ATSEP Test Questions and Complete Solutions Graded A+

  ATSEP - Answer: Air Traffic Safety Electronics Personnel. Eu373 regulations require a training programme to assess competence. Safety Management System - Answer: Continually assessing risks. Proactive containment. In-line with regulator and safety goals. ICAO definition of SMS - Answer: Systematic approach to managing safety, including the necessary organisational structures, accountabilities, policies and procedures. SARPS - Answer: Standards and Recommended Practices ESARR Definition of SMS - Answer: A formalised, explicit and pro-active approach to systematic safety management in meeting its safety responsibilities within the provision of ATM services. Air Traffic Service Risk Statement - Answer: Risk of causing or contributing to an aircraft accident. ALARP Meaning - Answer: As Low As Reasonably Practicable. Mitigate the risk to Low. Seven Stage Assessment Process - Answer: System Description, Hazard ID, Estimate Severity, Assess Likelihood, Evaluate Risk, Mitigate Risk, Safety Case Synonym for Risk Classification Scheme - Answer: Tolerability Matrix Three Safety Management Regulation Authorities - Answer: ICAO (International), EASA (Europe)/ESARR (Eurocontrol Safety Regulatory Requirement), CAA (Uk state) What does PANS stands for in ICAO? - Answer: Procedures for Air Navigational Services. European Safety Management Regulation Key Docs - Answer: Implementing Rules - EC 2017/373, ESARR 1-6, Standards and Guidelines such as ED109. UK CAA Docs for Safety Management Regs - Answer: CAP 670, CAP 1649 ATSEP and Competence. What does AMC stand for? - Answer: Acceptable Means of Compliance. Nats Definition of SMS? - Answer: A systematic and explicit approach to managing safety risk. Three types of Safety Management Assurance Approaches - Answer: Reactive, Proactive and Predictive. Combine all for the best approach. What is Risk? - Answer: Likelihood times by Consequence (Severity) Hierarchy of Controls list - Answer: Elimination, Substitution, Engineering Controls, Admin Controls, PPE. Should be undertaken before ATSEP undertakes task - Answer: Task Specific Risk Assessment Potential to cause harm - Answer: Hazard Risk Matrix also known as - Answer: Tolerability Matrix Likelihood x Consequence - Answer: Risk Risk of Causing or Contributing to an aircraft incident - Answer: Air Traffic Service Risk Just Culture - Answer: organizational culture that accepts people make mistakes and creates an atmosphere of fairness within an environment of responsibility. First Stage of Safety Assessment - Answer: System Description Safety Oversight is normally - Answer: The State's Responsibility Three types of Safety Management Strategies - Answer: Reactive, Proactive and Predictive NATS Safety Management System Statement - Answer: 'A systematic and explicit approach to managing safety Types of NOTAM - Answer: NOTAM, SNOWTAM, ASHTAM, BIRDTAM What does TFR mean in relation to a NOTAM - Answer: Temporary Flight Restrictions What does CIA stand for in Information System Sec? - Answer: Confidentiality, Integrity and Availability 7 Cyber Kill Chain Sequence - Answer: Recon, Weaponise, Deliver, Exploit, Install, Command and Control, Action Objectives. What does SHELL stand for? System context - ICAO Model for Human Factor Framework - Answer: Software, Hardware, Environment and Liveware. What is a DMZ? Information System Security - Answer: An isolated network between a private network and the internet, restricting outside access to internal servers and data. Name a Information Security Framework Standard - Answer: ISO 27001 Name 6 parts of the planning process for ISO 27001 - Answer: Define a Sec Policy, Define the Scope of the ISMS, Conduct a Risk Assessment, Manage Identified Assessment, Select Control Objectives and Controls to be implemented and Prepare a statement of Applicability. 4 Risk Treatment Methods for ISS - Answer: Modify, Avoid, Share, Retain What is Malware? - Answer: Software that is specifically designed to disrupt, damage, or gain unauthorized to a computer What is the capacity of short term memory? - Answer: 7 +/- 2 Name the layers of Maslow's Hierarchy of Needs - Answer: Physiological, Safety, Love/Belonging, Esteem, and Self Actualisation. How do we communicate? - Answer: Verbal (Spoken and Written), Para Linguistic (Sounds of Disapproval), Non Verbal, and Visual. 4 Things that define a System - Answer: People, Equipment, Training, Procedures. Organisation and Physical Environment encompass them What does CISM mean? - Answer: Critical Incident Stress Management Collective measures for Working at Height - Answer: Avoid, Prevent, Protect. In which areas of our business can Risk Mitigation be employed - Answer: System, Procedural, People. What is an Audible way but not verbal for Communication? - Answer: Para Linguistic. What does TRM stand for? - Answer: Team Resource Management What does an IDS do? - Answer: Device or App that analyses entire Packet that enters the system. Logs details about Malicious Packets. What does an IPS do? (Intrusion Prevention System) - Answer: Same function as IDS but blocks the packet rather than Log the event. Difference between IPS and Firewall - Answer: Firewall scans the header, looks for specific info rather than the entire packet which is what IPS does. Application Security meaning - Answer: Process of developing, adding and testing security features within applications to prevent security vulnerabilities against threats such as unauthorized access and modification. 4 processes that happen with App Sec - Answer: Authentication, Authorisation, Encryption, Logging. Network Security Meaning - Answer: Any activity designed to protect the usability and integrity of a network and its data. This includes hardware and software technologies. Network security manages access to the network as well as targets a variety of threats, stops them entering or spreading through the network. What is a Business Continuity Plan (BCP)? - Answer: Plan to recover the business from an Incident. What is a Disaster Recovery Plan? - Answer: Recovery of a business after a crisis. 4 Elements of a BCP - Answer: Business Impact Analysis, Recovery, Organisation, Training Physical Security - Answer: Biometric, Locks, Cameras, Sec Pass, Barriers. 4 Types of Security Managerial Personnel - Answer: Senior Leadership, Data Custodian, Sec Admin, Sec Analyst. Aim of Human Factors - Answer: Make interaction between human and system so it can improve system performance, Reduces risk, human errors, fatigue/stress, increase safety and user acceptance/job satisfaction. Three types of Bias - Answer: Confirmation, Expectation and Fundamental Attribution Error Human Information Processing - Answer: Attention/Perception to Situational Awareness, Decision Making/Planning to Action. At all time using both short and long term memory. Three phase of skill development - Answer: Cognitive, Associative, and Autonomous. How to improve memory - Answer: Chunking capacity of sensory memory and long term - Answer: unlimited What is CISM? - Answer: Comprehensive, Systematic Program for the mitigation of critical incident related stress which and therefore give the following benefits, Prevent Traumatic Stress. What is Stress - Answer: A state of mental tension and worry caused by problems in your life, work, and or environment. Something that causes strong feelings of worry or anxiety. Symptom and Signs of Stress - Answer: Behavioural, Physiological, Psychological. What is a SOC/CERT? - Answer: Security Operations Centre/Computer Emergency Response Team Purpose of a SOC/CERT - Answer: Central unit that deals with security on an organisational level ISO Definition of a System - Answer: Consisting of Parts, Relationships, and a whole that is greater than the sum of its parts. European H and S Guidlines - Answer: Cenelec (CE) and DIN To support employers statutory duty for Health and Safety, what do we have? - Answer: Legislation and Enforcement What does BOOST stand for? - Answer: Balanced, Observed, Objective, Specific, Timely. What Acronym is used for Challenging Behaviour? - Answer: CODES What is a Mistake - Answer: A failure in Judgement or Planning What is a Slip - Answer: Judgement and Plan is good but Action is carried out incorrectly. What is a Lapse - Answer: Action is not carried out What is a Violation? - Answer: Inappropriate action is carried out Name 5 Error Management Strategies - Answer: Prevention, Reduction, Detection, Recovery and Tolerance Difference between Error and Violation - Answer: Error is not intentional and a Violation is originally intentional, this can become routine. What does a Router do? - Answer: Forwards packets within the network. Define Public Infrastructure Key - Answer: A set of Roles, Policies, hardware/software and procedures used to manage, give, use, store, revoke digital certificates and manage public key encryption. What is a Proxy Server? - Answer: Acts as intermediary for internet traffic between two parties. Often used to hide IP, can increase internet speed. What is a firewall - Answer: Piece of hardware that has 2 functions, blocking/closing ports, use Indicators of Compromise (IOC) to detect and block malware from entering the network. Factor that affects a team known as people make quick decisions which match the group even if their personal opinion is different? - Answer: Group think An inappropriate action is carried out - Answer: Violation A failure in judgement or planning as a result of incorrect perception, interpretation or assessment of situation is a - Answer: Mistake What does CODES stand for? - Answer: Conversation, Observation, Discussion, Evaluation, Solutions/SMART In which ICAO resolution Document does CYBERSECURITY fall under - Answer: A39-19 Fines for GDPR - Answer: 2 Tiers, 10 Million Euro's/2 Percent or 20 Million/4 Percent of Global Annual Turnover What does NIS stand for - Answer: Network and Information Systems Regulation What does NIS provide - Answer: Provide legal measures to boost security, Provides a set of information and security principles such as managing security risk, defending attacks, detecting events, minimising impacts. What is Phishing - Answer: the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. Can also use fake website, SMS, Links. What is spear phishing? - Answer: Email messages target specific users 4 types of Malware - Answer: Virus, Worm, Spyware, Ransomware Types of Physical and Network Attacks - Answer: DDOS, DOS, Port Scanning, Packet Sniffing, Spoofing, Man in the Middle, Advanced Persistent Threat, Cryptojacking and Tailgating Name two safe systems of work - Answer: Permit to Work, Lockout/Tag Out/Safe Isolation Name three competency terms for Electrical Works - Answer: Principal Authorising Authority, Authorising Engineers, Skilled Persons. Common Hazards in engineering - Answer: RF, Radiation, Machinery, Asbestos, Height, Manual Handling, Fire. WEEE - Answer: Waste Electrical and Electronic Equipment 2013 Highly Valuable Tool for Error Management but does not stop Errors - Answer: Hindsight Human Factors Definition - Answer: Science of interaction of people, equipment and products in a particular environment. Rasmussen's levels of performance - Answer: Skills based, Rule based, Knowledge based. Tendency to put forward less effort when part of a group - Answer: Social Loafing Person yields to explicit instructions from figure of Authority - Answer: Authority and Obedience Matching attitudes, beliefs when part of a group - Answer: Conformity and Social Pressure