**Social Networking As someone who works with classified information, what should you do if you are contacted by a foreign national seeking information on a research project? Verify the identity of all individuals.??? Which scenario might indicate a reportable insider threat? **Insider Threat How many potential insider threat indicators does a person who is playful and charming, consistently wins performance awards, but is occasionally aggressive in trying to access sensitive information display? Using webmail may bypass built in security features. Delete email from senders you do not know. What level of damage can the unauthorized disclosure of information classified as Top Secret reasonably be expected to cause? How should you respond? Linda encrypts all of the sensitive data on her government-issued mobile devices. It never requires classified markings, it is true about unclassified data. Only paper documents that are in open storage need to be marked. It never requires classification markings, is true about unclassified data. If aggregated, the information could become classified. It displays a label showing maximum classification, date of creation, point of contact, and Change Management 9CM) Control Number. Use only personal contact information when establishing your personal account. ~All documents should be appropriately marked, regardless of format, sensitivity, or classification. Never allow sensitive data on non-Government-issued mobile devices. Attempting to access sensitive information without need-to-know, Avoid talking about work outside of the workplace or with people without a need-to-know, Report the suspicious behavior in accordance with their organizations insider threat policy. Connect and share knowledge within a single location that is structured and easy to search. How can you protect yourself from social engineering? Do not use any personally owned/non-organizational removable media on your organizations systems. What should you do after you have ended a call from a reporter asking you to confirm potentially classified information found on the web? A colleague has won 10 high-performance awards, can be playful and charming, is not currently in a relationship, and is occasionally aggressive in trying to access sensitive information. Where. A Coworker has asked if you want to download a programmers game to play at work. Correct. Lionel stops an individual in his secure area who is not wearing a badge. PII includes, but is not limited to, social security numbers, date and places of birth, mothers maiden names, biometric records, and PHI. Do not access website links, buttons, or graphics in e-mail. Here you can find answers to the DoD Cyber Awareness Challenge. Use personally-owned wired headsets and microphones only in designated areas, New interest in learning a foreign language. They can be part of a distributed denial-of-service (DDoS) attack. After clicking on a link on a website, a box pops up and asks if you want to run an application. What describes how Sensitive Compartmented Information is marked? *Sensitive Compartmented Information When faxing Sensitive Compartmented Information (SCI), what actions should you take? Unusual interest in classified information. Attachments contained in a digitally signed email from someone known. *Malicious Code After visiting a website on your Government device, a popup appears on your screen. Which may be a security issue with compressed Uniform Resource Locators (URLs)? Which of the following is a good practice to prevent spillage. A colleague abruptly becomes hostile and unpleasant after previously enjoying positive working relationships with peers, purchases an unusually expensive new car, and has unexplained absences from work. Security Classification Guides (SCGs).??? A user writes down details from a report stored on a classified system marked as Secret and uses those details to draft an unclassified briefing on an unclassified system without authorization. You must have your organization's permission to telework. Retrieve classified documents promptly from printers. Why might "insiders" be able to cause damage to their organizations more easily than others? What is the best way to protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card? A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complains about the credit card bills that his wife runs up. Let us know if this was helpful. There is no way to know where the link actually leads. Q&A for work. When is the best time to post details of your vacation activities on your social networking website? **Classified Data How should you protect a printed classified document when it is not in use? (Spillage) After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. Which is a way to protect against phishing attacks? 1.1.2 Classified Data. Maybe It is created or received by a healthcare provider, health plan, or employer. (Sensitive Information) Which of the following is true about unclassified data? When classified data is not in use, how can you protect it? The answer has been confirmed to be correct. Based on the description that follows, how many potential insider threat indicator(s) are displayed? If aggregated, the classification of the information may not be changed. Which of the following is NOT Government computer misuse? Which of the following is a best practice for handling cookies? Amendments to a variety of policy documents as well as others referencing Confidential Business Information (CBI) submissions or handling, Changes to paper and e-forms and instructions for their submission to EPA. P2P (Peer-to-Peer) software can do the following except: Allow attackers physical access to network assets. When vacation is over, after you have returned home. They can become an attack vector to other devices on your home network. You receive an unexpected email from a friend: I think youll like this: https://tinyurl.com/2fcbvy. What action should you take? Question. (Spillage) Which of the following practices may reduce your appeal as a target for adversaries seeking to exploit your insider status? What is considered ethical use of the Government email system? Looking for https in the URL. Unauthorized Disclosure of Classified Information and Controlled Unclassified Information . correct. *Sensitive Information What is the best example of Personally Identifiable Information (PII)? Leaked classified or controlled information is still classified/controlled even if it has already been compromised. A compromise of Sensitive Compartmented Information (SCI) occurs when a person who does not have the required clearance or access caveats comes into possession of SCI_________.??? Do not access links or hyperlinked media such as buttons and graphics in email messages. correct. (social networking) When is the safest time to post details of your vacation activities on your social networking profile? Which of the following is a practice that helps to prevent the download of viruses and other malicious code when checking your email? (Mobile Devices) When can you use removable media on a Government system? (1) A strategic plan documenting the overall conduct of a war. What amount is due if Alexa pays on or betwee n April 222222 and May 666? UNCLASSIFIED is a designation to mark information that does not have potential to damage national security. Directing you to a website that looks real. He has the appropriate clearance and a signed, approved, non-disclosure agreement. Unauthorized Disclosure of Classified Information for DoD, Security Awareness: Derivative Classification Answers, CITI Ethics, Responsible Conduct, RCR, Law, HTH And IRB Answers, EVERFI Achieve Consumer Financial Education Answers, Security Pro: Chapter 3 (3.1.8) & 4.1 Security Policies Answers, CITI Module #3 Research in Public Elementary and Secondary Schools, Answers to CTS Unit 7 Lab 7-2: Protocols and Services SNMP, Google Analytics Individual Qualification Exam Answers, Everfi Module 4 Credit Scores Quiz Answers, Which Of The Following Is Not Considered A Potential Insider Threat Indicator. Store classified data in a locked desk drawer when not in use Maybe *Malicious Code What are some examples of malicious code? A coworker is observed using a personal electronic device in an area where their use is prohibited. Only documents that are classified Secret, Top Secret, or SCI require marking. A. It is getting late on Friday. Which of the following is not considered an example of data hiding? What is considered a mobile computing device and therefore shouldnt be plugged in to your Government computer? What information should you avoid posting on social networking sites? Which of the following should you NOT do if you find classified information on the internet? Mobile devices and applications can track your location without your knowledge or consent. Alex demonstrates a lot of potential insider threat indicators. A colleague removes sensitive information without seeking authorization in order to perform authorized telework. Don't talk about work outside your workspace unless it is a specifically designated public meeting environment and is controlled by the event planners. **Insider Threat A colleague vacations at the beach every year, is married and a father of four, his work quality is sometimes poor, and he is pleasant to work with. What is the best course of action? T/F. What is the best response if you find classified government data on the internet? On a NIPRNet system while using it for a PKI-required task, Something you possess, like a CAC, and something you know, like a PIN or password. Briefly describe what you have learned. Dont allow other access or to piggyback into secure areas. Search by Subject Or Level. It may be compromised as soon as you exit the plane. Which of the following actions is appropriate after finding classified Government information on the internet? **Identity Management Which of the following is the nest description of two-factor authentication? Which of the following is true of Internet of Things (IoT) devices? **Social Networking Which of the following information is a security risk when posted publicly on your social networking profile? Remove and take it with you whenever you leave your workstation. Which of the following is NOT true of traveling overseas with a mobile phone? (Sensitive Information) What type of unclassified material should always be marked with a special handling caveat? (Identity Management) Which of the following is an example of two-factor authentication? Accepting the default privacy settings. Correct. Examples are: Patient names, Social Security numbers, Drivers license numbers, insurance details, and birth dates. Research the source to evaluate its credibility and reliability. Which of the following is an example of two-factor authentication? Teams. Debra ensures not correct This bag contains your government-issued laptop. Based on the description that follows, how many potential insider threat indicator(s) are displayed? How many potential insiders threat indicators does this employee display. **Social Engineering What action should you take with an e-mail from a friend containing a compressed Uniform Resource Locator (URL)? **Classified Data What level of damage can the unauthorized disclosure of information classified as Confidential reasonably be expected to cause? *Sensitive Compartmented Information What is Sensitive Compartmented Information (SCI)? What should be done to protect against insider threats? Only use Government-furnished or Government-approved equipment to process PII. Note the websites URL and report the situation to your security point of contact. Identification, encryption, and digital signature. Which of the following is true of protecting classified data? Personal information is inadvertently posted at a website. Which of following is true of protecting classified data? ALways mark classified information appropriately and retrieve classified documents promptly from the printer. Which of the following is true about unclassified data? Which type of information includes personal, payroll, medical, and operational information? Which Cyber Protection Condition (CPCON) establishes a protection priority focus on critical functions only? Attempt to change the subject to something non-work related, but neither confirm nor deny the articles authenticity. (Spillage) What level of damage can the unauthorized disclosure of information classified as confidential reasonably be expected to cause? What action should you take? How can you protect data on your mobile computing and portable electronic devices (PEDs)? With WEKA users, you can access WEKA sample files. What should the owner of this printed SCI do differently? **Removable Media in a SCIF What must users ensure when using removable media such as compact disk (CD)? Classified DVD distribution should be controlled just like any other classified media. What should be your response? Let us have a look at your work and suggest how to improve it! Media containing Privacy Act information, PII, and PHI is not required to be labeled. Neither confirm or deny the information is classified. CUI is not classified information. What is a best practice to protect data on your mobile computing device? How many potential insiders threat indicators does this employee display? There are no choices provides which make it hard to pick the untrue statement about unclassified data. What is a best practice for protecting controlled unclassified information (CUI)? Secure it to the same level as Government-issued systems. A program that segregates various type of classified information into distinct compartments for added protection and dissemination for distribution control. On September 14, 2016, NARA issued a final rule amending 32 CFR Part 2002 to establish a uniform policy for all Federal agencies and prescribe Government-wide program implementation standards, including designating, safeguarding, disseminating, marking, decontrolling, and disposing of CUI; self-inspection and oversight requirements; and other facets of the CUI Program. SSN, date and place of birth, mothers maiden name, biometric records, PHI, passport number, Subset of PII, health information that identifies the individual, relates to physical or mental health of an individual, provision of health care to an individual, or payment of healthcare for individual. They may wittingly or unwittingly use their authorized access to perform actions that result in the loss or degradation of resources or capabilities. A medium secure password has at least 15 characters and one of the following. Which of the following individuals can access classified data? A headset with a microphone through a Universal Serial Bus (USB) port. Which of the following is an example of punishment by application? What type of activity or behavior should be reported as a potential insider threat? (Identity Management) What certificates are contained on the Common Access Card (CAC)? **Travel What security risk does a public Wi-Fi connection pose? What should you do? A colleague asks to leave a report containing protected health information (PHI) on his desk overnight so he can continue working on it the next day. Always take your CAC when you leave your workstation. (GFE) When can you check personal e-mail on your Government-furnished equipment (GFE)? The website requires a credit card for registration. How should you securely transport company information on a removable media? *Social Networking *Classified Data Enable automatic screen locking after a period of inactivity. It does not require markings or distribution controls. A man you do not know is trying to look at your Government-issued phone and has asked to use it. Memory sticks, flash drives, or external hard drives. Memory sticks, flash drives, or external hard drives. *Controlled Unclassified Information Which of the following is NOT a correct way to protect CUI? The questions are broken into the following sections: Controlled Unclassified Information (CUI) isinformation that requires safeguarding or dissemination controls consistent with applicable laws, regulations, and Government-wide policies,but is not classified underExecutive Order 13526 Classified National Security Informationorthe Atomic Energy Act, as amended. Which of the following does not constitute spillage. **Identity management Which of the following is NOT a best practice to preserve the authenticity of your identity? Which of the following is NOT an example of sensitive information? Classification markings and handling caveats. Correct. Unclassified is a security classification assigned to official information that does not warrant the assignment of Confidential, Secret, or Top Secret markings but which is not publicly-releasable without authorization. ~All documents should be appropriately marked, regardless of format, sensitivity, or classification. you don't need to do anything special to protect this information which of the following is true about unclassified data. What portable electronic devices (PEDs) are permitted in a SCIF? Someone who uses authorized access, wittingly or unwittingly, to harm national security through unauthorized disclosure or other actions that may cause the loss or degradation of resources or capabilities. 1.1.3 Insider Threat. ! (A type of phishing targeted at senior officials) Which is still your FAT A$$ MOTHER! How many indicators does this employee display? 870 Summit Park Avenue Auburn Hills, MI 48057. Thiswill enabletimely and consistent informationsharing andincreasetransparency throughout the Federal government and with non-Federal stakeholders. (Sensitive Compartmented Information) What portable electronic devices (PEDs) are allow in a Secure Compartmented Information Facility (SCIF)? You can email your employees information to yourself so you can work on it this weekend and go home now. If authorized, what can be done on a work computer? Which of the following is not Controlled Unclassified Information (CUI)? Classified information that should be unclassified and is downgraded. Which of the following should be done to keep your home computer secure? Public service, notably service in the United States Department of Defense or DoD, is a public trust. Which may be a security issue with compressed urls? (2) War planning documents which contain worldwide -- (a) Planning data and assumptions, (b) Wartime planning factors for the use of nuclear weapons, (c) Intelligence estimates of enemy capabilities, (d) Force composition and development, and E-mailing your co-workers to let them know you are taking a sick day. Executive Order 13526 Classified National Security Information, PersonallyIdentifiable Information (PII), Sensitive Personally Identifiable Information (SPII), Proprietary Business Information (PBI) or currently known within EPA as Confidential Business Information (CBI), Unclassified Controlled Technical Information (UCTI). cyber-awareness. data. What is an individual's Personally Identifiable Information (PII) or Protected Health Information (PHI) considered? Darryl is managing a project that requires access to classified information. (Spillage) Which of the following is a best practice to protect information about you and your organization on social networking sites and applications? **Identity Management Your DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approved for access to the NIPRNet. c. What similarities and differences are there between plant and animal cells? **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? The email provides a link to a personnel portal where you must enter your personal information as part of an effort to standardize recordkeeping. Your favorite movie. (Answer) CPCON 2 (High: Critical and Essential Functions) CPCON 1 (Very High: Critical Functions) CPCON 3 (Medium: Critical, Essential, and Support Functions) CPCON 4 (Low: All Functions) CPCON 5 (Very Low: All Functions). Log in for more information. Which is a best practice that can prevent viruses and other malicious code from being downloaded when checking your e-mail? Which of the following is a security best practice when using social networking sites? Use only your personal contact information when establishing your account. Which of the following can an unauthorized disclosure of information classified as Confidential reasonably be expected to cause? Which of the following is a clue to recognizing a phishing email? Ask them to verify their name and office number. *Sensitive Compartmented Information Which must be approved and signed by a cognizant Original Classification Authority (OCA)? **Physical Security What is a good practice for physical security? What should you do? Contents hide. (Malicious Code) What is a good practice to protect data on your home wireless systems? Which of the following information is a security risk when posted publicly on your social networking profile? Correct. correct. John submits CUI to his organizations security office to transmit it on his behalf. *Malicious Code Which of the following is NOT a way that malicious code spreads? Spillage because classified data was moved to a lower classification level system without authorization. Learn more about Teams Which of the following is a practice that helps to protect you from identity theft? Which of the following may help to prevent inadvertent spillage? Which of the following personally-owned computer peripherals is permitted for use with Government-furnished equipment? Jozeal. You receive an unexpected email from a friend: "I think you'll like this: (URL)" What action should you take? Refer the vendor to the appropriate personnel. Under what circumstances is it acceptable to check personal email on Government-furnished equipment (GFE)? You receive an email from a company you have an account with. When gases are sold they are usually compressed to high pressures. Which is it appropriate to have your security badge visible within a Sensitive Compartmented Information Facility (SCIF). What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF. When checking in at the airline counter for a business trip, you are asked if you would like to check your laptop bag. Which of the following demonstrates proper protection of mobile devices? **Social Engineering Which may be a security issue with compressed Uniform Resource Locators (URLs)? Ask for information about the website, including the URL. Connect to the Government Virtual Private Network (VPN). What type of social engineering targets senior officials? Set hasDigit to true if the 3-character passCode contains a digit, Critical, Essential, and Support Functions. 1.1 Standard Challenge Answers. For Government-owned devices, use approved and authorized applications only. Store it in a locked desk drawer after working hours. Which of the following statements is TRUE about the use of DoD Public Key Infrastructure (PKI) tokens? The EPAs Controlled Unclassified Information (CUI) Program issued its Interim CUI Policy in December 2020. What are some potential insider threat indicators? **Website Use How should you respond to the theft of your identity? New answers. Information should be secured in a cabinet or container while not in use. What should you do? How can you avoid downloading malicious code? **Insider Threat Which of the following is NOT considered a potential insider threat indicator? Always use DoD PKI tokens within their designated classification level. How many potential insider threat indicators does this employee display? New interest in learning another language? Search (Home computer) Which of the following is best practice for securing your home computer? Aggregating it does not affect its sensitivyty level. How many potential insiders threat indicators does this employee display? Immediately notify your security point of contact. Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed. When unclassified data is aggregated, its classification level may rise. Store classified data appropriately in a GSA-approved vault/container when not in use. A coworker removes sensitive information without authorization. A coworker brings a personal electronic device into prohibited areas. not correct What action should you take? However, agency personnel and contractors should first consult their agency's CUI implementing policies and program management for guidance. Updated 8/5/2020 8:06:16 PM. The website requires a credit card for registration. The CUIProgramisan unprecedented initiative to standardize practices across more than 100 separate departments and agencies, as well asstate, local,tribal and, private sector entities; academia; and industry. (Correct)-It does not affect the safety of Government missions.-It never requires classification markings. "Unclassified" or a lack of security marking denotes non-sensitive information. correct. A coworker has left an unknown CD on your desk. Following instructions from verified personnel. What should you do? Which of the following is NOT a correct way to protect sensitive information? Compute The Average Kids Per Family. You must have permission from your organization. Log in for more information. Select the information on the data sheet that is personally identifiable information (PII). **Classified Data Which of the following is true of telework? **Classified Data Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization? Access requires a formal need-to-know determination issued by the Director of National Intelligence.? Refer the reporter to your organizations public affairs office. Write your password down on a device that only you access. Try this test to determine if it's considered unclassified, classified or protected, and check out tips on what to do and what not to do when working with sensitive information. Before long she has also purchased shoes from several other websites. A type of phishing targeted at high-level personnel such as senior officials. **Mobile Devices What can help to protect the data on your personal mobile device? (Physical Security) which Cyberspace Protection Condition (CPCON) establishes a protection priority focus on critical and essential functions only? Which of the following is true of traveling overseas with a mobile phone. Coworker making consistent statements indicative of hostility or anger toward the United States and its policies. Which is a risk associated with removable media? Upon connecting your Government-issued laptop to a public wireless connection, what should you immediately do? *Spillage .What should you do if a reporter asks you about potentially classified information on the web? Which Of The Following Statements About Adding Social Networks To Hootsuite Is False? Linda encrypts all of the sensitive data on her government issued mobile devices. Which of the following demonstrates proper protection of mobile devices? See the discussed example before.