Computer Network Defense Exam Questions and Answers Latest Update Graded A -
USCYBERCOM - Answers DoD organization that plans, coordinates, integrates, syncs, and conducts
active full-spectrum military cyberspace operations
National Cyber Security Division (NCSD) - Answers Government organization that works collaboratively
with public, private and international entities to secure cyberspace and America's cyber assets
US Computer Emergency Readiness Team (US-CERT) - Answers Partnership between DHS and the
public/private sectors charged with protecting our nation's Internet infrastructure by coordinating
defense against and response to cyber attacks
National Institute for Standards and Technologies (NIST) CSD - Answers Provides standards and
technology to protect information systems against threats to the confidentiality of information, integrity
of information and processes, and availability of information
Common Vulnerabilities and Exposure (CVE) - Answers Academic organization that standardizes names
for all publicly known vulnerabilities and security exposures
Global Information Grid (GIG) - Answers Globally interconnected, integral part of the overall C&C
structure that incorporates all other networks
NIPRNET - Answers Unclassified but Sensitive Network
SIPRNET - Answers Secret Network
JWICS - Answers TS SCI Network
DISA - Answers Agency responsible for planning, engineering, acquiring, fielding, and supporting global
net-centric solutions for the war fighter
Computer Network Defense Tasking Order (CTO) - Answers Provides guidance and direction to units
under USCYBERCOM'S Operational Control
Information Assurance Vulnerability Alert (IAVA) - Answers Address sever network vulnerabilities
resulting in immediate and sever threats
Information Assurance Vulnerability Bulletin (IAVB) - Answers Address new vulnerabilities that do not
pose an immediate risk
Technical Advisories (TA) - Answers Addresses vulnerabilities that are generally categorized as low-risk
INFOCON 5 - Answers Routine NetOps, 180-day cycle, least severe
INFOCON 4 - Answers Increased readiness in prep for ops or exercises, 90-day cycle
INFOCON 3 - Answers Increased validation of information network and configuration, 60-day cycle
, INFOCON 2 - Answers Increased validation of information network and configuration, 30-day cycle
INFOCON 1 - Answers Highest readiness condition, most severe, 15-day cycle
Incident - Answers Assessed occurrence having actual or potentially adverse effects on an information
system (every Event)
Event - Answers Any observable occurrence in a system not yet assessed that may affect system
performance
Three Phases of Incident Handling Methodology - Answers Detect (antivirus, chain of custody), Analyze
(Operation/Technical Impact), Respond (eradicate risk)
IA Triad - Answers Confidentiality, Integrity, Availability
Authentication - Answers The way you prove to the system that you are who you say you are
Three Methods of Authentication - Answers Something you know, Something you have, Something you
are
Non-repudiation - Answers Proves that a message has been sent and received
Implementation of Access Controls - Answers Administrative (written policies), Technical (firewalls, IDS),
Physical (door locks, guards)
Mandatory Access Control (MAC) - Answers A means of restricting access to objects based on the
sensitivity of the information (clearance)
Discretionary Access Control (DAC) - Answers Restriction of objects determined by the data owner
Role-based Access Control (RAC) - Answers Based on an organization's roles or job functions (base to
base change)
Rule-based Access Control - Answers Relies on specific rules that are associate with an object (firewalls)
Three Elements of Defense in Depth - Answers People, Technology, Operations
Three Defense Focus Areas - Answers Network/Infrastructure, Enclave Boundaries (IDS), Computing
Environment (PKIs)
Passive Attacks - Answers Monitoring of unprotected communications
Active Attacks - Answers Attempts to circumvent or break protection features, insert malicious code, or
steal/modify information
Insider Attacks - Answers Can be malicious or non-malicious
Cryptosystem - Answers Device or mechanism that performs encryption
USCYBERCOM - Answers DoD organization that plans, coordinates, integrates, syncs, and conducts
active full-spectrum military cyberspace operations
National Cyber Security Division (NCSD) - Answers Government organization that works collaboratively
with public, private and international entities to secure cyberspace and America's cyber assets
US Computer Emergency Readiness Team (US-CERT) - Answers Partnership between DHS and the
public/private sectors charged with protecting our nation's Internet infrastructure by coordinating
defense against and response to cyber attacks
National Institute for Standards and Technologies (NIST) CSD - Answers Provides standards and
technology to protect information systems against threats to the confidentiality of information, integrity
of information and processes, and availability of information
Common Vulnerabilities and Exposure (CVE) - Answers Academic organization that standardizes names
for all publicly known vulnerabilities and security exposures
Global Information Grid (GIG) - Answers Globally interconnected, integral part of the overall C&C
structure that incorporates all other networks
NIPRNET - Answers Unclassified but Sensitive Network
SIPRNET - Answers Secret Network
JWICS - Answers TS SCI Network
DISA - Answers Agency responsible for planning, engineering, acquiring, fielding, and supporting global
net-centric solutions for the war fighter
Computer Network Defense Tasking Order (CTO) - Answers Provides guidance and direction to units
under USCYBERCOM'S Operational Control
Information Assurance Vulnerability Alert (IAVA) - Answers Address sever network vulnerabilities
resulting in immediate and sever threats
Information Assurance Vulnerability Bulletin (IAVB) - Answers Address new vulnerabilities that do not
pose an immediate risk
Technical Advisories (TA) - Answers Addresses vulnerabilities that are generally categorized as low-risk
INFOCON 5 - Answers Routine NetOps, 180-day cycle, least severe
INFOCON 4 - Answers Increased readiness in prep for ops or exercises, 90-day cycle
INFOCON 3 - Answers Increased validation of information network and configuration, 60-day cycle
, INFOCON 2 - Answers Increased validation of information network and configuration, 30-day cycle
INFOCON 1 - Answers Highest readiness condition, most severe, 15-day cycle
Incident - Answers Assessed occurrence having actual or potentially adverse effects on an information
system (every Event)
Event - Answers Any observable occurrence in a system not yet assessed that may affect system
performance
Three Phases of Incident Handling Methodology - Answers Detect (antivirus, chain of custody), Analyze
(Operation/Technical Impact), Respond (eradicate risk)
IA Triad - Answers Confidentiality, Integrity, Availability
Authentication - Answers The way you prove to the system that you are who you say you are
Three Methods of Authentication - Answers Something you know, Something you have, Something you
are
Non-repudiation - Answers Proves that a message has been sent and received
Implementation of Access Controls - Answers Administrative (written policies), Technical (firewalls, IDS),
Physical (door locks, guards)
Mandatory Access Control (MAC) - Answers A means of restricting access to objects based on the
sensitivity of the information (clearance)
Discretionary Access Control (DAC) - Answers Restriction of objects determined by the data owner
Role-based Access Control (RAC) - Answers Based on an organization's roles or job functions (base to
base change)
Rule-based Access Control - Answers Relies on specific rules that are associate with an object (firewalls)
Three Elements of Defense in Depth - Answers People, Technology, Operations
Three Defense Focus Areas - Answers Network/Infrastructure, Enclave Boundaries (IDS), Computing
Environment (PKIs)
Passive Attacks - Answers Monitoring of unprotected communications
Active Attacks - Answers Attempts to circumvent or break protection features, insert malicious code, or
steal/modify information
Insider Attacks - Answers Can be malicious or non-malicious
Cryptosystem - Answers Device or mechanism that performs encryption
