ATO LEVEL II: ANTITERRORISM LEVEL 2
TRAINING
Iscm strategy at this level is focused on ensuring that all system-level security
controls are implemented correctly, operate as intended, produce the desired
outcome with respect to meeting the security requirements for the system, and
continue to be effective over time. - tier 3
which of the following are security-focused configuration management (seccm)
roles in risk management? - a.) ensuring that adjustments to the system
configuration do not adversely affect the security of the information system b.)
establishing configuration baselines and tracking, controlling, and managing
aspects of business development c.) ensuring that adjustments to the system
configuration do not adversely affect the organizations operations
this security configuration management (cm) control includes physical and logical
access controls and prevents the installation of software and firmware unless
verified with an approved certificate. - access restrictions for change
this security configuration management (cm) control ensures that software use
complies with contract agreements and copyright laws, tracks usage, and is not
used for unauthorized distribution, display, performance, or reproduction. -
software usage restrictions
this security configuration management (cm) control involves the systematic
proposal, justification, implementation, testing, review, and disposition of changes
to the systems, including system upgrades and modifications. - configuration
change control
this security configuration management (cm) control applies to the parameters that
can be changed in hardware, software, or firmware components that affect the
security posture and/or funtionality of the system, including registry settings,
,account/directory permission setting, and settings for functions, ports and
protocols. - configuration settings
which of the following describes the role of the national industrial security
program (nisp) in continuous monitoring? - the nisp ensures that monitoring
requirements, restrictions, and safeguards that industry must follow are in place
before any classified work may begin.
which of the following describes the relationship between configuration
management controls and continuous monitoring? - implementing information
system changes almost always results in some adjustment to the system
configuration that requires continuous monitoring of security controls.
which of the following is a role of risk management in continuous monitoring? -
risk management in continuous monitoring ensures that information security
solutions are broad-based, consensus-driven, and address the ongoing needs of and
risks to the government and industry.
select all the correct responses. which of the following describe continuous
monitoring capabilities for detecting threats and mitigating vulnerabilities? - a.)
conducting frequent audits b.) not relying on firewalls to protect against all attacks
which of the following describes how the information system continuous
monitoring (iscm) strategy supports the tier 2 mission/business processes approach
to risk management? - tier 2 iscm strategies focus on the controls that address the
establishment and management of the organization's information security program,
including establishing the minimum frequency with which each security control or
metric is to be assessed or monitored.
which of the following is an example of how counterintelligence and cybersecurity
personnel support continuous monitoring? - through aggregation and analysis of
,suspicious network activity via cyber intrusion, viruses, malware, backdoor
attacks, acquisition of user names and passwords, and similar targeting, the dss ci
directorate produces and disseminates reports on trends in cyberattacks and
espionage.
which of the following describes how audit logs support continuous monitoring? -
security auditing is a fundamental activity in continuous monitoring in order to
determine what activities occurred and which user or process was responsible for
them on an information system.
which of the following identifies how the risk management framework (rmf)
supports risk management? - the rmf process emphasizes continuous monitoring
and timely correction of deficiencies.
select all the correct responses. which of the following are key information
provided in a security audit trail analysis? - a.) unsuccessful accesses to security-
relevant objects and directories b.) successful and unsuccessful logons/logoffs c.)
denial of access for excessive logon attempts
which of the following fundamental concepts does continuous monitoring support
that means dod information technology is managed to minimize shared risk by
ensuring the security posture of one system is not undermined by vulnerabilities of
interconnected systems? - interoperability and operational reciprocity
which of the following ensures that a process is in place for authorized users to
report all cybersecurity-related events and potential threats and vulnerabilities and
initiates protective or corrective measures when a cybersecurity incident or
vulnerability is discovered? - information system security officer
, which of the following are the initial steps for finding the security event log on a
computer running windows 7? - select control panel from the windows start menu
and then select the system and security link
during which of the following risk management framework steps does continuous
monitoring take place? - step 6, monitor the security controls
which of the following describes the role of counterintelligence and cybersecurity
in identifying threats to dod information systems? - counterintelligence and
cybersecurity personnel share and report unauthorized accesses attempts, denial of
service attacks, exfiltrated data, and other threats/vulnerabilities.
given the information system continuous monitoring (iscm) process, in which step
is security-related information required for metrics, assessments, and reporting
collected and, where possible, the collection, analysis, and reporting of data is
automated? - step 3: implement an iscm program
which of the following configuration management controls supporting continuous
monitoring activities focuses on configuring the is to provide only essential
capabilities to limit risk and to prevent unauthorized connection of devices,
unauthorized transfer of information, or unauthorized tunneling? - least
functionality
select all the correct responses. which of the following are requirements for audits
as outlined in the national industrial security program operating manual (nispom)?
- a:) audit trail contents must be protected against unauthorized access,
modification, or deletion. b.) audit trail analysis and reporting of security events
must be performed at least weekly.
which of the following describes the how the patch management process integrates
with security-focused configuration management (seccm)? - the patch management
TRAINING
Iscm strategy at this level is focused on ensuring that all system-level security
controls are implemented correctly, operate as intended, produce the desired
outcome with respect to meeting the security requirements for the system, and
continue to be effective over time. - tier 3
which of the following are security-focused configuration management (seccm)
roles in risk management? - a.) ensuring that adjustments to the system
configuration do not adversely affect the security of the information system b.)
establishing configuration baselines and tracking, controlling, and managing
aspects of business development c.) ensuring that adjustments to the system
configuration do not adversely affect the organizations operations
this security configuration management (cm) control includes physical and logical
access controls and prevents the installation of software and firmware unless
verified with an approved certificate. - access restrictions for change
this security configuration management (cm) control ensures that software use
complies with contract agreements and copyright laws, tracks usage, and is not
used for unauthorized distribution, display, performance, or reproduction. -
software usage restrictions
this security configuration management (cm) control involves the systematic
proposal, justification, implementation, testing, review, and disposition of changes
to the systems, including system upgrades and modifications. - configuration
change control
this security configuration management (cm) control applies to the parameters that
can be changed in hardware, software, or firmware components that affect the
security posture and/or funtionality of the system, including registry settings,
,account/directory permission setting, and settings for functions, ports and
protocols. - configuration settings
which of the following describes the role of the national industrial security
program (nisp) in continuous monitoring? - the nisp ensures that monitoring
requirements, restrictions, and safeguards that industry must follow are in place
before any classified work may begin.
which of the following describes the relationship between configuration
management controls and continuous monitoring? - implementing information
system changes almost always results in some adjustment to the system
configuration that requires continuous monitoring of security controls.
which of the following is a role of risk management in continuous monitoring? -
risk management in continuous monitoring ensures that information security
solutions are broad-based, consensus-driven, and address the ongoing needs of and
risks to the government and industry.
select all the correct responses. which of the following describe continuous
monitoring capabilities for detecting threats and mitigating vulnerabilities? - a.)
conducting frequent audits b.) not relying on firewalls to protect against all attacks
which of the following describes how the information system continuous
monitoring (iscm) strategy supports the tier 2 mission/business processes approach
to risk management? - tier 2 iscm strategies focus on the controls that address the
establishment and management of the organization's information security program,
including establishing the minimum frequency with which each security control or
metric is to be assessed or monitored.
which of the following is an example of how counterintelligence and cybersecurity
personnel support continuous monitoring? - through aggregation and analysis of
,suspicious network activity via cyber intrusion, viruses, malware, backdoor
attacks, acquisition of user names and passwords, and similar targeting, the dss ci
directorate produces and disseminates reports on trends in cyberattacks and
espionage.
which of the following describes how audit logs support continuous monitoring? -
security auditing is a fundamental activity in continuous monitoring in order to
determine what activities occurred and which user or process was responsible for
them on an information system.
which of the following identifies how the risk management framework (rmf)
supports risk management? - the rmf process emphasizes continuous monitoring
and timely correction of deficiencies.
select all the correct responses. which of the following are key information
provided in a security audit trail analysis? - a.) unsuccessful accesses to security-
relevant objects and directories b.) successful and unsuccessful logons/logoffs c.)
denial of access for excessive logon attempts
which of the following fundamental concepts does continuous monitoring support
that means dod information technology is managed to minimize shared risk by
ensuring the security posture of one system is not undermined by vulnerabilities of
interconnected systems? - interoperability and operational reciprocity
which of the following ensures that a process is in place for authorized users to
report all cybersecurity-related events and potential threats and vulnerabilities and
initiates protective or corrective measures when a cybersecurity incident or
vulnerability is discovered? - information system security officer
, which of the following are the initial steps for finding the security event log on a
computer running windows 7? - select control panel from the windows start menu
and then select the system and security link
during which of the following risk management framework steps does continuous
monitoring take place? - step 6, monitor the security controls
which of the following describes the role of counterintelligence and cybersecurity
in identifying threats to dod information systems? - counterintelligence and
cybersecurity personnel share and report unauthorized accesses attempts, denial of
service attacks, exfiltrated data, and other threats/vulnerabilities.
given the information system continuous monitoring (iscm) process, in which step
is security-related information required for metrics, assessments, and reporting
collected and, where possible, the collection, analysis, and reporting of data is
automated? - step 3: implement an iscm program
which of the following configuration management controls supporting continuous
monitoring activities focuses on configuring the is to provide only essential
capabilities to limit risk and to prevent unauthorized connection of devices,
unauthorized transfer of information, or unauthorized tunneling? - least
functionality
select all the correct responses. which of the following are requirements for audits
as outlined in the national industrial security program operating manual (nispom)?
- a:) audit trail contents must be protected against unauthorized access,
modification, or deletion. b.) audit trail analysis and reporting of security events
must be performed at least weekly.
which of the following describes the how the patch management process integrates
with security-focused configuration management (seccm)? - the patch management
