• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/135

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

135 Cards in this Set

  • Front
  • Back
What are the seven components of the GIG?
Warrior Component, Global Application, Computing, Communications, Foundation, Information Management.
What organization has the mission of directing and operating the GIG?
USSTRATCOM
Which characteristic of the GIG ensures that users across the DOD can seamlessly connect to the systems and services offered by the GIG?
Joint Infrastructure
What three networks make up the data component of DISN?
Non-secure Internet Protocol Router Network, Secret Internet Protocol Router Network, Joint Worldwide Intelligence Communications System.
Why does the DOD need to have its own voice communications networks?
Because of the nature of the military’s mission requirements and security concerns.
What is the purpose of the long-haul transport infrastructure segment of the DISN?
It is the pipeline through which all DISN information will travel.
Explain how the NIPRNET connects LANs and users.
Through the use of routers and ATM switches, which are interconnected using high-speed digital trunks.
What is the purpose of NIPRNET?
The NIPRNET is the way a local base LAN connects to other base LANs to support medical, finance, supply, personnel, and other unclassified base data communication requirements.
How is it possible for NIPRNET to carry non-internet protocol services?
Subscriber systems can use the NIPRNET to carry non-IP services if they have been encapsulated or converted to IP before being presented to a NIPRNET router.
Who manages SIPRNET Hub routers and premise routers?
Hub routers are managed by DISA. Premise routers are managed as a base communications asset.
How does SIPRNET function like unclassified IP networks?
It can use Ethernet, router, FDDI, ATM data link protocols.
What network is JWICS the Top Secret equivalent?
JWICS is the Top Secret equivalent to SIPRNET.
What system is the primary means of operator interface for JWICS?
The primary means of operator interface for JWICS is the Joint Deployable Intelligence Support System.
How does CITS manage the lifecycle of the Air Force’s communications and information systems?
By providing standardized infrastructure and network protection tools for all voice, video and data services that traverse base networks.
What are the four segments of the CITS transport component?
Information Transport System, 2nd Generation Wireless LAN (2GWLAN), Voice Switching System, C4ISR Infrastructure Planning System.
What CITS NM/ND component is the most recent stride towards in–depth security for Air Force networks?
Limiting our connections to the GIG.
What are the two categories of DSN users?
Command and Control and Operational Support.
Which user category is assigned flash or flash-override precedence?
Command and Control users.
What are the five key objectives of DSN?
Survivability, responsiveness, security, cost effectiveness, interoperability.
What device makes end-to-end encryption available to DSN users?
Secure Terminal Equipment.
What are the major subsystems of DSN?
1) Switching; 2) transmission; 3) timing and synchronization, administration; 4) administration, operations and maintenance/network management (AO&M/NM).
What is the system high level of security for operation of the Red Switch?
Secret
Which standard data rates will the Red Switch offer direct switching?
Up to 64 Kbps for synchronous and 19.2Kbps for asynchronous.
How many station lines can the multiline phone accommodate?
Up to 48
Briefly describe the purpose of standardized tactical entry points.
To allow tactical DSCS terminals to access the Defense Communication System.
Why are tactical terminals considered at a disadvantage?
Tactical terminals are generally considered “disadvantaged” because they require much more of the satellite’s downlink power to receive the signals.
What four services are provided via the standardized tactical entry point?
Seven T1 DSN access circuits, Three Red Switch accesses, up to 10 Mbps data access, and multiple video circuits from 128 Kbps to 1.544 Mbps per circuit.
Whh was Teleport developed?
Teleport was developed to expand multi-media RF access to multiple military and commercial communications systems, while taking advantage and expanding the baseband equipment and DISN services the STEP program has installed.
What is the Navstar GPS?
Navstar GPS is a constellation of earth orbiting satellites designed to provide authorized and appropriately equipped users with worldwide three-dimensional positioning and navigation information.
What are the two primary missions of the GPS?
Navigation and nuclear detection.
How is OPSEC defined?
OPSEC is defined as a process of identifying critical information and subsequently analyzing friendly actions attendant to military operations and other activities.
What is the goal of OPSEC?
The goal of OPSEC is to identify information and observable activities relating to mission capabilities, limitations and intentions in order to prevent exploitation by our adversaries.
Which security program does OPSEC encompass?
OPSEC encompasses all AF security program.
Who established the INFOSEC program?
The president.
What is the definition and goal of the INFOSEC program?
The goal of the INFOSEC Program is to efficiently and effectively protect Air Force information by delegating authority to the lowest levels possible; encouraging and advocating use of risk management principles; focusing on identifying and protecting only that information that requires protection; integrating security procedures into our business processes so that they become transparent; and, ensuring everyone understands their security roles and responsibilities.
What does the Privacy Act of 1974 protect?
The Privacy Act (PA) of 1974 is the legal statute (law) protecting individuals from unwarranted invasion of their personal privacy.
What AFI contains information on the Privacy Act?
AFI 33–332, Air Force Privacy Act Program, contains the Air Force’s policy on Privacy Act information.
Name the four parts of the Privacy Act statement.
Authority, purpose, routine uses, and disclosure.
How are PA protected records disposed?
Records protected by the Privacy Act are disposed of according to the records retention schedule on the file plan. The method of destruction depends on the composition of the material.
What are the categories of classified information?
Top Secret, Secret, and Confidential.
What document covers FOUO and FOIA?
The Freedom of Information Act (FOIA), covered in DOD 5400.7–R, DOD Freedom of Information Act Program, provides information on the FOUO designation.
What is the definition of COMSEC?
COMSEC is defined as the measures and controls taken to deny unauthorized persons information derived from information systems of the US Government related to national security and to make sure the authenticity of such information systems.
How does TRANSEC relate to COMSEC?
Transmission security (TRANSEC) is the component of COMSEC resulting from the application of measures designed to protect information systems traffic from the interception and exploitation by means
other than crypto-analysis.
What is criticial information?
Critical information is information about friendly activities, intentions, capabilities, or limitations that an adversary seeks in order to gain a military, political, diplomatic, economic, or technological advantage.
Explain the two-person integrity system.
Two-person integrity (TPI) is a storage and handling system that prohibits access to COMSEC keying material to lone or unaccompanied individuals. TPI procedures require the presence of at least two authorized persons, both who know TPI procedures and who can detect incorrect or nauthorized security procedures for the performed task.
What is AFCOMSEC Form 16 used for?
AFCOMSEC Form 16, Account Daily Shift Inventory is used to account for COMSEC material using both Defense Courier Service and the Air Force Electronic Key Management System.
What should you look for before you open a COMSEC package?
Make sure there is no evidence of tampering or forced entry. If you suspect tampering or forced entry from a previous custodian, do not open the package until advised to do so by the appropriate COMSEC authority or CRO.
What is AF Form 1109 used for?
AF Form 1109 is used to document visitor access to restricted areas where classified is being processed.
What is a COMSEC deviation?
A COMSEC deviation is an occurrence involving a failure to follow established COMSEC instructions, procedures, or standards.
What is a COMSEC insecurity?
A COMSEC insecurity is an investigated or evaluated incident that has been determined as jeopardizing the security of COMSEC material or the secure transmission of government information.
What is a COMSEC incident?
Any uninvestigated or unevaluated occurrence that potentially jeopardizes the security of COMSEC material or the secure transmission of government information.

Any investigated or evaluated occurrence that has been determined as not jeopardizing the security of COMSEC material or the secure transmission of government information. This means that presently, harm is unfounded or alleged. These are generally classified as “Confidential” until receiving guidance from higher agencies.
Name the three COMSEC incidents.
Physical, Personnel, and Cryptographic incidents.
How does a practice dangerous to security (PDS) differ from a COMSEC incident?
Practice dangerous to security (PDS) is defined as a procedure that has the potential to jeopardize the security of COMSEC material if allowed to continue. A PDS is not a COMSEC incident and is not assigned an Air Force COMSEC Incident case number.
What document is used to label unsecured phones?
DD Form 2056 is used to label unsecured phones.
When are COMSEC final reports due?
Final reports are due 30 days after the initial report is issued.
Define COMPUSEC.
COMPUSEC is the applied discipline that results from measures and controls that protect data in a computer against unauthorized (accidental or intentional) disclosure, modification, or destruction.
What are the objectives of COMPUSEC?
COMPUSEC objectives are to protect and maintain the confidentiality, integrity, availability, authentication, and nonrepudiation of information system resources and information processed throughout the system’s life cycle.
What are three sources that threat information systems?
Threats are caused from natural, environmental, human, and viruses.
Define the COMPUSEC and IA vulnerabilities.
Physical, environmental, personnel, hardware, software, media, network communications, procedural
How can you protect an unattended computer system?
By removing your CAC.
What type of network is used to process unclassified information
NIPRNET
What type of network is used to process classified information?
SIPRNET
What is spyware?
Spyware is computer software that is designed to collect personal information about users without their informed consent.
Define EMSEC.
Emission Security (EMSEC) is the protection resulting from all measures taken to deny unauthorized personnel information of value that might be derived from communications systems and cryptographic equipment intercepts and the interception and analysis of compromising emanations from cryptographic equipment,
information systems, and telecommunications systems.
What is the objective of EMSEC?
The objective of EMSEC is to deny access to classified and, in some instances, unclassified information and contain compromising emanations within an inspectable space.
What are compromising emanations?
Unintentional signal that, if intercepted and analyzed, would disclose the information transferred, received, handled, or otherwise processed by any information-processing equipment.
What does an EMSEC assessment determine?
A desktop analysis to determine the fact an EMSEC countermeasures review is required or not. There are separate EMSEC assessments for information systems, communications systems, and cryptographic equipment.
What does an EMSEC countermeasure determine?
A technical evaluation of a facility where classified information will be processed that identifies the EMSEC vulnerabilities and threats, specifies the required inspectable space, determines the required EMSEC countermeasures, and ascertains the most cost-effective way to apply required countermeasures.
What does the user identify before applying EMSEC countermeasures?
The user identifies the information systems that will process classified information; the volume, relative sensitivity, and perishability of the information; the physical control measures in effect around the area that will process classified information; and applies identified IA and EMSEC countermeasures.
What do INFOCONs help us with?
INFOCONs help units take the proper protective measures to protect against threats.
What measures are in place when there is an increased risk of attack in INFOCON 4?
Increased monitoring of all network activities is mandated, and all DOD end users must make sure their systems are secure. Internet usage may be restricted to government sites only, and backing up files to removable media is ideal.
Describe the actions taken in INFOCON 2.
Non-essential networks may be taken offline, and alternate methods of communication may be implemented.
What disciplines does IA integrate?
Information awareness is an integrated communications awareness program covering COMSEC, COMPUSEC, and emissions security (EMSEC) disciplines.
What actions must personnel take to meet the goals of the IA program?
Personnel must understand the necessity and practice of safeguarding information processed, stored, or transmitted on information systems and the various concepts of IA countermeasures to protect systems and information from sabotage, tampering, denial of service, espionage, fraud, misappropriation, misuse, or access by unauthorized persons.
What equipment does the AF-GIG encompass?
The AF-GIG includes any Air Force-provisioned system, equipment, software, or service residing on the NIPRNET, SIPRNET, or Constellation Net.
What is the Global Information Grid?
The Global Information Grid (GIG) is an all-encompassing communications project of the DOD. It is defined as the globally interconnected, end-to-end set of information capabilities, associated processes, and personnel for collecting, processing, storing, disseminating, and managing information on demand to warfighters, policymakers, and support personnel.
What are the three NETOPS Levels?
Global, Regional, and Local.
What is the responsibility of GNOSC?
Global NOSC is responsible for the worldwide management and operational oversight of the Defense Information Infrastructure.
Where do FACs exist and what are their purposes?
Functional Awareness Cells are regional level entities that exist at the same NETOPS management tier as the Base NCC. They report to and take direction from the Base and supporting NOSC. FACs require smaller amounts of equipment and performs situational awareness for a functional system or mission.
What does an accreditation and certification constitute?
Accreditation and Certification constitutes a set of procedures and judgments which lead to a determination of the suitability of an AIS to operate in a targeted operational environment.
Who makes accreditation decisions and what types can be made?
An accreditation decision is made by the DAA. This accreditation can be a full accreditation which allows a system to operate in an environment for which it was originally intended or interim (temporary) accreditation which permits an AIS to operate until identified steps can be completed prior to receiving full accreditation.
Define physical security.
Physical security results from using all physical measures necessary to safeguard COMSEC material from access of unauthorized personnel. These measures include the application of control procedures and physical barriers.
List the markings required for classified material.
The overall classification of the document; the agency/office of origin and date of the document; the office or source document that classified the information.
What items cannot be placed in security container used to store classified material? Why?
Funds, weapons, medical items, controlled drugs, precious metals, money or other non-mission related items susceptible to theft are not, as a rule, stored in any security container that’s used to store classified material. Storing these items together could result in the compromise of classified material.
What is the purpose of SF 700?
The purpose of SF 700 is to records the container’s location, the names, home addresses, and home telephone numbers of people who know the combination. It is also used to list contact personnel when the security of the material in the container is compromised.
On what days are Secret packages typically shipped?
Packages containing Secret material are typically shipped on Monday through Thursday only.
When should hand carrying classified material during a TDY assignment be allowed?
Hand carrying classified material during TDY poses a risk and should be done as a last resort in critical situations.
What provides guidance on how to properly dispose of classified material?
WebRims Records Disposition Schedule.
What are the three types of secured facility deviations?
Temporary, permanent, and technical.
(218) This component of the Global Information Grid consists of those items that are necessary to directly connect the warfighter to the global network
a. Global applications.
B. Warrior component.
c. Network operations.
d. Information management.
(218) This characteristic of the Global Information Grid ensures seamless transmission of information between different service branches
a. Joint architecture.
b. Unity of command.
c. Information services.
D. Common policy and standards.
(219) Who bears the responsibility for maintenance of the sustaining base portion of the Defense Information System Network?
A. The service that owns the installation.
b. Defense Information System Agency.
c. Infrastructure technicians.
d. Deployed warfighters.
(219) Which segment of the Defense Information System Network (DISN) may be a person in the deployed Area of Responsibility or a person sitting in a fixed location thousands of miles from combat?
a. Long-haul transport infrastructure.
B. Deployed warfighter.
c. Theater Battle Management Core System terminal.
d. Sustaining base.
(220) What is the difference between a hub router and a premise router?
a. Operated and managed as a base communications asset.
b. Considered one of the primary components of the Defense Information Systems Network.
C. Interconnected via the Defense Information Systems Agency Asynchronous Transfer Mode network.
d. Completely protected by encryption devices.
(221) How are non-internet protocols sent across the Secret Internet Protocol Router Network?
a. Protocols cannot be sent across the SIPRNET.
b. Transmitted from sender to user unchanged.
C. Encapsulated by the internet protocol before being transmitted across the SIPRNET.
d. Encrypted by a TACLANE before being transmitted across the SIPRNET.
(221) Which is an internet protocol encryption device that can be directly connected to Red local area networks?
a. KG–84.
b. KG–194.
c. KIV–7.
. KG175.
(222) What provides conduit for Joint Worldwide Intelligence Communication System data transmission from one location to another?
A. DISN backbone.
b. JDISS terminal.
c. SIPRNET.
d. NIPRNET.
(223) What concerns slowed the military’s adoption of wireless network technology?
a. Speed and reliability.
B. Security and reliability.
c. Reliability and maintenance.
d. Certification and interoperability.
(223) What is the first step in merging voice, data and video networks into one integrated network within the Air Force?
a. Adding more traditional time division multiplexing voice switches to handle additional data traffic.
b. Integrating traditional TDM switches with voice over IP systems.
C. Complete replacement of TDM switches with VoIP technology.
d. Managing TDM switches in the same way we manage data networks.
(223) Besides limiting connections to the Global Information Grid, what other Combat Information Transport Systems initiative will help increase network security?
a. Establishing a Network Operation and Security Center at each base.
b. Creating a security baseline across all MAJCOM areas of responsibility.
c. Fielding standardized tools to all of the MAJCOM Network Operating Security Centers to establish a baseline security model.
D. Eliminating the MAJCOM NOSC concept and integrating the functions into two Integrated NOSCs.
(224) Which organization is responsible for the design, acquisition, and single systems
management of the Defense Switched Network?
a. Defense Logistics Agency.
b. Communications Squadron.
c. Air Force Communications Agency.
D. Defense Information Systems Agency.
(224) How is responsiveness provided in the Defense Switched Network?
a. End offices are multiple-homed.
b. End offices do not interoperate with allied networks.
C. The DSN offers precedence access thresholding.
d. The DSN offers single level precedence and preemption.
(224) What type of Defense Switched Network precedence call cannot be preempted?
a. Flash.
b. Priority.
c. Intermediate.
D. Flash Override.
(225) What is the maximum asynchronous data rate for the Defense Red Switch Network (DRSN)?
a. 9.6 Kbps.
b. 14.4 Kbps.
C. 19.2 Kbps.
d. 28.8 Kbps.
(225) While you are using the Red Switch, what feature lets you know that you have dialed the correct number at the proper level of security?
a. Recorded voice message.
b. Punched computer cards.
C. Liquid crystal display.
d. Punched paper tape.
(226) What is the purpose of the standardized tactical entry point terminal?
A. To provide a foxhole to National Command Authority link for commanders.
b. To lessen the amount of traffic transmitted through the gateway terminals.
c. To provide one-way communication access for deployed locations.
d. To replace the old tactical satellite communications system.
(227) The Global Positioning System program is responsible for maintaining GPS time to within how many seconds of universal time code?
a. 2 microseconds.
b. 2 seconds.
C. 1 microsecond.
d. 1 second.
(228) Which security program is covered under AFI 10–701?
A. OPSEC.
b. EMSEC.
c. COMSEC.
d. COMPUSEC.
(228) Which of the following security programs is defined as a process of identifying critical information and subsequently analyzing friendly actions attendant to military operations and other activities?
A. OPSEC.
b. EMSEC.
c. COMSEC.
d. COMPUSEC.
(229) Providing a list of where and why the information will be disclosed outside the DOD best describes which mandatory item of a Privacy Act Statement?
a. Purpose.
b. Authority.
c. Disclosure.
D. Routine use.
(229) What form is used as a cover sheet to protect Privacy Act material?
a. AF Form 2327.
b. AF Form 3217.
C. AF Form 3227.
d. AF Form 3327.
(229) Guidance for posting information on Air Force web sites is outlined in
a. AFI 33–119.
B. AFI 33–129.
c. AFI 33–219.
d. AFI 33–329.
(229) Official guidance on individual security clearances and permitting access to classified information can be found in
a. AFI 31–301.
b. AFI 31–401.
C. AFI 31–501.
d. AFI 31–601.
(229) Disclosure of information that would result in the loss, misuse, modification or unauthorized access that might adversely affect national security would best be described as
a. secret.
b. confidential.
c. for official use only.
D. sensitive but unclassified.
(230) What is the COMSEC program designed to do?
a. Relocate classified material to strengthen security.
b. Conduct assessments to evaluate compromise of national security.
c. Deflect unauthorized interception and analysis of compromising emanations.
D. Detect and correct procedural weaknesses that could expose critical information.
(230) What reference would you use for guidance on Air Force messaging?
A. AFI 33–119.
b. AFI 33–129.
c. AFI 33–219.
d. AFI 33–329.
(230) Which form is used with a transfer report to accompany a COMSEC package?
a. SF 135.
B. SF 153.
c. SF 351.
d. SF 531.
(230) Which form is used as a visitor register log to record visitors into restricted areas?
a. AF Form 1019.
B. AF Form 1109.
c. AF Form 1119.
d. AF Form 1190.
(231) An uninvestigated or unevaluated occurrence that potentially jeopardizes the security of COMSEC material or the secure transmission of government information is best described as a COMSEC
a. insecurity.
b. deviation.
C. incident.
d. report.
(231) Which organization assigns communication security incident report case numbers?
A. Air Force Communications Agency.
b. Air Force Office of Record.
c. Central Office of Records.
d. National Security Agency.
(231) Final reports of a communication security incident are due
a. 10 days after the initial report is dated.
b. 20 days after the initial report is signed.
C. 30 days after the initial report is issued.
d. 40 days after the initial report is approved.
(232) The Air Force Information Assurance Program is detailed in
a. AFI 33–100.
B. AFI 33–200.
c. AFI 33–300.
d. AFI 33–400.
(232) Which applied discipline applies measures and controls to protect data in computer systems against unauthorized, disclosure, modification, or destruction?
a. OPSEC.
b. EMSEC.
c. COMSEC.
D. COMPUSEC.
(233) What best describes an unintended signals or noise appearing external to a piece of communications equipment?
a. Emulation.
B. Emanation.
c. Signature.
d. Salutation.
(233) An unclassified term referring to technical investigations for compromising emanations from electrically operated data processing equipment is known as
a. Emission security.
b. Communication security.
C. Telecommunications Electronic Material Protected from Emanating Spurious Transmissions. TEMPEST
d. Computer security.
(234) Which condition exists when there is no apparent terrorist activity against computer networks?
a. INFOCON 2.
b. INFOCON 3.
c. INFOCON 4.
D. INFOCON 5.
(234) Which condition requires the mandate of increased monitoring of all network system activities when an increased risk of attack is present?
a. INFOCON 2.
b. INFOCON 3.
C. INFOCON 4.
d. INFOCON 5.
(234) When a risk of a network system attack has been identified, which condition requires all unclassified dial-up connections be disconnected?
a. INFOCON 2.
B. INFOCON 3.
c. INFOCON 4.
d. INFOCON 5.
(234) Which condition permits non-essential networks to be taken offline and substituted with alternate methods of communication?
A. INFOCON 2.
b. INFOCON 3.
c. INFOCON 4.
d. INFOCON 5.
(235) At which NETOPS level is responsibility for the worldwide management and operational oversight of the defense information infrastructure globally managed?
a. Tier 1.
b. Tier 2.
c. Tier 3.
d. Tier 4.
(235) At what level do regional operation centers perform Network Operations (NETOPS) to ensure operational and administrative control by implementing Systems and Network Management Information Assurance/Network Defense (IA/NetD), and Information Dissemination Management?
a. Tier 1.
B. Tier 2.
c. Tier 3.
d. Tier 4.
(235) An accreditation decision which allows a system to operate in an environment for which it was originally intended is known as
A. a full accreditation.
b. a type accreditation.
c. a major accreditation.
d. an interim accreditation.
(236) Which resources designated priority is provided when the level of security requires a significant degree of deterrence against hostile acts?
a. “A”.
B. “B”.
c. “C”.
d. “D”.
(236) Which resources designated priority is provided when the level of security requires a reasonable degree of deterrence against hostile acts?
a. “A”.
b. “B”.
C. “C”.
d. “D”.
(236) Which form would you use to properly label removable storage media containing “confidential” information?
a. SF 706.
b. SF 707.
C. SF 708.
d. SF 710.