Cyber Protection Team (CPT) Functions and Operations

These flashcards cover key concepts related to Cyber Protection Team functions, operational procedures, and training requirements.

Which CPT function focuses on proactively searching networks to detect evidence of MCA?

Hunt

Who specializes in reporting operational data for analysis in USCYBERCOM?

All Source Analyst

Which CPT function focuses on proactively searching networks to detect evidence of MCA?

Hunt

Who specializes in reporting operational data for analysis in USCYBERCOM?

All Source Analyst

What is NOT a capability of the Deployable Interceptor Platform (DIP)?

Employable as a stand-alone analysis station

What program ensures proficiency through regular mission-related repetitions?

Ready Cybercrew Program (RCP)

What evaluation is performed to ensure basic qualification in a weapon system?

Qualification (QUAL) evaluation

Which document contains weapon system capabilities and limitations?

AFTTP 3-3 CVA/H

What is a capability of a Host Analyst?

Utilized for incident investigations and counter threat actions on specific host systems.

Who is responsible for ensuring cybercrew discipline and addressing misconduct?

Mission Lead and/or Crew Lead

What is the Current Read File of CIF messages containing temporary operation information?

Part B

What is NOT a function of the weapons and tactics shop?

Manage instructors to provide training to operators

Who authorizes the DACO and delegates authority for military operations in cyberspace?

Commander, United States Cyber Command (USCYBERCOM)

What primarily consists of servers and sensors?

Deployable Interceptor Platform (DIP) components

Which DCO missions may occur without the owner's permission?

Defensive Cyberspace Operations - Response Actions (RA)

What document contains the table of contents for CIF?

Part A

What DCO missions include authorized defensive actions within the defended network?

Defensive Cyberspace Operations - Internal Defensive Measures (DCO-IDM)

What must be submitted prior to using third-party compiled code not on ATO?

Weapon System Deviation (Deviation Request)

What is an agent-based host analysis tool?

Endgame

Which tool is NOT part of the Sysinternals suite?

Volatility

What is the purpose of the crew log during a mission?

Maintain an accurate record of all significant events.

What work role assesses the configuration of targeted host systems?

Host Analyst

How many hours should the normal crew duty period not exceed?

12 hours

What type of training is needed for major modifications to the CVA/H weapon system?

Difference Training

When must crew position qualification evaluations be completed?

By the last day of the 17th month after completing the performance phase.

What is Part C of the CIF?

Contains information temporary in nature not required before missions.

Can your crew lead direct you to change the MAC address during an ops check?

True

What communication tool reports events outside expected parameters?

Situation report (SITREP)

What is the tasked window for executing specific missions on the MPNET?

Vulnerability

What indicates friendly actions for task accomplishment?

Measures of Performance (MOP)

Which of the following CPT functions is focused primarily on targeting and engaging MCA in order to eliminate or neutralize it from a network or system?

Clear

What are the responsibilities of the Network Analyst crew position?

Specializes in advanced vulnerabilities and threats of network architectures, technologies and associated systems