3D052 V1 Self-Test

012 What are some examples of computer security incidents?

(1) Compromise of integrity—A macro virus infects an application or a serious system vulnerability is discovered. (2) Denial of service—An attacker disables a system or a worm saturates network bandwidth. (3) Misuse—An intruder (or insider) makes unauthorized use of an account. (4) Damage— Data destruction by a virus. (5) Intrusions—An intruder penetrates system security. (6) Alterations—Data is changed to affect system performance.

007 What are the three main components of SMARTS?

(1) Domain manager(s). (2) A broker. (3) Clients.

005 List the steps that you must take to provide accurate performance management.

(1) Gather statistical information (trend analysis). (2) Maintain and examine logs of system state (history). (3) Determine system performance under natural and artificial conditions. (4) Alter system modes of operation for the purpose of conducting performance management.

003 What are three areas of distributed responsibility does the DIICC consist of?

(1) Global. (2) Regional. (3) Local levels.

004 Briefly describe each of the four levels of activity that one must understand before applying management to specific services or devices?

(1) Inactive —This is the case when no monitoring is accomplished. (2) Reactive— This is where network support personnel react to a problem after it has occurred yet no monitoring has been applied. (3) Interactive— This is where you are monitoring components, but must interactively troubleshoot to eliminate the side-effect alarms and isolate to a root cause. (4) Proactive— This is where the automated monitoring components provide interactive problem analysis, giving a root cause alarm for the problem at-hand, and automatic restorative processes are in-place wherever possible to minimize downtime.

011 What are the five phases of the DIACAP process?

(1) Initiate and plan IA C&A. (2) Implement and validate assigned IA controls. (3) Make certification determination and accreditation decision. (4) Maintain authorization to operate and conduct reviews. (5) Decommission.

009 What are the three primary ways to authenticate oneself on the network?

(1) Knowledge based. (2) Possession-based. (3) Biometrics based, or to put it another way, something you know, something you have, and/or something you are.

006 What are the two types of nodes that make up the MIB tree?

(1) Labeled nodes. (2) Leaf nodes.

006 Briefly describe each of the two categories of SNMP.

(1) Managers—Typically a computer that is used to run one or more NMS applications (suite). (2) Agents—Responsible for monitoring, collecting and reporting management data to the management system.

005 What are the two functional categories of performance management? Describe each.

(1) Monitoring -The function that tracks historical data by tracking activities on the network. (2) Tuning-Deals strictly with the adjustment of the parameters on the network devices to improve their overall operation.

005 What are the two subsections of security management?

(1) Network security. (2) NMS security.

007 What two factors determine if a SMARTS map is opened with read-write access or with read-only access?

(1) Only one user can have a specific map opened with read-write access at anyone time. (2) You can use the file system (FAT or NTFS) to purposely allow specific users to read-write or read-only access to a map by setting permission to the files.

008 What are the three types of active tests that are conducted with a protocol analyzer?

(1) PING. (2) Trace route. (3) Traffic generator.

007 List the five different map types that can be accessed through the map console?

(1) Physical Connectivity. (2) IP Network Connectivity. (3) IP Network Membership. (4) VLAN Connectivity. (5) VLAN Membership.

007 What are the three types of notifications used in SMARTS?

(1) Problem. (2) Compound event. (3) Symptomatic event.

006 Describe each of the two types of community names.

(1) Read—Community names as implied define a community that is read only. (2) Write—Community names are defined to allow the manager to remotely change configuration information from the management station or server.

012 Describe the two categories that security related access controls fall into?

(1) Technical controls, such as passwords and encryption that are part of normal network security. (2) Administrative controls, such as segregation of duties and security screening of users.

011 What two publications provide the basic framework of the C&A process?

(1) The IT lean reengineering process. (2) AFI 33-210.

012 What kind of servers would typically be found in a DMZ?

(1) Web servers. (2) SMTP (e-mail) servers. (3) DNS servers. (4) Proxy servers. (5) Dial-up servers. (6) Web Mail servers.

001 How many users does a single server network normally service?

10-50 users.

002 The following is a representation of a single octet, provide the decimal value of each position. 0____0 ____0 ____0 ____0 ____0 ____0 ____0

128 64 32 16 8 4 2 1 0 0 0 0 0 0 0 0

008 What is the recommended minimum amount of time to acquire network information to establish a performance baseline?

24 hours.

001 What is a communications network that serves users within a confined geographical area?

A LAN.

004 What is a NM server?

A bundle of application software designed to significantly improve network efficiency and productivity that specifically runs SNMP-based management applications.

001 What does a heterogeneous network environments consist of?

A heterogeneous network environments consist of computer systems from different vendors that run different OSs and communication protocols.

006 What is a MIB?

A hierarchical, structured format that defines the NM information available from network devices.

006 What are some examples of what a node in SNMP can represent?

A node can represent a workstation, client, network user, personal computer, server, printer, or other device attached to a data network.

012 What is the simplest and least expensive type of firewall, and what is its purpose?

A packet filtering; it stops messages with inappropriate network addresses.

013 Describe a symmetric central server architecture.

A symmetric-cipher-based central server architecture is where each entity in the community shares a secret key with the central server (usually called a Key Distribution Center or KDC).

011 Which AFI governs the AFCAP?

AFI 33-210, Air Force Certification and Accreditation Program (AFCAP).

010 Where can you find specific guidance concerning remanence security?

AFSSI 8580, Remanence Security.

010 When does the information owner of storage media declassify the media?

After the information owner provides evidence that no information resides on the media, the information owner can declassify the media.

012 What step is taken before an IS is connected to the AFGIG?

All ISs on the AFGIG have a baseline configuration applied to them prior to being connected to the network.

001 What type of network can service 1000 or more users?

An enterprise network.

012 Where would a network monitoring device such as an ASIM be placed in relation to the network?

An integrated network monitoring device, such as the ASIM, is placed outside the network boundary protection mechanism to monitor all attempted attacks.

001 Define the internetwork

An internetwork is a set of subnets that are connected with routers to a larger network.

006 What is a trap?

An unsolicited message from an agent to the manager; it does not have a corresponding request message.

013 What are the components that compose a PKI?

(1) A certificate policy management system. (2) A registration authority verifies user requests for digital certificates and tells the certificate authority to issue them. (3) A CA that is responsible managing certificates. (4) One or more directories or repositories are created where the certificates are held.

006 What are the two parts of the labeled node?

(1) An object identifier. (2) A short text description.

007 What are the three methods for creating a representation of a network topology within the domain managers repository?

(1) Auto-discovery. (2) Manual discovery. (3) Topology import.

005 What are the two features built into an NMS that alleviate manually configuring a network's devices?

(1) Automatic discovery. (2) Auto-mapping features.

009 What are the three methods of providing strong authentication?

(1) Biometric and possession based methods. (2) Cryptographically protected authentication (encrypted). (3) Using one time passwords.

004 Briefly describe the three most common NM architectures.

(1) Centralized architecture has a NM platform on one computer system at a location that is responsible for all NM duties. (2) Hierarchical architecture uses multiple systems, with one system acting as a central server and the others working as clients. (3) Distributed architecture combines the centralized and hierarchical architectures. Instead of having one centralized platform or a hierarchy of central/client platforms, the distributed approach uses multiple peer platforms.

012 What is the name of the concept that DOD uses in network defense?

Defense in depth.

008 What are the primary capabilities provided by a protocol analyzer?

Digital network diagnostics and developing communications software.

006 What are community names?

Each SNMP community is a group that contains at least one agent and one management system. The logical name assigned to such a group we call the community name.

007 Briefly describe the differences between the two types of polling used by SMARTS to gather information?

Fault and performance data is collected using SNMP while device connectivity is monitored using CMP.

005 What is the difference between a fault and an error?

Faults are abnormal conditions that require NCC personnel to take action to correct or repair. Errors sometimes arise on a normal functioning of the network and do not necessarily require attention.

003 What does AFPD 33-1, Information Resources Management, establishes policy on?

For responsibly acquiring, planning, and managing its information resources.

012 How does a virus activate?

For the virus to execute, the infected program must execute, activating the virus.

001 A network of components from the same vendor or compatible equipment that all run under the same OS or NOS is what kind of network?

Heterogeneous networks are more common because most organizations purchase their equipment from a variety of vendors.

001 Which type of network (homogeneous verses heterogeneous) is more common?

Homogenous.

004 Where should the NM server be located?

In an area that is controlled strictly by the NCC.

011 What is the biggest difference between DIACAP and previous processes?

In previous processes, the C&A was usually accomplished as a separate process accomplished just prior to connecting an IS to the network. DIACAP takes a different approach. It is a "cradle to grave" process meant to track every IS and network from inception to retirement.

008 On the protocol analyzer, what kind of information does the connection statistics menu provide?

Information concerning the bandwidth utilization and the number of connections that are related to specific nodes.

012 How is a Trojan horse different from a regular virus?

It acts as a cover or disguise for something else. It does not replicate itself, so it technically is not a virus.

013 What does the PKI enable users of basically unsecured public networks to do?

It enables users of basically unsecured public networks, such as the Internet, to securely and privately exchange data through the use of public and private cryptographic key pairs obtained and shared through a trusted authority.

009 Why would you use a combination of methods for identifying and authenticating yourself?

It substantially increases the security of an I &A system.

006 What are the differences between the two types of nodes that make of the MIB tree?

Labeled nodes may or may not have subordinate nodes, leaf nodes never have subordinate nodes. Word formatted (labeled) nodes allow people to read and understand what the label is pointing to, while the decimal (leaf) nodes are how the NMS tracks the information.

008 List four types of specific occurrences that can be displayed by counters in the protocol analyzer.

List four from the following: (1) Packets transmitted. (2) CRC errors. (3) Undersize packets. (4) Oversize packets. (5) ARP requests. (6) Data frame collisions. (7) Bit errors.

008 On the protocol analyzer, what menu is best used to report errors that occur at the physical layer such as bad FCS, short frames, and jabbers?

MAC node statistics.

006 What does the Set operation do?

Modifies the value of one or more instances of management information.

007 What is the primary console in SMARTS and what does it display?

Monitoring console; it is used to display the results of the domain manager's correlation alarms.

011 What are the SIPRNET, and NIPRNET, and how does the SIPRNET differ from the NIPRNET?

NIPRNet is an Unclassified but Sensitive IP Router Network. SIPRNET is also a long-haul IP based network, but it supports data classified up to secret. Unlike the NIPRNET, the SIPRNET does not provide access to the internet or any other lower classification networks.

003 AFI 33-104, Base-Level Planning and Implementation, outlines what actions?

Outlines standardized management practices and tells how to manage planning and implementation of communications and information systems and the base-level infrastructure.

001 What type of network usually provides services for 2 to 10 users?

Peer-to-peer network.

010 When is destroying storage media NOT necessary?

Physical destruction is not required if the media is sanitized and declassified.

007 What do the two hierarchies provided by the CIM describe?

Physical hierarchies describe the real-world components, while Logical hierarchies are visible through network protocols.

009 What is identification as it pertains to information protection?

Process of proving that a subject (e.g., a user or a system) is what the subject claims to be.

010 What is remanence security?

Remanence security is the use of prescribed safeguards and controls to prevent reconstruction or disclosure of sensitive or classified information to persons who do not have the proper clearance or need to know for this information.

009 What is the biggest risk with a possession based system for identifying and authenticating yourself?

Risk of counterfeiting, (creating a fake token).

010 When something is sanitized, is it automatically declassified?

Sanitization does not automatically declassify media.

002 What is the primary reason for subnetting in IPv4?

Subnetting was initially utilized to improve efficiency in using a limited number of available address spaces, especially in IPv4, and to improve security.

009 On an Air Force network, what is your password required to have in it?

The Air Force requires a network password to be at least nine characters long, to have at least two upper and lower-case letters (A/a, B/b, etc.), two numbers (0-9), and two special characters.

008 What function of the protocol analyzer excludes specific types of frames?

The Capture filters option allows you to display and store only the data you are interested in analyzing. You may also use a capture filter to exclude specific types of frames.

006 What does the Get operation do?

The Get query retrieves the value of one instance of management information.

008 What is the difference between a protocol analyzer NIC and other NICs?

The NIC in a protocol analyzer is configured to process all frames, whereas other NICs only process broadcast frames and frames with its MAC address.

011 What is the SISSU checklist?

The SISSU checklist is a consolidated list of requirements covering each of those areas that a program office must adhere to when developing and fielding a system.

011 What are the most common Air Force circuit-enclaves?

The base networks.

005 What does performance management consist of?

The facilities needed to evaluate the behavior of network objects and the effectiveness of communications activities.

005 What is fault management?

The process of identifying, locating and correcting network problems.

005 What is configuration management?

The process of obtaining data from the network and using that data to manage the setup of all managed network devices.

005 What is security management?

The protection of sensitive information on devices attached to a data network by controlling access points to that information.

002 What bits in an IP address are routers mainly concerned with?

The router is only concerned with those bits that belong to the network/subnet field.

004 What is NM?

The systems management mechanism that monitors and controls data collection for the purpose of data analysis and report generation on an OSI-based communications network.

012 Describe botnets.

The term botnet refers to a group of computers that have been infected by bots under the control of a person or group.

012 Regardless of the source of the threat, what is it usually targeting?

The vulnerability or weakness in the network.

012 Describe tunneling.

This is the practice of encapsulating a message (that would be rejected by the firewall) inside a second message that will pass through the firewall.

002 What mechanism is used to designate a part of an IP address as the network address, and other parts as the host address?

Three, Network, Subnet, and Host fields.

010 Until when must you retain classification controls?

Unit the media is sanitized and declassified, or destroyed in an approved manner.

006 What are some drawbacks to ICMP pinging as a NM tool?

Unreliable delivery of packets, need for polling (user intensive), and limited information derived from responses.

002 What is used for addressing on a physically connected network to identify network nodes?

When all the devices were physically connected to the same network, the MAC address was enough.

009 Where are biometrics based authentication and identification generally used, and why?

While biometric based systems provide very high levels of security (unique physical characteristics are generally harder to counterfeit), they tend to be much more expensive, and are reserved for area's that require a very high level of security.

002 Within IP addressing, how many bits are used and how are they broken down?

Within IP addressing the 32-bit IP address is broken into four sets of eight bits.

010 What must you ensure when you are degaussing storage media?

You must ensure that the coercivity strength of the magnetic field generated by the degausser is strong enough to return the magnetic media to its zero state.

008 List eight of the objects that can be tracked through the Windows performance monitor.

Any eight of the following: Browser, Network Interface, Server, Cache, Objects, Server Work Queues, ICMP (PING), Paging File, System, IP, Physical Disk, TCP, Logical Disk, Process, Telephony, Memory, Processor, Thread, NBT Connection, Redirector, UDP0

009 What is authentication as it pertains to information protection?

Authentication is defined as a measure used to verify the eligibility of a subject and the ability of the subject to access certain information.

012 What type of firewall is used to separate secure sites, networks, or network segments from less secure areas?

Bastion host.

002 What is the numbering system that computers use to represent data?

Binary is the base two number system that computers use to represent data.

003 What is the Air Force instruction series that covers NM?

Communications-computer networking and information management.