CLE 074 QUESTIONS WITH 100% CORRECT

According to a 2013 Pricewaterhouse/ CSO Magazine/Us Secret Service/Carnegie Mellon survey, about what percentage of electronic crime events are caused by insiders - ️️-- 20-25% 5-10% Greater than 80% About 60% Less than 5% The DoD instruction that definitively defines cybersecurity is - ️️--DoDI 8500.01, signed in March of 2014 Interium DoDI 5000.2 NIST Special Publication 800-145 Federal Information Systems Management Act (FISMA) USC Title 40. Clinger Cohen Act The Security Plan is initiated at Step One of the RMF process and used in all subsequent steps EXCEPT: - ️️--Step Four, Assess Security Controls Step Two, Select Security Controls Step Six, Monitor Security Controls, Step Five, Authorize Security Controls Step Three, Implement Security Controls Choose the best definition of a Cybersecurity Red Team - ️️-- A group of people authorized and organized to emulate a potential adversary's attack or exploitation capabilities against an enterprise's security posture Formal testing conducted after deployment to evaluate operational effectiveness and suitability A team that guarantees a high level of confidence that software is free from vulnerabilities, either intentionally or unintentionally designed into the softwareA group of individuals that conduct operational network vulnerability evaluations and provide mitigation techniques to customers who have a need for independent technical review of their network security posture A multidisciplinary group of people who are collectively responsible for delivering a defined cybersecurity product or process Which of the following is a common protection method used to protect against cyberattacks? - ️️-- All of the items listed are common protection methods used to protect against cyber-attacks Vulnerability testing Cryptography Firewalls Network traffic monitoring Basically, Joint Information Environment is___. - ️️--A comprehensive information technology modernization effort A description of data centers focused on cyber security a new project for DoD information technology centers A senior leadership challenge a misnomer for terrorist threats to cyber security The key governance in Tier 3 of the risk management hierarchy is the Authorizing Official; in Tier 2, the Principal Authorizing Official; in Tier 1, the DoD Chief Information Officer - ️️-- True False Choose the true statement about continuous monitoring and the system level continuous monitoring strategy - ️️--The RMF requires the development and documentation of a system-level strategy for the continuous monitoring of the effectiveness of security controls Continuous monitoring in and of itself provides a comprehensive, enterprise-wide risk management approach The RMF recommends but does not require the development of a system-level strategy for the continuous monitoring of security controlsAs one of the six steps in the RMF, continuous monitoring activities replace the security authorization process. the system-level continuous monitoring strategy has no relation to DoD enterprise-level or Component-level monitoring strategies. (True/False) Compliance with DoDI 8510.01 (RMF) is the only cybersecurity language that should be included in a contract as it will ensure adequate cybersecurity protection throughout the program lifecycle - ️️True -- False One of the DoD strategic initiatives for operating in cyberspace is to partner with other Federal agencies but also the private sector. Why is this partnering necessary? - ️️- - Many of the DoD's critical missions and operations rely on strengthening its international alliances and partnerships to develop combined capabilities to achieve cyber effects in support of combatant command plans Many of the DoD's critical functions and operations rely on service providers over which the Department has oversight but needs private sector assistance Many private sector enterprises require department assistance in mitigating risk in cyberspace operations Many of DoD's critical functions and operations rely on global supply chains over which the department has oversight but needs private sector assistance During this step in the Risk Management Framework (RMF) process, the Plan of Actions and Milestones (POA&M) is prepared based on the vulnerabilities identified during the security control assessment. - ️️Step 5 - Authorize system Step 1 - Categorize System Step 6 - Monitor Security Controls Incorrect - Step 4 - Assess Security Controls Incorrect - Step 3 - Implement Security Controls What are two areas that the DoD definition for cybersecurity stresses that were NOT stressed in the former definition of Information Assurance - ️️Communications and Prevention Mission Assurance and Software Assurance Incorrect - Intrusion Detection and Intrusion Prevention Incorrect - Continuous Monitoring and Configuration managementIncorrect -Information and Interoperability Name the policy that DoDI 8500.01 (Risk Management Framework (RMF) for Information Technology (IT)) replaces - ️️-- DoD Information Assurance Certification and Accreditation Process (DIACAP) Interim DoDI 5000.02 DoDI 5200.44 USC Title 40. Clinger Cohen Act Federal Information Systems Management Act (FISMA)