Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
112 Cards in this Set
- Front
- Back
|
3-M
|
Maintenance Material & Management
This system provides maintenance and material managers throughout the Navy with a process for planning, acquiring, organizing, directing, controlling and evaluating the manpower and material resources used to support maintenance. |
|
|
PMS
|
Planned Maintenance System
A standardized method for planning, scheduling, and accomplishing preventive maintenance by ship’s force. |
|
|
Explain how DPAS is used to track equipment
|
Defense Property Accountability System
A fully web enabled system which tracks the lifecycle of an asset from receipt to disposition. |
|
|
Discuss the purpose of the MOV program.
|
A request from a supply source to a requisitioner/control office to validate that outstanding requisitions are still required.
|
|
|
Discuss the DLR program.
|
Depot Level Repair Program.
DLR manages high level items which can not be repaired nor reused. |
|
|
Remain In Place (RIP)
|
Although the part may be degraded, it is required to remain in use until the new item arrives
|
|
|
NRFI
|
Not Ready For Issue
|
|
|
MAM
|
Maintenance Assist Module
Replaceable assemblies (modules) needed to perform an approved maintenance plan which calls for identifying the fault of failed module through progressive and/or selective module substitution. |
|
|
Bulkhead mounted spares
|
Spares that are kept in the work center due to size or cost resulting on the parent department head to be responsible for upkeep on them
|
|
|
CASREP
|
Used in the event of an equipment malfunction or deficiency which cannot be corrected within 48 hours, reduces unit’s ability to perform a primary mission, secondary mission, or a training commands ability to perform it’s mission.
|
|
|
CASREP categories:
|
I. Used only at training commands: A casualty exists but does not cause a break in training.
II. A deficiency exists in mission essential equipment which causes a minor degradation in any primary mission. III. A deficiency exists in mission essential equipment which causes a major degredation but not loss of a primary mission. IV. A deficiency exists in mission essential equipment that is worse than category 3, and causes a loss of at least one primary mission. |
|
|
NSN
|
National Stock Number
A 13 digit number assigned by the Defense Logistic’s Agency to identify an item of material in the supply distribution system. |
|
|
COG
|
Cognizance
A two character symbol that designates the stores account in which a type of material is carried and the responsible inventory control point. |
|
|
APL
|
Allowance Parts List
It lists all the repair parts installed on the equipment/component to which it applies |
|
|
AEL
|
Allowance Equipage List
Contains the onboard allowance of equipage and supplies to support the ship’s mission. |
|
|
NC
|
Not Carried
Material for which there is no storeroom allowance |
|
|
NIS
|
Not In Stock
Material normally stocked in the storeroom but is temporarily exhausted. |
|
|
SIM
|
Selected Item Maintenance
Inventory control system by which maximum attention is given to those items experiencing high rate of usage. |
|
|
CHRIMP
|
Consolidated Hazardous Material Reutilization and Inventory Management Program
A successful method to achieve life-cycle control and management of Hazardous Material (HM) and Hazardous Waste (HW). |
|
|
DRMS
|
Defense Reutilization and Marketing Service
Department of Defense agency dedicated to the disposition of excess and surplus military equipment and supplies. |
|
|
ServMART
|
A warehouse designed store which carries NSN items to be bought with a government purchase card.
|
|
|
OPTAR
|
Operating Target is an estimate of the amount of money that will be required by an operating unit to perform tasks and functions assigned
|
|
|
Normal Power
|
Standard power supplied for normal daily usage.
|
|
|
Emergency Power
|
Secondary power source provided only to vital equipment/systems in the event of a casualty.
|
|
|
Uninterrupted Power
|
Minimal battery power provided to a electronic equipment in order to properly power down the system.
|
|
|
Identify the directives that govern personnel security
|
NAVSUP to DoD DIR 5105.21.M-1
SECNAV M-5510.36 ICD 704 |
|
|
Classification categories and the colors codes used to identify each one.
|
Top Secret - exceptionally grave damage (ORANGE)
Secret - serious damage (RED) Confidential - expected to cause damage (BLUE) Unclassified - information generally available to anyone. (GREEN) |
|
|
State the type of investigation and how often it is updated for access for the classification levels.
|
Top Secret: Single Scope Background Investigation (SSBI)- Every 5 years
Secret: National Agency Check with Local Agency and Credit Checks (NACLC) – Every 10 Years Confidential: National Agency Check with Local Agency and Credit Checks (NACLC) – Every 15 years |
|
|
SAER
|
Security Access Eligibility Report
Used to report to DoNCAF any information which might affect an individual’s continued eligibility for access to SCI. |
|
|
Events that should be reported to the SSO
|
Foreign citizenship or foreign monetary interests.
Sexual behavior that is criminal or reflects a lack of judgment of discretion. Unexplained affluence or excessive indebtedness. Alcohol abuse. Illegal or improper drug use/involvement. Apparent mental or emotional disorder(s). Criminal conduct. |
|
|
Who has overall authority of and controls access to a SCIF
|
CO
|
|
|
State when safe combinations should be changed.
|
When lock is first installed/used
When compromised or believed to be compromised Whenever deemed necessary |
|
|
FDO
|
Foreign Disclosure Office
Anything related to official interaction with foreigners. |
|
|
State the purpose of DCS
|
The Defense Courier Service
Establishes, staffs, operates, and maintains an international network of couriers and courier stations for expeditious, cost effective, and secure transmission of qualified classified documents and material. |
|
|
Transporting via DCS
|
Double wrapped with prescribed opaque material.
Properly marked classification and address. The minimum size is an 8” X 11” flat envelope. Single items will not normally exceed 150 pounds. All seams will be reinforced with the prescribed tape-gummed Kraft paper tape. |
|
|
Transporting classified material via hand carry:
|
Use a classified material cover sheet, file folder, or other covering to prevent inadvertent disclosure when hand carrying classified information within the command.
Double-wrap the classified information when hand carrying outside the command. |
|
|
State the responsibilities of the TSCO
|
Top Secret Control Officer
Maintains a system of accountability to record the receipt, reproduction, transfer, transmission, downgrading, declassification and destruction of command Top Secret information |
|
|
State the THREATCON recognition and Force Protection Levels
|
THREATCON/FP Alpha – General readiness.
THREATCON/FP Bravo – Somewhat predictable threat. Increased security measures. Can be maintained for weeks or months. THREATCON/FP Charlie – Known Terrorist threat made. Can be maintained for short periods. THREATCON/FP Delta – Specific target known and declared, or terrorist event has occurred. Can only be maintained for a limited time. |
|
|
RAM
|
Random Antiterrorism Measures
Consists of the random implementation of higher FPCON measures in consideration of the local terrorist capabilities. |
|
|
EAP
|
Emergency Action Plan
A plan for the protection of classified information in case of a natural disaster or civil disturbance. |
|
|
State the purpose of Emergency Destruction procedures
|
Prevent un-cleared personnel from access to classified material in case of emergency such as fire, natural disaster, civil disturbance, terrorist activities, or enemy attack.
|
|
|
Who can give the order to initiate Emergency Destruction plan
|
The highest ranking person on station.
|
|
|
Explain in what order and how, material is destroyed during Emergency Destruction.
|
Priority One – All cryptographic equipment and documents.
Priority Two – Sensitive intelligence materials and all TOP SECRET collateral. Priority Three – Less sensitive administrative SCI material and collateral classified material not included above. Any reasonable means available. Burning, shredding, smashing degaussing, magnets, jettison, etc. |
|
|
SCI
|
Sensitive Compartmented Information
Classified information concerning or derived from intelligence sources, methods, or analytical processes and required to handled within formal access control systems |
|
|
List items prohibited in the Secret Compartmented Information Facility (SCIF).
|
Personally owned photographic, video, and audio recording equipment.
Personally owned computers and associated media. |
|
|
Define the difference between a security violation and a practice dangerous to security.
|
Security Violation is a compromise of classified information to persons not authorized to receive it.
Deliberate or accidental exposure of SCI resulting from loss, theft, or capture -Must be reported immediately. Practice Dangerous to Security is a failure to comply with security regulations causing a potential compromise of classified information. Not required to be reported |
|
|
Explain vault recertification and recurring inspections.
|
SCI security officials will conduct self-inspections of their SCIFs at least annually.
Inspections may occur at any, announced or unannounced |
|
|
Explain the DoD escort policy
|
Non-SCI indoctrinated personnel entering a SCIF must be continuously escorted by indoctrinated employee who is familiar with the security procedures of that SCIF
|
|
|
Sanitizing Equipment
|
A two-step process that includes removing data from the media and removing all classified labels, markings, and activity logs.
|
|
|
Sanitizing spaces
|
is removing all classified material from view (placing in vaults, drawers, etc) so as to not be visible to un-cleared personnel.
|
|
|
ICDs
|
Intelligence Community Directives
The principle means by which the DNI provides guidance, policy, and direction to the Intelligence Community. |
|
|
List the duties and responsibilities of the SSO.
|
Responsible for maintaining the security of SCI material and providing advice to the CO or OIC on the related matters of the SSO program.
|
|
|
Identify who can be a Command Security Manager (CSM).
|
Must be an officer or civilian employee (GS-11 or higher), a US Citizen, and completed an SSBI.
|
|
|
State the duties and responsibilities of the CSM
|
-Responsible for administration of the Commands information and personnel security programs.
-Maintains liaison with SSO IRT investigations, SCI access, eligibility evaluation, policy and procedure changes. -Ensures security threats, compromises, and other violations are reported, recorded, and investigated when necessary. |
|
|
JPAS
|
Joint Personnel Adjudication System
The official personnel security clearance database management system for the Department of Defense. |
|
|
DONCAF
|
Department of the Navy Central Adjudication Facility
Responsible for determining who within the Department of the Navy is eligible to hold a security clearance |
|
|
How long a Commanding Officer can administratively suspend access before DONCAF revokes a clearance.
|
90 Days
|
|
|
State the levels of INFOCON and what each signifies.
|
INFOCON 5 - a situation where there is no apparent hostile activity against computer networks.
INFOCON 4 - an increased risk of attack. INFOCON 3 - A risk has been identified. INFOCON 2 - an attack has taken place but the Computer Network Defense system is not at its highest alertness INFOCON 1 - attacks are taking place and the Computer Network Defense system is at maximum alertness |
|
|
Discuss the security rules and procedures for magnetic and electronic media.
|
All such devices bearing classified information must be conspicuously marked with the highest level of classification stored on the device
|
|
|
Explain why the U.S. Navy only uses “.mil” email addresses on government systems.
|
DoD has exclusive use of the “mil” domain. Provides for increased security.
|
|
|
Define Information Assurance
|
Information Operations that protect and defend data and
Information Systems (IS) by ensuring their availability, integrity, authentication, confidentiality, and non- repudiation. |
|
|
Certification & Accreditation
|
Certification – Comprehensive evaluation of the technical and non-technical security features of an information system and other safeguards, made in support of the accreditation process.
Accreditation – Formal declaration by the DAA that an information system is approved to operate. |
|
|
DAA
|
Designated Approving Authority
The official with the authority to formally assume responsibility for operating a system at an acceptable level of risk. |
|
|
System Security Authorization Agreement
|
A living document that represents the formal agreement between the Designated Approving Authority, the Certification Authority, the Program Manager, and the user representative
|
|
|
ATO
|
Authorization To Operate
The official management decision issued by a DAA to authorize operation of an information system and to explicitly accept the residual risk. |
|
|
Discuss security procedures involved when performing cross-domain transfers.
|
The media to be used in the process must be new or an approved transfer disk that has been virus checked.
Transfer information onto the media. Perform scanning of the media for viruses. |
|
|
Confidentiality
|
Assurance that information is not disclosed to unauthorized persons, processes, or devices.
|
|
|
Integrity
|
Assurance that information is not modified by unauthorized parties or in an unauthorized manner
|
|
|
Availability
|
Assurance of timely, reliable access to data and information systems by authorized users
|
|
|
Non-repudiation
|
Assurance that the sender of data is provided with proof of delivery and the recipient is provided with proof of the identity
|
|
|
Authentication
|
Assurance of the identity of a message sender or receiver
|
|
|
List and define 9 categories of computer incidents.
|
Malicious Logic
Unsuccessful Activity Attempt Denial of Service Root Level Intrusion User Level Intrusion Non-Compliance Activity Reconnaissance Investigating Explained Anomaly |
|
|
Describe the DoN World Wide Web Security Policy.
|
All DON Web sites must have a clearly articulated purpose, approved by the commander, and supporting the command’s/activity’s core competency mission.
|
|
|
IAVA
|
IA Vulnerability Alerts
An announcement of a high risk computer software, or operating system, vulnerability in the form of an alert. |
|
|
IAVB
|
IA Vulnerability Bulletins
An announcement of a medium risk computer software, or operating system, vulnerability in the form of a bulletin. |
|
|
IAVT
|
IA Vulnerability Technical
Address new vulnerabilities that are generally categorized as low risk to DON systems. |
|
|
CTO
|
Communications Tasking Orders
A DoD-wide instruction that promulgates mandatory changes in standing instructions on how communications are handled. |
|
|
NTD
|
Navy Telecommunications Directive
A widely disseminated Naval Message giving an order or direction about a certain IT function that needs to be complied with. |
|
|
Define vulnerability assessment.
|
Systematic examination of an information system or product to determine the adequacy of security measures
|
|
|
Explain the difference between vulnerability and threat.
|
Vulnerability -- the weakness in an information system
Threat -- any circumstance or event with the potential to adversely impact organizational operations |
|
|
State the duties and responsibilities of the IAM.
|
Information Assurance Manager
Responsible for the information assurance program within a command |
|
|
Switches
|
Multiport devices that improve network efficiency
|
|
|
Router
|
A device that connects two or more networks and allows packets to be transmitted and received between them
|
|
|
Proxy Server
|
A type of server that makes a single Internet connection and services requests on behalf of many users.
|
|
|
VPN
|
Virtual Private Network
A private network connection that occurs through a public network. |
|
|
OSI Model
|
Application (HTTP - Telnet)
Presentation (JPEG) Session (Connection between devices) Transport (TCP - UDP) Network (Routers) Datalink (Switches) Physical (Cable/Hub) (All People Seem To Need Data Processing) |
|
|
TCP/IP Model
|
Application (File & Print)
Transport (Connection Oriented) Internet (Connectionless) Network Access (MAC address) |
|
|
IPv4 and IPv6
|
IPv4 uses 32 bits (4.3 billion address)
IPv6 uses 128 bits (2^128 addresses) |
|
|
NIPRNET
|
Non-secure Internet Protocol Router
It is used to exchange sensitive but unclassified information between internal users |
|
|
SIPRNET
|
Secure Internet Protocol Router Network
Secret level network that supports the DOD community, Law enforcement agencies, Dept of Homeland Security and other Secret level entities. |
|
|
JWICS
|
Joint Worldwide Intelligence Communications System
Operated by the Defense Intelligence Agency (DIA) as a secure global network designed to meet the requirements for TS/SCI multimedia intelligence communications worldwide. |
|
|
DoDN (GIG)
|
Global Information Grid (GIG) defined as a Globally interconnected end-to-end set of information capabilities for collecting, processing, storing, disseminating, and managing information on demand to the Warfighter, policy makers, and support personnel.
|
|
|
DISN
|
Defense Information Systems Network
The DOD enterprise network for providing data, video, and voice services |
|
|
NMCI
|
Navy/Marine Corps Intranet
a DON program where information Technology services have been outsourced to an outside contractor. Deployed throughout the Navy and Marine Corps. |
|
|
ONE-NET
|
Overseas Navy Enterprise Network is a Navy-wide initiative to install a common and secure IT infrastructure to OCONUS Navy locations
|
|
|
IT-21
|
An information transfer strategy that provides Network Connectivity capable of Voice, Data and Video for afloat units. It provides access to NIPRNET, SIPRNET and JWICS, and supports all tactical and non-tactical mission areas.
|
|
|
Machine Language
|
The “natural language” of a particular computer, defined by the computer’s hardware design
|
|
|
Assembly Language
|
Strings of numbers that computers could directly understand, programmers began using English-like abbreviations to represent elementary operations.
|
|
|
High-Level Language
|
developed in which single statements could be written to accomplish substantial tasks. The translator programs that convert high-level language programs into machine language are called compilers. (C, C++, Python)
|
|
|
Virus
|
Malicious code written with an intention to damage the user’s computer.
They need the movement of a file to infect other computers |
|
|
Worm
|
A malicious software application that is structured to spread through computer networks.
These applications are self-propagating. |
|
|
Trojan
|
A program that seems to be useful or harmless but in fact contains hidden code embedded to take advantage of or damage a computer
|
|
|
Backdoor
|
A gap in the security of a computer system that’s purposely left open to permit access.
|
|
|
Phishing
|
The criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity.
|
|
|
Buffer Overflow
|
A situation where a program writes data beyond the buffer space allocated in memory. This can result in other valid memory being overwritten.
|
|
|
SQL Injection
|
SQL injection is an attack in which malicioius code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution
|
|
|
Dictionary Attack
|
A method of breaking into a password-protected computer by systematically entering every word in the dictionary.
|
|
|
Privilege Escalation
|
The act of exploiting a bug or design flaw in a software application to gain access to resources which normally would have been protected from an application or user.
|
|
|
Brute Force Attack
|
A technique used to break an encryption or authentication system by trying all possibilities.
|
|
|
Social Engineering
|
The practice of tricking a user into giving, or giving access, to sensitive information, thereby bypassing most or all protection.
|
|
|
PKI
|
Public Key Infrastructure
A two-key encryption system wherein messages are encrypted with a private key and decrypted with a public key |
|
|
DNS
|
Domain Name System
Used to map host names with IP addresses. |
