
Two ways to protect against logical attacks on critical infrastructure? Encryption and Passwords
Supports measures for IT Security Common Criteria
EAL Categories - Basic: Functionally Test
EAL Categories - Medium Methodically Tested
EAL Categories - High Formally Tested
Two docs issued by the President to support DCIP? PDD 63, EO 13010
Group that performs certification & accreditation? CSA
DAC: Owner of a file or folder and manages control at their discretion.
MAC: Object access restricted based on object sensitivity.
RBAC: Access based on role.
IS level of trust is directly influenced by: Classification level.
Changes that requires CJTF-GNO to report to CDRUSTRATCOM. DoD Level Changes
Infocon changes should establish: Exit criteria for inforcon levels.
Identifies & coordinates with internal and external POC's to see the ways they depend on IT systems. Contingency Planning Coordinator
This should evaluate the impact of the outage, and track the outage over time & monitor the effects the outage causes accross multiple resources. Critical Resource Analysis
Cold Site Adequate space & architecture
Warm site Partially equipped with some / all hardware
Hot site Appropriately sized
Mobile site Self Contained
Local incident reporting ISSM / ISSO
NCIS must be reported to in the case of: Unauthorized data alteration, IS tresspassers, Data destruction
Enables the contingency planning coordinator to characterize system requirements. Business Impact Analysis
Correlates specific system components with critical services. BIA
BIA analysis of outages: Over time & Across related or dependent systems.
Recovery strategies: Restoration after service interuption.
Recovery strategies: Restoration after service interuption.
Created by: Tassit