Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
89 Cards in this Set
- Front
- Back
- 3rd side (hint)
|
Wha is CJCSM 6510.01A
|
CHAIRMAN OF THE JOINT
CHIEFS OF STAFF MANUAL |
|
|
|
What is CNDSPs
|
CND Service Providers
|
|
|
|
What are the three CND services CNDSPS provide
|
(1) Protect, (2) Monitor, Analyze, and Detect, and (3)
Respond. |
|
|
|
Why was the Incident Handling Program implemented
|
To provide specific guidance for C/S/As and field
activities regarding the requirements for incident handling and reporting. |
|
|
|
What is the responsibility of the network defenders
A)Security of Computing,Communication,Integrity B)Communication Systems,Authentication,Integrity C)Security of Computing,Confidentiality,Integrity |
Security of Computing,Communication systems, Integrity
|
|
|
|
What is GIG
|
Global Information Grid
|
|
|
|
What is C/S/A
|
Combatant Command/Service/Agency
|
|
|
|
What is CND
A)Command Network Defence B)Computer Network Diagrahm C)Computer Network Defense |
Computer Network Defense
|
|
|
|
What are some roles of Joint Staff, combatant commands, Services, Defense agencies, DOD field
activities, and joint |
Ensure CNDSPs are established or appointed to provide CND
Services for C/S/A or field activity information systems. Coordinate with USSTRATCOM (JTF-GNO) on incidents prior to coordinating or taking action outside of the Department of Defense. |
|
|
|
Does Joint Staff, combatant commands, Services, Defense agencies, DOD field agenciesComply with directives (including but not limited to operation orders
and communication tasking orders (CTOs). |
Yes
|
|
|
|
Wha is CJCSM 6510.01A
|
CHAIRMAN OF THE JOINT
CHIEFS OF STAFF MANUAL |
|
|
|
What is CNDSPs
|
CND Service Providers
|
|
|
|
What are the three CND services CNDSPS provide
|
(1) Protect, (2) Monitor, Analyze, and Detect, and (3)
Respond. |
|
|
|
Why was the Incident Handling Program implemented
|
To provide specific guidance for C/S/As and field
activities regarding the requirements for incident handling and reporting. |
|
|
|
What is the responsibility of the network defenders
|
To ensure the
security of computing and communication systems for executing successful military operations and to maintain the integrity of information within the cyber domain and throughout the Department of Defense. |
|
|
|
What is GIG
|
Global Information Grid
|
|
|
|
What is C/S/A
|
Combatant Command/Service/Agency
|
|
|
|
What is CND
|
Computer Network Defense
|
|
|
|
What are some roles of Joint Staff, combatant commands, Services, Defense agencies, DOD field
activities, and joint |
Ensure CNDSPs are established or appointed to provide CND
Services for C/S/A or field activity information systems. Coordinate with USSTRATCOM (JTF-GNO) on incidents prior to coordinating or taking action outside of the Department of Defense. |
|
|
|
Does Joint Staff, combatant commands, Services, Defense agencies, DOD field agenciesComply with directives (including but not limited to operation orders
and communication tasking orders (CTOs). |
Yes
|
|
|
|
Wha is CJCSM 6510.01A
|
CHAIRMAN OF THE JOINT
CHIEFS OF STAFF MANUAL |
|
|
|
What is CNDSPs
|
CND Service Providers
|
|
|
|
What are the three CND services CNDSPS provide
|
(1) Protect, (2) Monitor, Analyze, and Detect, and (3)
Respond. |
|
|
|
Why was the Incident Handling Program implemented
|
To provide specific guidance for C/S/As and field
activities regarding the requirements for incident handling and reporting. |
|
|
|
What is the responsibility of the network defenders
|
To ensure the
security of computing and communication systems for executing successful military operations and to maintain the integrity of information within the cyber domain and throughout the Department of Defense. |
|
|
|
What is GIG
|
Global Information Grid
|
|
|
|
What is C/S/A
|
Combatant Command/Service/Agency
|
|
|
|
What is CND
|
Computer Network Defense
|
|
|
|
What are some roles of Joint Staff, combatant commands, Services, Defense agencies, DOD field
activities, and joint |
Ensure CNDSPs are established or appointed to provide CND
Services for C/S/A or field activity information systems. Coordinate with USSTRATCOM (JTF-GNO) on incidents prior to coordinating or taking action outside of the Department of Defense. |
|
|
|
Does Joint Staff, combatant commands, Services, Defense agencies, DOD field agenciesComply with directives (including but not limited to operation orders
and communication tasking orders (CTOs). |
Yes
|
|
|
|
True or False
USSTRATCOM Coordinate with the IC Incident Response Center (IC-IRC), which operates under the authority of the IC chief information officer (CIO), on matters relating to the governance, secure operations, and defense of the IC networks. |
True
|
|
|
|
What are some roles of USSTRATCOM
|
Issue incident or reportable event response orders and alerts
through JTF-GNO to the C/S/As and field activities. Coordinate with USNORTHCOM for incidents that involve the DHS and other federal agencies where Defense Support of Civil Authorities is involved. |
|
|
|
True or False
USSTRACTCOM Maintain and disseminate DOD intrusion detection system (IDS) signature sets for DOD level sensors (Tier 1) and provide necessary threat information to assist Tier 2 and Tier 3 CNDSP organizations developing IDS signature sets for their sensors. |
TRUE
|
|
|
|
How does USSTRATCOM provide reports to Secretary of Defense
|
Through
Joint Staff and C/S/As and field activities, as necessary. |
|
|
|
Who Coordinate with the Department of Homeland Security (DHS) and
other federal agencies for incidents related to cyberspace involving the Department of Defense |
USSTRATCOM
|
|
|
|
Does USSTRATCOM notify and/or coordinate with the
United States Computer Emergency Readiness Team (US-CERT) on cyberspace incidents |
Yes only when it is approriate
|
|
|
|
True or False
The DOD Incident Handling Program is a component of the overall CND strategy for the Department of the Navy |
False. It is a program for the DOD
|
|
|
|
Who much Incident handling be coordinates with
|
DOD organizations and sources outside the Department of Defense, such as
LE/CI, IC, and defense industrial base (DIB) partners |
|
|
|
What are the are the actions taken, within the Department of Defense, to
protect, monitor, analyze, detect, and respond to unauthorized activity within DOD information systems (ISs) and computer networks A) CND(COMPUTER NETWORK DEFENSE) B)IA C)CJSCM |
Computer Network defense
|
|
|
|
What are the three tiers the DOD is organized to conduct CND
|
Tier One (Global).
Tier Two (Regional/Theater). Tier Three (Local). |
|
|
|
What does Tier One provides
A) DOD-wide CND operational direction or support to C/S/As and field activities B) Updated reports to C/SAs C)Fix customer issues |
This tier provides DOD-wide CND operational
direction or support to C/S/As and field activities |
|
|
|
Who does Tier one include
|
Tier One entities include
USSTRATCOM and supporting entities such as the JTF-GNO, Defense Criminal Investigative Organization (DCIO), JTF-GNO Law Enforcement and Counterintelligence Center (JTF-GNO LECIC), and the National Security Agency/Central Security Service Threat Operations Center (NTOC). |
|
|
|
What does Tier Two (Regional/Theater).
|
Tier Two provides DOD
component-wide operational direction or support and responds to direction from Tier One |
|
|
|
Who does Tier Two includes
|
Tier Two includes C/S/A and field activity CNDSPs designated
by heads of components to coordinate component-wide CND |
|
|
|
What does Tier Three provides local operational direction
or support and responds to direction from a designated Tier Two entity |
Three includes bases, posts, camps, stations, and all entities responding to
direction from a C/S/A or field activity Tier Two CNDSP (e.g., manage and control ISs, networks and services, either deployed or fixed at DOD Installations). |
|
|
|
What are the three primary CND Services
A)Protect; Monitor, Analyze and Detect; and Respond. B)Control Protect,Investigate and Respond C) Command Monitor Analyze Detect and Respond |
Protect; Monitor, Analyze and Detect; and Respond.
|
|
|
|
What happens during the PROTECT phase in CND services
A)Vulnerability Analysis and Assessment support B)CND Red Teaming C)Malware Protection Support D)INFOCON, IAVM |
ALL OF THEM
|
|
|
|
WHAT IS IAVM
A)Information Assurance Vulnerability Message B)Information Assurance Vulnerability Maker C)Information Assurance Vulnerability Management |
Information Assurance Vulnerability Management
|
|
|
|
What is INFOCON
|
Information Operations Condition Implementation
|
|
|
|
What happens in the MAD (mission, analyze,detect) stage of CND
A)Network Security Monitoring intrusion Detection B)Attack Sensing and Warning (ASW C)Indications and Warning Situation al Awareness (I&W). D)All of the Above |
D) All of the above
|
|
|
|
What is the Respond Stage of CND
|
Incident Reporting
Incident Response Incident Analysis |
|
|
|
What is a fourth area in CND
|
Capability Sustainment
|
|
|
|
Name some area Capability Sustainment cover
|
MOUs and Contracts
CND Polices/Procedures personnel levels and training Security Administration |
|
|
|
True or False
CND protection services include the management of DOD’s Information Operations Condition (INFOCON) system and actions taken to create or enhance an IS, computer network configuration, or assurance posture in response to a CND alert or threat. |
True
|
|
|
|
CND Protect services are
A)Inactive B)Proactive C)Reactive |
proactive
|
|
|
|
What does CND Monitor, Analyze, and Detect Services provide. Say al that apply
A)CND situational awareness B)attack sensing and warning C)indications and warning |
CND situational awareness, attack sensing and warning, and indications and warning.
|
|
|
|
What data gives Department of Defense the ability to sense changes in DOD global information and computer networks
|
Attack Sensing and Warning (AS&W)
|
|
|
|
What are some characteristics of ASW Attack Sensing and Warning (AS&W)
A)detection, correlation, identification ,characterization B)detection,attack,evade,react C)detect,identify,react,attack, |
A)detection, correlation, identification , and characterization
|
The detection, correlation, identification , and characterization of a large spectrum of intentional unauthorized activity, including computer intrusion or attack
|
|
|
What does Indications and Warning (I&W) data gives the DOD
A)The ability to sense changes in adversary activities B)The ability to sense attacks before it happen C)The ability to warn |
The ability to sense changes in adversary activities
|
|
|
|
True or FalseI&W includes those intelligence activities intended to detect and report time-sensitive intelligence information on foreign developments that could involve a threat to the United States or allied military, political, or economic interests or to U.S. citizens abroad.
|
True
|
|
|
|
True or False
The intelligence community provides indications and warning for only national states and transnational groups. |
False
The intelligence community provides indications and warning for foreign threats from national states and transnational groups. |
|
|
|
True or False It is the expectation that C/S/As and field activities will implement and institutionalize the guidance, procedures, and policies described in this methodology in a way that yields the intended results (as described throughout) and sustains the global, regional, and local capabilities necessary to maintain and operate a robust and effective incident handling program.
|
True
|
|
|
|
What are the basic process for DOD incident handling and lyfe cycle can be grouped into the following processes or phases
|
Detection of events(2) Preliminary analysis and identification of incidents.
Preliminary response actions. Incident analysis Response and recovery. Post-incident analysis |
|
|
|
Where is the incident report submitted to
|
Joint CERT Database (JCD)
|
|
|
|
The incident handling lifecycle shares similar characteristics with a business and military strategy known as what
|
The Observe, Orient, Decide, and Act (OODA) Loop.
|
|
|
|
What is done in the observe stage of the OODA loop for DOD
networks and systems.Name all that apply. a)Monitor b)Detect c)Assest d)Analyze |
Monitor and detect anomalous or suspicious activity within DOD networks and systems.
|
|
|
|
Explain Orient in the OODA loop
|
Collect, validate, and analyze information available about an incident to characterize the perceived threat and identify, with confidence, the nature, scope, root cause(s), and potential impact of an incident.
|
|
|
|
Based on available information during the Decide phase in in the OODA loop we can
A) identify the necessary courses of action required to contain the incident, eradicate the risk, and recover from the incident. B) Decide the necessary courses of action required to elimanate the problem and prevent future problems C) identify the necessary courses of action required to contain the incident, disperse security, and recover from the incident. |
A) identify the necessary courses of action required to contain the incident, eradicate the risk, and recover from the incident.
|
|
|
|
Explain Act in the OODA loop
A)Execute the courses of action required to resolve and close the incident and subsequently perform a postmortem B) Execute orders given to ACT on intrusion c)Act out orders given with military combat |
Execute the courses of action required to resolve and close the incident and subsequently perform a postmortem
|
Execute the courses of action required to resolve and close the incident and subsequently perform a postmortem. As with military combat, the goal is to be more effective and quicker to execute defensive actions than the adversary is able to attack
|
|
|
What is OODA
|
Observe, Orient, Decide, and Act (OODA) Loop.
|
|
|
|
How many Incident report categories are there
A)7 B)9 C)8 |
9
|
|
|
|
What is category 1 for incident reporting and what precedence is it
A)Root Level Intrusion (Incident) B)User Level Intrusion (Incident) C)Explained Anomaly (Event) D)Malicious Logic (Incident) |
Root Level Intrusion (Incident) Precedence 1
|
|
|
|
What is category 2 for incident reporting and what precedence is it
|
User Level Intrusion (Incident
Precedence 2 |
|
|
|
What is category 3 for incident reporting and what precedence is it
|
Unsuccessful Activity Attempt (Event)
Precedence 4 |
|
|
|
What is category 4 for incident reportingand what precedence is it
|
Denial of Service (Incident)
Precedence 3 |
|
|
|
What is category 5 for incident reporting and what precedence is it
|
Non-Compliance Activity (Event
Precedence 6 |
|
|
|
What is category 6 for incident reporting and what precedence is it
|
Reconnaissance (Event
Precedence 7 |
|
|
|
What is category 7 for incident reporting and what precedence is it
|
Malicious Logic (Incident)
Precedence 4 |
|
|
|
What is category 8 for incident reporting and what precedence is it
|
Investigating (Event)
Precedence 8 |
|
|
|
What is category 9 for incident reporting and what precedence is it
|
Explained Anomaly (Event)
Precedence 9 |
|
|
|
What Topics do CJSM 6510.01A
|
A – Incident Handling Program
B – Incident Handling Methodology C – Incident Reporting D – Incident Analysis E – Incident Response F – Collaboration with Other Strategic Communities G – CND Incident Handling Tools |
|
|
|
What are the two main types of reporting structures
|
Technical Reporting Structure
Additional Reporting Structures |
|
|
|
Who falls under the technical reporting structure
|
This structure consists primarily of Global USSTRATCOM (JTF-GNO) (Tier One), Regional/Theater/C/S/A (Tier Two) CNDSPs, and Local (Tier Three) organizations and describes the interactions between each of the Tier levels
|
|
|
|
Which group falls under Additional Reporting structure
|
This group includes other reporting structures that may be required in support of the IC, LE/CI, operational, and any other external organizations, as appropriate.
|
|
|
|
What is DOD instruction 8500.2
|
Information Assurance (IA) Implementation
|
|
|
|
What is the purpose of DOD instruction 8500.2 Information Assurance (IA) Implementation
|
Implements policy, assigns responsibilities, and prescribes procedures for applying integrated, layered protection of the DoD information systems and networks
|
|
|
|
Who oversee implementation ofDOD instruction 8500.2
|
Assistant Secretary of Defense
|
|
|
|
IAW Information Assurance (IA) Implementation what are some roles of the Assistant secretary of Defense. Say all that apply
A)Manage the Defense-wide Information Assurance Program (DIAP) office B)Publish the DoD CIO Annual IA Report C)Provide oversight of DoD IA education, training, and awareness activities |
-Manage the Defense-wide Information Assurance Program (DIAP) office
-Publish the DoD CIO Annual IA Report -Provide oversight of DoD IA education, training, and awareness activities |
|
|
|
True or False
The SOD maintain liaison with the office of the Intelligence Community (IC) Chief Information Officer (CIO) to ensure continuous coordination of DoD and IC IA activities and programs |
True
|
|
