Term
The cyber surety journeyman manages all of the folowing programs except...
COMPUSEC
INFOSEC
EMSEC
COMSEC |
|
Definition
|
|
Term
| What is the fourth step in the operational risk management(ORM) process? |
|
Definition
| Make decisions based on cost vs. benefit. |
|
|
Term
| What is the minimum lethal milli-ampre current. |
|
Definition
|
|
Term
| Which type of network typically provides wireless broadband services? |
|
Definition
| Wireless Wide Area Network (WWAN) |
|
|
Term
| To use VPN products, obtain interim approval from? |
|
Definition
| Services and Integration Division (SAF/XC) |
|
|
Term
| Which bound media has a core surrounded by cladding and a second layer surrounded by glass or plastic? |
|
Definition
|
|
Term
| In which Network does every device have exactly two neighbors? |
|
Definition
|
|
Term
| Which network integrates multiple topologies? |
|
Definition
|
|
Term
| Which class of Internet protocol addresses is used for very large networks? |
|
Definition
|
|
Term
| Which protocol has the job of verifying the correct delivery of data from client to server? |
|
Definition
| Transmission Control Protocol (TCP) |
|
|
Term
| Which protocol is and Internet Engineering Task Force (IETF) standard design to reduce the administration burden and complexity of configuring hosts on a TCP/IP-based network? |
|
Definition
| Dynamic Host Configuration Protocol (DHCP) |
|
|
Term
| As the migration to the Internet Protocol (IP) V6 continues, many organizations rely upon what to compensate for the lack of usable IP addresses? |
|
Definition
|
|
Term
| The sequence of leading bits in an internet protocol used to identify the network portion of an IP address is called? |
|
Definition
|
|
Term
| Breaking down the packets addresses to act as a gateway to allow traffic to pass between networks involves what transition technology? |
|
Definition
|
|
Term
| Setting up a secure point to point communication is called? |
|
Definition
|
|
Term
| Network resources must be consistently controlled and monitored to control access to the network while... |
|
Definition
| minimizing risks posed by various cyberspace threats. |
|
|
Term
| When coupled with standard network policy, the standard desktop configuration (SDC) substantially... |
|
Definition
| improves network security. |
|
|
Term
| To make it possible for replacement administrators to accomplish the same tasks as their predecessors, administrators must be in the habit of... |
|
Definition
| keeping complete and accurate documentation of all configuration changes. |
|
|
Term
| With the consolidation of several Network Operations and Security Centers (NOSC), the airforce... |
|
Definition
| achieves near end-to-end command and control capability. |
|
|
Term
| Which WiFi standard is the slowest yet least expensive? |
|
Definition
|
|
Term
| Which wireless encryption standard originally intended to create a wireless security platform that would perform as securely as traditional wired network by providing data encryption? |
|
Definition
| Wired Equivalency Privacy (WEP) |
|
|
Term
| What shall be assigned to all Department of Defense information systems that is directly associated with the importance of information contained relative to achieving DOD goals and objectives? |
|
Definition
| Mission assurance category. |
|
|
Term
| Requirements for availability and integrity are associated with... |
|
Definition
|
|
Term
| Who is responsible for verifying proper security clearances and background checks prior to granting access to Air Force Global Information Grid (AF GIG)? |
|
Definition
|
|
Term
| Initial information assurance (IA) awareness for all network users ensures all of the following except that users... |
|
Definition
| have met investigation requirements. |
|
|
Term
| Which common access card (CAC) certificate would be used to sign an enlisted performance report? |
|
Definition
|
|
Term
| With what agency must the contract manager validate a contractor emplyee's need to obtain a government PKI certificate? |
|
Definition
| Local Registration Authority/Trusted Authority (LRA/TA) |
|
|
Term
| When network password composition rules are not automatically enforced, what process should network administrators use to enforce password stringency? |
|
Definition
|
|
Term
| Report loss or suspected loss of removable media containing controlled unclassified information (CUI) or personally identifiable information (PII) according to reporting procedures in which Air Force Instruction (AFI)? |
|
Definition
AFI 33-138 Enterprise Network Operations Notification and Tracking
|
|
|
Term
| Which Air Force Instruction guides security policy and guidelines and government contractors? |
|
Definition
| AFI 31-601 Industrial Security Program Management |
|
|
Term
| What type of access is given to remote users who access, download, or upload data? |
|
Definition
|
|
Term
| What type of access is given to remote users who perform trouble shooting, configuration,changes, or systems reviews? |
|
Definition
|
|
Term
| When ever possible, in which environment would you run the Unix Apache server? |
|
Definition
|
|
Term
| To improve system security, several services that are on many Unix systems can be disabled except... |
|
Definition
|
|
Term
| When vulnerabilities are discovered within the Windows operating system and its other products, Microsoft releases... |
|
Definition
|
|
Term
| A companion file virus is one that... |
|
Definition
| renames the original file and writes itself with the original files name. |
|
|
Term
To virus protect your system, make sure you perform all of the following steps except...
- Log off your computer daily
- Install the latest updates and service packs.
- Update your anti-virus software.
- watch for files with .exe, .bat, and .scr attachments.
|
|
Definition
| Log off your computer daily. |
|
|
Term
| By providing users with the necessary level of access to perform their jobs, you are... |
|
Definition
| using least privilege principle. |
|
|
Term
| What category is an incident in which an unauthorized person gained user-level privileges on an Air Force computer/information system/network device? |
|
Definition
|
|
Term
| What category is an incident in which an Air Force computer/informtion system/network was denied use due to an overwheliming volume of unauthorized network traffic? |
|
Definition
|
|
Term
| What is the lowest level information condition (INFOCON)? |
|
Definition
|
|
Term
| All agencies/organizations implement information condition (INFO CON) measures except? |
|
Definition
| Air Force network operating center network control division |
|
|
Term
| What type of certificate authenticates the identity of a user? |
|
Definition
|
|
Term
| What should be implemented on desktop systems connected to the critical networks to prevent unauthorized people from gaining control of the system when the system is powered up? |
|
Definition
|
|
Term
| Who reviews information assurance assistance program (IAAP) reports and has the final authority to downgrade IAAP report ratings when it is clear that incidents or deviations are involved? |
|
Definition
| Headquarters Air Force Integration Center (HQ AFNIC) |
|
|
Term
| Which agency conducts assessments of wing information assurance (IA) programs using AF Form 4160 every 2 years or sooner? |
|
Definition
|
|
Term
| Threats that include flaws in building construction, improper implementation of utilities, inadequate wiring, and poor housekeeping can be best classified as what type of threat? |
|
Definition
|
|
Term
| Dagaussing with an NSA approved degausser is the only way to clear which media type? |
|
Definition
|
|
Term
| No procedures exist for cleaning which type of media? |
|
Definition
| Programmable read-only memory and optical media. |
|
|
Term
An example of when Sanitization and declassification are not appropriate is when?
|
|
Definition
| When changing modes of operation or prior to reuse. |
|
|
Term
| Sanitizing sealed disks, removable disk packs, magnetic bubble memory, core memory, and flash memory is not complete until how many passes with a degausser? |
|
Definition
|
|
Term
| The corre ctivity of a Type II extended range degausser is |
|
Definition
|
|
Term
| How often must a degausser be recertified for the first two years of operation? |
|
Definition
|
|
Term
| From which media type must you remove the outer chassis and electronic circuit boards whe npractical prior to destroying? |
|
Definition
|
|
Term
| To ensure integrity of the overwriting process, overwriting software must have the following functions and capabilities except? |
|
Definition
| Providing a validation cetificate indicating that the procedure was completed properly. |
|
|
Term
| When overwriting hard drives, examine what minimum percentage to verify the overwriting process? |
|
Definition
|
|
Term
| What standard form label is used as a data descriptor label? |
|
Definition
|
|
Term
| Who has the authority to impose restrictions upon, and prohibit the use of, government owned removable information systems storage media for classified systems or networks? |
|
Definition
| Designated approving authority. |
|
|
Term
| For in-transit storage, an installation commander can authorize what classification to be kept on the flight line? |
|
Definition
|
|
Term
| Which Air Force Systems Security Instruction (AFSSI) provides the overall implementation of Department of Defense's (DOD) TEMPEST program for the Air Force? |
|
Definition
|
|
Term
| Emissions Security (EMSEC) reassessments are made when any of the following take place except what? |
|
Definition
| Begining to process clasified information. |
|
|
Term
| In basic circuit theory, if the power source is disconnected or if there is a break in the wire, then there is a loss of |
|
Definition
|
|
Term
| The main source of compromising emanations is the result of ... |
|
Definition
|
|
Term
| A facility with an inspectable space of more than 20 meters but less than 100 meters would be considered to be in what facility zone? |
|
Definition
|
|
Term
| Equipment with an equipment radiation TEMPEST zone (ERTZ) OF 20 TO 100 meters would be considered to be in what equipment zone? |
|
Definition
|
|
Term
| A Protective Distribution System (PDS) is usually installed between two... |
|
Definition
| Controlled access areas (CAA) |
|
|
Term
| Before selecting a protective distribution system (PDS), with what two entities must the requesting agency consider other communication security (COMSEC) solutions first? |
|
Definition
| Communications and information system oficer (CSO) and system telecommunications engineering manager (STEM) |
|
|
Term
| Who is the final authority granting approval to operate a protective distribution system (PDS)? |
|
Definition
| Information systems offcer (ISO) |
|
|
Term
| Within how many minutes should an individual respond if a protective distribution system (PDS) alarm is activated? |
|
Definition
|
|
Term
| What is the risk outcome that results in the physical loss of assets rendering them inoperable and usually requiring replacement? |
|
Definition
|
|
Term
| What is the risk outcome that results in the loss of services provided by the operation of an information systrem (IS) forr a period of time? |
|
Definition
|
|
Term
| In which phase of the Department of Defense information assurance certification and accreditation process (DIACAP) does the AF-DAA review the recommendations and issue an approving/authorization to operate (ATO)? |
|
Definition
|
|
Term
| Cyber Surety specialists do not review information system audit logs to... |
|
Definition
| report fraud waste and abuse. |
|
|
Term
| Automated security incident measurement (ASIM) transcripts are controlled and are only released with approval from? |
|
Definition
| Air Force network operations center (AFNOC) |
|
|
