Block 1 - Units 9-12

NAC - Network Access Control (Unit 9)

Security solution that enforces conditions before allowing system access to a network.

Agent-Based NAC (Unit 9)

Uses software installed on client; can be permanent or dissolvable.

Permanent Agent (Unit 9)

Continuously monitors client system for NAC compliance.

Dissolvable Agent (Unit 9)

Runs NAC check once, does not remain installed.

Agentless NAC (Unit 9)

Does not require agent software on client.

Authentication (Unit 9)

Process of verifying user identity.

Something You Know (Unit 9)

Authentication factor such as a password or PIN.

Something You Have (Unit 9)

Authentication factor such as a token, smart card, or code sent by text.

Something You Are (Unit 9)

Authentication factor such as fingerprints or voice recognition.

Somewhere You Are (Unit 9)

Authentication factor based on location, such as GPS or IP address.

Something You Do (Unit 9)

Authentication factor based on user behavior such as typing patterns.

Multifactor Authentication (Unit 9)

Uses two or more different authentication factors; much safer than one.

SSO - Single Sign-On (Unit 9)

Authenticate once and gain access to multiple systems; risk is wider compromise.

IEEE - Institute of Electrical and Electronics Engineers 802.1X (Unit 9)

Standard requiring valid credentials for network access.

Host Health Check (Unit 9)

Scan system for updates, antivirus, firewall before granting network access.

Terms of Usage (Unit 9)

Users may have to accept terms before network access.

AAA - Authentication, Authorization, Accounting (Unit 9)

Framework for controlling access and auditing usage.

Identification (Unit 9)

Presenting credentials like a username or smartcard.

Authentication (Unit 9)

Verifying credentials match identity.

Authorization (Unit 9)

Determines what user can access or do.

Accounting (Unit 9)

Records user activity such as time, bandwidth, or resource use.

RADIUS - Remote Authentication Dial-In User Service (Unit 9)

AAA protocol using UDP for remote access.

DIAMETER (Unit 9)

Newer AAA protocol using TCP, more secure and reliable.

Application Security (Unit 9)

Protecting integrity of software applications.

P2P - Peer-to-Peer File Sharing Risk (Unit 9)

Common method of spreading malicious code.

Scripting (Unit 9)

Automated commands that can modify a system.

XSS - Cross-Site Scripting (Unit 9)

Injection of malicious code into websites to steal sessions or data.

Vulnerability Prevention (Unit 9)

Keep apps/OS patched, configure securely, harden apps.

CSRF - Cross-Site Request Forgery Prevention (Unit 9)

Disable "remember me" browser features; prevents cookie theft.

IDS - Intrusion Detection System (Unit 9)

Detects suspicious activity and alerts admins.

IPS - Intrusion Prevention System (Unit 9)

Detects suspicious activity and takes corrective action.

HIDS - Host Intrusion Detection System (Unit 9)

Host-based IDS.

HIPS - Host Intrusion Prevention System (Unit 9)

Host-based IPS.

NIDS - Network Intrusion Detection System (Unit 9)

Network-based IDS.

NIPS - Network Intrusion Prevention System (Unit 9)

Network-based IPS.

Hardware Security (Unit 9)

Protects systems via physical controls and hardware encryption.

Secure Boot / Trusted Boot (Unit 9)

BIOS settings to prevent malware loading during startup.

Removable Storage Threat (Unit 9)

USB drives can spread worms; often disabled on DoD systems.

HBSS - Host-Based Security System (Unit 9)

DoD system that alerts on unauthorized USB use.

Theft Prevention (Unit 9)

Secure servers, routers, and portable devices with locks, safes, or controlled access.

Hardware Encryption (Unit 9)

Uses chips for faster encryption than software alone.

FDE - Full Disk Encryption (Unit 9)

Encrypts entire storage drive.

TPM - Trusted Platform Module (Unit 9)

Hardware chip storing cryptographic keys.

HSM - Hardware Security Module (Unit 9)

Dedicated device storing cryptographic processors.

Firewalls (Unit 10)

Hardware/software that filters network traffic.

Allowlisting (Unit 10)

Deny all by default, only allow trusted traffic (most secure).

Denylisting (Unit 10)

Allow all by default, block known bad traffic.

Software Firewall (Unit 10)

Installed on a single system; also called personal or host firewall.

Windows Firewall (Unit 10)

Built-in firewall with configurable rules.

Hardware Firewall (Unit 10)

Stand-alone device filtering traffic for an entire network.

Packet Filtering Firewall (Unit 10)

Stateless filtering based on IP/port (least advanced).

Stateful Inspection Firewall (Unit 10)

Allows return traffic for outbound requests.

Application-Layer / Next-Gen Firewall (Unit 10)

Combines packet, stateful, and deep inspection; may include IDS/IPS.

Deep Packet Inspection (Unit 10)

Examines packet contents to block threats.

Security Zones (Unit 10)

Private Zone (LAN), DMZ - Demilitarized Zone (servers for public), Public Zone (internet).

DMZ - Demilitarized Zone (Unit 10)

Network segment between firewalls for public-facing servers.

ESD - Electrostatic Discharge (Unit 11)

Sudden electricity flow between objects.

Grounding (Unit 11)

Provides safe path for electricity to ground.

Bonding (Unit 11)

Minimizes differences between conductive objects.

AFI - Air Force Instruction (Unit 11)

Directs standardized Air Force actions.

AFMAN - Air Force Manual (Unit 11)

Manual providing detailed guidance.

MIL-STD - Military Standard (Unit 11)

U.S. defense standardization documents.

STIG - Security Technical Implementation Guide (Unit 11)

DISA security configuration standard.

SOP - Standard Operating Procedure (Unit 11)

Step-by-step organizational instructions.

DoDI - Department of Defense Instruction (Unit 11)

Establishes policy and general guidance.

DoDM - Department of Defense Manual (Unit 11)

Provides detailed procedures for carrying out DoDI policy.

CIRT - Computer Incident Response Team (Unit 12)

Handles security incidents and documents them.

Incident Response Team Leader (Unit 12)

Ensures team readiness and coordination.

Technical Specialist (Unit 12)

Assesses and corrects technical issues.

Documentation Specialist (Unit 12)

Records incident response process.

Legal Advisor (Unit 12)

Ensures compliance with laws and regulations.

Incident Response Plan (Unit 12)

Defines categories, roles, reporting, and exercises for incident handling.

Event (Unit 12)

Observable system occurrence, may indicate incident.

Incident (Unit 12)

Jeopardizes Confidentiality, Integrity, or Availability (CIA).

Event Categories (Unit 12)

Assign severity and description to guide responses.

Classified Messaging Incident (Unit 12)

Sending classified data to a lower-level system; requires investigation.

First Responder (Unit 12)

First person to detect/respond; goal is containment.

Incident Handling Step 1 (Unit 12)

Detection and reporting of events.

Incident Handling Step 2 (Unit 12)

Preliminary analysis and categorization.

Incident Handling Step 3 (Unit 12)

Preliminary response actions such as containment.

Incident Handling Step 4 (Unit 12)

Incident analysis to find technical details and root cause.

Incident Handling Step 5 (Unit 12)

Response and recovery; restore systems.

Incident Handling Step 6 (Unit 12)

Post-incident analysis; lessons learned.

Root Cause Analysis (Unit 12)

Steps to determine why incident occurred and how to prevent recurrence.

CCIR - Commander's Critical Information Requirement (Unit 12)

Determines if incident must be reported within one hour.

Cyber Incident Report (CIR) (Unit 12)

Detailed incident analysis including attacker and vector.

Network Intelligence Report (NIR) (Unit 12)

Focuses on adversary or suspicious network activity.

Postmortem Report (Unit 12)

Provides results of incident analysis to affected units.