PKI
The NSS token requires a PIN that contains at least __ digits.
8
When an ETA enrolls a Token, a user:
C. Both A & B
Which of the following does NOT appear on a TA spreadsheet?
Enrollment Password
A PKI Trusted Agent will need to successfully complete the training program provided by the Committee on National Security Systems (CNSS).
False
A TRUSTED AGENT (TA) MAY ALSO SERVE AS AN ENHANCED TRUSTED AGENT (ETA).
False
A Trusted Agent will need to successfully complete the training program provided by the CNSS.
False
An ETA can authorize a request for certificate suspension or revocation.
False
An end user can use an intermediary to provide authentication as long as they submit a prior request to the RA/LRA.
False
Do not include the subscriber's SIPRNet email address on the DD Form 2842.
False
IF TA CANNOT RESET A NIPRNET ASCL WITH THE UNLOCK CODE, THE ETA MAY PROVIDE ASSISTANCE.
False
If the TA cannot reset a NIPRNet ASCL with the unlock code, the ETA may provide assistance.
False
Organizations can appoint TA's according to their own operational needs.
False
Organizations can approve ETA's according to their operational needs.
False
The 90meter SCM middleware is used to download certificates to the SIPRNet token.
False
The ETA is not required to be a DOD employee (military, government or contractor).
False
The ETA provides a blank token and requests a CRI from an RA or LRA. Once the CRI is issued, the ETA downloads information onto the token and resets the user PIN.
False
The SCM 90meter middleware is used to download certificates to the SIPRNet token.
False
The TA has privileged access to PKI components/software.
False
The TA is not required to be a DoD employee (military, government or contractor).
False
The acronym TMS stands for Token Management Station.
False
This is a CBT module with an emphasis on training the Enhanced Trusted Agent.
False
Tokens can ONLY be secured in a safe drawer prior to being created and issued.
False
Tokens must be secured in a safe drawer prior to being issued.
False
WHEN A SUBSCRIBER SEPARATES OR RETIRES THEY MUST RETURN THEIR TOKEN TO THEIR SUPERVISOR.
False
When a subscriber separates or retires they must return their token to the TA.
False
The TA must protect from theft, loss or unauthorized access to which of the following:
G
Where would you find the identity source document requirements for customers without a CAC ID?
I-9
Where would you find the identity source document requirements for customers without a CAC?
I-9
Which of the following roles make up the LRA operations staff? (Select all that apply)
LRA ISSO SA
TA appointment orders must be submitted through __ for approval by__.
Local Leadership Local LRA
ETA Nomination Request Memorandums must be submitted to __ for approval.
NETCOM
A subscriber can share his/her private signing key with:
No One
A subscriber may share his/her private signing key with:
No One
Enhanced Trusted Agents can authorize ___.
None of the Above
An Enhanced Trusted agent may ______.
None of the above
An Enhanced Trusted agent may:
None of the above
A NSS token inserted into an unclassified Card Reader with the PIN not entered is ___.
Not a security Violation
If a NSS token is inserted into an ASCL/NEATS or CAC reader and the pin is not entered this is:
Not a security violation
A Trusted Agent may__.
Perform in-person verification
Enhanced Trusted Agent system requirements are comprised of all of the following except:
SIPRNet Work Station Active SIPRNet Account 90M 2 Card Readers
In addition to verifying the subscriber's identity, which of the following does the LRA/TA verify? (Select all that apply)
Security Clearance SIPRNet AD Account SIPRNet Account
A SIPRNet token inserted into an unclassified Card Reader with the PIN entered, is considered a security violation and requires immediate action.
True
A TA can submit a Suspension or Revocation request.
True
A Trusted Agent will need to have a final SECRET clearance, active SIPRNet email and network accounts.
True
An Enhanced Trusted Agent (ETA) may perform some LRA functions.
True
An Enhanced Trusted Agent will require a final SECRET clearance, active SIPRNet email and network accounts.
True
As part of the TMS process when resetting locked PINs, the ETA verifies the subscriber's information to include their CC/S/A.
True
Commanders must ensure that the organizations Trusted Agents are notified of departing personnel and whether each individual will retain his/her SIPRNet token.
True
Do not include the subscriber's SIPRNet email address on the DD Form 2842 when requesting NIPR ASCL/NEATS tokens.
True
ETAs have privileged access to PKI components and software.
True
Enhanced Trusted Agents will strive to replace a defective or inoperable token within 24 hours of notification.
True
Failure to protect the integrity of the PKI can result in disciplinary actions.
True
If a NSS token is damaged and the PIN cannot be reset, the TA or ETA will contact the RA/LRA for a new token for the subscriber.
True
If a SIPRNet token is inserted into an ASCL/NEATS or CAC reader and the PIN entered, this is a security violation and requires immediate action.
True
If a TA is terminated for cause (e.g., negligence, possible unauthorized use of the private key, etc.), it is treated as a compromise effective the date when the activity causing termination started.
True
If a token is damaged and the PIN cannot be reset, the ETA will submit a revocation request to the supporting RA/LRA.
True
Improper handling of PKI key & tokens, to include disclosure or release to unauthorized persons, will result in reprimand, suspension or removal from position.
True
Improper handling of PKI keys & tokens, to include disclosure or release to unauthorized persons, will result in reprimand, suspension or removal from position.
True
In centralized issuance, the LRA sends the token and PIN to the subscriber before the subscriber signs the DD Form 2842.
True
Military, civilian and contractor personnel may be subject to administrative and/or judicial sanctions if they knowingly, willfully, or negligently compromise, damage, or place Army information systems at risk by not complying with Federal, DOD and Army Cybersecurity policies and procedures.
True
Non-issued NSS tokens must be protected from theft by storage in a container or area authorized for storage of sensitive or classified material.
True
Re-registration will only occur after a Subscriber has been initially registered.
True
The ETA or TA can create a SIPRNet PIN Reset CRI via the Token Management System (TMS) without any RA/LRA assistance.
True
The ETA will review paperwork, confirm eligibility for a SIPRNet token, provide in-person identification verification, and assist the subscriber in completing the DD Form 2842.
True
The ETAs main purpose is to replace a broken or inoperable token within 24 hrs of notification.
True
The NSS Registration Workstation will not contain ActivClient middleware
True
The NSS Registration Workstation will not contain ActiveIdentity/ActiveClient middleware.
True
The Nomination and Acknowledgement of Enhanced Trusted Agent (ETA) Responsibilities form must include the name and signature of an alternate ETA.
True
The Nomination and Acknowledgement of Trusted Agent (TA) Responsibilities form must include the name and signature of an alternate TA.
True
The TA can request "Unlock Codes" from the LRA/RA and unlock the PIN on a locked NIPRNet ASCL token.
True
The TA gathers and forwards subscriber registration information to the issuing LRA.
True
The TA must have no duties that would interfere or conflict with their responsibilities.
True
The TA will review paperwork, confirm eligibility for a SIPRNet token, provide an in-person identification verification, and assist the subscriber in completing the DD Form 2842.
True
The TA/ETA can utilize the Token Management System (TMS) to reset the PIN on a locked SIPRNet token.
True
The subscriber will meet face-to-face with the ETA to receive their token.
True
The subscriber will meet in-person with the TA to receive their token.
True
This is a learning module with an emphasis on training the Enhanced Trusted Agent.
True
To re-register NSS Subscribers or re-issue a NSS token and the Subscriber still possess the token with valid certificates, the CRI can be sent to them via a signed and encrypted S/MIME message on SIPRNet.
True
Trusted Agents/Enhanced Trusted Agents must have no duties that would interfere or conflict with their responsibilities.
True
When requesting NSS tokens, the TA sends the spreadsheet for applicants via the SIPRNet.
True
The number of TA's recommended at each location is two in direct support to ensure continuity in case one is on leave, TDY, or sick.
True **A minimum of two co-located TAs are required; three are recommended at each duty station to avoid a single point of failure or interruption of service**
If a SIPRNet token is inserted into an unclassified Card Reader and the PIN entered, the subscriber must report the event to the ___.
Trusted Agent
Which of the following responsibilities are associated with the LRA role? (Select All That Apply)
Verify Subscribers Identity Enroll Subscribers
Which of the following responsibilities are associated with the role of the Trusted Agent?
Verify Subscribers Identity Install Firefox
Which of the following responsibilities are associated with the ETA role? (Select all that apply)
Verify Subscribers Identity Reset PIN
Enhanced Trusted Agent (ETA) system requirements include which of the following:
All of the Above
The TA/ETA must protect from theft, loss or unauthorized access to which of the following.
All of the Above
Trusted Agents cannot authorize ___.
All of the above
When an ETA enrolls a Token, a subscriber must___.
Both A 7 B
In order to reset SIPRNet token PINs, the TA must have __ software on their workstation.
CIW
WHAT DATA DOES THE SUBSCRIBER PROVIDE THE LRA TO LOOKUP THE SUBSCRIBER'S S-DEERS INFORMATION?
DOD ID
What data does the subscriber provide the TA/ETA to lookup the subscriber's S-DEERS information?
DOD ID
