Exam (elaborations)
DSAC ANNEX E QUESTIONS AND ANSWERS
- Course
- Institution
DSAC ANNEX E QUESTIONS AND ANSWERS
[Show more]
Content preview
DSAC ANNEX E QUESTIONS AND ANSWERSThe STIG configuration settings are converted to _____, imported into ____ , and used
by ____________ to audit asset configurations for ____ - Answers- SCRAP content
Security Center
Nessus Scanners
Compliance
malware - Answers- type of sofewware that is designed to attack a system
used to damage system files, provide access to systems, disable or even take control of
computers
spyware - Answers- software that keeps track of a users activity on a computer.
then it sends the info to another entity without th user's consent
virus - Answers- most common type of malware. it modifies another computer program
and inserts its own code. The affected area are then considered "infected"
worms - Answers- similar to virus; it modifies another computer program, injecting its
own code.
social engineering - Answers- when a person pretends to be someone else in order to
get info about a network or system.
info is then used t attack the system to steal data
STIG - Answers- Security Technical Information Guide
STIG - Answers- document that includes DOD policies and security regulations, best
practices and config guidelines.
used for securing a specific system or application in accordance with DoD
requirements.
help you configure your systems for security and compliance with government
Information Assurance (IA) requirements.
- how the government expects you to operate
worm and virus diff - Answers- The main difference is that a worm will self-replicate
without the users knowledge.
trojan - Answers- type of malicious software that disguises itself as a regular piece of
software. works as intended program would normally. begins to cause problems such as
killing background processes or deleting data.
what does stig help avoid? - Answers- help avoid and detect intrusion, respond to and
recover from security breaches if they occur, and implement security policies. provide
guidance to ensure that your applications will be in compliance with DoD requirements.
You can save significant time and money
, DISA - Answers- Defense Information Systems Agency,
PKI - Answers- a public key infractructure, a framework that consists of hardware
software, software, people, processes, and policies, that together helps identify and
solve information security problems for you by establishing safe and reliable
environment for electronic transactions. It uses PUBLIC KEY ENCRYPTION techniques
to protect the confidentiality, integrity, authenticity and non-repudiation of data. PKI is a
uniform way for different organizations to identify people through their digital certificates
containing public keys.
Stig locations - Answers- includes representatives from DISA; the National Security
Agency, or NSA; the Office of the Secretary of Defense, or OSD; combatant commands;
military services; the National Institute of Standards and Technology, or NIST; and other
organizations.
FSO - Answers- Field Security Operations
FSO - Answers- decide which new STIGs should written and which existing STIGs
should be updated. These decisions are based on market trends, technological
changes, customer requirements, and DoD policy and guidance.
How often are STIGS updated - Answers- New checklists come out the fourth Friday of
each month. incorporate the latest vulnerability notices and security patches
HBSS - Answers- Host-Based Security Systems
HBSS - Answers- a host based security system, which means it is located on the
individual workstation or the host. Also a COTS product. uses multiple different modules
to MONITOR, DETECT, COUNTER against known cyber threats. The system is
configured and managed locally to address known traffic exploits.
ACAS - Answers- Assured Compliance Assessment Solution
ACAS - Answers- consists of a suite of products to include Red Hat Enterprise Linux,
Security Center, Nessus Scanner and the Nessus Network Monitor
Security Center - Answers- central console for ACAS.
Security Center - Answers- offers the ability to automate scale an organization's
vulnerability and compliance scanning infrastructure, provide capabilities to allow for
management, alerting, and reporting against vulnerability and compliance requirements.
Nessus - Answers- fully capable scanner covers a breadth of checks, including unique
Common Vulnerabilities and Exposures (CVEs), and successfully operates across
different environments.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller GEEKA. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.49. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
82215 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now