Annex E Practice Test 2022 (answered & verified)
COMPLETE SOLUTION
____________ are similar to a virus in that is modifies another compute program, injecting its
own code. The main difference is that a worm will self-replicate without the users knowledge.
Correct Answer: Worms
The STIG community includes representatives from___________? Correct Answer: DISA
Any message that is encrypted using a private key can only be decrypted using a __________?
Correct Answer: Public key
You can request a copy of an HBSS image from DISA who maintains the latest image of HBSS.
Under what resource can you find step-by-step instructions for installing HBSS? Correct
Answer: DOD Patch Repository
T or F. In terms of ACAS, Scan Zones and Repositories are directly connected to each other.
Correct Answer: False
In terms of PKI, select the TWO different types of cryptographic methods used to decrypt and
encrypt data. Correct Answer: Asymmetric-Key Method
Symmetric-Key Method
Asymmetric-Key Method Correct Answer: It includes two keys one is public key and the other
one is private key
Symmetric-Key Method Correct Answer: works exactly the same way your door lock works.
You have one key to lock or open the door
Identify the guidelines used for securing a specific system or application in accordance with DoD
requirements. Correct Answer: STIG
T or F PKI is heavily based on the Single-Tier Model since if PKI was compromised, all of the
issuing certificates would need to be manually removed from the devices. Correct Answer: False
The STIG community includes representatives from________? Correct Answer: DISA
Which component of PKI must be public key enabled instead of using previous technologies,
such as user ID and password? Correct Answer: Systems
You're using a WAN and you have part of your network that is at a remote site. Instead of all the
machines trying to pull new policies across a WAN-link, they instead access a specific machine
on the network that is downloading these updates alone. Correct Answer: SuperAgent
, When a client first initiates communication with the ePO server, the call to the server is at a
randomized interval within the first ________ minutes of startup. Correct Answer: 10 min
When it comes to creating repositories the _____________ assigns scan zones and repositories to
organizations as appropriate. Identify who assigns scan zones by typing in the role into the
provided space. Correct Answer: Administrator
T or F DISA-configured servers will have the SQL server on the same machine as the ePO
application server. Correct Answer: True
STIGs are accompanied by TWO items used to check a system for compliance or automatically
generate reports based on guidelines. Select both items used during this process. Correct Answer:
Scripts
Checklist
If PKI was compromised, all of the issuing certificates need to be manually removed from the
devices. Correct Answer: Single-Tier Mode
If PKI was compromised, you would need to revoke the certificates issued by the compromised
CA and then publish a Certificate Revocation List, and then reissue the certificates. Correct
Answer: Two-Tier Mode
There are TWO ways to issue a wake-up call from an ePO server to a client. The first is directly
from the server, and other way is: Correct Answer: On a Schedule
____________ is a uniform way for different organizations to identify people through their
digital certificates containing public keys. Correct Answer: PKI
Identify the source used to obtain Audit Files for the Security Center
NIST SCAP Compliant Checklists Correct Answer: .xccdf
Identify the source used to obtain Audit Files for the Security Center
DISA STIG Automated Benchmarks Correct Answer: .zip
Identify the source used to obtain Audit Files for the Security Center
Tenable Network Security Templates (TNST) Correct Answer: SC 5
Identify how often the default Agent to Server Communication Interval (ASCI) occurs by typing
the time (in minutes) into the provided space. Correct Answer: 60 min
In a PKI Two-Tier Model, when the Subordinate CA's certificates expired, which CA is brought
online to renew the certificate? Correct Answer: The Root CA
COMPLETE SOLUTION
____________ are similar to a virus in that is modifies another compute program, injecting its
own code. The main difference is that a worm will self-replicate without the users knowledge.
Correct Answer: Worms
The STIG community includes representatives from___________? Correct Answer: DISA
Any message that is encrypted using a private key can only be decrypted using a __________?
Correct Answer: Public key
You can request a copy of an HBSS image from DISA who maintains the latest image of HBSS.
Under what resource can you find step-by-step instructions for installing HBSS? Correct
Answer: DOD Patch Repository
T or F. In terms of ACAS, Scan Zones and Repositories are directly connected to each other.
Correct Answer: False
In terms of PKI, select the TWO different types of cryptographic methods used to decrypt and
encrypt data. Correct Answer: Asymmetric-Key Method
Symmetric-Key Method
Asymmetric-Key Method Correct Answer: It includes two keys one is public key and the other
one is private key
Symmetric-Key Method Correct Answer: works exactly the same way your door lock works.
You have one key to lock or open the door
Identify the guidelines used for securing a specific system or application in accordance with DoD
requirements. Correct Answer: STIG
T or F PKI is heavily based on the Single-Tier Model since if PKI was compromised, all of the
issuing certificates would need to be manually removed from the devices. Correct Answer: False
The STIG community includes representatives from________? Correct Answer: DISA
Which component of PKI must be public key enabled instead of using previous technologies,
such as user ID and password? Correct Answer: Systems
You're using a WAN and you have part of your network that is at a remote site. Instead of all the
machines trying to pull new policies across a WAN-link, they instead access a specific machine
on the network that is downloading these updates alone. Correct Answer: SuperAgent
, When a client first initiates communication with the ePO server, the call to the server is at a
randomized interval within the first ________ minutes of startup. Correct Answer: 10 min
When it comes to creating repositories the _____________ assigns scan zones and repositories to
organizations as appropriate. Identify who assigns scan zones by typing in the role into the
provided space. Correct Answer: Administrator
T or F DISA-configured servers will have the SQL server on the same machine as the ePO
application server. Correct Answer: True
STIGs are accompanied by TWO items used to check a system for compliance or automatically
generate reports based on guidelines. Select both items used during this process. Correct Answer:
Scripts
Checklist
If PKI was compromised, all of the issuing certificates need to be manually removed from the
devices. Correct Answer: Single-Tier Mode
If PKI was compromised, you would need to revoke the certificates issued by the compromised
CA and then publish a Certificate Revocation List, and then reissue the certificates. Correct
Answer: Two-Tier Mode
There are TWO ways to issue a wake-up call from an ePO server to a client. The first is directly
from the server, and other way is: Correct Answer: On a Schedule
____________ is a uniform way for different organizations to identify people through their
digital certificates containing public keys. Correct Answer: PKI
Identify the source used to obtain Audit Files for the Security Center
NIST SCAP Compliant Checklists Correct Answer: .xccdf
Identify the source used to obtain Audit Files for the Security Center
DISA STIG Automated Benchmarks Correct Answer: .zip
Identify the source used to obtain Audit Files for the Security Center
Tenable Network Security Templates (TNST) Correct Answer: SC 5
Identify how often the default Agent to Server Communication Interval (ASCI) occurs by typing
the time (in minutes) into the provided space. Correct Answer: 60 min
In a PKI Two-Tier Model, when the Subordinate CA's certificates expired, which CA is brought
online to renew the certificate? Correct Answer: The Root CA
