Cybersecurity Concepts Overview

Questions and Answers

What is the primary function of a Security Information and Event Management (SIEM) system?

• To perform security vulnerability scans and penetration testing
• To collect, analyze, and monitor security data from various sources (correct)
• To create secure and encrypted connections over public networks
• To implement security policy guidelines and configuration settings for DoD systems

Which of the following is NOT a key advantage of using a Security Orchestration, Automation, and Response (SOAR) solution?

• Enhanced security posture by hardening systems against cyber threats (correct)
• Improved efficiency and effectiveness in security operations
• Automated incident response and remediation actions
• Centralized management and orchestration of security tools and processes

What is the primary purpose of a Terminal Access Point (TAP) in a network?

• To filter and block access to specific websites or content
• To capture and analyze network traffic without disrupting network operations (correct)
• To provide secure and encrypted communication over a public network
• To implement and enforce security policies and configuration rules for DoD systems

Which encryption algorithm applies the original DES algorithm three times to enhance security?

Triple DES (D)

What is the primary purpose of a Virtual Private Network (VPN)?

To create a secure and encrypted connection over a public network (C)

Which of the following is a cybersecurity tool used to restrict access to specific websites or content based on predefined criteria?

Web content filtering (D)

What is the primary goal of Security Technical Implementation Guides (STIGs)?

To provide detailed guidelines for securing DoD systems by hardening configurations (C)

Which of the following cybersecurity solutions primarily focuses on improving the efficiency and effectiveness of security operations by automating and orchestrating incident responses?

SOAR (Security Orchestration, Automation, and Response) (A)

Which tool provides real-time network monitoring and analysis, including zero-loss packet capture, enabling root-cause investigation and compliance monitoring?

NikSun (D)

Which tool is primarily known for application delivery and load balancing, but also offers features like web application firewalls, traffic security, and secure access capabilities?

F5 (C)

Which tool offers secure file transfer solutions, enabling encrypted, automated transfers with compliance capabilities, particularly helpful for sensitive data exchange?

Moveit (C)

Which of the following is NOT a key component of the COMDTINST M5500.13 Cybersecurity Manual?

Technical Training and Certification (C)

Which tool provides network and event management capabilities to detect, isolate, and respond to network incidents in real time, offering visualization and integration with other IT management tools?

Netcool (D)

What is the primary goal of the CGCYBERINST 2620.1 Incident Response Plan?

To ensure the Coast Guard can effectively respond to cyber incidents (B)

What is the main purpose of the USCG Cyber Strategy?

To improve the cybersecurity posture of the USCG and protect its operations and critical infrastructure (B)

What is the purpose of the CSOC DCO Watch Process Guide?

To provide a framework for the Cybersecurity Operations Center (CSOC) to detect and respond to cyber threats (C)

What is the primary distinction between the COMDTINST M5500.13 Cybersecurity Manual and the CGCYBERINST 2620.1 Incident Response Plan?

The Cybersecurity Manual is a broader document covering all aspects of cybersecurity, while the Incident Response Plan focuses specifically on responding to incidents (A)

Which tool is a cloud-based secure web gateway that provides web filtering, data loss prevention, malware protection, and more, helping control user internet access while safeguarding data security?

IBOSS (C)

Which tool allows real-time and historical insights into network traffic, enabling performance optimization and troubleshooting?

InfoVista (C)

Which document emphasizes the importance of training and simulation exercises for cybersecurity personnel?

CGCYBERINST 2620.1 Incident Response Plan (B)

Based on the provided information, what is the role of the Cybersecurity Operations Center (CSOC) in the Coast Guard's cybersecurity strategy?

To monitor and detect cyber threats against Coast Guard networks (B)

Which of these tools is a web-based tool for data analysis and manipulation, commonly used in cybersecurity for encoding, decoding, encrypting, and decrypting data?

Cyber Chef (C)

Which of the following is NOT a key component of the Incident Response Plan (CGCYBERINST 2620.1)?

Cybersecurity Awareness Training (C)

Which document primarily outlines procedures for identifying, assessing, and mitigating risks associated with information systems and data?

COMDTINST M5500.13 Cybersecurity Manual (A)

What is the main function of COASTAL within an organization's data management strategy?

Long-term storage of logs (D)

Which tool primarily focuses on protecting against web-based threats by isolating internet traffic?

CBII (D)

What capability does Microsoft Defender for Identity (MDI) specifically provide?

Detection of identity-related threats (C)

Which solution is defined as a cloud-native SIEM and SOAR platform that offers analytics across the network?

Microsoft Sentinel (D)

What is the purpose of MPurview in an organization's data management practices?

Securing and managing organizational data (A)

What is the primary function of an Access Control List (ACL)?

To specify which users or systems can access network resources (A)

Which encryption standard succeeded the Data Encryption Standard (DES)?

AES (D)

What does the Assured Compliance Assessment Solution (ACAS) primarily do?

Performs vulnerability scanning and compliance management (A)

What is the role of Common Vulnerabilities and Exposures (CVE)?

To standardize vulnerability tracking with unique IDs (D)

Which statement correctly describes Role-Based Access Control (RBAC)?

It restricts access based on a user's job function or role. (C)

How does the RSA encryption algorithm function?

It employs a public key for encryption and a private key for decryption. (C)

What is the purpose of a Firewall in network security?

To monitor and control network traffic based on rules (C)

Which organization manages the Common Vulnerabilities and Exposures (CVE) database?

MITRE (C)

What is the primary function of TippingPoint?

To block malicious network traffic based on real-time analysis (D)

Which tool is specifically designed for network visibility and advanced threat detection?

Stealthwatch (B)

What is the role of Elastic in cybersecurity?

To facilitate centralized logging, monitoring, and alerting (B)

What does the Source Fire system inspect?

Traffic for threat detection and prevention (D)

Which of the following best describes the purpose of Swimlane?

To integrate security tools for streamlining incident responses (A)

How does Tanium contribute to cybersecurity?

By controlling and managing numerous endpoints for security and compliance (A)

What is one of the key features of AWS cloud security tools?

Data protection and compliance solutions (D)

Which tool is not primarily focused on threat detection or prevention?

Riverbed (D)

Flashcards

Access Control List (ACL)

A set of rules that controls network traffic by specifying which users or systems can access certain network resources.

Advanced Encryption Standard (AES)

A symmetric-key encryption algorithm where the same key is used for both encryption and decryption.

Assured Compliance Assessment Solution (ACAS)

A cybersecurity tool used by government agencies and defense contractors for vulnerability scanning, compliance management, and continuous monitoring.

Common Vulnerabilities and Exposures (CVE)

A database of identified cybersecurity vulnerabilities, each assigned a unique ID.

Firewall

A security device or software that monitors and controls network traffic based on predefined rules, acting as a barrier between trusted internal networks and untrusted external networks.

Joint Regional Security Stack (JRSS)

A cybersecurity initiative used by the U.S. Department of Defense (DoD) to enhance network security and improve visibility and control over data traffic across its global enterprise.

Role-Based Access Control (RBAC)

A security model that restricts system access based on the roles of individual users within an organization.

RSA (Rivest-Shamir-Adleman)

An asymmetric-key encryption algorithm that uses a pair of keys: a public key for encryption and a private key for decryption.

What is a SIEM?

A system that gathers and analyzes security data from various sources within an organization's IT infrastructure, enabling real-time monitoring, threat detection, and incident response.

What are STIGs?

Cybersecurity guidelines designed by the Department of Defense (DoD) to secure their systems. They provide detailed instructions for configuring hardware and software to make systems harder to attack.

What is SOAR?

A category of security solutions that automate and orchestrate responses to security incidents for more effective and efficient security operations.

What is a TAP?

A device or technology used in network monitoring and security to capture and analyze network traffic without disrupting the normal flow of network data.

What is Triple DES?

An encryption algorithm that applies the DES encryption algorithm three times to each data block for stronger security.

What is a VPN?

A technology that creates a secure and encrypted connection over a less secure network, like the internet, protecting private web traffic.

What is web content filtering?

A cybersecurity tool that restricts access to certain websites or content based on defined criteria, enhancing security and productivity.

What is Triple DES?

A symmetric-key encryption algorithm that applies the DES encryption algorithm three times to each data block. It was developed to improve the security of DES after its weakness with a short key length was realized.

COMDTINST M5500.13 (Cybersecurity Manual)

The official guide that provides comprehensive cybersecurity instructions for the U.S. Coast Guard. This manual outlines policies, procedures, and best practices to protect Coast Guard systems from cyber threats.

Cybersecurity Policies

A key part of the Cybersecurity Manual, establishing principles and practices to guide the implementation of cybersecurity measures across the Coast Guard, ensuring compliance with regulations.

Risk Management

A crucial focus in the Cybersecurity Manual, identifying, analyzing, and controlling the risks associated with Coast Guard information systems. It helps understand potential threats and develop defense strategies.

CGCYBERINST 2620.1 (Incident Response Plan)

A comprehensive guide for handling cybersecurity incidents in the U.S. Coast Guard. This plan outlines procedures and protocols to ensure effective incident response.

Response Procedures

A critical part of the Coast Guard's Incident Response Plan, it describes the steps to be taken during different types of cybersecurity incidents. This includes containing, removing, and recovering from an attack.

CSOC DCO Watch Process Guide

A crucial guide for the Cybersecurity Operations Center (CSOC) in conducting Defensive Cyber Operations (DCO). This guide provides a framework for monitoring, detecting, and responding to cyber threats.

Cybersecurity Operations Center (CSOC)

The central unit in the Coast Guard's cyber defense efforts. Its primary focus is to monitor systems for cyber threats and respond effectively when incidents occur.

Defensive Cyber Operations (DCO)

A set of proactive measures employed by the CSOC to protect the Coast Guard's systems and information. These operations involve activities like monitoring networks for threats and responding to attacks.

COASTAL

A long-term log storage solution provided by CSOC (Cybersecurity Operations Center) for big data. It ensures data integrity and works with SIEM (Security Information and Event Management) tools.

CBII

Menlo Security's cloud-based internet isolation tool that shields devices from risks by isolating internet traffic from endpoints. This protects against web-based threats like malware.

MD (Microsoft Defender)

Microsoft's comprehensive antivirus and endpoint protection solution that includes malware defense, identity monitoring, and data privacy controls. It provides robust protection for computers and networks.

MDI (Microsoft Defender for Identity)

A specialized identity protection service offered by Microsoft. It focuses on detecting identity-related threats, such as compromised accounts and insider threats.

MPurview

A data governance tool that helps manage and secure data across an organization's digital assets. It enhances visibility and compliance by centralizing data management.

USCG Cyber Strategy

A cybersecurity strategy focused on protecting the Coast Guard's operations and critical infrastructure in the digital world.

InfoVista

A tool providing real-time and historical network insights, helping to optimize performance and troubleshoot issues.

Netcool

Tool for network and event management, enabling detection, isolation, and real-time response to network incidents.

Moveit

Secure file transfer software solution that allows encrypted, automated file transfers with compliance capabilities, especially useful for sensitive data.

Cyber Chef

Web-based tool for data analysis and manipulation, often used in cybersecurity for encoding, decoding, encrypting, and decrypting data.

IBOSS

Cloud-based secure web gateway providing web filtering, data loss prevention, malware protection, and more. It helps control user access to the internet while ensuring data security.

Cisco Security Manager

A tool that manages Cisco security devices, simplifying security policy configuration and monitoring across networks.

F5

Known for application delivery and load balancing, F5 also provides web application firewalls, traffic security, and secure access capabilities.

TippingPoint

An Intrusion Prevention System (IPS) that proactively blocks malicious network traffic based on real-time analysis.

Stealthwatch

A Cisco solution that offers network visibility and advanced threat detection, allowing security teams to identify anomalies and potential security breaches.

Cortex/Xpanse

A Palo Alto Networks' attack surface management tool that identifies and monitors exposed assets and vulnerabilities on a network.

Swimlane

A security platform that integrates with security tools to streamline incident response workflows.

HBSS/Trelix

A security suite that offers host-based intrusion detection and prevention systems for detecting and preventing threats on individual computers.

Tanium

Endpoint management tool used for visibility and control over large numbers of endpoints to ensure security and compliance.

Elastic SIEM

Provides a centralized view for analysts to monitor, analyze, and respond to cyber threats in real time, while maintaining a historical audit trail.

AWS Cloud Security

A suite of cloud security tools provided by AWS, including network security, data protection, and compliance solutions.

Study Notes

Access Control Lists (ACLs)

• ACLs are rules controlling network traffic
• They specify which users/systems can access resources
• ACLs prevent malicious activity and unauthorized access
• Essential for network security

Encryption Standards

• AES is a widely used symmetric-key encryption standard
• AES replaced DES, using the same key for encryption and decryption
• ACAS is a cybersecurity tool for vulnerability scanning, compliance management, and continuous monitoring, used by government agencies and defense contractors
• Common Vulnerabilities and Exposures (CVE) database of cybersecurity vulnerabilities, managed by MITRE, standardizing vulnerability tracking

Continuity of Operations Plan (COOP)

• COOP outlines how an organization sustains essential functions during a disaster
• COOP specifies procedures within 12 hours and up to 30 days of an event

Defense Information Systems Agency (DISA)

• DISA is a US Department of Defense agency
• It provides secure IT and communication support for US Military and Government operations
• DISA focuses on secure global networks and cybersecurity

Firewalls

• Firewalls are security devices or software
• They control network traffic based on pre-defined rules
• Firewalls act as barriers between trusted internal networks and untrusted external networks

Joint Regional Security Stack (JRSS)

• JRSS is a US Department of defense cybersecurity initiative
• JRSS enhances network security
• It improves visibility and control over data traffic

Role-Based Access Control (RBAC)

• RBAC restricts system access based on user roles
• Permissions are assigned to roles, streamlining user privilege management

Rivest-Shamir-Adleman (RSA) algorithm

• RSA is an asymmetric-key encryption algorithm
• RSA uses a pair of keys: a public key for encryption and a private key for decryption

Security Information and Event Management (SIEM)

• SIEM collects and analyzes security data from an organization's IT infrastructure
• SIEM centralizes logs from various sources enabling real-time threat monitoring and incident response
• SIEM enhances cybersecurity posture and facilitates compliance reporting

Security Technical Implementation Guides (STIGs)

• STIGs are cybersecurity guidelines from the DISA
• They are designed to secure DoD systems
• STIGs provide detailed instructions for configuring hardware/software, hardening systems and meeting compliance standards

Security Orchestration, Automation, and Response (SOAR)

• SOAR improves security operations efficiency and effectiveness
• SOAR automates and orchestrates responses to security incidents

Terminal Access Point (TAP)

• A TAP is a network device or technology
• It is used primarily for network monitoring and security
• It facilitates the capture and analysis of network traffic without disrupting normal network operations

Triple DES

• Triple DES is a symmetric-key encryption algorithm
• It applies the original DES algorithm three times, enhancing DES security due to longer key length

Virtual Private Network (VPN)

• VPN establishes a secure connection over a less secure network such as the internet
• VPNs protect private web traffic from interference, censorship, and snooping

Web Content Filtering

• Web content filtering restricts access to certain websites or content types
• Organizations use it to improve employee productivity and comply with regulations

Encryption Standards (Key Lengths, Types, Strengths)

• Table presenting encryption standards, their types, key lengths, typical use cases, and relative strengths. (Table is not suitable for bullet points)

Network Security Tools (page 9 & 10)

• The document lists various cybersecurity tools and security products (Specific software names mentioned, such as Moveit, CyberChef, IBOSS, Cisco security manager, F5, NikSun, PaloAlto Firewall and others.

USCG Strategic Plan 2018-2022

• Outlines Coast Guard priorities, objectives, and its commitment to maritime safety, security, environmental protection, and law enforcement
• Emphasizes operational excellence, adaptation, and leveraging technology

Coast Guard Cyber Strategic Outlook

• Outlines how the Coast Guard addresses cybersecurity challenges
• Highlights protecting critical maritime infrastructure
• Aims for operational readiness against cyber threats

Cybersecurity Manual (COMDTINST M5500.13)

• Outlines cybersecurity policies, procedures, and best practices
• Aims to protect Coast Guard information systems and networks from threats

Incident Response Plan (CGCYBERINST 2620.1)

• Outlines procedures for responding to cybersecurity incidents
• Provides protocols and steps for various incident types, including containment, eradication, and recovery
• Procedures are outlined

Cyber Incident Handling Manual (CJCSM 6510.01)

• Outlines how to manage cyber incidents for U.S. military and government networks
• Presents procedures for recognizing and reporting cyber incidents

Cybersecurity Activities Support to DODIN (DODD8530.01)

• This is a Department of Defense directive
• It outlines the framework for cybersecurity activities

Cyberspace Operations Manual (COMDTINST M2620.2)

• Provides guidance on managing cyberspace operations
• Focuses on cybersecurity practices within the U.S. Coast Guard organization

Monitoring and Detections (page 6)

• CSOC DCO watch process guide outlining procedures for defensive cyber operations in continuous monitoring and network traffic detection
• Explains procedures for immediate action when a security incident is detected.

CSOC DCO Watch Process (page 6)

• Describes the framework for defensive cyber operations, including incident response guidelines. Explains the importance of documenting responses.
• Importance of collaboration among teams and agencies.

Additional Cybersecurity Components (page 9)

The documents contains additional security tools and processes.