ATO LEVEL II: ANTITERRORISM LEVEL 2 TRAINING EXAMS QUESTIONS
AND VERIFIED CORRECT ANSWERS COMPLETED
ISCM strategy at this level is focused on ensuring that all system-level security
controls are implemented correctly, operate as intended, produce the desired
outcome with respect to meeting the security requirements for the system, and
continue to be effective over time.
Tier 3
Which of the following are security-focused configuration management (SecCM)
roles in risk management?
A.) Ensuring that adjustments to the system configuration do not adversely affect the
security of the information system B.) Establishing configuration baselines and tracking,
controlling, and managing aspects of business development C.) Ensuring that
adjustments to the system configuration do not adversely affect the organizations
operations
This security Configuration Management (CM) control includes physical and
logical access controls and prevents the installation of software and firmware
unless verified with an approved certificate.
Access Restrictions for Change
This security Configuration Management (CM) control ensures that software use
complies with contract agreements and copyright laws, tracks usage, and is not
used for unauthorized distribution, display, performance, or reproduction.
Software Usage Restrictions
This security Configuration Management (CM) control involves the systematic
proposal, justification, implementation, testing, review, and disposition of
changes to the systems, including system upgrades and modifications.
Configuration Change Control
This security Configuration Management (CM) control applies to the parameters
that can be changed in hardware, software, or firmware components that affect
,the security posture and/or funtionality of the system, including registry settings,
account/directory permission setting, and settings for functions, ports and
protocols.
Configuration Settings
Which of the following describes the role of the National Industrial Security
Program (NISP) in continuous monitoring?
The NISP ensures that monitoring requirements, restrictions, and safeguards that
industry must follow are in place before any classified work may begin.
Which of the following describes the relationship between configuration
management controls and continuous monitoring?
Implementing information system changes almost always results in some adjustment to
the system configuration that requires continuous monitoring of security controls.
Which of the following is a role of risk management in continuous monitoring?
Risk management in continuous monitoring ensures that information security solutions
are broad-based, consensus-driven, and address the ongoing needs of and risks to the
government and industry.
Select ALL the correct responses. Which of the following describe continuous
monitoring capabilities for detecting threats and mitigating vulnerabilities?
A.) Conducting frequent audits B.) Not relying on firewalls to protect against all attacks
Which of the following describes how the Information System Continuous
Monitoring (ISCM) strategy supports the Tier 2 MISSION/BUSINESS PROCESSES
approach to risk management?
Tier 2 ISCM strategies focus on the controls that address the establishment and
management of the organization's information security program, including establishing
the minimum frequency with which each security control or metric is to be assessed or
monitored.
Which of the following is an example of how counterintelligence and
cybersecurity personnel support continuous monitoring?
Through aggregation and analysis of Suspicious Network Activity via cyber intrusion,
viruses, malware, backdoor attacks, acquisition of user names and passwords, and
, similar targeting, the DSS CI Directorate produces and disseminates reports on trends
in cyberattacks and espionage.
Which of the following describes how audit logs support continuous monitoring?
Security auditing is a fundamental activity in continuous monitoring in order to determine
what activities occurred and which user or process was responsible for them on an
information system.
Which of the following identifies how the Risk Management Framework (RMF)
supports risk management?
The RMF process emphasizes continuous monitoring and timely correction of
deficiencies.
Select ALL the correct responses. Which of the following are key information
provided in a security audit trail analysis?
A.) Unsuccessful accesses to security-relevant objects and directories B.) Successful
and unsuccessful logons/logoffs C.) Denial of access for excessive logon attempts
Which of the following fundamental concepts does continuous monitoring
support that means DoD information technology is managed to minimize shared
risk by ensuring the security posture of one system is not undermined by
vulnerabilities of interconnected systems?
Interoperability and operational reciprocity
Which of the following ensures that a process is in place for authorized users to
report all cybersecurity-related events and potential threats and vulnerabilities
and initiates protective or corrective measures when a cybersecurity incident or
vulnerability is discovered?
Information System Security Officer
Which of the following are the initial steps for finding the Security Event Log on a
computer running Windows 7?
Select Control Panel from the Windows Start menu and then select the System and
Security link
During which of the following Risk Management Framework steps does
continuous monitoring take place?
Step 6, monitor the security controls
AND VERIFIED CORRECT ANSWERS COMPLETED
ISCM strategy at this level is focused on ensuring that all system-level security
controls are implemented correctly, operate as intended, produce the desired
outcome with respect to meeting the security requirements for the system, and
continue to be effective over time.
Tier 3
Which of the following are security-focused configuration management (SecCM)
roles in risk management?
A.) Ensuring that adjustments to the system configuration do not adversely affect the
security of the information system B.) Establishing configuration baselines and tracking,
controlling, and managing aspects of business development C.) Ensuring that
adjustments to the system configuration do not adversely affect the organizations
operations
This security Configuration Management (CM) control includes physical and
logical access controls and prevents the installation of software and firmware
unless verified with an approved certificate.
Access Restrictions for Change
This security Configuration Management (CM) control ensures that software use
complies with contract agreements and copyright laws, tracks usage, and is not
used for unauthorized distribution, display, performance, or reproduction.
Software Usage Restrictions
This security Configuration Management (CM) control involves the systematic
proposal, justification, implementation, testing, review, and disposition of
changes to the systems, including system upgrades and modifications.
Configuration Change Control
This security Configuration Management (CM) control applies to the parameters
that can be changed in hardware, software, or firmware components that affect
,the security posture and/or funtionality of the system, including registry settings,
account/directory permission setting, and settings for functions, ports and
protocols.
Configuration Settings
Which of the following describes the role of the National Industrial Security
Program (NISP) in continuous monitoring?
The NISP ensures that monitoring requirements, restrictions, and safeguards that
industry must follow are in place before any classified work may begin.
Which of the following describes the relationship between configuration
management controls and continuous monitoring?
Implementing information system changes almost always results in some adjustment to
the system configuration that requires continuous monitoring of security controls.
Which of the following is a role of risk management in continuous monitoring?
Risk management in continuous monitoring ensures that information security solutions
are broad-based, consensus-driven, and address the ongoing needs of and risks to the
government and industry.
Select ALL the correct responses. Which of the following describe continuous
monitoring capabilities for detecting threats and mitigating vulnerabilities?
A.) Conducting frequent audits B.) Not relying on firewalls to protect against all attacks
Which of the following describes how the Information System Continuous
Monitoring (ISCM) strategy supports the Tier 2 MISSION/BUSINESS PROCESSES
approach to risk management?
Tier 2 ISCM strategies focus on the controls that address the establishment and
management of the organization's information security program, including establishing
the minimum frequency with which each security control or metric is to be assessed or
monitored.
Which of the following is an example of how counterintelligence and
cybersecurity personnel support continuous monitoring?
Through aggregation and analysis of Suspicious Network Activity via cyber intrusion,
viruses, malware, backdoor attacks, acquisition of user names and passwords, and
, similar targeting, the DSS CI Directorate produces and disseminates reports on trends
in cyberattacks and espionage.
Which of the following describes how audit logs support continuous monitoring?
Security auditing is a fundamental activity in continuous monitoring in order to determine
what activities occurred and which user or process was responsible for them on an
information system.
Which of the following identifies how the Risk Management Framework (RMF)
supports risk management?
The RMF process emphasizes continuous monitoring and timely correction of
deficiencies.
Select ALL the correct responses. Which of the following are key information
provided in a security audit trail analysis?
A.) Unsuccessful accesses to security-relevant objects and directories B.) Successful
and unsuccessful logons/logoffs C.) Denial of access for excessive logon attempts
Which of the following fundamental concepts does continuous monitoring
support that means DoD information technology is managed to minimize shared
risk by ensuring the security posture of one system is not undermined by
vulnerabilities of interconnected systems?
Interoperability and operational reciprocity
Which of the following ensures that a process is in place for authorized users to
report all cybersecurity-related events and potential threats and vulnerabilities
and initiates protective or corrective measures when a cybersecurity incident or
vulnerability is discovered?
Information System Security Officer
Which of the following are the initial steps for finding the Security Event Log on a
computer running Windows 7?
Select Control Panel from the Windows Start menu and then select the System and
Security link
During which of the following Risk Management Framework steps does
continuous monitoring take place?
Step 6, monitor the security controls
