ConMon
Which of the following are examples of countermeasure used to guard against suspicious network activity via cyber intrusion, viruses, malware, and backdoor attacks?
All of the above
Which of the following is a role of risk management in continuous monitoring?
All of the above
Which of these are examples of unauthorized activity that can be detected by continuous monitoring?
All of the above
Which of the following describes how audit logs support continuous monitoring?
Audit logs run in a privileged mode and record all user activities such as unauthorized activity, access attempts, and modifications to folders, files, and directories.
Which of the following NISPOM chapters requires an individual's actions on an information system to be auditable?
Chapter 8
Which of the following describes how continuous monitoring supports interoperability, operational resilience, and operational reciprocity?
Continuous monitoring capabilities and tools ensure cybersecurity products operate in a net-centric manner to enhance the exchange of data and shared security policies.
Which of the following is true about Continuous Monitoring?
Ensures detection of unauthorized activity
Which of the following describes why an integrated configuration management process that integrates information security is needed?
Ensures the required adjustments to the system configuration do not adversely affect the security of the information system
Which of the following are a benefit of the Risk Management Framework (RMF)?
Ensures traceability and transparency across all levels of the organization.
Which of the following ensures that a process is in place for authorized users to report all cybersecurity-related events, potential threats, and vulnerabilities?
Information System Security Officer
Which of the following fundamental concepts does continuous monitoring support that means DoD information technology is managed to minimize shared risk by ensuring the security posture of one system is not undermined by vulnerabilities of interconnected systems?
Interoperability and operational reciprocity
Select ALL the correct responses. Which of the following are true about risk Assessment?
It analyzes the potential impact of loss of information or capabilities It is the process of analyzing threats and vulnerabilities
Which of the following configuration management controls focuses on configuring the Information System to provide only essential capabilities to limit risk and to prevent unauthorized connection of devices?
Least Functionality
During which step of the Risk Management Framework does continuous monitoring take place?
Monitor Security Controls
Select ALL correct responses. Which of the following describes how audit logs support continuous monitoring?
Select ALL ANSWERS -Provides intrusion detection -Provides individual accountability -Can be used for problem analysis -Can be used for reconstruction of events
Select ALL correct responses. Which of the following are examples of ways counterintelligence and cybersecurity personnel support continuous monitoring?
Select ALL ANSWERS -Producing and disseminating reports on trends in cyberattacks and espionage. -Making recommendations to industry and DoD organizations -Testing automated tools -Aggregation and analysis of suspicious network activity
During which step of the Risk Management Framework does continuous monitoring take place?
Step 6: Monitor Security Controls
Which of the following are the greatest target for our adversaries.
Technology Assets
How is Security Configuration Monitoring (SecCM) accomplished?
Through assessment and reporting activities
At what tier of the Risk Management Framework does continuous monitoring take place?
Tier 3 - the Information System level
True or False: DoD mandates a continuous monitoring capability that provides cohesive collection, transmission, storage, aggregation, and presentation of data that conveys current operational status, including intrusions and illicit insider access, to affected DoD stakeholders.
True
True or False: Implementing IS changes almost always results in some adjustment to the system configuration.
True
True or False: The Risk Management Framework (RMF) ensures organization-wide risk awareness and operational resilience.
True
Select ALL correct responses. Which of the following is the best definition of an audit trail?
-A record of system activity, application processes, and user activity
Select ALL the correct responses. Which of the following are true about how Information System Continuous Monitoring (ISCM)?
-Addresses configuration management and security control monitoring and assessment tasks to consolidate documentation, methods, and procedures -Address how to conduct security assessment and security impact analysis on changes.
Select ALL correct responses. Which of the following describes how Information System Continuous Monitoring (ISCM) supports the three-tiered approach to risk management?
-Addresses security status monitoring tasks -Addresses security status reporting tasks
Select ALL the correct responses. Which of the following are true about of the National Industrial Security Program (NISP)?
-Applies to all contractors with access to classified information -Defines industry requirements, restrictions, and safeguards -Ensures that cleared contractors protect classified information
Select ALL the correct responses. Which of the following describes the role of the National Industrial Security Program (NISP)?
-Applies to all contractors with access to classified information -Ensures that cleared contractors protect classified information -Defines industry requirements, restrictions, and safeguards
Select ALL correct responses. Which of the following are requirements for audits as outlined in the National Industrial Security Program Operating Manual (NISPOM)?
-Audit trail analysis and reporting of security events must be performed annually. -The information system must create an audit trail capable of recording changes to user formal access permissions. -Audit trail contents must be protected against unauthorized access, modification, or deletion. -Audit records must be retained for at least one review cycle or as required by the Cognizant Security Agency -Audit records must address individual accountability with unique identification and periodic testing of the security posture by the ISSO or ISSM.
Select ALL correct responses. Which of the following is key information provided in a security audit trail analysis?
-Blocking of a user ID, terminal or access port (and the reason) -Access denial for excessive logon attempts -Changes in user authentication
Select ALL the correct responses. Which of the following policies and guidance address continuous monitoring of information systems?
-DoDI 8500.01 -NIST SP 800-137
Select ALL the correct responses. Which of the following are security-focused configuration management (SecCM) roles in risk management?
-Ensuring that adjustments to the system configuration do not adversely affect the security of the information system -Establishing configuration baselines and tracking, controlling, and managing aspects of business development
Select ALL the correct responses. Which of the following describe how the Information System Continuous Monitoring (ISCM) strategy supports the Tier 3 - INFORMATION SYSTEMS?
-Focus on ensuring that all system-level security controls (technical, operational, and management controls) are implemented correctly, operate as intended, and produce the desired outcome. -Focuses on security status reporting on alerts, incidents, and threat activities.
Select ALL correct responses. Which of the following describes how the Information System Continuous Monitoring (ISCM) strategy supports the Tier 1 - ORGANIZATION?
-Focuses on how the organization plans to assess, respond to, and monitor risk -Focuses on the oversight required to ensure that the risk management strategy is effective
Select ALL correct responses . Which of the following describes how the Information System Continuous Monitoring (ISCM) strategy supports the Tier 2 - MISSION/BUSINESS PROCESSES?
-Focuses on the controls that address the establishment and management of the organization's information security program. -Includes establishing the minimum frequency with which each security control or metric is to be assessed or monitored.
Which of the following describes the relationship between configuration management controls and continuous monitoring?
-Implementing information system changes almost always results in some adjustment to the system configuration that requires continuous monitoring of security controls.
Select ALL the correct responses. Which of the following is a purpose of the Risk Management Framework (RMF)
-Implements cybersecurity through use of security controls -Emphasizes continuous monitoring and timely correction of deficiencies.
Select ALL the correct responses. Which of the following are benefits of integrated risk management?
-Provides operational integration and interoperability -Ensures traceability and transparency -Supports organization-wide risk awareness and operational resilience
Select ALL correct responses. Which of the following describes continuous monitoring countermeasures?
-Reporting intrusion attempts -Not relying on firewalls to protect against all attacks -Conducting frequent audits
Select ALL the correct responses. Which of the following describes how Information System Continuous Monitoring (ISCM) supports the three-tiered approach to risk management?
-Supports configuration management and security controls monitoring and assessment -Includes security status reporting tasks. -Addresses security status monitoring tasks.
Select ALL the correct responses. Which of the following describes how configuration management controls enable continuous monitoring?
-Supports organizational risk management -Ensures information security -Ensures protection features are implemented and maintained
Select ALL correct responses. According to the NISPOM, automated audit trails must include enough information to determine what?
-The Action -The date and time of the action -The system entity that initiated/completed the action -The resources involved
Select ALL correct responses. Which of the following are vulnerabilities and threats that are investigated as part of your continuous monitoring role?
-Unauthorized downloads or uploads of sensitive data -Unexplained storage of encrypted data -Unauthorized use of removable media or other transfer devices
Select ALL correct responses. Which of the following are detectable threats and vulnerabilities that can be detected through continuous monitoring (CM) capabilities?
-Unexplained storage of encrypted data -Downloading or installing non-approved computer -applications -Use of account credentials by unauthorized parties
Which of the following configuration management controls focuses on physical and logical access controls, workflow automation, and supports auditing of the enforcement actions?
Access Restrictions for Change
How does patch management integrate with security-focused configuration management (SecCM)?
All of the above
