CS200.16
Which of the following are examples of countermeasure used to guard against suspicious network activity via cyber intrusion, viruses, malware, and backdoor attacks?
All of the above
Which of the following is a purpose of the RMF process?
All of the above
Which of the following is a role of risk management in continuous monitoring?
All of the above
Which of these are examples of unauthorized activity that can be detected by continuous monitoring?
All of the above
Which of the following describes how audit logs support continuous monitoring?
Audit logs run in a privileged mode and record all user activities such as unauthorized activity, access attempts, and modifications to folders, files, and directories.
Which of the following ensures all appropriate RMF tasks are initiated and completed for assigned systems as wells as monitoring and tracking execution of system-level Plan of Action and Milestones?
Authorizing Official
Select ALL correct responses. Which of the following is key information provided in a security audit trail analysis?
Blocking of a user ID, terminal or access port (and the reason)
What is the purpose of Configuration Management (CM)?
CM establishes baselines for tracking, controlling, and management of many aspects of business development and operations
Which of the following NISPOM chapters requires an individual's actions on an information system to be auditable?
Chapter 8
Which of the following describes how continuous monitoring supports interoperability, operational resilience, and operational reciprocity?
Continuous monitoring capabilities and tools ensure cybersecurity products operate in a net-centric manner to enhance the exchange of data and shared security policies
Which of the following calls for an integrated capability to monitor and audit information for insider threat detection and mitigation?
DoDD 5205.16
Which of the following correctly identifies how to find the Security event log on a computer running Windows 7 from the Administrative Tools menu?
Double-click Event Viewer > Expand the Windows Logs folder > Select the Security event log
Which of the following is true about Continuous Monitoring?
Ensures detection of unauthorized activity.
Which of the following describes why an integrated configuration management process that integrates information security is needed?
Ensures the required adjustments to the system configuration do not adversely affect the security of the information system
Which of the following are a benefit of the Risk Management Framework (RMF)?
Ensures traceability and transparency across all levels of the organization.
Which of the following describes the relationship between configuration management controls and continuous monitoring?
Implementing information system changes almost always results in some adjustment to the system configuration that requires continuous monitoring of security controls.
Which of the following ensures that a process is in place for authorized users to report all cybersecurity-related events, potential threats, and vulnerabilities?
Information System Security Officer
Which of the following fundamental concepts does continuous monitoring support that means DoD information technology is managed to minimize shared risk by ensuring the security posture of one system is not undermined by vulnerabilities of interconnected systems?
Interoperability and operational reciprocity
Which of the following configuration management controls focuses on configuring the Information System to provide only essential capabilities to limit risk and to prevent unauthorized connection of devices?
Least Functionality
Where can you find list of best practices to reduce and decrease risks to information systems and information technology?
NIST SP 800-128, Appendix F
Which of the following policies and guidance address continuous monitoring of information systems?
NIST SP 800-137
How is the patch management process integrated with security-focused configuration management (SecCM)?
Patch Security Impact Analysis are performed assess unanticipated effects from a patch
During which security-focused configuration management (SecCM) phase are configuration settings, software loads, and patch levels addressed?
Phase 2: Identifying and Implementing Configurations
During which security-focused configuration management (SecCM) phase are changes formally identified, proposed, reviewed, analyzed for security impact, tested, and approved prior to implementation?
Phase 3: Controlling Configuration Changes
Which of the following provides strategic guidance to an organization's mission and business processes tier and the information systems tier?
Risk Executive Function
Which of the following configuration management controls focuses on reviewing security plans and system design documentation to assess how specific changes might affect the system controls?
Security Impact Analysis (SIA)
Which of the following Event Viewer Logs provides an audit of a user's log-on events and are classified as successful or failed attempts?
Security-related event log
After opening the control panel on the Windows start menu, what is the next step in finding the Security Event Log on a computer running Windows 7?
Select the System and Security link
In which step of the information system continuous monitoring (ISCM) process are the metrics, status monitoring frequencies, and control assessment frequencies, determined?
Step 2: Establish an ISCM program
In which step of the information system continuous monitoring (ISCM) process is security-related information required for metrics, assessments, and reporting collected?
Step 3: Implement an ISCM program
During which step of the Risk Management Framework does continuous monitoring take place?
Step 6: Monitor Security Controls
In which step of the information system continuous monitoring (ISCM) process is the ISCM strategy updated to increase visibility into assets and increase organizational resilience?
Step 6: Review and update the monitoring program
Which of the following are the greatest target for our adversaries.
Technology assets
How is Security Configuration Monitoring (SecCM) accomplished?
Through assessment and reporting activities
At what tier of the Risk Management Framework does continuous monitoring take place?
Tier 3 - the Information System level
DoD mandates a continuous monitoring capability that provides cohesive collection, transmission, storage, aggregation, and presentation of data that conveys current operational status, including intrusions and illicit insider access, to affected DoD stakeholders.
True
Implementing IS changes almost always results in some adjustment to the system configuration.
True
The Risk Management Framework (RMF) ensures organization-wide risk awareness and operational resilience.
True
Select ALL the correct responses. Which of the following are true about how Information System Continuous Monitoring (ISCM)?
- Addresses configuration management and security control monitoring and assessment tasks to consolidate documentation, methods, and procedures - Address how to conduct security assessment and security impact analysis on changes
Select ALL the correct responses. Which of the following describes how Information System Continuous Monitoring (ISCM) supports the three-tiered approach to risk management?
- Addresses security status monitoring tasks - Supports configuration management and security controls monitoring and assessment - Includes security status reporting tasks.
Select ALL correct responses. Which of the following describes how Information System Continuous Monitoring (ISCM) supports the three-tiered approach to risk management?
- Addresses security status reporting tasks - Addresses security status monitoring tasks
Select ALL correct responses. Which of the following are requirements for audits as outlined in the National Industrial Security Program Operating Manual (NISPOM)?
- Audit records must address individual accountability with unique identification and periodic testing of the security posture by the ISSO or ISSM. - Audit records must be retained for at least one review cycle or as required by the Cognizant Security Agency.
Select ALL correct responses. Which of the following are requirements for audits as outlined in the National Industrial Security Program Operating Manual (NISPOM)?
- Audit trail contents must be protected against unauthorized access, modification, or deletion - Audit trail analysis must be performed at least weekly.
Select ALL correct responses. Which of the following is key information provided in a security audit trail analysis?
- Blocking of a user ID, terminal or access port (and the reason) - Changes in user authentication - Access denial for excessive logon attempts
Select ALL correct responses. Which of the following are detectable threats and vulnerabilities that can be detected through continuous monitoring (CM) capabilities?
- Downloading or installing non-approved computer applications - Unexplained storage of encrypted data - Use of account credentials by unauthorized parties
Select ALL the correct responses. Which of the following describes how configuration management controls enable continuous monitoring?
- Ensures protection features are implemented and maintained - Ensures information security - Supports organizational risk management
Select ALL the correct responses. Which of the following describes the role of the National Industrial Security Program (NISP)?
- Ensures that cleared contractors protect classified information - Applies to all contractors with access to classified information - Defines industry requirements, restrictions, and safeguards
Select ALL the correct responses. Which of the following are true about of the National Industrial Security Program (NISP)?
- Ensures that cleared contractors protect classified information - Defines industry requirements, restrictions, and safeguards - Applies to all contractors with access to classified information
Select ALL the correct responses. Which of the following are benefits of integrated risk management?
- Ensures traceability and transparency - Provides operational integration and interoperability - Supports organization-wide risk awareness and operational resilience
Select ALL the correct responses. Which of the following are security-focused configuration management (SecCM) roles in risk management?
- Establishing configuration baselines and tracking, controlling, and managing aspects of business development - Ensuring that adjustments to the system configuration do not adversely affect the security of the information system
Select ALL correct responses. Which of the following describes how the Information System Continuous Monitoring (ISCM) strategy supports the Tier 1 - ORGANIZATION?
- Focuses on how the organization plans to assess, respond to, and monitor risk - Focuses on the oversight required to ensure that the risk management strategy is effective
Select ALL the correct responses. Which of the following describe how the Information System Continuous Monitoring (ISCM) strategy supports the Tier 3 - INFORMATION SYSTEMS?
- Focuses on security status reporting on alerts, incidents, and threat activities - Focus on ensuring that all system-level security controls (technical, operational, and management controls) are implemented correctly, operate as intended, and produce the desired outcome.
Select ALL correct responses . Which of the following describes how the Information System Continuous Monitoring (ISCM) strategy supports the Tier 2 - MISSION/BUSINESS PROCESSES?
- Focuses on the controls that address the establishment and management of the organization's information security program. - Includes establishing the minimum frequency with which each security control or metric is to be assessed or monitored.
Select ALL the correct responses. Which of the following is a purpose of the Risk Management Framework (RMF)?
- Implements cybersecurity through use of security controls - Emphasizes continuous monitoring and timely correction of deficiencies
Select ALL the correct responses. Which of the following are true about risk Assessment?
- It is the process of analyzing threats and vulnerabilities - It analyzes the potential impact of loss of information or capabilities
Select ALL the correct responses. Which of the following policies and guidance address continuous monitoring of information systems?
- NIST SP 800-137 - DoDI 8500.01
Select ALL correct responses. Which of the following describe the role of patch management in security-focused configuration management (SecCM)?
- Patches are tested for their impact on existing secure configurations - Patches are integrated into updates to approved baseline configurations - Patches are prioritized and approved through the configuration change control process
Select ALL correct responses. Which of the following are examples of ways counterintelligence and cybersecurity personnel support continuous monitoring?
- Producing and disseminating reports on trends in cyberattacks and espionage. - Making recommendations to industry and DoD organizations
Select ALL correct responses. Which of the following describes how audit logs support continuous monitoring?
- Provides individual accountability - Provides individual accountability - Can be used for reconstruction of events - Provides intrusion detection
Select ALL correct responses. Which of the following describes continuous monitoring countermeasures?
- Reporting intrusion attempts - Conducting frequent audits - Not relying on firewalls to protect against all attacks
Select ALL correct responses. Which of the following are requirements for audits as outlined in the National Industrial Security Program Operating Manual (NISPOM)? Question 17Select one or more:
- The information system must create an audit trail capable of recording changes to user formal access permissions - Audit trail contents must be protected against unauthorized access, modification, or deletion. - Audit trail contents should be made accessible to the information system user upon written request. - Audit trail analysis and reporting of security events must be performed annually.
Select ALL correct responses. According to the NISPOM, automated audit trails must include enough information to determine what?
- The system entity that initiated/completed the action - The resources involved - The date and time of the action - The Action
Select ALL correct responses. Which of the following are vulnerabilities and threats that are investigated as part of your continuous monitoring role?
- Unauthorized downloads or uploads of sensitive data - Unexplained storage of encrypted data - Unauthorized use of removable media or other transfer devices
Select ALL correct responses. Which of the following is key information provided in a security audit trail analysis?
- Unsuccessful accesses to security-relevant objects and directories - Denial of access for excessive logon attempts - Successful and unsuccessful logons/logoffs
Select ALL correct responses. Which of the following is the best definition of an audit trail?
A record of system activity, application processes, and user activity
Which of the following configuration management controls focuses on physical and logical access controls, workflow automation, and supports auditing of the enforcement actions?
Access Restrictions for Change
How does patch management integrate with security-focused configuration management (SecCM)?
All of the above
