CDC 3dx53 Set 2 Vol 1 Edit 03

Reviewed by Editorial Team
The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.
Learn about Our Editorial Process
| By 0tharez
0
0tharez
Community Contributor
Quizzes Created: 1 | Total Attempts: 44
| Attempts: 44 | Questions: 90
Please wait...
Question 1 / 90
0 %
0/100
Score 0/100
1. Which bound media has a core surrounded by cladding and a second layer surrounded by glass or plastic?

Explanation

Fiber optic is the correct answer because it is the only type of bound media that has a core surrounded by cladding and a second layer surrounded by glass or plastic. CAT-6, coaxial, and twisted pair do not have this specific structure.

Submit
Please wait...
About This Quiz
CDC 3dx53 Set 2 Vol 1 Edit 03 - Quiz

CDC 3DX53 Set 2 Vol 1 Edit 03 assesses knowledge in cyber surety, focusing on duties like intrusion detection and firewall protection, client systems operations, risk management processes, and network types. It prepares learners for roles in IT security.

2. What determines the number of alternate information assurance officers (IAO) in an organization?

Explanation

The number of alternate information assurance officers (IAO) in an organization is determined by the mission need. The organization's mission and the level of security required for its operations will determine the number of alternate IAOs needed to ensure information assurance. The mission need may vary based on the sensitivity of the information being handled, the potential risks and threats, and the complexity of the organization's information systems. Therefore, the number of alternate IAOs will be determined by the organization's specific mission requirements.

Submit
3. In which information assurance control must an organization ensure individual information system user actions can be traced to the user?

Explanation

In order to ensure that individual information system user actions can be traced back to the user, an organization must implement the Audit and Accountability (AU) control. This control involves the monitoring and recording of system activities and user actions, including logins, file accesses, and changes made to the system. By implementing this control, organizations can track and review user actions, detect any unauthorized activities or policy violations, and hold individuals accountable for their actions within the information system.

Submit
4. What is the minimum rank the AF Information Network (AFIN) connection approval can be delegated to?

Explanation

The minimum rank the AF Information Network (AFIN) connection approval can be delegated to is Colonel (O–6). This means that a Colonel is authorized to approve AFIN connections without needing higher level approval from a higher-ranking officer such as a Brigadier General or Major General.

Submit
5. Which of the following is not an example of unbound media?

Explanation

An unbound media refers to a wireless communication medium that does not require physical connections. Fiber optic, on the other hand, is a bound media that uses cables made of glass or plastic fibers to transmit data. It is a type of guided media that requires a physical connection, making it the only option among the given choices that is not an example of unbound media.

Submit
6. The definition of integrity as it's applied to identification, authentication, and encryption is

Explanation

The correct answer is the assurance that no one has changed or destroyed information without permission. This definition of integrity refers to the protection and preservation of data, ensuring that it remains unaltered and intact. It emphasizes the importance of maintaining the accuracy and reliability of information, preventing unauthorized modifications or deletions.

Submit
7. How many bits are within an internet protocol version 4 (IPv4) address?

Explanation

An internet protocol version 4 (IPv4) address consists of 32 bits. This means that there are 2^32 possible unique addresses within the IPv4 address space. Each bit in the address represents a binary digit (0 or 1), resulting in a total of 32 bits. This allows for approximately 4.3 billion unique addresses, which are used to identify devices connected to the internet.

Submit
8. Which class of internet protocol (IP) addresses is only used for experimental purposes?

Explanation

Class E IP addresses are reserved for experimental purposes and are not meant to be used in regular networks. These addresses are not assigned to any specific organization or location and are not routable on the internet. Therefore, they are not used for normal communication and are only used for research, development, and testing purposes.

Submit
9. A companion file virus is one that

Explanation

A companion file virus is a type of virus that renames the original file and writes itself with the original file's name. This means that the virus disguises itself as the original file, making it difficult for users to detect. By renaming the file and replacing it with the virus, the attacker can execute malicious actions without raising suspicion. This technique allows the virus to spread and infect other files, potentially causing harm to the system.

Submit
10. Human error causes approximately what percentage of all accidents?

Explanation

Human error is responsible for a significant percentage of accidents, and the given answer of 95% indicates that the majority of accidents are caused by human mistakes or negligence. This implies that only a small fraction of accidents are attributed to other factors such as mechanical failures or natural disasters. The high percentage highlights the importance of human factors in accident prevention and the need for improving safety measures, training, and awareness to reduce human errors and their consequences.

Submit
11. Which port range constitutes well-known ports?

Explanation

The well-known ports are the port numbers ranging from 0 to 1023. These ports are reserved for specific services and protocols that are commonly used and recognized by the Internet Assigned Numbers Authority (IANA). They include ports for popular services like HTTP (port 80), FTP (port 21), and SSH (port 22). The other port ranges mentioned in the options are not classified as well-known ports.

Submit
12. Which port is used for telnet?

Explanation

Port 23 is used for telnet. Telnet is a network protocol that allows users to remotely access and control devices or systems over a network. It provides a virtual terminal connection to the remote device, allowing users to login and execute commands as if they were directly connected to the device. Port 23 is specifically designated for telnet communication, making it the correct answer.

Submit
13. Which port is used for hypertext transfer protocol (HTTP)?

Explanation

The correct answer is 80. HTTP (Hypertext Transfer Protocol) is the protocol used for transmitting web pages over the internet. Port 80 is the default port for HTTP communication. When a user requests a webpage, their web browser sends a request to the server on port 80, and the server responds with the requested webpage.

Submit
14. What is the minimum grade requirement for an information assurance assessment and assistance program (IAAP) team chief?

Explanation

The correct answer is SNCO (Senior Non-Commissioned Officer). In an information assurance assessment and assistance program (IAAP) team, the team chief is responsible for leading and supervising the team. This role requires a higher level of experience, expertise, and leadership skills, which are typically possessed by SNCOs. NCOs may have the necessary technical knowledge, but may not have the leadership abilities required for this position. The GS-07 and GS-09 options refer to the General Schedule (GS) pay scale used for civilian government employees and are not relevant to the grade requirement for an IAAP team chief.

Submit
15. How many times should you wipe each active surface of the media being degaussed when using a degaussing wand?

Explanation

When using a degaussing wand to degauss the media, it is recommended to wipe each active surface three times. This ensures that the magnetic information on the media is completely erased and cannot be recovered. Wiping the surface multiple times helps to ensure that all traces of data are effectively eliminated, providing a higher level of security.

Submit
16. How often must a degausser be recertified during its first 2 years of operation?

Explanation

A degausser must be recertified every 6 months during its first 2 years of operation. This is necessary to ensure that the degausser is functioning properly and effectively erasing data from magnetic media. Regular recertification helps to maintain the reliability and performance of the degausser over time.

Submit
17. Which standard form (SF) label is used as a data descriptor label?

Explanation

SF 711 is used as a data descriptor label.

Submit
18. An installation commander can authorize keeping which classification types on the flight line for in-transit storage?

Explanation

An installation commander can authorize keeping confidential and secret classification types on the flight line for in-transit storage. This means that any materials or documents that are classified as confidential or secret can be stored on the flight line under the authorization of the installation commander. Other classification types such as unclassified or top secret are not authorized for in-transit storage on the flight line.

Submit
19. Which term identifies any equipment or area in which classified information is processed?

Explanation

The term "RED" is used to identify any equipment or area in which classified information is processed. This term is commonly used in the context of information security and refers to systems that handle sensitive or classified data. It is important to have designated areas or equipment for processing classified information to ensure its confidentiality and prevent unauthorized access.

Submit
20. Who is the installation's focal point for emission security (EMSEC) matters?

Explanation

The correct answer is the Wing information assurance office (WIAO). The WIAO is responsible for handling emission security (EMSEC) matters within the installation. They ensure that proper measures are in place to protect the communication and information systems from any potential threats or vulnerabilities. They work closely with other personnel, such as the Wing commander and the Communications and Information System Officer (CSO), to ensure the overall security of the installation.

Submit
21. The sequence of leading bits in an internet protocol (IP) that are used to identify the network portion of an IP address is called a

Explanation

The sequence of leading bits in an internet protocol (IP) that are used to identify the network portion of an IP address is called a routing prefix. A routing prefix is a numerical value that is used to determine the network address and subnet mask of an IP address. It helps in routing packets across different networks by providing information about the network portion of the IP address.

Submit
22. Logon and password management screens must be encrypted with at least what type of secure socket layer?

Explanation

Logon and password management screens must be encrypted with at least a 128-bit secure socket layer. This level of encryption ensures a high level of security for sensitive information such as login credentials. Higher bit encryption provides stronger protection against unauthorized access and data breaches.

Submit
23. In which topology does a device wanting to communicate with another device on the network send a broadcast message onto the wire that all other devices see, but only the intended recipient actually accepts and processes?

Explanation

In a bus topology, a device wanting to communicate with another device on the network sends a broadcast message onto the wire that all other devices see. However, only the intended recipient actually accepts and processes the message. This is because in a bus topology, all devices are connected to a single shared communication line, and the message travels along the wire to reach the intended recipient. Other devices on the network receive the message, but they ignore it as it is not intended for them.

Submit
24. Which common access card (CAC) certificate would be used to sign an enlisted performance report (EPR)?

Explanation

The identification certificate would be used to sign an enlisted performance report (EPR) using a common access card (CAC). This certificate verifies the identity of the individual signing the report, ensuring that it is authentic and reliable. The identification certificate is commonly used for various purposes, including digital signatures and secure access to systems and information. It helps to establish trust and integrity in the signing process, making it an appropriate choice for signing important documents like an EPR.

Submit
25. The contract manager must use what agency to validate a contractor employee's need to obtain a government public key infrastructure (PKI) certificate?

Explanation

The contract manager must use the Local Registration Authority/Trusted Agent (LRA/TA) to validate a contractor employee's need to obtain a government public key infrastructure (PKI) certificate. The LRA/TA is responsible for verifying the identity and need of individuals requesting PKI certificates, ensuring that only authorized personnel have access to sensitive information and resources. Using the LRA/TA helps to maintain the security and integrity of the PKI system and prevent unauthorized access or misuse of certificates.

Submit
26. Users who perform troubleshooting, configuration changes, or system reviews are given which type of access?

Explanation

Users who perform troubleshooting, configuration changes, or system reviews are given administrative access. This type of access allows them to have higher privileges and control over the system. Administrative users have the authority to make changes, install or uninstall software, modify settings, and manage user accounts, among other tasks. This level of access is necessary for performing advanced tasks and maintaining the system effectively.

Submit
27. Weaknesses or holes in a security system are considered

Explanation

Weaknesses or holes in a security system refer to vulnerabilities, which are potential points of exploitation that can be targeted by attackers. These vulnerabilities can be present in software, hardware, or even human processes, making the system susceptible to unauthorized access or compromise. By identifying and addressing these vulnerabilities, organizations can strengthen their security posture and reduce the risk of breaches or exploits.

Submit
28. Which of the following options is not involved when securing a UNIX system?

Explanation

When securing a UNIX system, various measures are taken to protect it from unauthorized access. Shutting down ports helps in closing any potential entry points for attackers. Using strong passwords ensures that only authorized users can access the system. Disabling unused/unneeded services reduces the attack surface by eliminating unnecessary points of vulnerability. However, ensuring remote access is not directly related to securing the system as it involves allowing authorized users to access the system remotely. Remote access can be secured separately through measures like VPNs, firewalls, and authentication protocols.

Submit
29. When vulnerabilities are discovered within the Windows operating system and other products, Microsoft releases

Explanation

Microsoft releases bulletins when vulnerabilities are discovered within the Windows operating system and other products. Bulletins are official notifications or announcements from Microsoft that provide information about the vulnerabilities, their severity, and any available patches or fixes. These bulletins are important for users and administrators to stay informed about potential security risks and take necessary actions to protect their systems.

Submit
30. A logical connection point for the transmission of information packets is known as

Explanation

A logical connection point for the transmission of information packets is known as a port. A port is a virtual or physical endpoint on a device where data can be sent or received. It acts as a communication channel through which information can flow between different devices or services. Ports are commonly used in networking to establish connections and facilitate the exchange of data packets.

Submit
31. Which type of transition technology is used to set up secure point-to-point communication?

Explanation

Tunneling is the correct answer because it is a type of transition technology that is used to establish secure point-to-point communication. Tunneling encapsulates the original data packets within another packet, creating a "tunnel" through which the data can travel securely. This technique is commonly used in VPNs (Virtual Private Networks) to ensure the confidentiality and integrity of data transmitted between two endpoints.

Submit
32. What is the newest WiFi networking standard that is widely available?

Explanation

The newest WiFi networking standard that is widely available is 802.11n. This standard offers faster speeds and better range compared to previous standards such as 802.11a, 802.11b, and 802.11g. It operates on both the 2.4GHz and 5GHz frequency bands, allowing for better performance in crowded areas. It also supports multiple-input multiple-output (MIMO) technology, which improves signal quality and reduces interference. Overall, 802.11n provides a more reliable and efficient wireless connection, making it the newest standard widely adopted in various devices and networks.

Submit
33. How many steps are in the risk management (RM) process?

Explanation

The correct answer is 5. The risk management process typically consists of five steps: identification, assessment, mitigation, monitoring, and review. In the identification step, potential risks are identified and documented. The assessment step involves evaluating the likelihood and impact of each identified risk. Mitigation involves developing and implementing strategies to reduce or eliminate the identified risks. Monitoring involves continuously monitoring the effectiveness of the mitigation strategies. Finally, the review step involves periodically reviewing and updating the risk management process to ensure its effectiveness.

Submit
34. When classified information is inadvertently sent through unclassified e-mail it is considered

Explanation

When classified information is sent through unclassified e-mail, it is considered a classified message incident. This means that sensitive and confidential information has been transmitted through a channel that is not authorized or secure enough to handle such information. It highlights a breach in security protocols and the potential risk of unauthorized access to classified information.

Submit
35. Where are thermal transfer and dye sublimation cartridges sent for sanitization?

Explanation

Thermal transfer and dye sublimation cartridges are sent to the National Security Agency (NSA) for sanitization. The NSA is responsible for ensuring the security and confidentiality of sensitive information, and sanitizing these cartridges helps to prevent any potential data breaches or leaks. By sending the cartridges to the NSA, any residual data or information on them can be safely removed, ensuring that they can be reused or disposed of without any risk to national security.

Submit
36. An emission security (EMSEC) manager documents an EMSEC assessment on

Explanation

The correct answer is AF Form 4170. The AF Form 4170 is the appropriate form for documenting an EMSEC assessment. It is specifically designed for this purpose and contains the necessary fields and sections to record all relevant information related to the assessment. The other forms mentioned, AF Form 6170, Standard Form 700, and Standard Form 701, are not intended for EMSEC assessments and may not include the required fields or sections to accurately document the assessment.

Submit
37. Once it is filled out an AF Form 4170, Emission Security Assessments/Emission Security Countermeasures, is considered

Explanation

The correct answer is confidential. This is because an AF Form 4170, Emission Security Assessments/Emission Security Countermeasures, is considered confidential.

Submit
38. What type of impact occurs when the loss of confidentiality, integrity, and availability (CIA) could be expected to have a serious adverse effect on organizational operations, organizational assets, or people?

Explanation

When the loss of confidentiality, integrity, and availability (CIA) could be expected to have a serious adverse effect on organizational operations, assets, or people, it indicates a moderate impact. This means that the impact would be significant but not severe enough to cause extreme damage or disruption. It suggests that there would be some negative consequences, but they can be managed and mitigated to a certain extent.

Submit
39. Which of the following is not a phase in the information technology (IT) Lean reengineering process?

Explanation

The question asks for the phase that is not a part of the IT Lean reengineering process. The options given are Design, Define need, Build and test, and Define need review. Out of these options, all except Define need review are phases in the IT Lean reengineering process. Therefore, Define need review is the correct answer as it is not a phase in the process.

Submit
40. Defense-in-depth is the Department of Defense (DOD) approach for establishing

Explanation

Defense-in-depth is a strategy used by the Department of Defense (DOD) to establish an adequate information assurance (IA) posture in a shared-risk environment. This approach involves implementing multiple layers of security controls to protect against various threats and vulnerabilities. It recognizes that no single security measure is enough to fully protect an organization's information assets, so multiple layers are necessary to provide a comprehensive defense. By adopting this approach, the DOD aims to mitigate risks and ensure the confidentiality, integrity, and availability of its information in a shared-risk environment.

Submit
41. Which of the following is not a result of initial information assurance (IA) awareness training for all network users?

Explanation

The correct answer is "Users have met investigative requirements." This option suggests that initial IA awareness training does not involve meeting investigative requirements. The other options, such as users being aware of their role in IA, being trained on network security, and satisfying network access requirements, are all outcomes that can be expected from initial IA awareness training for network users.

Submit
42. When viewed in binary form, each octet within an Internet Protocol (IP) address has how many positions?

Explanation

Each octet within an Internet Protocol (IP) address has 8 positions when viewed in binary form. In binary, each position represents a power of 2, ranging from 2^0 to 2^7. Since there are 8 positions in an octet, it means that each position can hold a value of either 0 or 1, resulting in a total of 256 possible combinations (2^8). This allows for a wide range of unique IP addresses to be represented within the octet.

Submit
43. Which transmission control protocol (TCP) port is used by hypertext transfer protocol (HTTP) by default?

Explanation

The correct answer is 80. HTTP uses the TCP protocol to transfer hypertext documents over the internet. By default, HTTP uses port 80 to establish a connection between the client and the server. This allows web browsers to communicate with web servers and retrieve web pages.

Submit
44. In which type of port scan does the scanner connect to the same port on more than one machine?

Explanation

A sweep scan is a type of port scan where the scanner connects to the same port on multiple machines. This allows the scanner to quickly gather information about open ports on different systems. Unlike a strobe scan, which connects to a range of ports on a single machine, a sweep scan focuses on a specific port and checks it on multiple machines. A fragment packet scan involves sending fragmented packets to bypass firewall filters, while an FTP bounce scan exploits the FTP bounce feature to scan ports indirectly.

Submit
45. Which type of scan is also known as a half open scan?

Explanation

A Synchronous (SYN) scan is also known as a half open scan. This type of scan involves sending a SYN packet to the target host and waiting for a response. If the host responds with a SYN-ACK packet, it means the port is open. If the host responds with a RST packet, it means the port is closed. This scan is called a half open scan because it does not complete the full TCP handshake, making it more stealthy and harder to detect.

Submit
46. Administrators must be in the habit of doing what to make it possible for replacement administrators to accomplish the same tasks as their predecessors?

Explanation

To ensure that replacement administrators can accomplish the same tasks as their predecessors, it is important for administrators to keep complete and accurate documentation for all configuration changes. This documentation serves as a reference guide for the new administrators, allowing them to understand the network setup, configurations, and any changes that have been made in the past. By having this documentation, the new administrators can easily replicate the previous configurations and continue the tasks without any disruptions or delays. It also helps in maintaining continuity throughout the network and minimizing risks by ensuring that the network is properly configured and secured.

Submit
47. Which is the slowest yet least expensive WiFi standard?

Explanation

The correct answer is 802.11b. This WiFi standard is the slowest yet least expensive because it operates on the 2.4 GHz frequency band and has a maximum data transfer rate of 11 Mbps. While it may not offer the fastest speeds compared to other WiFi standards like 802.11n or 802.11ac, it is still widely used in older devices and is compatible with most routers. Additionally, 802.11b devices are generally more affordable compared to newer standards, making it a cost-effective option for basic internet browsing and light usage.

Submit
48. A program that contains or installs a malicious program is called a

Explanation

A program that contains or installs a malicious program is called a Trojan horse. Unlike a boot sector virus, which infects the boot sector of a computer's hard drive, a Trojan horse disguises itself as a legitimate program or file to trick users into downloading or executing it. Once installed, the Trojan horse can perform various malicious activities, such as stealing personal information, damaging files, or allowing unauthorized access to the infected system. Unlike a worm program, a Trojan horse does not have the ability to self-replicate and spread to other computers. A macro virus, on the other hand, infects documents and uses macros to execute its malicious code.

Submit
49. The two fundamental concepts of network security are

Explanation

Authentication and authorization are the two fundamental concepts of network security. Authentication ensures that the user or device trying to access the network is who they claim to be, by verifying their identity through credentials such as passwords or biometrics. Authorization, on the other hand, determines the level of access and permissions granted to authenticated users, ensuring that they can only access the resources and perform actions that they are authorized to do. These two concepts work together to protect the network from unauthorized access and ensure that only authenticated and authorized users can access sensitive information and resources.

Submit
50. Continuity of operations plans (COOP) are not used in which of the following situations?

Explanation

Continuity of operations plans (COOP) are designed to ensure the continued functioning of an organization during emergencies or disruptions. They are typically used in situations such as accidents, man-made disasters, and health-related incidents. However, operating system failure is not directly related to these scenarios as it primarily refers to the failure of computer software or hardware. While it can cause disruptions, it is not typically addressed through COOP measures.

Submit
51. When sanitizing sealed disks with a degausser, what percentage of the overwritten information should be randomly reread to confirm only the overwritten characters are recovered?

Explanation

When sanitizing sealed disks with a degausser, it is important to randomly reread a certain percentage of the overwritten information to confirm that only the overwritten characters are recovered. In this case, the correct answer is 1, indicating that only 1% of the overwritten information should be randomly reread. This ensures that the process of sanitizing the disks is effective and that no sensitive or confidential data can be recovered from the disks.

Submit
52. When destroying DVD storage devices, what is the maximum particle size allowable on the normal edge dimensions?

Explanation

The maximum particle size allowable on the normal edge dimensions when destroying DVD storage devices is 25 square millimeters.

Submit
53. Who has the authority to impose restrictions upon and prohibit the use of government owned removable information systems storage media for classified systems or networks?

Explanation

Authorizing officials have the authority to impose restrictions and prohibit the use of government-owned removable information systems storage media for classified systems or networks. These officials are responsible for granting and managing access to classified information and have the power to set guidelines and restrictions on the use of storage media to ensure the security and integrity of classified systems and networks. They have the final say in determining who can use and access these storage media and can impose restrictions as necessary to protect sensitive information.

Submit
54. Which of the following is a duty performed by a cyber surety journeyman?

Explanation

A cyber surety journeyman is responsible for performing detection activities, including real-time intrusion detection and firewall protection. This means they are tasked with monitoring networks and systems for any unauthorized access or malicious activities. They are also responsible for setting up and maintaining firewalls to protect against cyber threats. This duty is crucial in ensuring the security and integrity of computer systems and networks.

Submit
55. Which wireless standard was originally intended to create a wireless security platform that would perform as securely as a traditional wired network by providing data encryption?

Explanation

Wired equivalency privacy (WEP) was originally intended to create a wireless security platform that would perform as securely as a traditional wired network by providing data encryption. WEP was the first security protocol used in wireless networks and aimed to provide confidentiality and integrity of data transmitted over the wireless network. However, it was later found to have significant security flaws and was replaced by WiFi protected access (WPA) as a more secure alternative.

Submit
56. Which device provides the initial entry point into a network?

Explanation

A network access server (NAS) provides the initial entry point into a network. It is responsible for authenticating and authorizing users to access the network. NAS acts as a gateway between the user's device and the network, allowing users to connect and gain access to network resources. It verifies the user's credentials and ensures that they have the necessary permissions to access the network. Once authenticated, the NAS establishes a secure connection and manages the user's network access.

Submit
57. How is an Internet protocol version 6 (IPv6) address written?

Explanation

An Internet protocol version 6 (IPv6) address is written in eight groups of four hexadecimal numbers, separated by colons. This format is used to represent the 128-bit address space in IPv6. Each group consists of four hexadecimal digits, which can range from 0 to F (0-9 and A-F). The use of colons as separators helps to distinguish between the different groups and make the address more readable.

Submit
58. Which career field deploys, sustains, troubleshoots, and repairs standard voice, data, video network, and cryptographic client devices in fixed and deployed environments?

Explanation

Client Systems (3D1X1) is the correct answer because this career field is responsible for deploying, sustaining, troubleshooting, and repairing standard voice, data, video network, and cryptographic client devices in both fixed and deployed environments. This includes setting up and maintaining computer systems, networks, and communication equipment for military operations.

Submit
59. What is the third step in the risk management (RM) process?

Explanation

The third step in the risk management process is to develop controls and make decisions. This involves identifying potential risks and determining the best course of action to mitigate or eliminate them. By developing controls, organizations can implement measures to prevent or minimize the impact of risks. Making decisions involves evaluating the available options and choosing the most effective strategies to manage risks. Supervising and evaluating, as mentioned in the other options, are important steps in the risk management process but they come after developing controls and making decisions.

Submit
60. Which type of network typically provides wireless broadband data services?

Explanation

A wireless wide area network (WWAN) typically provides wireless broadband data services. This type of network is designed to cover large geographical areas, such as cities or even entire countries, and allows users to access the internet and other data services wirelessly. WWANs use cellular technology, such as 3G, 4G, or 5G, to provide high-speed data connectivity to mobile devices. Unlike wireless local area networks (WLANs) which cover smaller areas like homes or offices, WWANs provide broader coverage and are commonly used by mobile network operators to offer internet access to their customers.

Submit
61. What type of equipment is used for acquisition, storage and manipulation of voice and data?

Explanation

The correct answer is information technology equipment because it encompasses all the necessary tools and devices used for acquiring, storing, and manipulating both voice and data. This includes computers, servers, networking devices, software applications, and other related technologies that are specifically designed to handle and process information. System equipment, cryptographic equipment, and communications equipment are more specific subsets of information technology equipment and may not cover the full range of requirements for voice and data management.

Submit
62. What is assigned to all Department of Defense (DOD) information systems that is directly associated with the importance of the information contained relative to achieving DOD goals and objectives?

Explanation

The correct answer is "Mission assurance category." In the Department of Defense (DOD), information systems are assigned a mission assurance category based on the importance of the information contained within them in relation to achieving DOD goals and objectives. This categorization helps determine the level of protection and security measures required for these systems.

Submit
63. Who initiates a local files check prior to allowing volunteers access to the AF network?

Explanation

The correct answer is the Unit security manager. The Unit security manager is responsible for ensuring the security of the AF network and its resources. They are in charge of conducting local files checks to verify the background and suitability of volunteers before granting them access to the network. This is an important step in maintaining the security and integrity of the network and preventing unauthorized access or potential threats.

Submit
64. What does the common access card (CAC) certificate used to sign e-mail provide?

Explanation

The common access card (CAC) certificate used to sign e-mail provides non-repudiation. Non-repudiation ensures that the sender of the email cannot deny sending it, as the CAC certificate serves as a digital signature that uniquely identifies the sender. This helps in verifying the authenticity of the email and prevents the sender from later denying their involvement in the communication.

Submit
65. Which of the following represents a strong password?

Explanation

The password "GwL18!np*Z&fB3q." represents a strong password because it includes a combination of uppercase and lowercase letters, numbers, and special characters. It also has a sufficient length of 15 characters, making it harder to guess or crack. The use of a mix of characters and the inclusion of special characters adds complexity and increases the password's strength.

Submit
66. Which UNIX command allows remote logins?

Explanation

Telnet is the correct answer because it is a UNIX command that allows remote logins. It is a network protocol that enables users to connect to remote computers and access their command line interface. Telnet establishes a virtual terminal connection, allowing users to log in and interact with the remote system as if they were physically present. This command is commonly used for remote administration, troubleshooting, and accessing resources on remote machines.

Submit
67. Which internet protocol (IP) address is used for limited broadcasts?

Explanation

The IP address 255.255.255.255 is used for limited broadcasts. This address is known as the broadcast address and is used to send a message to all devices on a network. When a device sends a message to this address, it is received by all devices on the network, allowing for communication with all devices simultaneously.

Submit
68. Which protocol is an Internet Engineering Task Force (IETF) standard designed to reduce the administration burden and complexity of configuring hosts on a transmission control protocol/internet protocol (TCP/IP) based network?

Explanation

The Dynamic Host Configuration Protocol (DHCP) is an IETF standard designed to reduce the administration burden and complexity of configuring hosts on a TCP/IP based network. DHCP allows hosts to automatically obtain an IP address, subnet mask, default gateway, and other network configuration parameters from a DHCP server. This eliminates the need for manual configuration of network settings on each individual host, making it easier to manage and administer the network.

Submit
69. An incident in which an Air Force computer, information system, or network was denied use due to an overwhelming volume of unauthorized network traffic is category

Explanation

Category IV is the correct answer because it refers to an incident where an Air Force computer, information system, or network was denied use due to an overwhelming volume of unauthorized network traffic. This category specifically deals with denial of service attacks, which involve flooding a network or system with excessive traffic to disrupt its normal functioning.

Submit
70. Who tracks Air Force information condition (INFOCON) status to ensure directed actions are accomplished in a timely manner?

Explanation

The Air Force network operating center network control division is responsible for tracking the Air Force information condition (INFOCON) status to ensure that directed actions are completed on time. This division is specifically tasked with monitoring and managing the Air Force network, making it the most suitable entity to oversee the INFOCON status and ensure timely execution of necessary actions.

Submit
71. A facility with an inspectable space of more than 20 meters, but less than 100 meters is considered to be in facility zone

Explanation

A facility with an inspectable space of more than 20 meters, but less than 100 meters is considered to be in facility zone B.

Submit
72. Equipment with an equipment radiation TEMPEST zone (ERTZ) of 20 to 100 meters is considered to be in equipment zone

Explanation

The given statement mentions that equipment with an ERTZ of 20 to 100 meters is considered to be in the equipment zone. Since the options A, B, and D are incomplete and do not provide any information about the equipment zone, the correct answer is C.

Submit
73. Which protocol does the Internet support as the "language" computers use to find and connect with each other?

Explanation

The Internet supports the Transmission Control Protocol/Internet Protocol (TCP/IP) as the "language" computers use to find and connect with each other. TCP/IP is a set of protocols that allows for the reliable transmission of data over the Internet. It provides a standardized way for computers to communicate and ensures that data packets are delivered accurately and in the correct order. TCP/IP is the foundation of the Internet and is used by all devices connected to it.

Submit
74. Which category of information must be stored on removable media?

Explanation

The category of information that must be stored on removable media is classified. Classified information refers to sensitive data that has been assigned a level of confidentiality, such as top secret, secret, or confidential. Storing classified information on removable media allows for easier transport and protection of the data, as it can be physically secured and controlled. This ensures that only authorized personnel have access to the information and reduces the risk of unauthorized disclosure or loss.

Submit
75. Networked resources must be consistently monitored and controlled to ensure access to the network while

Explanation

Consistently monitoring and controlling networked resources is important to ensure access to the network while also addressing various cyberspace threats. By minimizing these risks, organizations can protect their network from potential attacks and vulnerabilities. This involves implementing security measures, such as installing security patches, conducting regular vulnerability assessments, and implementing security controls to mitigate potential threats. By doing so, organizations can maintain the integrity and security of their network, protecting sensitive data and ensuring uninterrupted access for authorized users.

Submit
76. Which agency conducts assessments of wing information assurance (IA) programs using an AF Form 4170 every two years or sooner?

Explanation

Major commands (MAJCOM) conduct assessments of wing information assurance (IA) programs using an AF Form 4170 every two years or sooner. This indicates that the responsibility for conducting these assessments lies with the higher-level command structure rather than at the wing, squadron, or headquarters level. MAJCOMs are responsible for overseeing and managing multiple wings and units within the Air Force, making them the appropriate agency to conduct these assessments.

Submit
77. Which standard form (SF) is used to record the opening and closing of security containers?

Explanation

SF 702 is the correct answer because it is the standard form used to record the opening and closing of security containers. This form is specifically designed for this purpose and is used to document the details of when a security container is opened, who opened it, and when it was closed again. It helps to maintain a record of access to sensitive information and ensures accountability and security.

Submit
78. Personnel removing top secret material from storage must use

Explanation

When personnel are removing top secret material from storage, they are required to use an Air Force (AF) Form 144. This form is specifically designed for the purpose of documenting the removal of top secret material and ensuring proper accountability and security measures are followed. The other options listed, such as Standard Form (SF) 704, SF 705, and SF 706, are not specifically designated for the removal of top secret material and do not provide the necessary level of security and documentation required for such sensitive information.

Submit
79. How many steps are in the risk management framework process?

Explanation

The risk management framework process consists of six steps. This process involves identifying, assessing, and prioritizing risks, as well as developing and implementing risk mitigation strategies. The final step is to monitor and review the effectiveness of these strategies. Therefore, the correct answer is 6.

Submit
80. How many steps are in the system development life cycle?

Explanation

The correct answer is 5. The system development life cycle (SDLC) is a process that involves several steps to develop and maintain a system. These steps typically include planning, analysis, design, implementation, and maintenance. Each step is crucial in ensuring the successful development and functioning of a system. Therefore, there are five steps in the SDLC.

Submit
81. Integrated Network Operations Security Centers (I-NOSC) use security and network monitoring tools to do all of the following except

Explanation

I-NOSCs are responsible for security and network monitoring, as well as identifying system vulnerabilities and monitoring network health. However, they do not typically review the contents of fixed disks. This task is usually performed by forensic analysts or investigators who are specifically trained in analyzing disk contents for evidence or data recovery purposes.

Submit
82. Automated security incident measurement (ASIM) transcripts are controlled and are only released with approval of the

Explanation

ASIM transcripts are controlled and released with the approval of the Air Force network operations center (AFNOC). This implies that AFNOC has the authority and responsibility to oversee and manage the release of these transcripts. The other options, such as the Wing commander, Major command commander, and Air Force Office of Special Investigation, do not have the same level of control and authority over ASIM transcripts. Therefore, AFNOC is the correct answer for this question.

Submit
83. Who is the approval authority for foreign nationals to access unclassified systems?

Explanation

The AF Network Operations (AFNETOPS) commander is the approval authority for foreign nationals to access unclassified systems. This individual is responsible for overseeing network operations and ensuring the security and integrity of the network. They have the authority to grant or deny access to foreign nationals based on their assessment of the potential risks and the need for access. The Wing commander and Wing information assurance officer (WIAO) may have roles in the approval process, but the ultimate authority lies with the AFNETOPS commander.

Submit
84. An incident in which an unauthorized person gained user-level privileges on an Air Force computer, information system, or network device is considered category

Explanation

The incident described in the question involves an unauthorized person gaining user-level privileges on an Air Force computer, information system, or network device. This type of incident falls under category II, which refers to unauthorized access or use of Air Force systems, networks, or devices. This category specifically covers incidents where unauthorized individuals gain user-level privileges, which aligns with the scenario presented in the question.

Submit
85. Who is the connection approval authority for mission assurance category I (MAC I) systems?

Explanation

The AF Network Operations (AFNETOPS) commander is the connection approval authority for mission assurance category I (MAC I) systems. This means that they have the authority to approve connections to these systems, ensuring that they meet the necessary security and operational requirements. As the commander of AFNETOPS, they are responsible for overseeing network operations and ensuring the overall security and effectiveness of the Air Force's network.

Submit
86. In which phase of the Department of Defense information assurance certification and accreditation process (DIACAP) do you initiate and plan for certification and accreditation (C&A)?

Explanation

In the Department of Defense information assurance certification and accreditation process (DIACAP), the initiation and planning for certification and accreditation (C&A) occurs in Phase I. This phase involves identifying the system boundaries, determining the security requirements, and developing a plan for the C&A process. It sets the foundation for the entire DIACAP process and ensures that all necessary steps are taken to achieve certification and accreditation.

Submit
87. When overwriting hard drives, you must examine no less than what percentage of all overwritten hard drives to verify the overwriting process?

Explanation

To verify the overwriting process when overwriting hard drives, it is necessary to examine no less than 20% of all overwritten hard drives. This ensures that a representative sample is taken to confirm that the overwriting process was successful and that the data has been properly erased. By examining a significant portion of the overwritten hard drives, any potential errors or issues can be identified and addressed before the drives are reused or disposed of.

Submit
88. Which organization is responsible for developing Air Force ports, protocols and services (PPS) policies and procedures?

Explanation

The Air Force Network Integration Center (AFNIC) is responsible for developing Air Force ports, protocols, and services (PPS) policies and procedures. They are tasked with ensuring that the Air Force's network operations are integrated and functioning efficiently. AFNIC plays a crucial role in managing and securing the Air Force's network infrastructure, making them the appropriate organization for developing PPS policies and procedures.

Submit
89. Which form is used to annotate that storage media from an information system has been cleared?

Explanation

SF 711 is the correct answer because it is the form used to annotate that storage media from an information system has been cleared. The other forms listed (SF 700, SF 702, and SF 703) are not specifically designated for this purpose.

Submit
90. How many years are the records of destruction of a hard drive maintained?

Explanation

The records of destruction of a hard drive are maintained for a period of 5 years. This means that any documentation or evidence related to the destruction of a hard drive, such as certificates of destruction or logs, will be kept for a duration of 5 years. This is likely done to ensure compliance with data protection regulations and to provide a record of the proper disposal of sensitive information.

Submit
View My Results

Quiz Review Timeline (Updated): Jun 12, 2024 +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Jun 12, 2024
    Quiz Edited by
    ProProfs Editorial Team
  • Aug 05, 2015
    Quiz Created by
    0tharez
Cancel
  • All
    All (90)
  • Unanswered
    Unanswered ()
  • Answered
    Answered ()
Which bound media has a core surrounded by cladding and a second layer...
What determines the number of alternate information assurance officers...
In which information assurance control must an organization ensure...
What is the minimum rank the AF Information Network (AFIN) connection...
Which of the following is not an example of unbound media?
The definition of integrity as it's applied to identification,...
How many bits are within an internet protocol version 4 (IPv4)...
Which class of internet protocol (IP) addresses is only used for...
A companion file virus is one that
Human error causes approximately what percentage of all accidents?
Which port range constitutes well-known ports?
Which port is used for telnet?
Which port is used for hypertext transfer protocol (HTTP)?
What is the minimum grade requirement for an information assurance...
How many times should you wipe each active surface of the media being...
How often must a degausser be recertified during its first 2 years of...
Which standard form (SF) label is used as a data descriptor label?
An installation commander can authorize keeping which classification...
Which term identifies any equipment or area in which classified...
Who is the installation's focal point for emission security (EMSEC)...
The sequence of leading bits in an internet protocol (IP) that are...
Logon and password management screens must be encrypted with at least...
In which topology does a device wanting to communicate with another...
Which common access card (CAC) certificate would be used to sign an...
The contract manager must use what agency to validate a contractor...
Users who perform troubleshooting, configuration changes, or system...
Weaknesses or holes in a security system are considered
Which of the following options is not involved when securing a UNIX...
When vulnerabilities are discovered within the Windows operating...
A logical connection point for the transmission of information packets...
Which type of transition technology is used to set up secure...
What is the newest WiFi networking standard that is widely available?
How many steps are in the risk management (RM) process?
When classified information is inadvertently sent through unclassified...
Where are thermal transfer and dye sublimation cartridges sent for...
An emission security (EMSEC) manager documents an EMSEC assessment on
Once it is filled out an AF Form 4170, Emission Security...
What type of impact occurs when the loss of confidentiality,...
Which of the following is not a phase in the information technology...
Defense-in-depth is the Department of Defense (DOD) approach for...
Which of the following is not a result of initial information...
When viewed in binary form, each octet within an Internet Protocol...
Which transmission control protocol (TCP) port is used by hypertext...
In which type of port scan does the scanner connect to the same port...
Which type of scan is also known as a half open scan?
Administrators must be in the habit of doing what to make it possible...
Which is the slowest yet least expensive WiFi standard?
A program that contains or installs a malicious program is called a
The two fundamental concepts of network security are
Continuity of operations plans (COOP) are not used in which of the...
When sanitizing sealed disks with a degausser, what percentage of the...
When destroying DVD storage devices, what is the maximum particle size...
Who has the authority to impose restrictions upon and prohibit the use...
Which of the following is a duty performed by a cyber surety...
Which wireless standard was originally intended to create a wireless...
Which device provides the initial entry point into a network?
How is an Internet protocol version 6 (IPv6) address written?
Which career field deploys, sustains, troubleshoots, and repairs...
What is the third step in the risk management (RM) process?
Which type of network typically provides wireless broadband data...
What type of equipment is used for acquisition, storage and...
What is assigned to all Department of Defense (DOD) information...
Who initiates a local files check prior to allowing volunteers access...
What does the common access card (CAC) certificate used to sign e-mail...
Which of the following represents a strong password?
Which UNIX command allows remote logins?
Which internet protocol (IP) address is used for limited broadcasts?
Which protocol is an Internet Engineering Task Force (IETF) standard...
An incident in which an Air Force computer, information system, or...
Who tracks Air Force information condition (INFOCON) status to ensure...
A facility with an inspectable space of more than 20 meters, but less...
Equipment with an equipment radiation TEMPEST zone (ERTZ) of 20 to 100...
Which protocol does the Internet support as the "language"...
Which category of information must be stored on removable media?
Networked resources must be consistently monitored and controlled to...
Which agency conducts assessments of wing information assurance (IA)...
Which standard form (SF) is used to record the opening and closing of...
Personnel removing top secret material from storage must use
How many steps are in the risk management framework process?
How many steps are in the system development life cycle?
Integrated Network Operations Security Centers (I-NOSC) use security...
Automated security incident measurement (ASIM) transcripts are...
Who is the approval authority for foreign nationals to access...
An incident in which an unauthorized person gained user-level...
Who is the connection approval authority for mission assurance...
In which phase of the Department of Defense information assurance...
When overwriting hard drives, you must examine no less than what...
Which organization is responsible for developing Air Force ports,...
Which form is used to annotate that storage media from an information...
How many years are the records of destruction of a hard drive...
Alert!

Advertisement