Continuous Monitoring CS200.16

Which of the following is a role of risk management in continuous monitoring?

All of the above

Which of the following describes how audit logs support continuous monitoring?

Audit logs run in a privileged mode and record all user activities such as unauthorized activity, access attempts, and modifications to folders, files, and directories.

Which of the following NISPOM chapters requires an individual's actions on an information system to be auditable?

Chapter 8

Which of the following calls for an integrated capability to monitor and audit information for insider threat detection and mitigation?

DoDD 5205.16

Which of the following correctly identifies how to find the Security event log on a computer running Windows 7 from the Administrative Tools menu?

Double-click Event Viewer > Expand the Windows Logs folder > Select the Security event log

Which of the following is true about Continuous Monitoring?

Ensures detection of unauthorized activity

Which of the following describes the relationship between configuration management controls and continuous monitoring?

Implementing information system changes almost always results in some adjustment to the system configuration that requires continuous monitoring of security controls.

Which of the following ensures that a process is in place for authorized users to report all cybersecurity-related events, potential threats, and vulnerabilities?

Information System Security Officer

How is the patch management process integrated with security-focused configuration management (SecCM)?

Patch Security Impact Analysis are performed assess unanticipated effects from a patch

Which of the following configuration management controls focuses on reviewing security plans and system design documentation to assess how specific changes might affect the system controls?

Security Impact Analysis (SIA)

In which step of the information system continuous monitoring (ISCM) process are the metrics, status monitoring frequencies, and control assessment frequencies, determined?

Step 2: Establish an ISCM program

How is Security Configuration Monitoring (SecCM) accomplished?

Through assessment and reporting activities

At what tier of the Risk Management Framework does continuous monitoring take place?

Tier 3 - the Information System leve

DoD mandates a continuous monitoring capability that provides cohesive collection, transmission, storage, aggregation, and presentation of data that conveys current operational status, including intrusions and illicit insider access, to affected DoD stakeholders.

True

Implementing IS changes almost always results in some adjustment to the system configuration.

True

Select ALL correct responses. Which of the following describes how Information System Continuous Monitoring (ISCM) supports the three-tiered approach to risk management?

- Addresses security status reporting tasks - Addresses security status monitoring tasks

Select ALL correct responses. Which of the following are examples of ways counterintelligence and cybersecurity personnel support continuous monitoring?

- Aggregation and analysis of suspicious network activity - Making recommendations to industry and DoD organizations - Testing automated tools - Producing and disseminating reports on trends in cyberattacks and espionage.

Select ALL correct responses. Which of the following are requirements for audits as outlined in the National Industrial Security Program Operating Manual (NISPOM)?

- Audit records must address individual accountability with unique identification and periodic testing of the security posture by the ISSO or ISSM.

Select ALL correct responses. Which of the following is key information provided in a security audit trail analysis?

- Changes in user authentication - Access denial for excessive logon attempts - Blocking of a user ID, terminal or access port (and the reason)

Select ALL the correct responses. Which of the following describe how the Information System Continuous Monitoring (ISCM) strategy supports the Tier 3 - INFORMATION SYSTEMS?

- Focuses on security status reporting on alerts, incidents, and threat activities. - Focus on ensuring that all system-level security controls (technical, operational, and management controls) are implemented correctly, operate as intended, and produce the desired outcome.

Select ALL the correct responses. Which of the following is a purpose of the Risk Management Framework (RMF)?

- Implements cybersecurity through use of security controls - Emphasizes continuous monitoring and timely correction of deficiencies.

Select ALL correct responses. Which of the following are vulnerabilities and threats that are investigated as part of your continuous monitoring role?

- Unauthorized downloads or uploads of sensitive data - Unauthorized use of removable media or other transfer devices - Unexplained storage of encrypted data