ATO Level II: Antiterrorism Level 2 training
1. ISCM strategy at this level is focused on ensuring that all system-level
security controls are implemented correctly, operate as intended, produce
the desired outcome with respect to meeting the security requirements for
the system, and continue to be effective over time.: Answer- Tier 3
2. Which of the following are security-focused configuration management
(SecCM) roles in risk management?: Answer- A.) Ensuring that
adjustments to the system configuration do not adversely affect the
security of the information system B.) Es- tablishing configuration
baselines and tracking, controlling, and managing aspects of business
development C.) Ensuring that adjustments to the system configuration
do not adversely affect the organizations operations
3. This security Configuration Management (CM) control includes physical
and logical access controls and prevents the installation of software and
firmware unless verified with an approved certificate.: Answer- Access
Restrictions for Change
4. This security Configuration Management (CM) control ensures that soft-
ware use complies with contract agreements and copyright laws, tracks
us- age, and is not used for unauthorized distribution, display,
performance, or reproduction.: Answer- Software Usage Restrictions
5. This security Configuration Management (CM) control involves the
,system- atic proposal, justification, implementation, testing, review, and
disposition of changes to the systems, including system upgrades and
modifications.: Con- figuration Change Control
6. This security Configuration Management (CM) control applies to the para-
meters that can be changed in hardware, software, or firmware components
that affect the security posture and/or funtionality of the system, including
registry settings, account/directory permission setting, and settings for
func- tions, ports and protocols.: Configuration Settings
7. Which of the following describes the role of the National Industrial
Security Program (NISP) in continuous monitoring?: The NISP ensures that
monitoring requirements, restrictions, and safeguards that industry
must follow are in place before any classified work may begin.
8. Which of the following describes the relationship between configuration
management controls and continuous monitoring?: Implementing
information system changes almost always results in some adjustment
to the system configu- ration that requires continuous monitoring of
security controls.
9. Which of the following is a role of risk management in continuous
monitor- ing?: Risk management in continuous monitoring ensures that
information security solutions are broad-based, consensus-driven, and
address the ongoing needs of and risks to the government and industry.
,10.Select ALL the correct responses. Which of the following describe
contin- uous monitoring capabilities for detecting threats and mitigating
vulnerabili- ties?: A.) Conducting frequent audits B.) Not relying on
firewalls to protect against all attacks
11.Which of the following describes how the Information System Contin-
uous Monitoring (ISCM) strategy supports the Tier 2 MISSION/BUSINESS
PROCESSES approach to risk management?: Tier 2 ISCM strategies focus
on the controls that address the establishment and management of the
organization's information security program, including establishing the
minimum frequency with which each security control or metric is to be
assessed or monitored.
12.Which of the following is an example of how counterintelligence and cy-
bersecurity personnel support continuous monitoring?: Through
aggregation and analysis of Suspicious Network Activity via cyber
intrusion, viruses, malware, backdoor attacks, acquisition of user names
and passwords, and similar targeting, the DSS CI Directorate produces
and disseminates reports on trends in cyberattacks and espionage.
13.Which of the following describes how audit logs support continuous
moni- toring?: Security auditing is a fundamental activity in continuous
monitoring in order to determine what activities occurred and which
user or process was responsible for them on an information system.
14.Which of the following identifies how the Risk Management Framework
(RMF) supports risk management?: The RMF process emphasizes
continuous monitoring and timely correction of deficiencies.
15.Select ALL the correct responses. Which of the following are key
, informa- tion provided in a security audit trail analysis?: A.) Unsuccessful
accesses to security-relevant objects and directories B.) Successful and
unsuccessful logons/lo- goffs C.) Denial of access for excessive logon
attempts
16.Which of the following fundamental concepts does continuous
monitoring support that means DoD information technology is managed to
minimize shared risk by ensuring the security posture of one system is not
undermined by vulnerabilities of interconnected systems?: Interoperability
and operational reciprocity
17.Which of the following ensures that a process is in place for authorized
users to report all cybersecurity-related events and potential threats and
vulnerabilities and initiates protective or corrective measures when a
cyber- security incident or vulnerability is discovered?: Information
System Security Officer
1. ISCM strategy at this level is focused on ensuring that all system-level
security controls are implemented correctly, operate as intended, produce
the desired outcome with respect to meeting the security requirements for
the system, and continue to be effective over time.: Answer- Tier 3
2. Which of the following are security-focused configuration management
(SecCM) roles in risk management?: Answer- A.) Ensuring that
adjustments to the system configuration do not adversely affect the
security of the information system B.) Es- tablishing configuration
baselines and tracking, controlling, and managing aspects of business
development C.) Ensuring that adjustments to the system configuration
do not adversely affect the organizations operations
3. This security Configuration Management (CM) control includes physical
and logical access controls and prevents the installation of software and
firmware unless verified with an approved certificate.: Answer- Access
Restrictions for Change
4. This security Configuration Management (CM) control ensures that soft-
ware use complies with contract agreements and copyright laws, tracks
us- age, and is not used for unauthorized distribution, display,
performance, or reproduction.: Answer- Software Usage Restrictions
5. This security Configuration Management (CM) control involves the
,system- atic proposal, justification, implementation, testing, review, and
disposition of changes to the systems, including system upgrades and
modifications.: Con- figuration Change Control
6. This security Configuration Management (CM) control applies to the para-
meters that can be changed in hardware, software, or firmware components
that affect the security posture and/or funtionality of the system, including
registry settings, account/directory permission setting, and settings for
func- tions, ports and protocols.: Configuration Settings
7. Which of the following describes the role of the National Industrial
Security Program (NISP) in continuous monitoring?: The NISP ensures that
monitoring requirements, restrictions, and safeguards that industry
must follow are in place before any classified work may begin.
8. Which of the following describes the relationship between configuration
management controls and continuous monitoring?: Implementing
information system changes almost always results in some adjustment
to the system configu- ration that requires continuous monitoring of
security controls.
9. Which of the following is a role of risk management in continuous
monitor- ing?: Risk management in continuous monitoring ensures that
information security solutions are broad-based, consensus-driven, and
address the ongoing needs of and risks to the government and industry.
,10.Select ALL the correct responses. Which of the following describe
contin- uous monitoring capabilities for detecting threats and mitigating
vulnerabili- ties?: A.) Conducting frequent audits B.) Not relying on
firewalls to protect against all attacks
11.Which of the following describes how the Information System Contin-
uous Monitoring (ISCM) strategy supports the Tier 2 MISSION/BUSINESS
PROCESSES approach to risk management?: Tier 2 ISCM strategies focus
on the controls that address the establishment and management of the
organization's information security program, including establishing the
minimum frequency with which each security control or metric is to be
assessed or monitored.
12.Which of the following is an example of how counterintelligence and cy-
bersecurity personnel support continuous monitoring?: Through
aggregation and analysis of Suspicious Network Activity via cyber
intrusion, viruses, malware, backdoor attacks, acquisition of user names
and passwords, and similar targeting, the DSS CI Directorate produces
and disseminates reports on trends in cyberattacks and espionage.
13.Which of the following describes how audit logs support continuous
moni- toring?: Security auditing is a fundamental activity in continuous
monitoring in order to determine what activities occurred and which
user or process was responsible for them on an information system.
14.Which of the following identifies how the Risk Management Framework
(RMF) supports risk management?: The RMF process emphasizes
continuous monitoring and timely correction of deficiencies.
15.Select ALL the correct responses. Which of the following are key
, informa- tion provided in a security audit trail analysis?: A.) Unsuccessful
accesses to security-relevant objects and directories B.) Successful and
unsuccessful logons/lo- goffs C.) Denial of access for excessive logon
attempts
16.Which of the following fundamental concepts does continuous
monitoring support that means DoD information technology is managed to
minimize shared risk by ensuring the security posture of one system is not
undermined by vulnerabilities of interconnected systems?: Interoperability
and operational reciprocity
17.Which of the following ensures that a process is in place for authorized
users to report all cybersecurity-related events and potential threats and
vulnerabilities and initiates protective or corrective measures when a
cyber- security incident or vulnerability is discovered?: Information
System Security Officer
