3D0X3 Air Force

________________ is assurance information is not disclosed to unauthorized individuals, processes, or devices. It is important to understand with confidentiality, access is granted or denied based upon rights or permissions.

_____________________ is ensuring the accuracy of the information and having the controls in place to protect against destruction or unauthorized modification.

A loss of __________ is the disruption of access to or use of information or an information system.

________________ is the verification of the identity of a person. It guarantees the authenticity of who signed the data so you can be sure who participated in a transaction and it was not forged by someone else.

________________ is the assurance a sender of data is provided with proof of delivery and the recipient is provided with proof of the sender's identity so neither can later deny having processed the data.

The Cyber Surety Specialist must ensure _____________ _____________ policies fully support legal and regulatory requirements.

The Cyber Surety Specialist performs ______________ ______________ duties in accordance with national and Department of Defense (DoD) directives.

Audits and enforces the compliance of cybersecurity procedures and investigates security-related incidents to include COMSEC incidents, ________, _________,_________, __________, and unauthorized network access.

Ensures appropriate _____________, __________, ___________ and safeguards are incorporated into all new and existing IS resources and protects IS resources from malicious activity.

Responsible for ___________ or _____________ of installation cybersecurity awareness programs.

Is an OPR action to remove the publication from circulation without being replaced by another publication.

An action by which a new/revised publication is issued to replace the older version. Action to publish a new or revised publication includes the supersession action.

A publication becomes obsolete when another publication _____________ it, when the Office of Primary Responsibility (OPR) ____________ it, or when the Air Force Departmental Publishing Office (AFDPO) __________ it from the publishing web site because it is expired.

To rescind a publication, ___________ must complete coordination and obtain certification and approval using the AF Form 673.

AF Policy Memorandums (AFPM) and Guidance Memorandums (GM) expire _______ year after the date of publication.

Certifying and approving officials for Air Force publications and forms must be either _________ or _________.

T/F The e-Publishing web site is open to the public, so only the classified titles of classified and restricted access products are provided, along with directions for accessing restricted web sites, and/or instructions on how to obtain copies from the OPR.

___________ are operational type orders issued to perform specific actions at specific time frames in support of AF and Joint requirements. AF CTOs are generally derived from USCYBERCOM orders and issued by AFCYBER via the 616 OC. Air Force Space Command (AFSPC)/CC or his/her delegated representative will issue AF CTOs directly (via 16 AF and the 616 OC) to direct the execution of cyberspace operations to protect and defend the AFIN.

__________ are used to build/shape the portion of cyberspace to be employed in support of a Combatant Command (CCMD) operation or in response to adversary actions.

These are downward-directed operations, security, or configuration management-related orders issued by the Air Force Network Operations Security Center (AFNOSC) or NOSCs.

The AF IACE serves as the primary cybersecurity/IA support resource for the Wing COMSEC Office and managers, providing a collaborative one-stop-shop for cybersecurity/IA _________, _________, ___________ and hosts dynamic content for information sharing.

_________________ is the set of security disciplines that allows an organization to: "Enable the right to access the right at the right for the right

___________, ___________ and ___________ are examples of the Authentication Factors of Something you know.

____________, _______________, ___________ is an example of the Authentication Factors of Something you have.

_________, _________, _________ is an example of the Authentication Factors of Something you are.

The current Authorization Frameworks are?

_____________ includes all measures to safeguard ISs and information against sabotage, tampering, denial of service, espionage, fraud, misappropriation, misuse, or release to unauthorized persons.

Protect ISs from ___________ and ____________ threats by controlling physical access to the facilities and data by implementing procedures identified in Joint, DoD, AF publications, and organizationally created procedures.

________________/______________ is responsible for the protection from threats by ensuring proper configuration of technical security mechanisms and establishing physical controls for the removal and secure storage of information from unattended ISs.

Protect display devices to prevent inadvertent viewing of _____________ and _____________ or ___________ information by unauthorized users (e.g., away from windows, doorways, public areas).

Ensure the transmission of __________ information is encrypted using NSA-approved cryptography IAW AFMAN 17-1302, Communications Security (COMSEC) Operations, and CJCSI 6510.01.

Mark and label all KVM switches (regardless of classification environment) to identify the switch position and the associated classification of the connected systems IAW the DISA Keyboard, Video, Mouse Switch Security _________.

T/F Partitioning security controls into common, hybrid, and system-specific controls can result in significant savings to organizations in implementation and assessment costs as well as a more consistent application of security controls organization-wide.

Protect ISs from malicious logic attacks by applying a mix of human and technological preventative measures IAW the DISA STIGs and CJCSI 6510.01 to protect from the following.

The COMPUSEC Assessment is a ______________ and ___________ program review, essentially functioning as a staff assistance visit and therefore, strengthen the AF cybersecurity program.

The ________ will perform annual assessments of all units utilizing IT under the control of the base communications unit, including IT of tenant units.

Assessments consist of an interview and site visit with the _________________

COMPUSEC Assessment Reports consist of__________, ___________, and _____________ .

________________ ensures continuity of operations as changes are validated, approved, and implemented on Air Force networks.

The _____________ is the automated Cyber Security Management tool designed to develop, collect and manage DoD Information Technology.

ACAS enhances the ___________ and ____________ of the DoD Information Network (DoDIN) by ensuring adherence to Information Assurance (IA) and Network Operations (NetOps) policies.

______________ comprises a number of open standards that are widely used to enumerate ______________ flaws and __________________ issues related to security.

Threats to information and information systems include:

It is imperative leaders at all levels of an organization understand their responsibilities for achieving adequate ____________ _____________ and for managing information system-related ______________ _______________.

The ______ provides a disciplined and structured process to perform AF IT security as well as risk management activities and to integrate those activities into the system development life cycle.

The RMF changes the traditional focus of Certification and Accreditation (C&A) as a static, procedural activity to a more __________ approach.

RMF process encompasses____________ _______________ _______________ ________________ to determine and manage the residual cybersecurity risk to the AF created by the vulnerabilities and threats associated with objectives in military, intelligence, and business operations.

DoD organizations that use _____________ IT services must ensure the categorization of the IS delivering the service is appropriate to the needs of the DoD IS using the service.

DoD organizations that use external IT services provided by a non-DoD federal government agency must ensure the categorization of the IS delivering the service is appropriate to the ______________, _________________, and ______________ needs of the information and mission.

FIPS Publication 199 defines __________ levels of potential impact on organizations or individuals should there be a breach of security.

Works with the CISO to oversee the establishment of risk tolerance and security controls for IT owned by Headquarters Air Force (HAF) organizations without a functional CIO (HAF Portfolio).

The _____________ is the official with the authority responsible for accepting a level of risk for a system balanced with mission requirements.

The AF Enterprise AO is the only authority permitted to grant an ________ to the Air Force Information Networks (AFIN).

The _______________ will periodically assess security controls employed within and inherited by the IT IAW the Information Security Continuous Monitoring strategy.

This position may be an organic or contracted resource.

The _________________ is a licensed 3rd-party agent assisting in assessment activities and provides an independent report for the SCA.

Serves as the PM or ISO for the base enclave and performs duties IAW DoDI 5000.02 and AFI 17-130.

The _____________ is the primary cybersecurity technical advisor to the AO, PM, and ISO.

The ____________ is responsible for ensuring the appropriate operational security posture is maintained for assigned IT.

The ______ is an individual, group, or organization responsible for conducting information system security engineering activities.

An organizational official with statutory, management, or operational authority for specified information and the responsibility for establishing the policies and procedures governing its generation, classification, collection, processing, dissemination, and disposal as defined in CNSSI No. 4009.

The ______________ ____________ ____________ develops, implements, oversees, and maintains a MAJCOM cybersecurity program that adheres to cybersecurity architecture, requirements, objectives, policies, processes, and procedures.

The ____________ is the individual or organization that represents operational and functional requirements of the user community for a particular system during the RMF process.

The five phases of the System Development Life Cycle are: ____________, _____________, ____________, ____________, ____________.

The purpose of the ________________ is to carry out essential activities at the organization, mission and business process, and information system levels of the enterprise to help prepare the organization to manage its security and privacy risks using the Risk Management Framework.

Identify and assign individuals to specific roles associated with _________ and _____________.

Establish a _____________ for the organization that includes a determination of risk tolerance.

Which Prepare Task assesses organization-wide security and privacy risks and updates the risk assessment results on an ongoing basis?

During categorization, the impact to confidentiality, integrity, and accessibility is categorized into one of three designations ___________, ___________, ______________ to address the impact of a loss.

PMs or ISOs deploying systems across DoD/AF Components will register the system and post the categorization checklist to?

Utilize ____________________________ on systems/networks certified to process, store, and transmit SCI or SAP/SAR related information (i.e. AFJWICS).

There are three distinct types of designations related to the security controls. These designations include ____________ controls, _____________ controls, and ________________ controls.

Common controls are security controls whose implementation results in a security capability that is _________________ by one or more organizational information systems.

System-specific controls are the primary responsibility of ____________________________________ and their respective authorizing officials.

Organizations assign a hybrid status to security controls when one part of the control is ___________ and another part of the control is ___________________.

_____________________ the security controls specified in the security plan in accordance with DoD implementation guidance found on the KS.

Security controls that are available for _____________________ (e.g. common controls) by IS and PIT systems will be identified and have associated compliance status provided by hosting or connected systems

___________________, ___________________, and ________________ a plan to assess the security controls.

The risk assessment will be used by the _____ to determine the level of overall system cybersecurity risk and as a basis for a recommendation for risk acceptance or denial.

If vulnerabilities are found, the control is recorded as __________________ in the POA&M, with sufficient explanation.

Security controls that are not technically or procedurally relevant to the system, as determined by the AO, will be recorded as ___________ in the POA&M, with sufficient justification.

The status and results of all security control assessments in the control set will be recorded in the?

The ______________ must determine and document in _______________ the an assessment of overall system level of risk and identify the key drivers for the assessment.

_________________ weaknesses will not prevent an ATO from being granted if the AO accepts the risk associated with the weaknesses.

If risk is determined to be unacceptable when compared to the mission assurance requirement, then the AO, in collaboration with all program stakeholders, will issue the authorization decision in the form of a _______________.

An ________________ is granted to allow a system to connect to the AFIN or DODIN.

Continuously monitor the system or information environment for security-relevant events and ________________ that ________________ affect security posture.

Periodically assess the _____________ of security controls implementation against performance indicators.

The _______________________ provides commanders with an assessment as to the type and amount of information traversing Department of Defense (DOD) electronic communication systems that is at risk to adversary collection and exploitation.

The AF _________, _________________, and ___________________ information from DOD electronic communications systems to determine if any critical or classified information transmitted via unsecured and unprotected systems could adversely affect US (and allied/coalition) operations.

CDA operations are an integral part of ___________, ______________, and _________________.

Cyber Defense Analysis (CDA) is a very effective tool to identify real world problems that can adversely affect the warfighter's ______________.

Which Cyber Defense Analysis (CDA) mission identifies and report disclosed information that could be used to gain authorized access to compromise Air Force Networks and devices?

OPSEC PMs and members of the AF OPSEC Support Team (AF OST) can request a ____________ through their MAJCOM, DRU, or field operating agency (FOA).

Which ESSA monitoring capabilities are to a commander and the AF OST?

_________ include collaborative tools such as social networking sites (SNS), social media, user-generated content, social software, e-mail, instant messaging, and discussion forums.

_______________ is the assessment of information posted on AF unclassified, owned, leased, or operated public and private web sites in order to minimize exploitation of AF information by adversaries that can negatively impact AF operations.

Users of DOD electronic communications devices are to be notified the use of those devices constitutes ______________.

The notice and consent log-on banner, Attachment 2, must be installed on:

Ensure users of the system have a valid ____________________ on file. The signed forms will be retained by the organizational Cybersecurity office or designated representative until ______________ after the user no longer requires access to the system.

The DOD Banner/User Agreement policy memorandum only applies to _______________ not ________________.

What is a non-stationary electronic apparatus with the capability of recording, storing, and/or transmitting information?

Any telecommunication devices not otherwise referenced must have a signed ___________ or __________ on file.

______________ is the residual information remaining on storage media.

Actions taken to protect the confidentiality of information on information systems (to include infrastructure devices such as routers and switches).

To protect against compromise, allow only __________ and _______________ persons with a need to know access to media containing classified and sensitive information.

As the monetary cost of media decreases, the cost of sanitizing media may become _______________ and ________________ may become more cost effective.

Process to render access to target data on the media infeasible for a given level of effort.

________________, _______________, and _______________ are actions that can be taken to sanitize media.

Only products listed on the __________________ Evaluated Products List (EPL) or received approval from NSA may be used to _____________________ classified information (to include media and devices.)

Applying a reversing magnetizing field to make magnetic media unreadable is know as?

Destruction using high heat/temperatures to reduce the media into ash.

__________ classified media before reuse and reuse only in a classified environment.

Disposal is the process of reutilizing, transferring, _____________, __________, ____________, or other final removal of media from service.

Reuse of classified IS storage media in unclassified environments is __________.

Hardware such as _____________. _____________, ______________, etc., may contain multiple types of media and the sanitization methods are based on the type of media and the classification of the operational environment.

__________ is defined as the investigation, study, and control of compromising emanations from telecommunications and automated information systems equipment.

___________________ are unintentional electronic signals that, if intercepted and analyzed by an _______________________, would disclose the classified information transferred, received, handled, or otherwise processed by any information-processing equipment/system and telecommunications systems.

Radiated Signals are electromagnetic or acoustic emissions of undesired signal data propagated _______________.

Inspectable Space (IS) is 20 up to 100 meters.

The "Best" Equipment Radiation Tempest Zone (ERTZ) Assignment is?

Inspectable Space (IS) is More than 100 meters (best).

RED is a designation applied to telecommunications and information systems, plus associated areas, circuits, components, equipment, and wire lines requiring _______________ during electrical transmission when ___________ signals are being processed.

__________ is a designation applied to telecommunications and information systems, and to associated areas, circuits, components, equipment, and wire lines where unclassified or encrypted classified signals are processed.

EMSEC Countermeasures Review is a _______________ of a facility where classified information will be processed and identifies the EMSEC _______________ and _____________, specifies the required inspectable space, determines the required EMSEC _______________, and ascertains the most cost-effective way to apply required countermeasures.

_________________ is an experienced, technically qualified government employee who meets established certification requirements to fulfill CTTA responsibilities.

Wing TEMPEST Security Managers are the point of contact for all TEMPEST matters at the __________ level.

Who provides training and assistance to unit TEMPEST Monitors as needed.

Unit TEMPEST Representatives must ensure TEMPEST Monitor training is received from the Base TEMPEST Manager within __________ days of appointment and as needed thereafter.

_________________ are issued by the AF-CTTA to make time-critical changes to the Air Force TEMPEST process and publications, update requirements, and clarify guidance. Compliance with them are mandatory.

___________ is a desktop analysis to determine whether an EMSEC _____________ is required or not.