Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
154 Cards in this Set
- Front
- Back
What is an occurance not, not yet assessed, that may affect the perfomance of an information system?
|
Event
|
|
What physical and cyber based systes are essential to the minimum operations of the economy and goverment? |
Critical Infrastructures
|
|
What is the weakness in an information system, system security procedures, internal controls or implementation that could be exploited?
|
Vulnerability
|
|
What provides visibility of extent and intensity of the activity, traffic, load and throughput potential, as well as detection of the significant degradation of service?
|
Network Management
|
|
What is an information system assessed occurrence havinf actial or potentially adverse effects on an IS?
|
Incident
|
|
Which INFOCON level has increased intelligence watches and strengthened securtiy measures of DOD informantion systems and networks?
|
Alpha
|
|
What provides globally interconnected capabilities, processes and personnel for collecting, processing, storing, disseminating, and managing information for all DOD war-fighters, policy makers and support-personnel? |
Global Information Grid
|
|
What is a formal description and evaluation of vulnerabilities of an information system?
|
Vulnerability Assessment
|
|
Who is the individual responsible for the information assurance program of a DOD information system or organization? |
Information Assurance Manager
|
|
Which type of threats describes common hacker tools and techniques used in a non-sophisticated manner?
|
First Generation
|
|
What focuses on affecting human decision processes to achieve friendly objectives? |
Information Operations
|
|
What are teams composed of personnel with techinical expertise and organic equipment that may deploy to assist remote sites in the restoration of computer services?
|
Computer Emergency Response Team
|
|
Wat is an organizational, procerdural, and technological construct for ensuring information superiority and enabling speed of command for the war-fighter?
|
NETOPS
|
|
Who is the official with the authority to formally assume responsibility for operating a system at an acceptable level of risk?
|
Designated Approving Authority |
|
What is the oppurtunity to make use of an information system resource? |
Access |
|
Certification and accreditation of information systems that process Top Secret Sensitve Compartmented Information will comply with the requirements of what?
|
Director of Central Intelligence Directive
|
|
What enables operations and intelligence collection to gather data from a target or adversary automated information systems or networks?
|
CNE
|
|
What are automated methods of authentication or verifying an individual based upon a physical or behavorial characteristic? |
Biometrics |
|
What provides the timely, reliable access to data and services for authorized users?
|
Availability`
|
|
What are the measures that protect and defend information and informaton systems by ensuring availability, integrity, authenticatioon, confidentiality, and non-repudiation?
|
Information Assurance
|
|
What limits access to information system resources only to authorized users, programs, processes or other systems?
|
Access Control
|
|
What is the formal declaration by a DAA that an information system is approved to operate in a particular security mode at an acceptable level of risk?
|
Accreditation
|
|
What integrates an organized, manned, equipped and trained workforce to guard, and secure information and information systems by providing the security services/attributes of NCIAA?
|
IA
|
|
What is a type of incident resulting from any action or series of actions that prevents any part of an information system from functioning?
|
DDoS
|
|
What is the possiblity that a particular threat will adversely impact an IS by exploiting a particular vulnerability?
|
Risk
|
|
Which INFOCON level has a further increase in CND force readiness above that required for normal readiness?
|
Bravo
|
|
Which INFOCON level is described as the maximum CND force readiness?
|
Delta
|
|
What is the collection of computing enviroments connected by one or more internal networks under the control of a single authority and security policy, including personnel and physical security?
|
Enclave
|
|
What is the quality of an information system reflecting the logical correctness and reliability of the operationg system?
|
Integrity
|
|
Who is responsible for developing and providing US military policy, positions, and concepts supporting CND and IA?
|
Chairman of the Joint Chiefs of Staff
|
|
What is a program recorded in a permanent or semi-permanent computer memory?
|
Firmware
|
|
Who is the individual responsible for to the IAM for ensuring the apporpriate operational IA posture is maintained for a DOD information system or organization?
|
Terminal Area Security Officer
|
|
What is the probability that a particular vulnerability will be exploited within an interacting population and adversely impact some members of that population?
|
Community Risk
|
|
What is DOD consolidated worldwide enterprise level telecommunications infrastructure that provides the end-to-end information transfer network for supporting military operations?
|
Defense Information Systems Network
|
|
What is hardware, software or firmware capable of performing an unauthortized function on an information system?
|
Malicious Logic
|
|
Which type of threats describes state-sponsored computer network attack or espionage?
|
Third Generation
|
|
Which INFOCON level is described as a normal readiness of DOD information systems and networks?
|
Normal
|
|
What consists of actions and operations to defend computer systems and networks from unauthorized activites that degrades mission performance and adversely impact survivability?
|
CND |
|
What is a system designed to defend against unauthorized access to or from a private network?
|
Firewall
|
|
What is a security measure designed to establish the validity of a transmission, message, or originator, or as a means of verifying an individual's authorization to access specific categories of information?
|
Authentication
|
|
What is the ability to rapidly collect, process, an disseminate information while denying these capabilities to adversaries?
|
Information Superiority
|
|
What are operations to disrupt, deny, degrade or destroy information resident in computers and computer networks, or the computers and networks themselves?
|
CNA
|
|
What kind of plan is maintained for emergency response, backup operations, and post-disaster recovery for an information system, to ensure the availability of critical resources and to facilitate the continuty of operations in an emergency situation?
|
Contingency Plan
|
|
What is a chronological record of system activities to enable the reconstruction and examination of the sequence of events and/or changes in an event?
|
Audit Trail
|
|
What is the assurance the sender of the data is provided with proof of delivery and the recipient is provided with the proof of sender's identity, so neither can later deny having processed the data?
|
Non-Repudiation
|
|
What is the unauthorized act of bypassing the security mechanism of a system? |
Intrusion
|
|
Which instruction states all DOD information systems and networks will be certified and accredited IAW with the DOD policy and guidance, currently the DOD Information Technology Security Certification and Accreditation Process?
|
DOD Instruction 5100.40
|
|
What does network management enable based on priority, system status and capacity?
|
Dynamic rerouting
|
|
What provides the assurance the information is not disclosed to unauthorized entities or processes? |
Confidentiality
|
|
Which type of threats describe non state-sponsored computer network attack, espionage or data theft?
|
Second Generation
|
|
What integrates the three primary functions of network management, information dissemination management and IA?
|
NETOPS
|
|
What is the process of tracing information system activities to a responsible source known as
|
Accountability
|
|
Where will sensitivity and IT positions determinationsbe recorded?
|
JPAS
|
|
Who provides centralized coordination and direction for signals intelligence and communications security for the Federal Government?
|
National Security Agency
|
|
Following an unfavorable security determination, a request to reestablish eligibilty may be submitted after a reasonable passage of time, normally a minimum of how many months after the concluding unfavorable determination either by PSAB if appeal rights were exercised
|
12 months
|
|
PSIs will not normally be requested for any civilian or military personnel who will be retired, resigned, or seperated with less than?
|
One year service remaining
|
|
How often must all personnel who have access to classified information receive a refresher briefing designed to enhance security awareness?
|
Annually
|
|
The sensitivity level that has the potential for some to serious impact and/or damage is known as?
|
Non-critival Sensitive
|
|
Which mandate was enacted to preclude the intitial granting or renewal of security clearance eligibilty by the DOD under specific circumstances?
|
Smith Amendment
|
|
The importance given by the commanding officer determines the effectiveness of what?
|
Commands Security Program
|
|
Who is the only entity that can authorize temporary access for SCI?
|
DONCAF
|
|
Who is responsible for deciding appeals of unfavorable perosonnel security determinations, including SCI access, made by the DONCAF?
|
Department of the Navy Personnel Security Appeals Board
|
|
How often should the Personnel Security Appeals Board convene?
|
Monthly
|
|
Who is the senior DOD official charged by the Secretary of Defense with responsibility for development of policies and procedures governing information and personnel security policy programs?
|
Under Secretary of Defense for Intelligence
|
|
The sesnitivity level that has the potential for grave to exceptionally grave impact and/or damage is known as?
|
Critical Sensitive
|
|
Who is responsible for day-to-day Personnel Security Program management?
|
Commanding Officers
|
|
The designated security manager of a command must have a favorably adjudicated SSBI or SSBI-PR completed within the past?
|
5 years
|
|
Who must be a U.S. citizen, and either officers, enlisted persons E-6 or above, or civilians G5-6, or above and designated in writing?
|
Assistant Security Manager |
|
Who is responisble for policy guidance, education requirements and support for the DON security education program?
|
CNO
|
|
DOHA will normally schedule the personal appearance to be accomplished within how many days of receipt of the individual request?
|
30 days
|
|
Who provides overall policy guidance on information and personnel security matters?
|
National Security Council
|
|
Access is only permitted to eligible individuals after determining that the individual has what?
|
Need to Know
|
|
The scope of an SSBI covers the most recent __ years of the subjects life or from the 18th birthday, whichever is shorter period
|
10 years
|
|
Who coordinates the intelligence efforts of the Army, Navy and Air Force and is responsible for implementation of standards and operational management of Sensitvie Compartmented Information for the DOD?
|
Defensive Intelligence Agency
|
|
The sensitivity level that has the potential for no impact and/or damage as duties have limited relation to the agency mission is known as?
|
Non-Sensitive
|
|
Who bears executive resonisbility for the security of the nation?
|
President of the United States
|
|
The sensitivity level that has the potential for inestimable impact and/or damage is known as?
|
Special Sensitive |
|
A break in service is when continuous service is disrupted for a period of time greater than how long?
|
24 months
|
|
Who is responsible for ensuring a visitors eligibility, access, and affiliation data are current and accurate in JPAS before allowing in a classified space?
|
Command sponsoring the visitor
|
|
Commands that handle Top Secret material will designate a Top Secret Control Officer in writing. The TSCO must be an?
|
Officer, senior non-commisioned officer E-7 or above, or a civilian employee, G5-7 or above
|
|
Prior to being granted inital access to classified information what form must individually fill out?
|
Classified Information Nondisclosure Agreement
|
|
What is defined as a removal from employment, suspension from employment of more tha 14 days, reduction in grade, reduction in pay, or furlough of 30 days or less?
|
Adverse Action
|
|
What is the federal government standard automated request tool for personnel securit investigation?
|
e-QIP
|
|
Who is responsible for directing the implementation of the information assurance program within the command?
|
IAM
|
|
All PSIs requested to support eligibility determination on DON employees are forwarded to who, when complete, for adjudication?
|
DONCAF |
|
Who is responsible for assigning responsibilities for overall managemnet of the Personnel Security Policy?
|
The Chief of Naval Operations, Special Assistant for Naval Investigative Matters and Security
|
|
How many levels of sensitivity are there?
|
Three and non-sensitive
|
|
The Policy Coordinating Commitee is composed of how many inter-agency committess estbalished by the National Security Presidential Directive to coordinate inter-agency national security policy issues?
|
17
|
|
Every command in the Navy and Marine Corps eligible to receive what is required to designate a security manager in writing?
|
Classified information
|
|
Presidential support duties personnel must have been the subject of a favorably adjudicated SSBU completed within how many months preceding selection?
|
12 months
|
|
What is a DOD tool to automatically query government and commmercial database between periodic reinvestigation cucles in order to detect serious yet unreported, issues of security concerns?
|
Automated Continuous Evaluation System
|
|
Which phase of security education is it when security procedures for the assigned postion are learned?
|
On the job training
|
|
What is defined as the ability and oppurtunity to obtain knowledge of classified information?
|
Access
|
|
Which instruction would you consult concerning foreign visitors, whether or not the visitor requires access to classifed, or CUI or material? |
SECNAVINST 5510.34A
|
|
What is currently approved method of requesting PSI products from OPM to support determination of eligibility for assignmetn to sensitive national securtiy positions or access to classified national security information?
|
Standard Form 86
|
|
Who is the Department of the Navy agency head responsible under EO 12968 for establishing and maintaining an effective PSP to ensure that access to classified information by each DON employeee is clearly consistent with the interests of national security?
|
SECNAV |
|
Individuals desiring to present a personal appeal must request a DOHA hearing within how many days of receipt of the Letter of Denial? |
10 days
|
|
How many members serve on the panel for the Personnel Security Appeals Board? |
Three |
|
What is a key component of an effective continuous evaluation program?
|
Effective security education program
|
|
Knowledge, possession of, or access to classified information is not provided to any individual by the virtue of the individuals what? |
Office, rank, or position |
|
What is the only reason to classify information? |
To protect national security |
|
Who is responsible for implementing the ISP and shall have direct access to the commanding officer? |
Security Manager |
|
What system is designed to assess, view areas, or detect intrusion? |
CCTV |
|
What are the priorities for emergency destruction? |
Top Secret, Secret, Confidential |
|
What is a multi-disciplinary analysis to determine the effect of a compromise of classified information on national security? |
Damage Assessment |
|
What is the analysis of encrypted messages; the steps or processes involved to converting encrypted messages into plain text without initial knowledge of the system of key employed in the encryption? |
Cryptanalysis |
|
What is a single classified word with a classified meaning? |
Code word |
|
What is the classification level applied to information whose unauthorized disclosure could reasonably be expected to cause damage to the national security? |
Confidential |
|
The authority to originally classify information as Top Secret, Secret, or Confidential rests with whom? |
SECNAV and officials delegated the authority to do so |
|
Which form will Commanding officers use for end of the day security checks to ensure that all areas which process classified information are properly secured? |
SF-701, Activity Security Checklist |
|
What designator identifies all COMSEC documents and keying material which are used to protect or authenticate classified or controlled unclassified government or government-derived information? |
CRYPTO |
|
what for is used for Security Container Information |
SF 700 |
|
Which form is used for Security Container Check Sheet |
SF 702 |
|
What is ta combination of tow non-code words that may or may not be classified and may or may not have a classified meaning known as? |
Exercise term |
|
After the initial discovery of a loss or compromise of classified material does the command have to initiate and complete a preliminary investigation? |
72 hours |
|
What consists of card reader devices and/or biometrics, such as hand geometry, iris or fingerprint scanners, and the computers to control them? |
Access Control Systems |
|
What program is a computerized database that provides for standardization, centralized management and issuance of all DON STCs? |
OPNAV 5512/5511 *Classifed Material Dest Report |
|
In a vault the floors and walls shall be constructed of __ inches of reinforced concrete to meet current structural standards |
8 |
|
Top Secret information shall be physically sighted or accounted for at least how often? |
Annually |
|
What is designed to provide a contractor with the security requirements and classification guidance needed for performance on a classified contract? |
DD-254
` |
|
Who exercises control over receipt, correction, stowage, security, accounting, distribution, and authorized destruction of all NWPs? |
NWP custodian |
|
In case of a natural disaster or civil disturbance, Commanding officers shall develop what? |
Emergency plan |
|
What consists of four tiers designed to provide an integrated, end-to-end key management, and Communications Security material generation, distribution, and accounting system for the Department of Defense and civilian agencies? |
Electronic Key Management |
|
What is an unauthorized disclosure of classified information to one or more persons who do not possess a current valid security clearance? |
Compromise |
|
Senate regulations require that all classified material intended for delivery to any Senator, staff member, Committee or other Senate office be delivered to where? |
Office of Senate Security |
|
What form is used for a Secret Label? |
SF 707 |
|
What is a combination of two unclassified words with an unclassified meaning known as? |
Nickname |
|
A cross-cut shredder shall reduce the information to shreds no greater than? |
Five square millimeters
|
|
The Original Classifying Authority shall attempt to establish a specific date or event for declassification, however the date or event shall not exceed __ years from the date of original classification? |
25
|
|
What is the classification level applied to information whose unauthorized disclosure could reasonably be expected to cause serious damage to the national security? |
Secret |
|
RESTRICTED DATA is defined in what act? |
Atomic Energy Act of 1954 |
|
Who shall ensure that IT systems provide for classification designation of data stored in internal memory or maintained on fixed storage media? |
Information Assurance Managers |
|
The terms Information Systems Security Manager and Information System Security Officer were replaced with that terms? |
Information Assurance Manager and Information Assurance Officer |
|
Classified documents need to be marked where to show the highest overall classification level of the information they contain? |
Face an Back Cover, Top and Bottom Center |
|
What are the classification authority, office of origin, warning notices, intelligence and other special control markings, and declassification/downgrading instructions of a classified document? |
Associated Markings |
|
Who is responsible for ensuring NATO information is correctly controlled and accounted for, and that NATO security procedures are observed? |
NATO contril officer |
|
Who establishes and publishes minimum standards, specifications, and supply schedules for containers, vault doors, modular vaults, and associated security devices suitable for the storage and destruction of classified information? |
General Services Administration |
|
What consists of monitors and electronic sensors designed to detect, not prevent, an attempted intrusion? |
Intrusion Detection System |
|
Classified information originated in a non-DoD department or agency shall not be disseminated outside the DoD without the consent of the originator except where specifically permitted is known as? |
Third Agency Rule |
|
The courier card (DD 2501) is valid for a maximum of how long? |
3 years |
|
What is the informal assessment of the security posture of a command to be used as a self-help tool? |
Assist Visit |
|
Crosscut shredders purchased prior to 1 Jan 2003 which reduce the information to shreds no greater tan 3/64 inch wide and 1/2 inch long may continue to be used until? |
October 2008 |
|
NATO is a military alliance of how many countries from North America and Europe? |
26 |
|
Who is a person who has a need-to-know for the specified classified information in the performance of official duties and who has been granted an eligibility determination at the required level? |
Authorized Person |
|
What is the classification level applied to information whose unauthorized disclosure could reasonably be expected to cause exceptionally grave damage to the national security? |
Top Secret |
|
What level of control shall be afforded to classified information? |
Commensurate with its assigned security classification level |
|
What are the primary reference source for derivative classifiers to identify the level and duration of classification for specific information elements? |
Security Classifying Guides |
|
What are the measures and controls prescribed to protect classified information known as? |
Safeguarding |
|
What information is exempted from mandatory declassification review? |
Information originated by the incumbent President and staff |
|
How many years if Total Active Federal Military Service are required to be eligible for advancement to E7? |
11 |
|
How many different selection board panel members review each candidate's record? |
2 |
|
What is the process called when the enlisted selection board panel arranges all the candidates from top to bottom once the review of an entire rating is complete? |
Slating |
|
What year was the Command Advancement Program established? |
1978 |
|
How many years of Total Active Federal Military Service are required to be eligible for advancement to E8? |
16 |