3D053 Cyber Surety Journeyman Volume 1. Information Protection –internal Control

80 Questions | By Bmx41992 | Last updated: Aug 17, 2017 | Total Attempts: 297

Settings

3D053 Cyber Surety Journeyman Volume 1. Information Protection – Internal Control URE's

More Cyber Security Quizzes

CDC 3D053 Cyber Surety Journeyman Volume 3. Communications Security (Comsec)

50 Questions Test For Cyber Security Part 2

Cyber Security Trivia Questions

Featured Quizzes

Which Harry Potter Hogwarts House Do You Belong To Quiz?

Which Naruto Character Are You Most Like?

Quiz: Are You A Fan Of Scarlett Johansson?

Related Topics

Questions and Answers

1.

(001) The Cyber Surety journeyman monitors all of the following programs except
- A.
  
  Communications security (COMSEC).
- B.
  
  Computer security (COMPUSEC).
- C.
  
  Information security (INFOSEC).
- D.
  
  Emissions security (EMSEC).
2.

(002) What is the fourth step in the operational risk management (ORM) process?
- A.
  
  Analyze controls and implement strategies to reduce or eliminate risk.
- B.
  
  Make decisions based on overall cost versus benefit.
- C.
  
  Develop and apply implementation strategies.
- D.
  
  Supervise and review.
3.

(002) What minimum milli-ampere current can be lethal?
- A.
  
  25
- B.
  
  50
- C.
  
  75
- D.
  
  100
4.

(003) Which type of network typically provides wireless broadband data services?
- A.
  
  Global Network
- B.
  
  Wireless local area network (WLAN).
- C.
  
  Wireless wide area network (WWAN).
- D.
  
  Wireless metropolitan area network (WMAN).
5.

(003) To use VPN products, obtain interim approval from?
- A.
  
  Services and Integration Division (SAF/XC).
- B.
  
  Air Force Virtual Private Network (AF VPN).
- C.
  
  AFNIC Architecture and Analysis Flight (EAC).
- D.
  
  AFNIC Network Infrastructure Flight (ECN).
6.

(004) Which bound media has a core surrounded by cladding and a second layer surrounded by glass or plastic?
- A.
  
  Twisted pair.
- B.
  
  Fiber optic.
- C.
  
  Coaxial.
- D.
  
  WiFi.
7.

(005) In which network does every device have exactly two neighbors?
- A.
  
  Bus
- B.
  
  Star
- C.
  
  Tree
- D.
  
  Ring
8.

(005) Which network integrates multiple topologies?
- A.
  
  Bus
- B.
  
  Star
- C.
  
  Tree
- D.
  
  Ring
9.

(006) Which class of internet protocol addresses is used for very large networks?
- A.
  
  A
- B.
  
  B
- C.
  
  C
- D.
  
  D
10.

(007) Which protocol has the job of verifying the correct delivery of data from client to server?
- A.
  
  Dynamic host configuration protocol (DHCP).
- B.
  
  Transmission control protocol (TCP).
- C.
  
  Hypertext transfer protocol (HTTP).
- D.
  
  Internet protocol (IP).
11.

(007) Which protocol is an Internet Engineering Task Force (IETF) standard designed to reduce the administration burden and complexity of configuring hosts on a TCP/IP-based network?
- A.
  
  Internet protocol (IP).
- B.
  
  Hypertext transfer protocol (HTTP).
- C.
  
  Transmission control protocol (TCP).
- D.
  
  Dynamic host configuration protocol (DHCP).
12.

(008) As the migration to internet protocol (IP) V6 continues, many organizations rely upon what to compensate for the lack of usable IP addresses?
- A.
  
  Prefixing.
- B.
  
  Subnetting.
- C.
  
  Transition technology.
- D.
  
  Classless Inter-Domain Routing.
13.

(008) The sequence of leading bits in an internet protocol used to identify the network portion of an IP address is called?
- A.
  
  Routing prefix.
- B.
  
  Hierarchy.
- C.
  
  Subnet.
- D.
  
  Mask.
14.

(009) Breaking down the packets’ addresses to act as a gateway to allow traffic to pass between networks involves which transition technology?
- A.
  
  Dual stack.
- B.
  
  Dual layer.
- C.
  
  Tunneling.
- D.
  
  Peer-to-peer.
15.

(009) Setting up a secure point-to-point communication is called
- A.
  
  Dual stack.
- B.
  
  Dual layer.
- C.
  
  Tunneling.
- D.
  
  Peer-to-peer
16.

(010) Networked resources must be consistently monitored and controlled to ensure access to the network while
- A.
  
  Keeping complete and accurate documentation for all configuration changes.
- B.
  
  Minimizing risks posed by various cyberspace threats
- C.
  
  Creating continuity throughout the network.
- D.
  
  Installing all applicable security patches.
17.

(010) To make it possible for replacement administrators to accomplish the same tasks as their predecessors, administrators must be in the habit of
- A.
  
  Keeping complete and accurate documentation for all configuration changes.
- B.
  
  Minimizing risks posed by various cyberspace threats.
- C.
  
  Creating continuity throughout the network.
- D.
  
  Installing all applicable security patches.
18.

(011) When coupled with standardized network policy, the standard desktop configuration (SDC) substantially
- A.
  
  Reduces the number of network users with administrative privileges.
- B.
  
  Achieves near end-to-end command and control capability.
- C.
  
  Guards against the insider threat.
- D.
  
  Improves network security.
19.

(011) With the consolidation of the several Network Operations and Security Centers (NOSC), the Air Force
- A.
  
  Reduces the number of network users with administrative privileges.
- B.
  
  Achieves near end-to-end command and control capability.
- C.
  
  Guards against the insider threat.
- D.
  
  Improves network security.
20.

(012) Which WiFi standard is the slowest yet least expensive?
- A.
  
  802.11a
- B.
  
  802.11b
- C.
  
  802.11g
- D.
  
  802.11n
21.

(012) Which wireless standard originally intended to create a wireless security platform that would perform as securely as a traditional wired network by providing data encryption?
- A.
  
  WiFi protected access (WPA).
- B.
  
  Wireless local area network (WLAN).
- C.
  
  Wireless wide area network (WWAN).
- D.
  
  Wired equivalency privacy (WEP).
22.

(013) What shall be assigned to all Department of Defense information systems that is directly associated with the importance of the information contained relative to achieving DOD goals and objectives?
- A.
  
  Mission assurance category.
- B.
  
  Defense-in-depth code.
- C.
  
  System classification.
- D.
  
  Secure location.
23.

(013) Requirements for availability and integrity are associated with
- A.
  
  Information classification.
- B.
  
  Mission assurance.
- C.
  
  Need-to-know.
- D.
  
  Sensitivity.
24.

(014) Who is responsible for verifying proper security clearances and background investigation checks prior to granting a network user access to the Air Force Provisioned Portion of the Global Information Grid (AF GIG)?
- A.
  
  Information assurance officer (IAO) only.
- B.
  
  IAO and security manager.
- C.
  
  Information assurance officer.
- D.
  
  System administrator.
25.

(014) Initial information assurance (IA) awareness training for all network users ensures all of the following except that users
- A.
  
  Are aware of their role in IA.
- B.
  
  Are trained on network security.
- C.
  
  Have met investigative requirements.
- D.
  
  Have satisfied network access requirements.
26.

(015) Which common access card (CAC) certificate would be used to sign an enlisted performance report (EPR)?
- A.
  
  Digital.
- B.
  
  Biometric.
- C.
  
  Encryption.
- D.
  
  Identification.
27.

(015) With what agency must the contract manager validate a contractor employee’s need to obtain a government PKI certificate?
- A.
  
  Wing.
- B.
  
  Air Force.
- C.
  
  Department of Defense.
- D.
  
  Local Registration Authority/Trusted Agent (LRA/TA).
28.

(016) When network password composition rules are not automatically enforced, what process should network administrators use to enforce good password stringency?
- A.
  
  Cracking.
- B.
  
  Evaluation.
- C.
  
  Identification.
- D.
  
  Authentication.
29.

(017) Report loss or suspected loss of removable media containing controlled unclassified information (CUI) or personally identifiable information (PII) according to reporting procedures in which Air Force Instruction (AFI)?
- A.
  
  AFI 33–138, Enterprise Network Operations Notification and Tracking.
- B.
  
  AFI 31–401, Information Security Program Management.
- C.
  
  AFI 31–501, Personnel Security Program Management.
- D.
  
  AFI 31–601, Industrial Security Program Management.
30.

(017) Which Air Force Instruction (AFI) guides security policy and guidance for government contractors?
- A.
  
  AFI 33–332, Privacy Act Program.
- B.
  
  AFI 31–401, Information Security Program Management.
- C.
  
  AFI 31–501, Personnel Security Program Management.
- D.
  
  AFI 31–601, Industrial Security Program Management.
31.

(018) What type of access is given to remote users who access, download, or upload data?
- A.
  
  Limited (general) access.
- B.
  
  Administrative access.
- C.
  
  Remote user access.
- D.
  
  End-user access.
32.

(018) What type of access is given to users who perform troubleshooting, configuration changes, or system reviews?
- A.
  
  Limited (general).
- B.
  
  Administrative.
- C.
  
  Remote user.
- D.
  
  End-user.
33.

(019) Whenever possible, in which environment would you run the UNIX Apache server?
- A.
  
  Chmod.
- B.
  
  Chown.
- C.
  
  Chroot.
- D.
  
  Chgrp.
34.

(019) To improve system security, several services that are preloaded on many UNIX systems can be disabled except
- A.
  
  Rsh.
- B.
  
  Rlogin.
- C.
  
  Telnet.
- D.
  
  Rfinger.
35.

(019) When vulnerabilities are discovered within the Windows operating system and its other products, Microsoft releases
- A.
  
  Notices.
- B.
  
  Postings.
- C.
  
  Bulletins.
- D.
  
  Announcements.
36.

(020) A companion file virus is one that
- A.
  
  Writes itself before the original file.
- B.
  
  Writes itself to the end of the original file.
- C.
  
  Writes itself between file sections of 32-bit file.
- D.
  
  Renames the original file and writes itself with the original file’s name.
37.

(020) A program that contains or installs a malicious program is called a
- A.
  
  Boot sector virus.
- B.
  
  Worm program
- C.
  
  Trojan horse
- D.
  
  Macro virus
38.

(020) To virus-protect your system, make sure you perform all the following steps except
- A.
  
  Log off your computer daily.
- B.
  
  Install the latest service packs.
- C.
  
  Update your anti-virus software.
- D.
  
  Watch for files with .exe, .com, .bat. and .scr attachments.
39.

(020) By providing users with the necessary level of access to perform their jobs, you are
- A.
  
  Monitoring network traffic.
- B.
  
  Using the least privilege principle.
- C.
  
  Using a bidirectional firewall.
- D.
  
  Stopping peer-to-peer sharing.
40.

(021) What category is an incident in which an unauthorized person gained user-level privileges on an Air Force computer/information system/network device?
- A.
  
  I
- B.
  
  II
- C.
  
  IV
- D.
  
  VII
41.

(021) What category is an incident in which an Air Force computer/information system/network was denied use due to an overwhelming volume of unauthorized network traffic?
- A.
  
  I
- B.
  
  II
- C.
  
  IV
- D.
  
  VII
42.

(022) What is the lowest level information condition (INFOCON)?
- A.
  
  1
- B.
  
  2
- C.
  
  5
- D.
  
  A
43.

(022) All agencies/organizations implement information condition (INFOCON) measures except
- A.
  
  Major commands.
- B.
  
  Direct reporting units.
- C.
  
  Field operating agencies.
- D.
  
  Air Force network operating center network control division.
44.

(023) Information security-related access controls that include segregation of duties and security screening of users can be classified as which category of access preservation?
- A.
  
  Technical.
- B.
  
  Administrative.
- C.
  
  Authentication.
- D.
  
  Confidentiality.
45.

(023) What type of certificate authenticates the identity of the user?
- A.
  
  Digital.
- B.
  
  Biometric.
- C.
  
  Encryption.
- D.
  
  E-mail signing.
46.

(023) What should be implemented on desktop systems connected to critical networks to prevent unauthorized people from gaining control of the system when the system is powered up?
- A.
  
  War-dialing.
- B.
  
  BIOS password.
- C.
  
  Time-out feature.
- D.
  
  Secure network location.
47.

(024) Who reviews information assurance assistance program (IAAP) reports and has the final authority to downgrade IAAP report ratings when it is clear that incidents or deviations are involved?
- A.
  
  Headquarters Air Force Network Integration Center (HQ AFNIC).
- B.
  
  Major command commanders.
- C.
  
  Squadron commanders.
- D.
  
  Wing commanders.
48.

(024) Which agency conducts assessments of wing information assurance (IA) programs using AF Form 4160 every 2 years or sooner?
- A.
  
  Wings.
- B.
  
  Squadrons.
- C.
  
  Major commands.
- D.
  
  Headquarters Air Force Network Integration Center (HQ AFNIC).
49.

(025) Threats that include flaws in building construction, improper implementation of utilities, inadequate wiring, and poor housekeeping practices can be best classified as what type of threat?
- A.
  
  Human.
- B.
  
  Technological.
- C.
  
  Unintentional.
- D.
  
  Environmental.
50.

(026) Degaussing with an NSA-approved degausser is the only way to clear which media type?
- A.
  
  Dynamic random access memory and Random-access memory.
- B.
  
  Programmable read-only memory and Optical Media.
- C.
  
  Static random access memory.
- D.
  
  Magnetic tapes.
51.

(026) No procedures exist for cleaning which media type?
- A.
  
  Dynamic random access memory and Random-access memory.
- B.
  
  Programmable read-only memory and Optical Media.
- C.
  
  Static random access memory.
- D.
  
  Magnetic tapes.
52.

(027) Examples of where sanitization and declassification are appropriate include all the following except?
- A.
  
  When the media is inadvertently contaminated with data of a higher classification level than authorized.
- B.
  
  When you are releasing the media from a secure facility to a non-cleared maintenance facility.
- C.
  
  When you will no longer maintain the secured physical environment.
- D.
  
  When changing modes of operation or prior to reuse.
53.

(027) Sanitizing sealed disks, removable disk packs, magnetic bubble memory, core memory, and flash memory is not complete until how many passes with a degausser?
- A.
  
  2
- B.
  
  4
- C.
  
  6
- D.
  
  8
54.

(028) The coercivity of a Type II extended range degausser is
- A.
  
  0 - 350 Oe.
- B.
  
  351 - 750 Oe.
- C.
  
  751 - 1000 Oe.
- D.
  
  1001 - 1700 Oe and above.
55.

(028) How often must a degausser be recertified for the first two years of operation?
- A.
  
  Every 3 months.
- B.
  
  Every 6 months.
- C.
  
  Every 12 months.
- D.
  
  Only once during the first two years.
56.

(029) Which media destruction option method involves the application of concentrated hydriodic acid (55 percent to 58 percent solution) to a gamma ferric oxide disk surface?
- A.
  
  Option A
- B.
  
  Option B
- C.
  
  Option C
- D.
  
  Option D
57.

(029) From which media type must you remove the outer chassis and electronic circuit boards when practical prior to destroying?
- A.
  
  Sealed disk drives and magnetic bubble memory.
- B.
  
  Solid state storage devices.
- C.
  
  Removable disk packs.
- D.
  
  Core memory.
58.

(030) To ensure the integrity of the overwriting process, overwriting software must have the following functions and capabilities except?
- A.
  
  Providing a validation certificate indicating that the procedure was completed properly.
- B.
  
  Overwriting the entire hard drive independent of any input/output system/firmware capacity.
- C.
  
  A compatibility with, or capability to run independent of, the type of hard drive being sanitized.
- D.
  
  A compatibility with, or capability to run independent of, the operating system loaded on the hard drive.
59.

(030) When overwriting hard drives, examine what minimum percentage to verify the overwriting process?
- A.
  
  10
- B.
  
  20
- C.
  
  50
- D.
  
  70
60.

(031) What Standard Form label is used as a data descriptor label?
- A.
  
  701
- B.
  
  706
- C.
  
  710
- D.
  
  711
61.

(031) Who has the authority to impose restrictions upon, and prohibit the use of, government owned removable information systems storage media for classified systems or networks?
- A.
  
  Major command.
- B.
  
  Wing commander.
- C.
  
  Designated approving authority.
- D.
  
  Officer in charge.
62.

(032) For in-transit storage, an installation commander can authorize what classifications to be kept on the flightline?
- A.
  
  Secret and Top Secret.
- B.
  
  Confidential and Secret.
- C.
  
  Unclassified and Confidential.
- D.
  
  All classifications may be kept on the flightline.
63.

(033) Which Air Force Systems Security Instruction (AFSSI) provides the overall implementation of Department of Defense’s (DOD) TEMPEST program for the Air Force?
- A.
  
  7700
- B.
  
  7701.
- C.
  
  7702.
- D.
  
  7703.
64.

(033) What is the term for any equipment or area in which classified information is processed?
- A.
  
  TEMPEST.
- B.
  
  BLACK.
- C.
  
  EMSEC.
- D.
  
  RED.
65.

(034) Which Air Force Systems Security Instruction (AFSSI) will the wing information assurance office (WIAO) use to conduct an emissions security (EMSEC) assessment and determine the required information assurance (IA) countermeasures?
- A.
  
  7700.
- B.
  
  7701.
- C.
  
  7702.
- D.
  
  7703.
66.

(034) Emissions security (EMSEC) reassessments are made when any of the following take place except when?
- A.
  
  The threat changes.
- B.
  
  Three years have passed.
- C.
  
  The classified level changes.
- D.
  
  Beginning to process classified information.
67.

(035) In basic circuit theory, if the power source is disconnected or if there is a break in the wire, then there is a loss of
- A.
  
  Battery.
- B.
  
  Signal.
- C.
  
  Circuit.
- D.
  
  Path.
68.

(035) The main source of compromising emanations is the result of
- A.
  
  Nature.
- B.
  
  Resistance.
- C.
  
  Digital signals.
- D.
  
  Integrated circuits
69.

(036) A facility with an inspectable space of more than 20 meters but less than 100 meters would be considered to be in facility zone
- A.
  
  A
- B.
  
  B
- C.
  
  C
- D.
  
  D
70.

(036) Equipment with an equipment radiation TEMPEST zone (ERTZ) of 20 to 100 meters would be considered to be in equipment zone
- A.
  
  A
- B.
  
  B
- C.
  
  C
- D.
  
  D
71.

(037) A protective distribution system (PDS) is usually installed between two
- A.
  
  Controlled access areas (CAA).
- B.
  
  Limited-control area (LCA).
- C.
  
  Uncontrolled access areas (UAA).
- D.
  
  Wing information assurance offices (WIAO).
72.

(037) Before selecting a protective distribution system (PDS), with what two entities must the requesting agency consider other communication security (COMSEC) solutions first?
- A.
  
  Communications and information systems officer (CSO) and system telecommunications engineering manager (STEM).
- B.
  
  Wing information assurance offices (WIAO). and information systems owner (ISO).
- C.
  
  AFCA/EVPI and wing information assurance offices (WIAO).
- D.
  
  Air Force and major command.
73.

(038) Who is the final authority granting approval to operate a protective distribution system (PDS)?
- A.
  
  Air Force.
- B.
  
  Information systems officer (ISO).
- C.
  
  Wing information assurance offices (WIAO).
- D.
  
  Communications and information systems officer (CSO).
74.

(038) Within how many minutes should an individual respond if a protective distribution system (PDS) alarm is activated?
- A.
  
  15
- B.
  
  30
- C.
  
  45
- D.
  
  60
75.

(039) What is the risk outcome that results in the physical loss of assets rendering them inoperable and usually requiring replacement?
- A.
  
  Denial of service.
- B.
  
  Modification.
- C.
  
  Destruction.
- D.
  
  Disclosure.
76.

(039) What is the risk outcome that results in the loss of services provided by the operation of an information system (IS) for a period of time?
- A.
  
  Denial of service.
- B.
  
  Modification.
- C.
  
  Destruction.
- D.
  
  Disclosure.
77.

(040) In which phase of the Department of Defense information assurance certification and accreditation process (DIACAP) does the AF-DAA review the recommendations and issue an approving/authorization to operate (ATO)?
- A.
  
  I
- B.
  
  II
- C.
  
  III
- D.
  
  IV
78.

(041) Cyber Surety specialists do not review information system audit logs to
- A.
  
  Ensure system vulnerabilities are identified.
- B.
  
  Ensure system penetrations are identified.
- C.
  
  Report fraud, waste and abuse.
- D.
  
  Report a rudimentary inquiry.
79.

(041) Automated security incident measurement (ASIM) transcripts are controlled and are only released with approval from
- A.
  
  The wing commander.
- B.
  
  The major command commander.
- C.
  
  Air Force network operations center (AFNOC).
- D.
  
  Air Force Office of Special Investigation (AFOSI).
80.

Air Force information systems must complete the information technology (IT) Lean process to obtain an approval to operate unless these systems have been designated as a
- A.
  
  SPACE or SAP/SAR.
- B.
  
  Major command.
- C.
  
  Department of the Air Force.
- D.
  
  Department of Defense.

Back to top