DSAC ANNEX E QUESTIONS AND ANSWERS
The STIG configuration settings are converted to _____, imported into ____ , and used
by ____________ to audit asset configurations for ____ - Answers- SCRAP content
Security Center
Nessus Scanners
Compliance
malware - Answers- type of sofewware that is designed to attack a system
used to damage system files, provide access to systems, disable or even take control of
computers
spyware - Answers- software that keeps track of a users activity on a computer.
then it sends the info to another entity without th user's consent
virus - Answers- most common type of malware. it modifies another computer program
and inserts its own code. The affected area are then considered "infected"
worms - Answers- similar to virus; it modifies another computer program, injecting its
own code.
social engineering - Answers- when a person pretends to be someone else in order to
get info about a network or system.
info is then used t attack the system to steal data
STIG - Answers- Security Technical Information Guide
STIG - Answers- document that includes DOD policies and security regulations, best
practices and config guidelines.
used for securing a specific system or application in accordance with DoD
requirements.
help you configure your systems for security and compliance with government
Information Assurance (IA) requirements.
- how the government expects you to operate
worm and virus diff - Answers- The main difference is that a worm will self-replicate
without the users knowledge.
trojan - Answers- type of malicious software that disguises itself as a regular piece of
software. works as intended program would normally. begins to cause problems such as
killing background processes or deleting data.
what does stig help avoid? - Answers- help avoid and detect intrusion, respond to and
recover from security breaches if they occur, and implement security policies. provide
guidance to ensure that your applications will be in compliance with DoD requirements.
You can save significant time and money
, DISA - Answers- Defense Information Systems Agency,
PKI - Answers- a public key infractructure, a framework that consists of hardware
software, software, people, processes, and policies, that together helps identify and
solve information security problems for you by establishing safe and reliable
environment for electronic transactions. It uses PUBLIC KEY ENCRYPTION techniques
to protect the confidentiality, integrity, authenticity and non-repudiation of data. PKI is a
uniform way for different organizations to identify people through their digital certificates
containing public keys.
Stig locations - Answers- includes representatives from DISA; the National Security
Agency, or NSA; the Office of the Secretary of Defense, or OSD; combatant commands;
military services; the National Institute of Standards and Technology, or NIST; and other
organizations.
FSO - Answers- Field Security Operations
FSO - Answers- decide which new STIGs should written and which existing STIGs
should be updated. These decisions are based on market trends, technological
changes, customer requirements, and DoD policy and guidance.
How often are STIGS updated - Answers- New checklists come out the fourth Friday of
each month. incorporate the latest vulnerability notices and security patches
HBSS - Answers- Host-Based Security Systems
HBSS - Answers- a host based security system, which means it is located on the
individual workstation or the host. Also a COTS product. uses multiple different modules
to MONITOR, DETECT, COUNTER against known cyber threats. The system is
configured and managed locally to address known traffic exploits.
ACAS - Answers- Assured Compliance Assessment Solution
ACAS - Answers- consists of a suite of products to include Red Hat Enterprise Linux,
Security Center, Nessus Scanner and the Nessus Network Monitor
Security Center - Answers- central console for ACAS.
Security Center - Answers- offers the ability to automate scale an organization's
vulnerability and compliance scanning infrastructure, provide capabilities to allow for
management, alerting, and reporting against vulnerability and compliance requirements.
Nessus - Answers- fully capable scanner covers a breadth of checks, including unique
Common Vulnerabilities and Exposures (CVEs), and successfully operates across
different environments.
The STIG configuration settings are converted to _____, imported into ____ , and used
by ____________ to audit asset configurations for ____ - Answers- SCRAP content
Security Center
Nessus Scanners
Compliance
malware - Answers- type of sofewware that is designed to attack a system
used to damage system files, provide access to systems, disable or even take control of
computers
spyware - Answers- software that keeps track of a users activity on a computer.
then it sends the info to another entity without th user's consent
virus - Answers- most common type of malware. it modifies another computer program
and inserts its own code. The affected area are then considered "infected"
worms - Answers- similar to virus; it modifies another computer program, injecting its
own code.
social engineering - Answers- when a person pretends to be someone else in order to
get info about a network or system.
info is then used t attack the system to steal data
STIG - Answers- Security Technical Information Guide
STIG - Answers- document that includes DOD policies and security regulations, best
practices and config guidelines.
used for securing a specific system or application in accordance with DoD
requirements.
help you configure your systems for security and compliance with government
Information Assurance (IA) requirements.
- how the government expects you to operate
worm and virus diff - Answers- The main difference is that a worm will self-replicate
without the users knowledge.
trojan - Answers- type of malicious software that disguises itself as a regular piece of
software. works as intended program would normally. begins to cause problems such as
killing background processes or deleting data.
what does stig help avoid? - Answers- help avoid and detect intrusion, respond to and
recover from security breaches if they occur, and implement security policies. provide
guidance to ensure that your applications will be in compliance with DoD requirements.
You can save significant time and money
, DISA - Answers- Defense Information Systems Agency,
PKI - Answers- a public key infractructure, a framework that consists of hardware
software, software, people, processes, and policies, that together helps identify and
solve information security problems for you by establishing safe and reliable
environment for electronic transactions. It uses PUBLIC KEY ENCRYPTION techniques
to protect the confidentiality, integrity, authenticity and non-repudiation of data. PKI is a
uniform way for different organizations to identify people through their digital certificates
containing public keys.
Stig locations - Answers- includes representatives from DISA; the National Security
Agency, or NSA; the Office of the Secretary of Defense, or OSD; combatant commands;
military services; the National Institute of Standards and Technology, or NIST; and other
organizations.
FSO - Answers- Field Security Operations
FSO - Answers- decide which new STIGs should written and which existing STIGs
should be updated. These decisions are based on market trends, technological
changes, customer requirements, and DoD policy and guidance.
How often are STIGS updated - Answers- New checklists come out the fourth Friday of
each month. incorporate the latest vulnerability notices and security patches
HBSS - Answers- Host-Based Security Systems
HBSS - Answers- a host based security system, which means it is located on the
individual workstation or the host. Also a COTS product. uses multiple different modules
to MONITOR, DETECT, COUNTER against known cyber threats. The system is
configured and managed locally to address known traffic exploits.
ACAS - Answers- Assured Compliance Assessment Solution
ACAS - Answers- consists of a suite of products to include Red Hat Enterprise Linux,
Security Center, Nessus Scanner and the Nessus Network Monitor
Security Center - Answers- central console for ACAS.
Security Center - Answers- offers the ability to automate scale an organization's
vulnerability and compliance scanning infrastructure, provide capabilities to allow for
management, alerting, and reporting against vulnerability and compliance requirements.
Nessus - Answers- fully capable scanner covers a breadth of checks, including unique
Common Vulnerabilities and Exposures (CVEs), and successfully operates across
different environments.
