Which of the following is an example of a strong password? Only paper documents that are in open storage need to be marked. A Store it in a shielded sleeve to avoid chip cloning. It may expose the connected device to malware. Which of the following is a practice that helps to protect you from identity theft? (Sensitive Information) Which of the following represents a good physical security practice? Never write down the PIN for your CAC. **Social Engineering Which may be a security issue with compressed Uniform Resource Locators (URLs)? How are Trojan horses, worms, and malicious scripts spread? What is the danger of using public Wi-Fi connections? Research the source of the article to evaluate its credibility and reliability. 10-3 X-ray Interaction with Matter, Fundamentals of Engineering Economic Analysis, David Besanko, Mark Shanley, Scott Schaefer. ~All documents should be appropriately marked, regardless of format, sensitivity, or classification. *Sensitive Compartmented Information Which of the following best describes the compromise of Sensitive Compartmented Information (SCI)? Controlled Unclassified Information (CUI) is information that requires safeguarding or dissemination controls pursuant to and consistent with applicable law, regulations, and government-wide policies but is not classified under Executive Order 13526 or the Atomic Energy Act, as amended. Which of the following is NOT a requirement for telework? Proactively identify potential threats and formulate holistic mitigation responses. Which of the following is true about unclassified data? They broadly describe the overall classification of a program or system. (controlled unclassified information) Which of the following is NOT an example of CUI? Definition 1 / 24 -It must be released to the public immediately. Paul verifies that the information is CUI, includes a CUI marking in the subject header, and digitally signs an e-mail containing CUI. A type of phishing targeted at high-level personnel such as senior officials. 1.To provide opportunities for individuals and businesses to open checking accounts __________, To write rules and guidelines for financial institutions under its supervision __________, To be the lender of last resort for financial institutions __________, To conduct the nations monetary policy with the goals of maintaining full employment and price stability __________, 5. Which of the following is NOT a social engineering tip? correct. Which of the following is an example of malicious code? -Classified information that should be unclassified and is downgraded. Which of the following is NOT a DoD special requirement for tokens? Never allow sensitive data on non-Government-issued mobile devices. d. giving a spanking or a scolding. Which of the following is NOT a best practice to protect data on your mobile computing device? Let us have a look at your work and suggest how to improve it! It does not require markings or distribution controls. Someone calls from an unknown number and says they are from IT and need some information about your computer. a. putting a child in time-out In which situation below are you permitted to use your PKI token? **Insider Threat What type of activity or behavior should be reported as a potential insider threat? You receive an inquiry from a reporter about government information not cleared for public release. Like the number of people in a class, the number of fingers on your hands, or the number of children someone has. All https sites are legitimate. You find information that you know to be classified on the Internet. What should be done to protect against insider threats? Note the websites URL and report the situation to your security point of contact. How many potential insider threat indicators does this employee display? Proactively identify potential threats and formulate holistic mitigation responses. Ensure there are no identifiable landmarks visible in any photos taken in a work setting that you post. not correct. It never requires classification markings, is true about unclassified data. Classified material must be appropriately marked. What should you do? Which of the following is a security best practice for protecting Personally Identifiable Information (PII)? (GFE) When can you check personal e-mail on your Government-furnished equipment (GFE)? Use personal information to help create strong passwords. not correct Public service, notably service in the United States Department of Defense or DoD, is a public trust. What should you do? **Identity Management Which of the following is the nest description of two-factor authentication? Ensure proper labeling by appropriately marking all classified material and, when required, sensitive material. Which of the following is a best practice to protect information about you and your organization on social networking sites and applications? If aggregated, the classification of the information may not be changed. For programmatic questions regarding Controlled Unclassified Information (CUI), including any challenges to CUI marked by EPA, pleasecontact EPA's CUI Program Office. The National Archives and Records Administration (NARA) serves as the Controlled Unclassified Information (CUI) Executive Agent (EA). Refer the vendor to the appropriate personnel. **Identity management Which is NOT a sufficient way to protect your identity? How can you avoid downloading malicious code? Sensitive information. Based on the description that follows, how many potential insider threat indicator(s) are displayed? Which is NOT a method of protecting classified data? The CUIProgramisan unprecedented initiative to standardize practices across more than 100 separate departments and agencies, as well asstate, local,tribal and, private sector entities; academia; and industry. Which of the following is true of sharing information in a Sensitive Compartmented Information Facility (SCIF)? You receive an unexpected email from a friend: "I think you'll like this: (URL)" What action should you take? Which of the following definitions is true about disclosure of confidential information? You are reviewing your employees annual self evaluation. It should only be in a system while actively using it for a PKI-required task. Question. Ive tried all the answers and it still tells me off. Always take your CAC when you leave your workstation. What is the best choice to describe what has occurred? Where. Attempt to change the subject to something non-work related, but neither confirm nor deny the articles authenticity. Q&A for work. Examples are: Patient names, Social Security numbers, Drivers license numbers, insurance details, and birth dates. Thats the only way we can improve. *Sensitive Compartmented Information Which must be approved and signed by a cognizant Original Classification Authority (OCA)? Directing you to a website that looks real. When expanded it provides a list of search options that will switch the search inputs to match the current selection. Before long she has also purchased shoes from several other websites. Which of the following is a good practice for telework? Which of the following is an example of Protected Health Information (PHI)? CPCON 4 (Low: All Functions) Prudence faxes CUI using an Unclassified cover sheet via a Secret fax machine. Which of the following is a proper way to secure your CAC/PIV? Which of the following does not constitute spillage. Which may be a security issue with compressed urls? Your password and a code you receive via text message. Only paper documents that are in open storage need to be marked. **Classified Data How should you protect a printed classified document when it is not in use? This lets the service person know when the tank is "full." correct. Which of the following is true of Controlled Unclassified information (CUI)? What should be done if you find classified Government Data/Information Not Cleared for Public Release on the Internet? You should remove and take your CAC/PIV card whenever you leave your workstation. How Do I Answer The CISSP Exam Questions? correct. **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? **Identity management Which of the following is NOT a best practice to preserve the authenticity of your identity? To determine premiums for automobile insurance, companies must have an understanding of the variables that affect whether a driver will have an accident. 1).Compared with CK, straw addition treatments (S and SG) significantly (P < 0.01) increased the emission rate and cumulative emission of CO 2 and the cumulative CO 2 . (Mobile Devices) Which of the following statements is true? Unusual interest in classified information. No. What function do Insider Threat Programs aim to fulfill? Adversaries exploit social networking sites to disseminate fake news Correct. Refer the reporter to your organizations public affairs office. (Malicious Code) While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. Malicious code can do the following except? (Spillage) What is required for an individual to access classified data? There are no choices provides which make it hard to pick the untrue statement about unclassified data. What certificates are contained on the DoD Public Key Infrastructure (PKI) implemented by the Common Access Card (CAC)/Personal Identity Verification (PIV) card? When unclassified data is aggregated, its classification level may rise. **Social Networking When is the safest time to post details of your vacation activities on your social networking profile? Make note of any identifying information and the website URL and report it to your security office. You know this project is classified. Maybe. Which of the following is NOT true of traveling overseas with a mobile phone? The EPAs Controlled Unclassified Information (CUI) Program issued its Interim CUI Policy in December 2020. Her badge is not visible to you. Do not access website links, buttons, or graphics in e-mail. **Social Networking As someone who works with classified information, what should you do if you are contacted by a foreign national seeking information on a research project? Accepting the default privacy settings. *Sensitive Compartmented Information When faxing Sensitive Compartmented Information (SCI), what actions should you take? What should you do? Maintain visual or physical control of the device. Be aware of classification markings and all handling caveats. Controlled Unclassified Information (CUI) is information that requires safeguarding or dissemination controls consistent with applicable laws, regulations, and Government-wide policies, but is not classified under Executive Order 13526 "Classified National Security Informat What are examples of CUI? Remove security badge as you enter a restaurant or retail establishment. what should be your response be? Based on the description that follows how many potential insider threat indicators are displayed? How do you think antihistamines might work? Always check to make sure you are using the correct network for the level of data. In addition to offering an overview of cybersecurity best practices, the challenge also provides awareness of potential and common cyber threats. How can you protect your organization on social networking sites? 1.1.1 Spillage. What should you do if a reporter asks you about potentially classified information on the web? Unclassified is a security classification assigned to official information that does not warrant the assignment of Confidential, Secret, or Top Secret markings but which is not publicly-releasable without authorization. A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complains about the credit card bills that his wife runs up. Information improperly moved from a higher protection level to a lower protection level. Mark SCI documents appropriately and use an approved SCI fax machine. You receive a call on your work phone and youre asked to participate in a phone survey. Correct. What should you do? We thoroughly check each answer to a question to provide you with the most correct answers. Found a mistake? After work hours, storing sensitive information in unlocked containers, desks, or cabinets if security is not present. Under which circumstances may you be subject to criminal, disciplinary, and/or administrative action due to online misconduct? Jozeal. (Insider Threat) Based on the description that follows, how many potential insider threat indicator(s) are displayed? Unauthorized Disclosure of Classified Information and Controlled Unclassified Information . Linda encrypts all of the sensitive data on her government-issued mobile devices. What type of data must be handled and stored properly based on classification markings and handling caveats? Briefly describe what you have learned. Others may be able to view your screen. Insiders are given a level of trust and have authorized access to Government information systems. *Spillage. Which of the following must you do before using an unclassified laptop and peripherals in a collateral classified environment? That trust is bounded by the Oath of Office we took willingly. Contents hide. Use the government email system so you can encrypt the information and open the email on your government issued laptop. Note any identifying information, such as the website's URL, and report the situation to your security POC. Download the information. **Insider Threat Which of the following is NOT considered a potential insider threat indicator? How many potential insiders threat indicators does this employee display? CUI must be handled using safeguarding or dissemination controls. (Malicious Code) Which email attachments are generally SAFE to open? Asked 8/5/2020 6:29:36 PM. Question 1: The business impact analysis (BIA) identifies the resources for which a business continuity plan (BCP) is necessary. **Removable Media in a SCIF What portable electronic devices (PEDs) are allowed in a Sensitive Compartmented Information Facility (SCIF)? The annual Cyber Awareness Challenge is a course that helps authorized users learn how to best avoid and reduce threats and vulnerabilities in an organizations system. What does Personally Identifiable information (PII) include? See the discussed example before. 1 Answer/Comment. What should you do? Information should be secured in a cabinet or container while not in use. DoD Unclassified data: Must be cleared before being released to the public May require applci aton i of Controled l Uncasl sed Iifi nformaton i (CU)I access and distribution controls Must be clearly marked as Unclassified or CUI if included in a classified document or classified storage area Search by Location. 8. Use TinyURLs preview feature to investigate where the link leads. Ask them to verify their name and office number. Badges must be visible and displayed above the waist at all times when in the facility. Request the users full name and phone number. Social Security Number; date and place of birth; mothers maiden name. 1.1 Standard Challenge Answers. Which of the following is true of protecting classified data? A coworker brings a personal electronic device into prohibited areas. Correct. What is a best practice to protect data on your mobile computing device? Let us know if this was helpful. (Insider Threat) A colleague vacations at the beach every year, is married and a father of four, his work quality is sometimes poor, and he is pleasant to work with. What is an individual's Personally Identifiable Information (PII) or Protected Health Information (PHI) considered? Darryl is managing a project that requires access to classified information. What should the participants in this conversation involving SCI do differently? Click the card to flip Flashcards Learn Test Match Created by Jamie_Lancaster Terms in this set (24) Which of these is true of unclassified data? Ensure that the wireless security features are properly configured. What should you do? What information most likely presents a security risk on your personal social networking profile? Keeping a database from being accessed by unauthorized visitors C. Restricting a subject at a lower classification level from accessing data at a higher classification level D. Preventing an . An investment in knowledge pays the best interest.. Transmit classified information via fax machine only Not correct How many insider threat indicators does Alex demonstrate? not correct. **Social Engineering How can you protect yourself from internet hoaxes? Maria is at home shopping for shoes on Amazon.com. Which of the following is NOT an appropriate way to protect against inadvertent spillage? (Identity Management) What certificates are contained on the Common Access Card (CAC)? Which of the following is NOT a typical result from running malicious code? Exceptionally grave damage. Of the following, which is NOT a problem or concern of an Internet hoax? Appropriate clearance; signed and approved non-disclosure agreement; and need-to-know. What type of social engineering targets particular individuals, groups of people, or organizations? Not correct Which of the following is NOT a criterion used to grant an individual access to classified data? As part of the survey the caller asks for birth date and address. THIS IS THE BEST ANSWER . T/F. Updated 8/5/2020 8:06:16 PM. Based on the description that follows, how many potential insider threat indicator(s) are displayed? -Ask them to verify their name and office number Use a common password for all your system and application logons. Correct. Do not forward, read further, or manipulate the file; Do not give out computer or network information, Do not follow instructions from unverified personnel. Which of the following should be done to keep your home computer secure? A program that segregates various type of classified information into distinct compartments for added protection and dissemination for distribution control. PII, PHI, and financial information is classified as what type of information? Connect to the Government Virtual Private Network (VPN).?? Which of the following is true about telework? Log in for more information. **Insider Threat What do insiders with authorized access to information or information systems pose? Dofficult life circumstances, such as death of spouse. Maintain possession of your laptop and other government-furnished equipment (GFE) at all times. Which of the following is not a best practice to preserve the authenticity of your identity? You check your bank statement and see several debits you did not authorize. Which of the following best describes a way to safely transmit Controlled Unclassified Information (CUI)? Lock your device screen when not in use and require a password to reactivate. **Website Use How should you respond to the theft of your identity? Taking classified documents from your workspace. Which of the following is NOT a good way to protect your identity? What is considered ethical use of the Government email system? Since the URL does not start with https, do not provide you credit card information. Which of the following is NOT true concerning a computer labeled SECRET? However, unclassified data. Store it in a GSA approved vault or container. *Spillage A user writes down details marked as Secret from a report stored on a classified system and uses those details to draft a briefing on an unclassified system without authorization. When using your government-issued laptop in public environments, with which of the following should you be concerned? New interest in learning another language, Which of the following is a good practice to protect classified information. **Insider Threat What advantages do insider threats have over others that allows them to cause damage to their organizations more easily? *Spillage What is a proper response if spillage occurs? If classified information were released, which classification level would result in Exceptionally grave damage to national security? Search by Subject Or Level. Ensure proper labeling by appropriately marking all classified material. After you have returned home following the vacation. Which of the following is a best practice to protect information about you and your organization on social networking sites and applications? UNCLASSIFIED - CLASSIFICATION MARKINGS FOR TRAINING PURPOSES ONLY Marking in the Electronic Environment Short Student Guide Center for Development of Security Excellence Page 4 UNCLASSIFIED - CLASSIFICATION MARKINGS FOR TRAINING PURPOSES ONLY IM and Chat Instant messages and chats are brief, text-based message exchanges and conversations. Which of the following is a good practice to protect classified information? You can't have 1.9 children in a family (despite what the census might say ). A colleague asks to leave a report containing protected health information (PHI) on his desk overnight so he can continue working on it the next day. Try this test to determine if it's considered unclassified, classified or protected, and check out tips on what to do and what not to do when working with sensitive information. Understanding and using the available privacy settings. Which of the following is true of Internet of Things (IoT) devices? When unclassified data is aggregated, its classification level may rise. -It never requires classification markings. -It never requires classification markings. Create separate user accounts with strong individual passwords. Report the crime to local law enforcement. correct. Which of the following is NOT a correct way to protect sensitive information? A colleague often makes others uneasy with her persistent efforts to obtain information about classified project where she has no need-to-know, is vocal about her husband overspending on credit cards, and complains about anxiety and exhaustion. Here you can find answers to the DoD Cyber Awareness Challenge. A coworker wants to send you a sensitive document to review while you are at lunch and you only have your personal tablet. P2P (Peer-to-Peer) software can do the following except: Allow attackers physical access to network assets. *Spillage Which of the following may help prevent inadvertent spillage? Of the following, which is NOT a method to protect sensitive information? Law Enforcement Sensitive (LES),and others. Explain. *Spillage Which of the following actions is appropriate after finding classified information on the Internet? Verify the identity of all individuals.??? As a security best practice, what should you do before exiting? CPCON 5 (Very Low: All Functions). A colleague is playful and charming, consistently wins performance awards, and is occasionally aggressive in trying to access classified information. You receive an email from a company you have an account with. They can be part of a distributed denial-of-service (DDoS) attack. **Mobile Devices What can help to protect the data on your personal mobile device? **Social Networking What should you do if you receive a game application request that includes permission to access your friends, profile information, cookies, and sites visited? Of the following, which is NOT a characteristic of a phishing attempt? Linda encrypts all of the sensitive data on her government issued mobile devices. Neither confirm or deny the information is classified. **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? Looking for https in the URL. This bag contains your government-issued laptop. (Spillage) Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization? What are the requirements to be granted access to sensitive compartmented information (SCI)? 5. What should you do? data. asked in Internet by voice (265k points) Question : Which of the following is true about unclassified data? Any time you participate in or condone misconduct, whether offline or online. (Spillage) Which of the following practices may reduce your appeal as a target for adversaries seeking to exploit your insider status? Within a secure area, you see an individual you do not know. (Physical Security) which Cyberspace Protection Condition (CPCON) establishes a protection priority focus on critical and essential functions only? Hostility or anger toward the United States and its policies. What is considered a mobile computing device and therefore shouldnt be plugged in to your Government computer? **Insider Threat Which of the following should be reported as a potential security incident? What should you do? Who can be permitted access to classified data? Memory sticks, flash drives, or external hard drives. Which designation includes Personally Identifiable Information (PII) and Protected Health Information (PHI)? What should you do? Bob, a coworker, has been going through a divorce, has financial difficulties and is displaying hostile behavior. Note That The Integers Should Be Type Cast To Doubles. Ask for information about the website, including the URL. Of the following, which is NOT a security awareness tip? Which of the following is NOT a correct way to protect CUI? A user writes down details from a report stored on a classified system marked as Secret and uses those details to draft an unclassified briefing on an unclassified system without authorization. Store classified data in a locked desk drawer when not in use Maybe What type of activity or behavior should be reported as a potential insider threat? *Spillage Which of the following is a good practice to prevent spillage? Changes to various data systems that store and sometimes share sensitive information outside EPA. **Insider Threat How many potential insider threat indicators does a person who is playful and charming, consistently wins performance awards, but is occasionally aggressive in trying to access sensitive information display? **Removable Media in a SCIF What action should you take when using removable media in a Sensitive Compartmented Information Facility (SCIF)? Use only personal contact information when establishing your personal account. Which of the following is true of traveling overseas with a mobile phone. Don't talk about work outside your workspace unless it is a specifically designated public meeting environment and is controlled by the event planners. ?Access requires Top Secret clearance and indoctrination into SCI program.??? What should you do? New interest in learning another language? -It must be released to the public immediately. *Spillage Which of the following is a good practice to aid in preventing spillage? **Home Computer Security What should you consider when using a wireless keyboard with your home computer? When is it okay to charge a personal mobile device using government-furnished equipment (GFE)? What kind of information could reasonably be expected to cause serious damage to national security in the event of unauthorized disclosure? How should you securely transport company information on a removable media? *Malicious Code Which of the following is NOT a way that malicious code spreads? **Website Use While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. **Classified Data Which of the following is a good practice to protect classified information? Security Classification Guides (SCGs).??? Which Of The Following Is Not A Correct Way To Protect CUI. How can you protect your information when using wireless technology? Dont assume open storage in a secure facility is authorized Maybe. Correct. 870 Summit Park Avenue Auburn Hills, MI 48057. **Identity Management Your DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approved for access to the NIPRNet. Which of the following is true of Security Classification Guides?
Old Dominion Boat Club Annual Dues,
What To Do With Old Mink Stoles,
Florida Quiet Title Action Elements,
Articles W
