ATO Level II: Antiterrorism Level 2
training
This security Configuration Management (CM) control includes physical and logical
access controls and prevents the installation of software and firmware unless verified
with an approved certificate. - ANSWER-Access Restrictions for Change
This security Configuration Management (CM) control ensures that software use
complies with contract agreements and copyright laws, tracks usage, and is not used for
unauthorized distribution, display, performance, or reproduction. - ANSWER-Software
Usage Restrictions
This security Configuration Management (CM) control involves the systematic proposal,
justification, implementation, testing, review, and disposition of changes to the systems,
including system upgrades and modifications. - ANSWER-Configuration Change
Control
This security Configuration Management (CM) control applies to the parameters that
can be changed in hardware, software, or firmware components that affect the security
posture and/or funtionality of the system, including registry settings, account/directory
permission setting, and settings for functions, ports and protocols. - ANSWER-
Configuration Settings
ISCM strategy at this level is focused on ensuring that all system-level security controls
are implemented correctly, operate as intended, produce the desired outcome with
respect to meeting the security requirements for the system, and continue to be
effective over time. - ANSWER-Tier 3
Which of the following are security-focused configuration management (SecCM) roles in
risk management? - ANSWER-A.) Ensuring that adjustments to the system
configuration do not adversely affect the security of the information system B.)
Establishing configuration baselines and tracking, controlling, and managing aspects of
business development C.) Ensuring that adjustments to the system configuration do not
adversely affect the organizations operations
Which of the following describes the role of the National Industrial Security Program
(NISP) in continuous monitoring? - ANSWER-The NISP ensures that monitoring
requirements, restrictions, and safeguards that industry must follow are in place before
any classified work may begin.
,Which of the following describes the relationship between configuration management
controls and continuous monitoring? - ANSWER-Implementing information system
changes almost always results in some adjustment to the system configuration that
requires continuous monitoring of security controls.
Which of the following is a role of risk management in continuous monitoring? -
ANSWER-Risk management in continuous monitoring ensures that information security
solutions are broad-based, consensus-driven, and address the ongoing needs of and
risks to the government and industry.
Select ALL the correct responses. Which of the following describe continuous
monitoring capabilities for detecting threats and mitigating vulnerabilities? - ANSWER-
A.) Conducting frequent audits B.) Not relying on firewalls to protect against all attacks
Which of the following describes how the Information System Continuous Monitoring
(ISCM) strategy supports the Tier 2 MISSION/BUSINESS PROCESSES approach to
risk management? - ANSWER-Tier 2 ISCM strategies focus on the controls that
address the establishment and management of the organization's information security
program, including establishing the minimum frequency with which each security control
or metric is to be assessed or monitored.
Which of the following is an example of how counterintelligence and cybersecurity
personnel support continuous monitoring? - ANSWER-Through aggregation and
analysis of Suspicious Network Activity via cyber intrusion, viruses, malware, backdoor
attacks, acquisition of user names and passwords, and similar targeting, the DSS CI
Directorate produces and disseminates reports on trends in cyberattacks and
espionage.
Which of the following describes how audit logs support continuous monitoring? -
ANSWER-Security auditing is a fundamental activity in continuous monitoring in order to
determine what activities occurred and which user or process was responsible for them
on an information system.
Which of the following identifies how the Risk Management Framework (RMF) supports
risk management? - ANSWER-The RMF process emphasizes continuous monitoring
and timely correction of deficiencies.
Select ALL the correct responses. Which of the following are key information provided in
a security audit trail analysis? - ANSWER-A.) Unsuccessful accesses to security-
relevant objects and directories B.) Successful and unsuccessful logons/logoffs C.)
Denial of access for excessive logon attempts
Which of the following fundamental concepts does continuous monitoring support that
means DoD information technology is managed to minimize shared risk by ensuring the
security posture of one system is not undermined by vulnerabilities of interconnected
systems? - ANSWER-Interoperability and operational reciprocity
, Which of the following ensures that a process is in place for authorized users to report
all cybersecurity-related events and potential threats and vulnerabilities and initiates
protective or corrective measures when a cybersecurity incident or vulnerability is
discovered? - ANSWER-Information System Security Officer
Which of the following are the initial steps for finding the Security Event Log on a
computer running Windows 7? - ANSWER-Select Control Panel from the Windows Start
menu and then select the System and Security link
During which of the following Risk Management Framework steps does continuous
monitoring take place? - ANSWER-Step 6, monitor the security controls
Which of the following describes the role of counterintelligence and cybersecurity in
identifying threats to DoD information systems? - ANSWER-Counterintelligence and
cybersecurity personnel share and report unauthorized accesses attempts, denial of
service attacks, exfiltrated data, and other threats/vulnerabilities.
Given the information system continuous monitoring (ISCM) process, in which step is
security-related information required for metrics, assessments, and reporting collected
and, where possible, the collection, analysis, and reporting of data is automated? -
ANSWER-Step 3: Implement an ISCM program
Which of the following configuration management controls supporting continuous
monitoring activities focuses on configuring the IS to provide only essential capabilities
to limit risk and to prevent unauthorized connection of devices, unauthorized transfer of
information, or unauthorized tunneling? - ANSWER-Least Functionality
Select ALL the correct responses. Which of the following are requirements for audits as
outlined in the National Industrial Security Program Operating Manual (NISPOM)? -
ANSWER-A:) Audit trail contents must be protected against unauthorized access,
modification, or deletion. B.) Audit trail analysis and reporting of security events must be
performed at least weekly.
Which of the following describes the how the patch management process integrates
with security-focused configuration management (SecCM)? - ANSWER-The patch
management process integrates with SecCM when performing a Security Impact
Analysis to determine whether unanticipated effects from a patch resulted in a change
to existing security controls.
The patch management process integrates with SecCM when performing a Security
Impact Analysis to determine whether unanticipated effects from a patch resulted in a
change to existing security controls. - ANSWER-Phase 4: Monitoring
Select ALL the correct responses. Which of the following are sources of information
system change that security-focused configuration management (SecCM) addresses to
training
This security Configuration Management (CM) control includes physical and logical
access controls and prevents the installation of software and firmware unless verified
with an approved certificate. - ANSWER-Access Restrictions for Change
This security Configuration Management (CM) control ensures that software use
complies with contract agreements and copyright laws, tracks usage, and is not used for
unauthorized distribution, display, performance, or reproduction. - ANSWER-Software
Usage Restrictions
This security Configuration Management (CM) control involves the systematic proposal,
justification, implementation, testing, review, and disposition of changes to the systems,
including system upgrades and modifications. - ANSWER-Configuration Change
Control
This security Configuration Management (CM) control applies to the parameters that
can be changed in hardware, software, or firmware components that affect the security
posture and/or funtionality of the system, including registry settings, account/directory
permission setting, and settings for functions, ports and protocols. - ANSWER-
Configuration Settings
ISCM strategy at this level is focused on ensuring that all system-level security controls
are implemented correctly, operate as intended, produce the desired outcome with
respect to meeting the security requirements for the system, and continue to be
effective over time. - ANSWER-Tier 3
Which of the following are security-focused configuration management (SecCM) roles in
risk management? - ANSWER-A.) Ensuring that adjustments to the system
configuration do not adversely affect the security of the information system B.)
Establishing configuration baselines and tracking, controlling, and managing aspects of
business development C.) Ensuring that adjustments to the system configuration do not
adversely affect the organizations operations
Which of the following describes the role of the National Industrial Security Program
(NISP) in continuous monitoring? - ANSWER-The NISP ensures that monitoring
requirements, restrictions, and safeguards that industry must follow are in place before
any classified work may begin.
,Which of the following describes the relationship between configuration management
controls and continuous monitoring? - ANSWER-Implementing information system
changes almost always results in some adjustment to the system configuration that
requires continuous monitoring of security controls.
Which of the following is a role of risk management in continuous monitoring? -
ANSWER-Risk management in continuous monitoring ensures that information security
solutions are broad-based, consensus-driven, and address the ongoing needs of and
risks to the government and industry.
Select ALL the correct responses. Which of the following describe continuous
monitoring capabilities for detecting threats and mitigating vulnerabilities? - ANSWER-
A.) Conducting frequent audits B.) Not relying on firewalls to protect against all attacks
Which of the following describes how the Information System Continuous Monitoring
(ISCM) strategy supports the Tier 2 MISSION/BUSINESS PROCESSES approach to
risk management? - ANSWER-Tier 2 ISCM strategies focus on the controls that
address the establishment and management of the organization's information security
program, including establishing the minimum frequency with which each security control
or metric is to be assessed or monitored.
Which of the following is an example of how counterintelligence and cybersecurity
personnel support continuous monitoring? - ANSWER-Through aggregation and
analysis of Suspicious Network Activity via cyber intrusion, viruses, malware, backdoor
attacks, acquisition of user names and passwords, and similar targeting, the DSS CI
Directorate produces and disseminates reports on trends in cyberattacks and
espionage.
Which of the following describes how audit logs support continuous monitoring? -
ANSWER-Security auditing is a fundamental activity in continuous monitoring in order to
determine what activities occurred and which user or process was responsible for them
on an information system.
Which of the following identifies how the Risk Management Framework (RMF) supports
risk management? - ANSWER-The RMF process emphasizes continuous monitoring
and timely correction of deficiencies.
Select ALL the correct responses. Which of the following are key information provided in
a security audit trail analysis? - ANSWER-A.) Unsuccessful accesses to security-
relevant objects and directories B.) Successful and unsuccessful logons/logoffs C.)
Denial of access for excessive logon attempts
Which of the following fundamental concepts does continuous monitoring support that
means DoD information technology is managed to minimize shared risk by ensuring the
security posture of one system is not undermined by vulnerabilities of interconnected
systems? - ANSWER-Interoperability and operational reciprocity
, Which of the following ensures that a process is in place for authorized users to report
all cybersecurity-related events and potential threats and vulnerabilities and initiates
protective or corrective measures when a cybersecurity incident or vulnerability is
discovered? - ANSWER-Information System Security Officer
Which of the following are the initial steps for finding the Security Event Log on a
computer running Windows 7? - ANSWER-Select Control Panel from the Windows Start
menu and then select the System and Security link
During which of the following Risk Management Framework steps does continuous
monitoring take place? - ANSWER-Step 6, monitor the security controls
Which of the following describes the role of counterintelligence and cybersecurity in
identifying threats to DoD information systems? - ANSWER-Counterintelligence and
cybersecurity personnel share and report unauthorized accesses attempts, denial of
service attacks, exfiltrated data, and other threats/vulnerabilities.
Given the information system continuous monitoring (ISCM) process, in which step is
security-related information required for metrics, assessments, and reporting collected
and, where possible, the collection, analysis, and reporting of data is automated? -
ANSWER-Step 3: Implement an ISCM program
Which of the following configuration management controls supporting continuous
monitoring activities focuses on configuring the IS to provide only essential capabilities
to limit risk and to prevent unauthorized connection of devices, unauthorized transfer of
information, or unauthorized tunneling? - ANSWER-Least Functionality
Select ALL the correct responses. Which of the following are requirements for audits as
outlined in the National Industrial Security Program Operating Manual (NISPOM)? -
ANSWER-A:) Audit trail contents must be protected against unauthorized access,
modification, or deletion. B.) Audit trail analysis and reporting of security events must be
performed at least weekly.
Which of the following describes the how the patch management process integrates
with security-focused configuration management (SecCM)? - ANSWER-The patch
management process integrates with SecCM when performing a Security Impact
Analysis to determine whether unanticipated effects from a patch resulted in a change
to existing security controls.
The patch management process integrates with SecCM when performing a Security
Impact Analysis to determine whether unanticipated effects from a patch resulted in a
change to existing security controls. - ANSWER-Phase 4: Monitoring
Select ALL the correct responses. Which of the following are sources of information
system change that security-focused configuration management (SecCM) addresses to
