JKO Establishing a Cyberspace Situational Awareness (CSA) Capability Course

Which one of the following is the process of transforming data to a common format for further processing (without losing the original information), establishing baselines and spotting anomalies in the incoming data?

Normalization (correct)

Secure email, dashboards, secure databases, collaboration tools, and a business social network are all examples of __________.

Information Sharing Processes (correct)

Passive Prevention is the interdiction or elimination of known threats and vulnerabilities before an incident occurs, requiring detailed knowledge about specific threats or vulnerabilities.

False (correct)

Choose the three types of cyberspace actors as determined by the United Nations Institute of Training and Research (UNITAR).

Governments, international or regional organizations; private sector; civil society (correct)

The Cyberspace Situational Awareness Experiment (CSAE) run sessions included which of the following? Select all that apply.

Detection and assessment of incidents that affected functionality (correct)

Employment of information sharing workflow/decision processes (correct)

Information preparation is accomplished through all but which of the following?

Perception building (correct)

The effectiveness of your response to an incident will be directly proportional to the robustness of your firewall.

False (correct)

Which term refers to the effects of a behavior?

Liability (correct)

Which of the following were some of the results that were found at the conclusion of the Cyberspace Situational Awareness Experiment (CSAE)? Select all that apply.

Ability to determine dependency on cyberspace (correct)

Standards for collaborative information sharing (correct)

Framework/construct to enable the sharing of information (correct)

Integration of CSA with other domain SA (correct)

Hubs, nodes and tactical cyber organizations are __________.

Interconnected (correct)

Which one of the following is the process of transforming data to a common format for further processing (without losing the original information), establishing baselines and spotting anomalies in the incoming data?

Normalization (correct)

Cyber SA is generated and maintained from pooling and sharing information regarding which of the following? Select all that apply.

Physical world status information (correct)

Planned changes (correct)

Threat and vulnerability (correct)

Incident management (correct)

Prevention status information based on the security controls (correct)

Within the Detection and Assessment phase of the tool set selection process, the activity that should be able to present visual depictions of abnormal events, attributes, and trends is known as Event Analysis.

False (correct)

During the Cyberspace Situational Awareness Experiment (CSAE), the Node Functional Scope included cyber defense operations and incident management.

True (correct)

A system operator incident report should include which of the following? Select all that apply.

Source and target description (correct)

Incident report creator (correct)

Actions taken to handle the incident (correct)

Impact of the incident (correct)

Methodology used by the attacker (correct)

Source of each incident report component (correct)

Source and target name (correct)

Which category of actor owns, operates and/or administers critical infrastructure?

The Private Sector (correct)

What best describes an agreement made between two or more collaborating organizations which describes verification and compliance methodologies?

Information Sharing Agreement (correct)

Within the Collection Phase of the tool set selection process, which of the following activities are typically included? Select all that apply.

Aggregation (correct)

Data Gathering (correct)

Normalization (correct)

Categorization (correct)

Critical Analysis will also result in risk elements to include people, facilities and equipment, data and files, grounds and buildings.

True (correct)

Technology in this phase should provide the ability to manage profiles, language, sensitivity, frequency, inheritance and prioritize message traffic based on the Traffic Light Protocol (TLP).

Dissemination (correct)

Which term refers to a general obligation to do or to abstain from something?

Responsibility (correct)

Select all true statements about taxonomies used for Cyber Situational Awareness. Select all that apply.

Needed by collaborating organizations to understand and use information consistently and coherently across the community (correct)

Used for information preparation (correct)

The classification according to a pre-determined system, resulting in a catalogue used to provide a framework for sharing information (correct)

Shared Cyber SA information needs to meet which quality criteria? Select all that apply.

Accuracy (correct)

Timeliness (correct)

Richness (correct)

Absorption is about creating damage-tolerant systems that serve to contain or deflect the consequences of an incident.

True (correct)

In the MNE7 Hub and Node structure, __________ are the information focus for supporting high level decision making.

Hubs (correct)

The juridical framework that can provide rules for cyberspace includes international law, international organizations, private international law treaties, and __________.

Domestic law (correct)

What are the four steps to Vulnerability Analysis? Select all that apply.

Mitigation (correct)

Assessment (correct)

Identification (correct)

Impact Analysis (correct)

Technology in this phase should provide the ability to manage profiles, language, sensitivity, frequency, inheritance and prioritize message traffic based on the Traffic Light Protocol (TLP).

Dissemination

Select all true statements about taxonomies used for Cyber Situational Awareness. Select all that apply.

1. The classification according to a pre-determined system, resulting in a catalogue used to provide a framework for sharing information.
2. Used for information preparation
3. Needed by collaborating organizations to understand and use information consistently and coherently across the community

What are the four steps to Vulnerability Analysis? Select all that apply.

Assessment
Impact Analysis
Identification
Mitigation

Which term refers to a general obligation to do or to abstain from something?

Responsibility

The Cyberspace Situational Awareness Experiment (CSAE) run sessions included which of the following? Select all that apply.

1. Employment of information sharing workflow/decision processes
2. Detection and assessment of incidents that affected functionality

A system operator incident report should include which of the following? Select all that apply.

Methodology used by the attacker
Incident report creator
Actions taken to handle the incident
Source and target name
Source and target description
Source of each incident report component
Impact of the incident

The juridical framework that can provide rules for cyberspace includes international law, international organizations, private international law treaties, and __________.

Domestic law

In the MNE7 Hub and Node structure, __________ are the information focus for supporting high level decision making.

WARPs (wrong)
Nodes (Wrong)
CERTs (Wrong)

The effectiveness of your response to an incident will be directly proportional to the robustness of your firewall.

True (wrong)

The Cyberspace Situational Awareness Experiment (CSAE) run sessions included which of the following? Select all that apply.

1. Employment of information sharing workflow/decision processes
2. Detection and assessment of incidents that affected functionality

Absorption is about creating damage-tolerant systems that serve to contain or deflect the consequences of an incident.

False (wrong)

What best describes an agreement made between two or more collaborating organizations which describes verification and compliance methodologies?

Authorization and Accountability model (wrong)

Critical Analysis will also result in risk elements to include people, facilities and equipment, data and files, grounds and buildings.

True

During the Cyberspace Situational Awareness Experiment (CSAE), the Node Functional Scope included cyber defense operations and incident

True

Information preparation is accomplished through all but which of the following?

Perception building

Hubs, nodes and tactical cyber organizations are __________.

Top-level (Wrong)

Unlike the current bottom-up structure of cyber defense organizations, MNE7's approach to cyber defense is top-down, interconnecting and aligning existing organizations.

True