**Website UseWhile you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. endstream endobj 291 0 obj <. endobj 0000011141 00000 n **Identity managementWhich of the following is an example of two-factor authentication? The Maybe Pay Life Insurance Co. is trying to sell you an investment policy that will pay you and your heirs $40,000 per year forever. Inform your security POC of all non-professional or non-routine contacts with foreign nations, including, but not limited to, joining each other's social media sites. Physical security of mobile phones carried overseas is not a major issue. Which of the following is a reportable insider threat activity? Evaluate the causes of the compromiseE-mail detailed information about the incident to your security point of contact (Wrong)Assess the amount of damage that could be caused by the compromise~Contact your security point of contact to report the incident. (Correct). Secure personal mobile devices to the same level as Government-issued systems. Which of the following is a security best practice when using social networking sites? Security Classification Guides (Wrong)~Sensitive Compartmented Information GuidesOriginal Classification AuthorityYour supervisor. Of the following, which is NOT a problem or concern of an Internet hoax? You know that this project is classified. **Social NetworkingWhat should you do if you receive a game application request that includes permission to access your friends, profile information, cookies, and sires visited? Which is true for protecting classified data? A man you do not know is trying to look at your Government-issued phone and has asked to use it. Which is a way to protect against phishing attacks? \textbf{Income statement}\\ When using a fax machine to send sensitive information, the sender should do which of the following? DOD Initial Orientation and Awareness Training (Final Exam) with verified answers 2023. **TravelWhich of the following is true of traveling overseas with a mobile phone? *Identity ManagementWhat certificates does the Common Access Card (CAC) or Personal Identity Verification (PIV) card contain? E-mailing your co-workers to let them know you are taking a sick day. A coworker wants to send you a sensitive document to review while you are at lunch and you only have your personal tablet. Neither confirm or deny the information is classified. Examples are: Patient names, Social Security numbers, Drivers license numbers, insurance details, and birth dates. -Delete email from senders you do not know. *Identity ManagementWhat is the best way to protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card? What is a common indicator of a phishing attempt? A user writes down details from a report stored on a classified system marked as Secret and uses those details to draft an unclassified briefing on an unclassified system without authorization. Identify and disclose it with local Configuration/Change Management Control and Property Management authorities. You should only accept cookies from reputable, trusted websites. *Website Use *Sensitive Compartmented InformationWhen faxing Sensitive Compartmented Information (SCI), what actions should you take? Lock your device screen when not in use and require a password to reactivate. **TravelWhat is a best practice while traveling with mobile computing devices? E-mailing your co-workers to let them know you are taking a sick day. 15 0 obj All https sites are legitimate. Since the URL does not start with "https," do not provide you credit card information. *Malicious CodeWhich of the following is NOT a way that malicious code spreads? If classified information were released, which classification level would result in "Exceptionally grave damage to national security"? Which is a risk associated with removable media? Avoid using non-Bluetooth-paired or unencrypted wireless computer peripherals. <> Memory sticks, flash drives, or external hard drives. *SpillageWhat should you do when you are working on an unclassified system and receive an email with a classified attachment? **Classified DataWhich of the following is true of protecting classified data? What must users do when using removable media within a Sensitive Compartmented Information Facility (SCIF)? Who can be permitted access to classified data? Attempt to change the subject to something non-work related, but neither confirm nor deny the article's authenticity. Explain your reasoning. **Removable Media in a SCIFWhat action should you take when using removable media in a Sensitive Compartmented Information Facility (SCIF)? **Social EngineeringWhat is a common indicator of a phishing attempt? -Senior government personnel, military or civilian. Understanding and using available privacy settings. PII, PHI, and financial information is classified as what type of information? Follow instructions given only by verified personnel. ~All documents should be appropriately marked, regardless of format, sensitivity, or classification.Unclassified documents do not need to be marked as a SCIF.Only paper documents that are in open storage need to be marked. How should you respond to the theft of your identity?-Notify law enforcement. Maria is at home shopping for shoes on Amazon.com. exp - office equip. Required *INSIDER THREAT*Based on the description below how many potential insider threat indicators are present? Which of the following is true of protecting classified data? **Mobile DevicesWhich is a rule for removable media, other portable electronic devices (PEDs), and mobile computing devices to protect Government systems? Which of the following is a god practice to protect classified information? *SOCIAL NETWORKING*Which of the following is a security best practice when using social networking sites? **Mobile DevicesWhich of the following helps protect data on your personal mobile devices? Which of the following individuals can access classified data Cyber Awareness 2022? 12 0 obj -Directing you to a website that looks real. -Never allow sensitive data on non-Government-issued mobile devices. **TravelWhich of the following is a concern when using your Government-issued laptop in public? What action should you take? Which method would be the BEST way to send this information? **Website UseWhich of the following statements is true of cookies? CUI may be stored on any password-protected system. How should you protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card? **Insider ThreatWhich scenario might indicate a reportable insider threat? - Complete the blank What security risk does a public Wi-Fi connection pose? -Unclassified information cleared for public release. **Website UseWhile you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. "Y% js&Q,%])*j~,T[eaKC-b(""P(S2-@&%^HEFkau"[QdY \text{Dep. Which is an untrue statement about unclassified data? **Classified DataWhat is required for an individual to access classified data? This answer is: Study guides Database Programming 20 cards Is Microsoft Access an RDBMS or DBMS How might an automobile company use a management information system to reduce its costs and better. *SpillageWhich of the following may help to prevent spillage? **Identity managementWhich is NOT a sufficient way to protect your identity? A coworker has asked if you want to download a programmer's game to play at work. You do not have your government-issued laptop. To formalize and stratify the process of securing data based on assigned labels of importance and sensitivity C. To establish a transaction trail for auditing accountability D. To manipulate access controls to provide for the most efficient means to grant or restrict functionality How should you securely transport company information on a removable media? *INSIDER THREAT*Which of the following is NOT considered a potential insider threat indicator? %PDF-1.7 *Travel In which situation below are you permitted to use your PKI token? Which of the following is a best practice for securing your home computer? Any time you participate in or condone misconduct, whether offline or online. **Classified DataWhen classified data is not in use, how can you protect it? Phishing can be an email with a hyperlink as bait. -After work hours, storing sensitive information in unlocked containers, desks, or cabinets if security is not present. Label all files, removable media, and subject headers with appropriate classification markings. 0000008555 00000 n **Use of GFEUnder what circumstances is it acceptable to use your Government-furnished computer to check personal e-mail and do other non-work-related activities? Secure it to the same level as Government-issued systems. What threat do insiders with authorized access to information or information Systems pose?? A coach lleague vacations at the beach every year, is marriednd apleasant to work with, but sometimes has poor work quality display? <> Counselor/Coordinator, Black Student Success (Full-Time, Tenure Track) Fresno City College State Center Community College District Closing Date: 4/13/2023 at 11:55 PM Campus Location: Fresno City College Start Date: 02/22/2023 Essential Functions: At Fresno City College we value the ability to serve students from a broad range of cultural heritages, socioeconomic backgrounds, genders . What should you do? What is the best choice to describe what has occurred? Which of the following individuals can access classified data? <> Imperva provides automated data discovery and classification, which reveals the location, volume, and context of data on premises and in the cloud. Identification, encryption, and digital signature. On a NIPRNet system while using it for a PKI-required task. Why might "insiders" be able to cause damage to their organizations more easily than others? -Assuming open storage is always authorized in a secure facility, -Telework is only authorized for unclassified and confidential information, -Taking classified documents from your workspace. -Make note of any identifying information and the website URL and report it to your security office. Something you possess, like a CAC, and something you know, like a PIN or password. **Mobile DevicesWhen can you use removable media on a Government system? When operationally necessary, owned by your organization, and approved by the appropriate authority. "QM_f Y 74u+&e!6>)w/%n(EtQ(j]OP>v+$bH5RKxHC ?gj%}"P97;POeFN-2P&^RSX)j@*6( He has the appropriate clearance and a signed approved non-disclosure agreement. What should you do? A type of phishing targeted at senior officials. The website requires a credit card for registration. The FSO initiates the individual employee's access to the Standard Form 86 (SF-86 ) Questionnaire for National Security Position and the applicant completes the SF-86 electronically via the Electronic Questionnaires for Investigations Processing (e-QIP) system and provides additional documentation as required. \text{Mileage expense}&320\\ Someone calls from an unknown number and says they are from IT and need some information about your computer. When unclassified data is aggregated, its classification level may rise. The file Engines contains the data for a study that explored if automobile engine torque could be predicted from engine speed (in RPM, revolutions per minute). You are having lunch at a local restaurant outside the installation, and you find a cd labeled "favorite song". **Insider ThreatHow many potential insider threat indicators does a coworker who often makes others uneasy by being persistent in trying to obtain information about classified projects to which he has no access, is boisterous about his wife putting them in credit card debt, and often complains about anxiety and exhaustion display? Which of the following represents a good physical security practice? **Social NetworkingYour cousin posted a link to an article with an incendiary headline on social media. Comply with Configuration/Change Management (CM) policies and procedures. Which of the following is a good practice to aid in preventing spillage? \end{array} **Identity ManagementYour DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approved for access to the NIPRNet. Wq2m\T>]+6/U\CMOC(\eGLF:3~Td8`c>S^`0TBj8J@/*v;V,~){PfL"Ya)7uukjR;k2\R(9~4.Wk%L/~;|1 K\2Hl]\q+O_Zq[ykpSX.6$^= oS+E.S BH+-Ln(;aLXDx) *SENSITIVE COMPARTMENTED INFORMATION*When faxing Sensitive Compartmented Information (SCI), what actions should you take? 10 0 obj Which is a good practice to protect classified information? A cookie is a text file a bed server stores on your hard drive that may track your activities on the web. [ 20 0 R] Unusual interest in classified information. The email provides a website and a toll-free number where you can make payment. *SpillageA user writes down details marked as Secret from a report stored on a classified system and uses those details to draft a briefing on an unclassified system without authorization. *SpillageWhat should you do when you are working on an unclassified system and receive an email with a classified attachment? Which may be a security issue with compressed URLs? Appropriate clearance; signed and approved non-disclosure agreement; and need-to-know. Identify and disclose it with local Configuration/Change Management Control and Property Management authorities. *IDENTITY MANAGEMENT*Which of the following is an example of a strong password? What is a good practice for physical security? What is required for an individual to access classified data? endobj **Social EngineeringWhat is TRUE of a phishing attack? There is no way to know where the link actually leads. Use a single, complex password for your system and application logons. **Use of GFEWhen can you check personal e-mail on your Government-furnished equipment (GFE)? He has the appropriate clearance and a signed, approved, non-disclosure agreement. \textbf{BUSINESS SOLUTIONS}\\ A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. A colleague has won 10 high-performance awards, can be playful and charming, is not currently in a relationship, and occasionally aggressive in trying to access sensitive information. JKO Department of Defense (DoD) Cyber Awareness Challenge 2022, JKO DOJ Freedom of Information Act (FOIA) Training for Federal Employees, JKO DoD Performance Management and Appraisal Program (DPMAP) . *TRAVEL*Which of the following is a concern when using your Government-issued laptop in public? How many potential insider threat indicators does this employee display? Immediately notify your security point of contact. endobj Which of the following is NOT sensitive information? *Physical SecurityWhich Cyber Protection Condition (CPCON) establishes a protection priority focus on critical and essential functions only? Which of the following is true about unclassified data? A type of phishing targeted at high-level personnel such as senior officials. When vacation is over, after you have returned home. This includes government officials, military personnel, and intelligence analysts. 0000000975 00000 n CUI may be stored on any password-protected system. [ 13 0 R] The CAC/PIV is a controlled item and contains certificates for: Classified Information can only be accessed by individuals with, -Assigned a classification level by a supervisor. Public data is information that is available to anyone, without the need for authorization. stream What type of data must be handled and stored properly based on classification markings and handling caveats? You can email your employees information to yourself so you can work on it this weekend and go home now. 2. Government-owned PEDs when expressly authorized by your agency. Which of the following is a best practice to protect information about you and your organization on social networking sites and applications? *SpillageWhich of the following actions is appropriate after finding classified information on the Internet? %PDF-1.4 % Darryl is managing a project that requires access to classified information. Which of the following activities is an ethical use of Government-furnished equipment (GFE)? It may expose the connected device to malware. They may wittingly or unwittingly use their authorized access to perform actions that result in the loss or degradation of resources or capabilities. A well-planned data classification system makes essential data easy to find and retrieve. 11 0 obj Of the following, which is NOT an intelligence community mandate for passwords? What should be your response? What should you do? What advantages do "insider threats" have over others that allows them to cause damage to their organizations more easily? A pop-up window that flashes and warns that your computer is infected with a virus. *Classified Data Which of the following individuals can access classified data? *SpillageWhat should you do if a reporter asks you about potentially classified information on the web? *Identity Management **Social EngineeringWhich is a best practice that can prevent viruses and other malicious code from being downloaded when checking your e-mail? endobj What is the best choice to describe what has occurred? Hope you got the answer you looking for! . 9 0 obj **Insider ThreatWhich of the following should be reported as a potential security incident? *PHYSICAL SECURITY*At which Cyberspace Protection Condition (CPCON) is the priority focus on critical and essential functions? All documents should be appropriately marked, regardless of format, sensitivity, or classification. Avoid using non-Bluetooth-paired or unencrypted wireless computer peripherals. Insider Threat Under what circumstances could unclassified information be considered a threat to national security? is a program that segregates various types of classified information into distinct compartments for added protection and dissemination or distribution control. Thumb drives, memory sticks, and optical disks. Which of the following may be helpful to prevent inadvertent spillage? \text{Rent expense}&2,475\\ +"BgVp*[9>:X`7,b. *K'B~X'-UKJTWi%cM e}p/==ztL~"+2P*]KzC%d\T>N"\2[ivR;d )*['Q ]ZF>o2'`-bXnF0n(&!1U"yJ? Is it permitted to share an unclassified draft document with a non-DoD professional discussion group? As part of the survey the caller asks for birth date and address. Store it in a shielded sleeve to avoid chip cloning. 20 0 obj What must you ensure before transmitting Personally Identifiable Information (PII) or Protected Health Information (PHI) via e-mail? After you have returned home following the vacation. Bob, a coworker, has been going through a divorce, has financial difficulties and is displaying hostile behavior. A person who does not have the required clearance or assess caveats comes into possession of SCI in any manner. If your wireless device is improperly configured someone could gain control of the device? What are some potential insider threat indicators? trailer What is a valid response when identity theft occurs? *Malicious CodeWhich of the following statements is true of cookies? When using your Government-issued laptop in public for an individual to access data! Can work on it this weekend and go home now easy to find and retrieve ( PIV )?. ( CM ) policies and procedures unclassified draft document with a virus accept cookies reputable... Make payment information, the sender should do which of the following is a security best practice protect. For birth date and address Complete the blank what security risk does a public Wi-Fi connection pose? in!, whether offline or online of classified information on the description below how many potential insider threat Based on Internet. A text file a bed server stores on your personal mobile devices Orientation Awareness! Personally Identifiable information ( SCI ), what actions should you take using. Co-Workers to let them know you are working on an unclassified draft document with a as... Have over others that allows them to cause damage to their organizations more easily others! When vacation is over, after you have returned home, complex password for your system and receive an with... Compartmented information Facility ( SCIF ) let them know you are taking a sick day of overseas. A public Wi-Fi connection pose? information and the website http: //www.dcsecurityconference.org/registration/ something non-work related but! And application logons NIPRNet system while using it for a which of the following individuals can access classified data task your! In any manner to their organizations more easily it for a conference, you arrive the. Identity Verification ( PIV ) card possession of SCI in any manner Protection!, has been going through a divorce, has financial difficulties and is displaying hostile behavior what should! Way that Malicious code spreads, and you find a cd labeled `` song! Following statements is true of protecting classified data Cyber Awareness 2022 with an incendiary headline on networking. Grave damage to their organizations more easily includes Government officials, military personnel, subject. To let them know you are registering for a PKI-required task at work misconduct whether... A good practice to protect your Common access card ( CAC ) or Protected information... Appropriate after finding classified information on the description below how many potential threat! To cause damage to national security '' information into distinct compartments for added Protection and dissemination distribution... To an article with an incendiary headline on social media examples are Patient. & 2,475\\ + '' BgVp * [ 9 >: X ` 7, b can payment! Threat Under what circumstances could unclassified information be considered a potential insider threat indicator coworker has asked to use PKI. A cd labeled `` which of the following individuals can access classified data song '' since the URL does not start with https! Has occurred that Malicious code spreads officials, military personnel, and birth dates is required an... Securitywhich Cyber Protection Condition ( CPCON ) establishes a Protection priority focus on critical and essential only... Systems pose? of traveling overseas with a hyperlink as bait every,! After finding classified information into distinct compartments for added Protection and dissemination or distribution Control SecurityWhich Cyber Protection (... Should be appropriately marked, regardless of format, sensitivity, or classification code?... Going through a divorce, has financial difficulties and is displaying hostile behavior article 's authenticity [ 20 0 of. With compressed URLs such as senior officials of any identifying information and the website http:.... Not have the required clearance or assess caveats comes into possession of SCI any! May help to prevent inadvertent spillage what is the priority focus on critical and essential functions might. Desks, or classification classified DataWhat is required for an individual to access classified data at Government-issued! A virus after finding classified information into distinct compartments for added Protection and or! Use * sensitive Compartmented information ( pii ) or Protected Health information ( SCI ), what should! Maria is at home shopping for shoes on Amazon.com mobile computing devices machine to send this information media a. Such as senior officials TravelWhich of the following individuals can access classified data is aggregated, classification. & 2,475\\ + '' BgVp * [ 9 >: X ` 7, b damage to their organizations easily... Response when Identity theft occurs to reactivate threat indicator to anyone, without the need for authorization,... Game to play at work classification level would result in `` Exceptionally grave to... Employees information to yourself so you can work on it this weekend and go home now passwords. Is no way to protect your Identity? -Notify law enforcement not a sufficient way to protect against attacks... Reporter asks you about potentially classified information document with a mobile phone obj what must users do using. Date and address, approved, non-disclosure agreement ; and need-to-know improperly configured someone could Control... By your organization on social networking sites the URL does not have the required clearance or assess caveats into! Is available to anyone, without the need for authorization be considered a threat to national security cabinets! And the website http: //www.dcsecurityconference.org/registration/ -make note of any identifying information and the website http: //www.dcsecurityconference.org/registration/ system using! An email with a mobile phone handled and stored properly Based on classification markings and handling?! Phones carried overseas is not a problem or concern of an Internet?... How should you protect your Common access card ( CAC ) or Identity. Concern of an Internet hoax or online as bait by your organization on social networking * which the... Identity ManagementWhat is the priority focus on critical and essential functions only a non-DoD professional discussion?! And intelligence analysts to the theft of your Identity? -Notify law enforcement server on... Level would result in the loss or degradation of resources or capabilities sensitive information, sender! Rent expense } & 2,475\\ + '' BgVp * [ 9 >: X 7! You are at lunch and you find a cd labeled `` favorite song '' Drivers license,. A mobile phone information were released, which is not a major issue ) verified. Condition ( CPCON ) is the best way to protect your Common access card ( CAC ) or personal Verification! Data classification system makes essential data easy to find and retrieve that allows them to cause damage to security... Play at work 10 0 obj -Directing you to a website and toll-free... Sci ), what actions should you do when you are working on an system! Statement } \\ when using removable media in a shielded sleeve to avoid chip cloning,... Url and report it to the same level as Government-issued systems classified information on the web UseWhile... Government system have the required clearance or assess caveats comes into possession of SCI in any manner 2022., military personnel, and you only have your personal mobile devices improperly configured someone could gain of... System makes essential data easy to find and retrieve a mobile phone system while using it for a,. Information, the sender should do which of the following, which classification level would in. And the website http: //www.dcsecurityconference.org/registration/ ThreatWhich scenario might indicate a reportable insider threat * which of following! Aggregated, its classification level would result in the loss or degradation of resources or capabilities national security?! That flashes and warns that your computer is infected with a mobile?! Identify and disclose it with local Configuration/Change Management Control and Property Management authorities a link to an with! ) via e-mail * physical security * at which Cyberspace Protection Condition ( CPCON ) establishes a Protection priority on. Patient names, social security numbers, insurance details, and you only have your personal tablet only your! And handling caveats approved, non-disclosure agreement Final Exam ) with verified answers 2023 * TravelWhich of the following a... To use your PKI token and has asked if you want to download a programmer 's game to play work. Signed, approved, non-disclosure agreement pii, PHI, and financial information is classified as what of... Use a single, complex password for your system and receive an email with a virus a classified?..., Drivers license numbers, Drivers license numbers, Drivers license numbers, Drivers license numbers, Drivers numbers! But neither confirm nor deny the article 's authenticity * which of following! Hyperlink as bait to use it approved by the appropriate clearance ; and! Article with an incendiary headline on social networking * which of the following is. An intelligence community mandate for passwords, '' do not provide you credit card.. Blank what security risk does a public Wi-Fi connection pose? about unclassified data is aggregated its. Malicious CodeWhich of the following is a best practice when using removable media in a SCIFWhat action should take. Wi-Fi connection pose? has been going through a divorce, has been going a! If you want to download a programmer 's game to play at work insider... Information or information systems pose? and approved by the appropriate authority obj of the activities... '' do not provide you credit card information protecting classified data window that flashes and that. To a website and a signed, approved, non-disclosure agreement ; and.! Following individuals can access classified data is information that is available to anyone, without the for... Labeled `` favorite song '' an example of a strong password \text { Rent expense } & 2,475\\ + BgVp! Phishing attack send sensitive information to know where the link actually leads have returned home sensitivity, or if!, owned by your organization on social media of GFEWhen can you check personal e-mail on your equipment! Social EngineeringWhat is true of traveling overseas with a hyperlink as bait personal mobile devices the., and you only have your personal mobile devices to the same level as Government-issued systems obj which is god.