Shared Flashcard Set

Details

2E251 Vol 3 UREs
AF CDCs
62
Other
9th Grade
09/14/2009

Additional Other Flashcards

 


 

Cards

Term
What is the advantage of initiating DoD IA certification and DIACAP early in the system life cycle of a DoD information system?
Definition
it is less expensive and problematic to implement IA and services
Term
What activity includes the tasks of assigning IA Controls and the assembly of the DIACAP team?
Definition
Initiate and plan IA Certification and Accreditation
Term
How many IATOs can be granted for one DoD information system?
Definition
two consecutive 180 day
Term
How often are information systems recertified and reaccredited?
Definition
once every three years
Term
What is considered a system upgrade?
Definition
a device driver install
Term
Who must be involved early in a network upgrade decision?
Definition
Designated approval authority (DAA)
Term
To who must you immediately report for analysis any changes to the software used for mission requirements of the system?
Definition
Certification authority (CA)
Term
What is a measure used to verify the eligibility of a subject and the ability of the subject to access certain information?
Definition
authentication
Term
What is categorized as "something you know" and used to provide access to your profile that determines what resources you are allowed to access?
Definition
the user's password
Term
What technique uses a hardware token for the DoD PKI and play a key role in the IA defense-in-depth strategy for unclassified and sensitive but unclassified data?
Definition
smart card
Term
What technique would involve the use of fingerprint scanning for authentication?
Definition
biometrics
Term
What threat consists of software instructions contained within a data file or application that cause an unexpected event to occur at a specified time?
Definition
malicious logic
Term
What protection is offered to all AF employees on their home computers?
Definition
anti-virus software
Term
What office does the NCC work with to identify and contain virus threats?
Definition
Wing Information Assurance
Term
What JTF-GNO action requires acknowledgement and compliance by each combatant command, service, and agency?
Definition
IA Vulnerability Alert
Term
What standardized mechanism is used to tell AFNOSC, NOSC, and NCCs to run and make changes to the Air Force Enterprise Network?
Definition
Time Compliance Network Order
Term
What are the four types of C4 NOTAMS?
Definition
informative, scheduled event, unscheduled event, and summary
Term
An important principle of the Defense-in-Depth strategy is that acheiving IA requires a balanced focus on what three primary elements?
Definition
people, technology, and operations
Term
What principle of Defense-in-Depth covers the deployment of nested firewalls at outer and inner network boundaries?
Definition
layered defenses
Term
What is the name of the Air Force initiative that defines and drives network information security?
Definition
barrier reef
Term
What is the name of the Air Force initiative that defines and drives network information security?
Definition
barrier reef
Term
What protection mechanism on routers defines traffic flow?
Definition
access lists
Term
What service provides the ability to coordinate communications between network systems, such as system backups, to a centralized backup device and allows for accurate logging of user access?
Definition
network time sourcing
Term
What category of computer security incidents apples when a macro virus infects an application or serious system vulnerability is discovered?
Definition
compromise of integrity
Term
What is one of the primary functions of the NCC, usually done in real time, and ensures the system is being operated within the parameters established by network security policy?
Definition
system monitoring
Term
What security posture prevents everything that is not specifically authorized?
Definition
default deny
Term
What security posture permits everything that is not specifically blocked?
Definition
open
Term
What is considered the first line of defense when gaining access to a laptop computer's OS?
Definition
logon ID and password combination
Term
Who has unrestricted access to system commands and data?
Definition
superusers
Term
What method is approved for changing passwords through the use of remote access?
Definition
strongly encrypted virtual private network
Term
What consists of one or more routers and host machines with filtering software containing a series of rules that accept or reject packets of information, connection types or application specific communications attempting to cross the network device?
Definition
firewall
Term
What type of firewall is used to separate secure sites, networks, or network segments from less secure areas?
Definition
bastion host
Term
What type of firewall can filter messages according to a set of rules for a specific application?
Definition
proxy server
Term
What are the two techniques of vulnerability scanner examinations?
Definition
passive and active
Term
Use of overwrite programs should be evaluated by?
Definition
the National Computer Security Center or assessed by the Air Force
Term
What software program protects classified data by erasing it from the disk so that it is unrecoverable, even using the most sophisticated hardware and software recovery techniques?
Definition
WipeInfo
Term
What action must you do to floppy disks, diskettes, and magnetic cards before they are considered sanitized?
Definition
degaussed
Term
Which of the following is a recommended destruction technique for core memory units?
Definition
pulverized
Term
What condition maintains accurate baselines of network assts as a major activity?
Definition
INFOCON 5
Term
What condition increases NetOps readiness, in preparation for operations or exercises, with a limited impact to the end-user?
Definition
INFOCON 4
Term
What condition increases readiness requiring further increase in frequency of validation of the information network and its corresponding configuration?
Definition
INFOCON 2
Term
The use of "hot-spare" equipment can substantially reduce downtime by allowing rebuilding in parallel during what condition?
Definition
INFOCON 2
Term
When classified documents, used for working purposes, are momentarily not in use, they must be?
Definition
kept face down or covered
Term
A descriptive wording reference concerning a COMSEC subject is a ?
Definition
long title
Term
Amendments and changes to COMSEC publications are distributed by a/an
Definition
message or amendment
Term
For COMSEC items, you must enter on AFCOMSEC Form 16, COMSEC Account Daily-Shift Inventory, the
Definition
short title
Term
Normally COMSEC users are issued no more than one month's supply of material; however, if a user needs more for an active mission, the COMSEC manager issues sufficient COMSEC aids to meet the need, but no more than
Definition
120 days worth
Term
Keep unused keytape segments in the keytape container until
Definition
the canister's effective period ends
Term
What is low-level signaling?
Definition
equipment that uses low voltage and current levels to reduce compromising emanations
Term
What unclassified short name refers to the investigations and studies of compromising emanations, usually electromagnetic or acoustic in nature?
Definition
TEMPEST
Term
What is the objective of RED/BLACK signal distribution?
Definition
To provide an organized scheme to transfer signals from the source (transmitter) to the sink (receiver) in such a manner that RED/BLACK integrity is maintained, interference is not intercepted from other sources, and interference is not created
Term
Tpically, what types of output (line side) signals are generated by modems, and waht is the frequency range of these signals?
Definition
analog signals in the voice frequency range of 300 to 4,000 Hz
Term
How can the possibility of EMI be minimized when using digital signaling?
Definition
Using low-level voltage, properly terminating all cable pairs, and ensuring shields are properly closed and grounded
Term
Where are surge, transiet, EMI/RFI, and EMP/HEMP protective measures applied to signal lines entering and leaving the facility?
Definition
at the facility entrance plates
Term
Terminations are made at signal distribution frames by using?
Definition
connectors and plugs, crimped taper pins, wire wraps, solder wraps, or insulation displacement techniques
Term
If possible, where should the prime power source be located when emission security is a concern?
Definition
totally contained within the CS
Term
What two types of power systems are used in facilities?
Definition
technical and non-technical
Term
What is the purpose of a non-technical power system?
Definition
To provide power to A/C, lighting, and housekeeping functions
Term
What is the purpose of a technical power system?
Definition
Provide power to equipment associated with the mission, including any lighting and environmental equipment essential to system operation
Term
You should install disconnect devices, non-inductive ringers, and speech suppression devices on a telephone that serves a limited exclusion area (LEA) to prevent the telephone from
Definition
becoming a microphone and compromising the LEA
Term
Why is line separation important in minimizing emanations?
Definition
the electromagnetic field surrounding a conductor reduces with distance
Term
Who should you consult before moving or installing any classified processor or moving or installing other devices near classified processors?
Definition
cognizant TEMPEST authority
Supporting users have an ad free experience!