• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/29

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

29 Cards in this Set

  • Front
  • Back
214.1 Define and explain Defense-in-Depth.
Information Security strategy integrating people, technology, and operations capabilities to establish variable barriers across multiple layers and missions of the organization.
214.2 Define malicious code.
Software or firmware intended to perform an unauthorized process that will have adverse impact on the confidentiality, integrity, or availability of an information system. A virus, worm, Trojan horse, or other code-based entity that infects a host. Spyware and some forms of adware are also examples of malicious code.
214.3 Define Zombie.
A computer connected to the Internet that has been compromised by a cracker, computer virus or trojan horse and can be used to perform malicious tasks of one sort or another under remote direction.
214.3 Define a Bot.
A computer used to spread e-mail spam and launch denial-of-service attacks.
214.3 Define Zero Day Exploit.
Actual software that uses a security hole to carry out an attack are used or shared by attackers before the developer of the target software knows about the vulnerability.
214.3 Define Spyware.
Software which sends information to its creators about a user's activities; typically passwords, credit card numbers and other information that can be sold on the black market.
214.3 Define Logic Bomb.
A piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.
214.4 Explain the function of Keyloggers.
The action of tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored.
214.4 Explain the function of Privilege Escalators .
Gain elevated access to resources that are normally protected from an application or user.
214.5 Define Denial of Service.
Attempt to make a computer resource unavailable to its intended users.
214.5 Define Exploit.
A piece of software, a chunk of data, or sequence of commands that takes advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic.
214.5 Define the Global Information Grid.
Globally interconnected, end-to-end set of information capabilities for collecting, processing, storing, disseminating, and managing information on demand to warfighters, policy makers, and support personnel.
214.5 Define Mitigation.
The act of reducing the vulnerability of network systems and reducing the damage to already compromised networks.
214.5 Define Penetration.
A method of evaluating the security of a computer system or network by simulating an attack from malicious outsiders and malicious insiders.
214.5 Define Probe.
Scans a server or host for open ports.
214.5 Define Port Scan.
An attack that sends client requests to a range of server port addresses on a host, with the goal of finding an active port and exploiting a known vulnerability of that service.
214.6 Explain the PKI cryptographic concept of Digital Signatures as they apply to IA.
Cryptographic process used to assure data object originator authenticity, data integrity, and time stamping for prevention of replay.
214.6 Explain the PKI cryptographic concept of Non-Repudiation as they apply to IA.
Assurance that the sender of information is provided with proof of delivery and the recipient is provided with proof of the sender’s identity, so neither can later deny having processed the information.
214.6 Explain the PKI cryptographic concept of Key- Management as they apply to IA.
The activities involving the handling of cryptographic keys and other related security parameters (e.g., IVs and passwords) during the entire life cycle of the keys, including their generation, storage, establishment, entry and output, and zeroization.
214.7 State the responsibilities of the IAM.
Information Assurance Manager - Develops and maintains an organization or DoD information system-level IA program that identifies IA architecture, IA requirements, IA objectives and policies; IA personnel; and IA processes and procedures. Ensure that information ownership responsibilities are established for Each DoD information system, to include accountability, access approvals, and special handling requirements.
214.7 State the responsibilities of the IAO.
Information Assurance Officer - Ensures that all users have the requisite security clearances and
Supervisory need-to-know authorization, and are aware of their IA responsibilities before being granted access to the DoD information system. In coordination with the IAM, initiate protective or corrective measures when an IA incident or vulnerability is discovered. Ensure that IA and IA-enabled software, hardware, and firmware comply with appropriate security configuration guidelines
214.7 State the responsibilities of the ISSO.
Information Systems Security Officer - Individual assigned responsibility for maintaining the appropriate operational security posture for an information system or program.
214.8 Describe electronic spillage.
Security incident that results in the transfer of classified or CUI information onto an information system not accredited (i.e., authorized) for the appropriate security level.
214.9 State the purpose of DADMS.
DON Applications and Database Management System (DADMS). DADMS is a Web-enabled registry of Navy and USMC systems/ applications, and their associated data structures. It is the authoritative source for DON IT (including NSS) application and database PfM.
214.10 Identify organizations that conduct vulnerability assessments.
NCDOC conducts directed network vulnerability scanning to check for compliancy with IAVM, UTN-P Policy and STIGs.
214.11 Define IDS.
Intrusion Detection Systems (IDS) - Hardware or software products that gather and analyze information from various areas within a computer or a network to identify possible security breaches, which include both intrusions (attacks from outside the organizations) and misuse (attacks from with the organizations).
214.11 Describe the two types of IDS.
Active - auto-responds to the suspicious activity by resetting the connection or by reprogramming the firewall to block network traffic from the suspected malicious source.
Passive - logs the information and signals an alert on the console and or owner.
214.12 What is an IPS?
Intrusion Prevention System (IPS) - System that can detect an intrusive activity and can also attempt to stop the activity, ideally before it reaches its targets.
214.13 Explain the purpose of HBSS.
Host based Security System (HBSS) - Provides one IA Tool to provide a variety of applications to protect networks from Intrusions.