Cybersecurity Concepts Overview

Questions and Answers

What is the primary function of a Security Information and Event Management (SIEM) system?

To perform security vulnerability scans and penetration testing

To collect, analyze, and monitor security data from various sources (correct)

To create secure and encrypted connections over public networks

To implement security policy guidelines and configuration settings for DoD systems

Which of the following is NOT a key advantage of using a Security Orchestration, Automation, and Response (SOAR) solution?

Enhanced security posture by hardening systems against cyber threats (correct)

Improved efficiency and effectiveness in security operations

Automated incident response and remediation actions

Centralized management and orchestration of security tools and processes

What is the primary purpose of a Terminal Access Point (TAP) in a network?

To filter and block access to specific websites or content

To capture and analyze network traffic without disrupting network operations (correct)

To provide secure and encrypted communication over a public network

To implement and enforce security policies and configuration rules for DoD systems

Which encryption algorithm applies the original DES algorithm three times to enhance security?

Triple DES (D)

What is the primary purpose of a Virtual Private Network (VPN)?

To create a secure and encrypted connection over a public network (C)

Which of the following is a cybersecurity tool used to restrict access to specific websites or content based on predefined criteria?

Web content filtering (D)

What is the primary goal of Security Technical Implementation Guides (STIGs)?

To provide detailed guidelines for securing DoD systems by hardening configurations (C)

Which of the following cybersecurity solutions primarily focuses on improving the efficiency and effectiveness of security operations by automating and orchestrating incident responses?

SOAR (Security Orchestration, Automation, and Response) (A)

Which tool provides real-time network monitoring and analysis, including zero-loss packet capture, enabling root-cause investigation and compliance monitoring?

NikSun (D)

Which tool is primarily known for application delivery and load balancing, but also offers features like web application firewalls, traffic security, and secure access capabilities?

F5 (C)

Which tool offers secure file transfer solutions, enabling encrypted, automated transfers with compliance capabilities, particularly helpful for sensitive data exchange?

Moveit (C)

Which of the following is NOT a key component of the COMDTINST M5500.13 Cybersecurity Manual?

Technical Training and Certification (C)

Which tool provides network and event management capabilities to detect, isolate, and respond to network incidents in real time, offering visualization and integration with other IT management tools?

Netcool (D)

What is the primary goal of the CGCYBERINST 2620.1 Incident Response Plan?

To ensure the Coast Guard can effectively respond to cyber incidents (B)

What is the main purpose of the USCG Cyber Strategy?

To improve the cybersecurity posture of the USCG and protect its operations and critical infrastructure (B)

What is the purpose of the CSOC DCO Watch Process Guide?

To provide a framework for the Cybersecurity Operations Center (CSOC) to detect and respond to cyber threats (C)

What is the primary distinction between the COMDTINST M5500.13 Cybersecurity Manual and the CGCYBERINST 2620.1 Incident Response Plan?

The Cybersecurity Manual is a broader document covering all aspects of cybersecurity, while the Incident Response Plan focuses specifically on responding to incidents (A)

Which tool is a cloud-based secure web gateway that provides web filtering, data loss prevention, malware protection, and more, helping control user internet access while safeguarding data security?

IBOSS (C)

Which tool allows real-time and historical insights into network traffic, enabling performance optimization and troubleshooting?

InfoVista (C)

Which document emphasizes the importance of training and simulation exercises for cybersecurity personnel?

CGCYBERINST 2620.1 Incident Response Plan (B)

Based on the provided information, what is the role of the Cybersecurity Operations Center (CSOC) in the Coast Guard's cybersecurity strategy?

To monitor and detect cyber threats against Coast Guard networks (B)

Which of these tools is a web-based tool for data analysis and manipulation, commonly used in cybersecurity for encoding, decoding, encrypting, and decrypting data?

Cyber Chef (C)

Which of the following is NOT a key component of the Incident Response Plan (CGCYBERINST 2620.1)?

Cybersecurity Awareness Training (C)

Which document primarily outlines procedures for identifying, assessing, and mitigating risks associated with information systems and data?

COMDTINST M5500.13 Cybersecurity Manual (A)

What is the main function of COASTAL within an organization's data management strategy?

Long-term storage of logs (D)

Which tool primarily focuses on protecting against web-based threats by isolating internet traffic?

CBII (D)

What capability does Microsoft Defender for Identity (MDI) specifically provide?

Detection of identity-related threats (C)

Which solution is defined as a cloud-native SIEM and SOAR platform that offers analytics across the network?

Microsoft Sentinel (D)

What is the purpose of MPurview in an organization's data management practices?

Securing and managing organizational data (A)

What is the primary function of an Access Control List (ACL)?

To specify which users or systems can access network resources (A)

Which encryption standard succeeded the Data Encryption Standard (DES)?

AES (D)

What does the Assured Compliance Assessment Solution (ACAS) primarily do?

Performs vulnerability scanning and compliance management (A)

What is the role of Common Vulnerabilities and Exposures (CVE)?

To standardize vulnerability tracking with unique IDs (D)

Which statement correctly describes Role-Based Access Control (RBAC)?

It restricts access based on a user's job function or role. (C)

How does the RSA encryption algorithm function?

It employs a public key for encryption and a private key for decryption. (C)

What is the purpose of a Firewall in network security?

To monitor and control network traffic based on rules (C)

Which organization manages the Common Vulnerabilities and Exposures (CVE) database?

MITRE (C)

What is the primary function of TippingPoint?

To block malicious network traffic based on real-time analysis (D)

Which tool is specifically designed for network visibility and advanced threat detection?

Stealthwatch (B)

What is the role of Elastic in cybersecurity?

To facilitate centralized logging, monitoring, and alerting (B)

What does the Source Fire system inspect?

Traffic for threat detection and prevention (D)

Which of the following best describes the purpose of Swimlane?

To integrate security tools for streamlining incident responses (A)

How does Tanium contribute to cybersecurity?

By controlling and managing numerous endpoints for security and compliance (A)

What is one of the key features of AWS cloud security tools?

Data protection and compliance solutions (D)

Which tool is not primarily focused on threat detection or prevention?

Riverbed (D)

Study Notes

Access Control Lists (ACLs)

• ACLs are rules controlling network traffic
• They specify which users/systems can access resources
• ACLs prevent malicious activity and unauthorized access
• Essential for network security

Encryption Standards

• AES is a widely used symmetric-key encryption standard
• AES replaced DES, using the same key for encryption and decryption
• ACAS is a cybersecurity tool for vulnerability scanning, compliance management, and continuous monitoring, used by government agencies and defense contractors
• Common Vulnerabilities and Exposures (CVE) database of cybersecurity vulnerabilities, managed by MITRE, standardizing vulnerability tracking

Continuity of Operations Plan (COOP)

• COOP outlines how an organization sustains essential functions during a disaster
• COOP specifies procedures within 12 hours and up to 30 days of an event

Defense Information Systems Agency (DISA)

• DISA is a US Department of Defense agency
• It provides secure IT and communication support for US Military and Government operations
• DISA focuses on secure global networks and cybersecurity

Firewalls

• Firewalls are security devices or software
• They control network traffic based on pre-defined rules
• Firewalls act as barriers between trusted internal networks and untrusted external networks

Joint Regional Security Stack (JRSS)

• JRSS is a US Department of defense cybersecurity initiative
• JRSS enhances network security
• It improves visibility and control over data traffic

Role-Based Access Control (RBAC)

• RBAC restricts system access based on user roles
• Permissions are assigned to roles, streamlining user privilege management

Rivest-Shamir-Adleman (RSA) algorithm

• RSA is an asymmetric-key encryption algorithm
• RSA uses a pair of keys: a public key for encryption and a private key for decryption

Security Information and Event Management (SIEM)

• SIEM collects and analyzes security data from an organization's IT infrastructure
• SIEM centralizes logs from various sources enabling real-time threat monitoring and incident response
• SIEM enhances cybersecurity posture and facilitates compliance reporting

Security Technical Implementation Guides (STIGs)

• STIGs are cybersecurity guidelines from the DISA
• They are designed to secure DoD systems
• STIGs provide detailed instructions for configuring hardware/software, hardening systems and meeting compliance standards

Security Orchestration, Automation, and Response (SOAR)

• SOAR improves security operations efficiency and effectiveness
• SOAR automates and orchestrates responses to security incidents

Terminal Access Point (TAP)

• A TAP is a network device or technology
• It is used primarily for network monitoring and security
• It facilitates the capture and analysis of network traffic without disrupting normal network operations

Triple DES

• Triple DES is a symmetric-key encryption algorithm
• It applies the original DES algorithm three times, enhancing DES security due to longer key length

Virtual Private Network (VPN)

• VPN establishes a secure connection over a less secure network such as the internet
• VPNs protect private web traffic from interference, censorship, and snooping

Web Content Filtering

• Web content filtering restricts access to certain websites or content types
• Organizations use it to improve employee productivity and comply with regulations

Encryption Standards (Key Lengths, Types, Strengths)

• Table presenting encryption standards, their types, key lengths, typical use cases, and relative strengths. (Table is not suitable for bullet points)

Network Security Tools (page 9 & 10)

• The document lists various cybersecurity tools and security products (Specific software names mentioned, such as Moveit, CyberChef, IBOSS, Cisco security manager, F5, NikSun, PaloAlto Firewall and others.

USCG Strategic Plan 2018-2022

• Outlines Coast Guard priorities, objectives, and its commitment to maritime safety, security, environmental protection, and law enforcement
• Emphasizes operational excellence, adaptation, and leveraging technology

Coast Guard Cyber Strategic Outlook

• Outlines how the Coast Guard addresses cybersecurity challenges
• Highlights protecting critical maritime infrastructure
• Aims for operational readiness against cyber threats

Cybersecurity Manual (COMDTINST M5500.13)

• Outlines cybersecurity policies, procedures, and best practices
• Aims to protect Coast Guard information systems and networks from threats

Incident Response Plan (CGCYBERINST 2620.1)

• Outlines procedures for responding to cybersecurity incidents
• Provides protocols and steps for various incident types, including containment, eradication, and recovery
• Procedures are outlined

Cyber Incident Handling Manual (CJCSM 6510.01)

• Outlines how to manage cyber incidents for U.S. military and government networks
• Presents procedures for recognizing and reporting cyber incidents

Cybersecurity Activities Support to DODIN (DODD8530.01)

• This is a Department of Defense directive
• It outlines the framework for cybersecurity activities

Cyberspace Operations Manual (COMDTINST M2620.2)

• Provides guidance on managing cyberspace operations
• Focuses on cybersecurity practices within the U.S. Coast Guard organization

Monitoring and Detections (page 6)

• CSOC DCO watch process guide outlining procedures for defensive cyber operations in continuous monitoring and network traffic detection
• Explains procedures for immediate action when a security incident is detected.

CSOC DCO Watch Process (page 6)

• Describes the framework for defensive cyber operations, including incident response guidelines. Explains the importance of documenting responses.
• Importance of collaboration among teams and agencies.

Additional Cybersecurity Components (page 9)

The documents contains additional security tools and processes.

Description

This quiz covers essential cybersecurity concepts including Access Control Lists (ACLs), encryption standards like AES, Continuity of Operations Plans (COOP), and details regarding the Defense Information Systems Agency (DISA). Test your knowledge of how these elements contribute to network security and operational resilience.