CLE 074
According to a 2013 Pricewaterhouse/ CSO Magazine/Us Secret Service/Carnegie
Mellon survey, about what percentage of electronic crime events are caused by insiders
- ✔️✔️--> 20-25%
5-10%
Greater than 80%
About 60%
Less than 5%
The DoD instruction that definitively defines cybersecurity is - ✔️✔️-->DoDI 8500.01,
signed in March of 2014
Interium DoDI 5000.2
NIST Special Publication 800-145
Federal Information Systems Management Act (FISMA)
USC Title 40. Clinger Cohen Act
The Security Plan is initiated at Step One of the RMF process and used in all
subsequent steps EXCEPT: - ✔️✔️-->Step Four, Assess Security Controls
Step Two, Select Security Controls
Step Six, Monitor Security Controls,
Step Five, Authorize Security Controls
Step Three, Implement Security Controls
Choose the best definition of a Cybersecurity Red Team - ✔️✔️--> A group of people
authorized and organized to emulate a potential adversary's attack or exploitation
capabilities against an enterprise's security posture
Formal testing conducted after deployment to evaluate operational effectiveness and
suitability
A team that guarantees a high level of confidence that software is free from
vulnerabilities, either intentionally or unintentionally designed into the software
, A group of individuals that conduct operational network vulnerability evaluations and
provide mitigation techniques to customers who have a need for independent technical
review of their network security posture
A multidisciplinary group of people who are collectively responsible for delivering a
defined cybersecurity product or process
Which of the following is a common protection method used to protect against cyber-
attacks? - ✔️✔️--> All of the items listed are common protection methods used to
protect against cyber-attacks
Vulnerability testing
Cryptography
Firewalls
Network traffic monitoring
Basically, Joint Information Environment is___. - ✔️✔️-->A comprehensive information
technology modernization effort
A description of data centers focused on cyber security
a new project for DoD information technology centers
A senior leadership challenge
a misnomer for terrorist threats to cyber security
The key governance in Tier 3 of the risk management hierarchy is the Authorizing
Official; in Tier 2, the Principal Authorizing Official; in Tier 1, the DoD Chief Information
Officer - ✔️✔️--> True
False
Choose the true statement about continuous monitoring and the system level
continuous monitoring strategy - ✔️✔️-->The RMF requires the development and
documentation of a system-level strategy for the continuous monitoring of the
effectiveness of security controls
Continuous monitoring in and of itself provides a comprehensive, enterprise-wide risk
management approach
The RMF recommends but does not require the development of a system-level strategy
for the continuous monitoring of security controls
According to a 2013 Pricewaterhouse/ CSO Magazine/Us Secret Service/Carnegie
Mellon survey, about what percentage of electronic crime events are caused by insiders
- ✔️✔️--> 20-25%
5-10%
Greater than 80%
About 60%
Less than 5%
The DoD instruction that definitively defines cybersecurity is - ✔️✔️-->DoDI 8500.01,
signed in March of 2014
Interium DoDI 5000.2
NIST Special Publication 800-145
Federal Information Systems Management Act (FISMA)
USC Title 40. Clinger Cohen Act
The Security Plan is initiated at Step One of the RMF process and used in all
subsequent steps EXCEPT: - ✔️✔️-->Step Four, Assess Security Controls
Step Two, Select Security Controls
Step Six, Monitor Security Controls,
Step Five, Authorize Security Controls
Step Three, Implement Security Controls
Choose the best definition of a Cybersecurity Red Team - ✔️✔️--> A group of people
authorized and organized to emulate a potential adversary's attack or exploitation
capabilities against an enterprise's security posture
Formal testing conducted after deployment to evaluate operational effectiveness and
suitability
A team that guarantees a high level of confidence that software is free from
vulnerabilities, either intentionally or unintentionally designed into the software
, A group of individuals that conduct operational network vulnerability evaluations and
provide mitigation techniques to customers who have a need for independent technical
review of their network security posture
A multidisciplinary group of people who are collectively responsible for delivering a
defined cybersecurity product or process
Which of the following is a common protection method used to protect against cyber-
attacks? - ✔️✔️--> All of the items listed are common protection methods used to
protect against cyber-attacks
Vulnerability testing
Cryptography
Firewalls
Network traffic monitoring
Basically, Joint Information Environment is___. - ✔️✔️-->A comprehensive information
technology modernization effort
A description of data centers focused on cyber security
a new project for DoD information technology centers
A senior leadership challenge
a misnomer for terrorist threats to cyber security
The key governance in Tier 3 of the risk management hierarchy is the Authorizing
Official; in Tier 2, the Principal Authorizing Official; in Tier 1, the DoD Chief Information
Officer - ✔️✔️--> True
False
Choose the true statement about continuous monitoring and the system level
continuous monitoring strategy - ✔️✔️-->The RMF requires the development and
documentation of a system-level strategy for the continuous monitoring of the
effectiveness of security controls
Continuous monitoring in and of itself provides a comprehensive, enterprise-wide risk
management approach
The RMF recommends but does not require the development of a system-level strategy
for the continuous monitoring of security controls
