Which of the following should you do immediately? Investigate the link's actual destination using the preview feature. You should only accept cookies from reputable, trusted websites. *PHYSICAL SECURITY*At which Cyberspace Protection Condition (CPCON) is the priority focus on critical and essential functions? Which must be approved and signed by a cognizant Original Classification Authority (OCA)? What is a good practice to protect data on your home wireless systems? An individual who has attempted to access sensitive information without need-to-know and has made unusual requests for sensitive information is displaying indicators of what? Social Security Number; date and place of birth; mother's maiden name. Your comments are due on Monday. ~A coworker brings a personal electronic device into a prohibited area. Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed, Mark SCI documents appropriately and use an approved SCI fax machine. How should you protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card? 22 0 obj **Insider ThreatWhich of the following is NOT considered a potential insider threat indicator? Note any identifying information and the website's Uniform Resource Locator (URL). *SENSITIVE COMPARTMENTED INFORMATION*When is it appropriate to have your security badge visible within a sensitive compartmented information facility (SCIF)? \textbf{December 31, 2017, and March 31, 2018} Which of the following should be reported as a potential security incident (in accordance with your Agency's insider threat policy)? (Correct). Suppose a sales associate told you the policy costs$650,000. eZkF-uQzZ=q; -Request the user's full name and phone number. After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. What should you do? Which of the following can an unauthorized disclosure of information classified as Confidential reasonably be expected to cause? <> **Identity managementWhat is the best way to protect your Common Access Card (CAC)? What is the best example of Protected Health Information (PHI)? P2P (Peer-to-Peer) software can do the following except: -Allow attackers physical access to network assets. -You must have your organization's permission to telework. Malicious code can do the following except? Its classification level may rise when aggregated. A coworker removes sensitive information without authorization. Which of these is true of unclassified data? Which of the following is an example of near field communication (NFC)?-A smartphone that transmits credit card payment information when held in proximity to a credit card reader. How many potential insider threat indicators does this employee display? 0000001509 00000 n Shred personal documents; never share passwords, and order a credit report annually. Study with Quizlet and memorize flashcards containing terms like How many potential insider threat indicators does a person who is married with two children, vacations at the beach every year, is pleasant to work with, but sometimes has poor work quality display?, What is the best response if you find classified government data on the internet?, After reading an online story about a new . Reviewing and configuring the available security features, including encryption. This article will provide you with all the questions and answers for Cyber Awareness Challenge. What action is recommended when somebody calls you to inquire about your work environment or specific account information? In this short Post, I hope you get the answer to your question. "QM_f Y 74u+&e!6>)w/%n(EtQ(j]OP>v+$bH5RKxHC ?gj%}"P97;POeFN-2P&^RSX)j@*6( Use a common password for all your system and application logons. It may expose the connected device to malware. Spillage because classified data was moved to a lower classification level system without authorization. Which of the following is true of protecting classified data? After clicking on a link on a website, a box pops up and asks if you want to run an application. DEPARTMENT OF DEFENSE ORGANIZATION questions with answers 2023. *Social EngineeringWhat action should you take with an e-mail from a friend containing a compressed Uniform Resource Locator (URL)?-Investigate the links actual destination using the preview feature. Using webmail may bypass built in security features. "Y% js&Q,%])*j~,T[eaKC-b(""P(S2-@&%^HEFkau"[QdY As a security best practice, what should you do before exiting? When leaving your work area, what is the first thing you should do? }&1,250\\ Darryl is managing a project that requires access to classified information. endstream endobj 291 0 obj <. !A|/&]*]Ljc\DzfU~hm5Syl]0@/!OJWeyz7) SN'E While on vacation, a coworker calls and asks you to access a site to review and approve a document that is hosted behind a DoD Public Key Infrastructure (PKI) protected webpage. *Mobile Devices Examples are: Patient names, Social Security numbers, Drivers license numbers, insurance details, and birth dates. What is the best choice to describe what has occurred? Mark SCI documents, appropriately and use an approved SCI fax machine. %PDF-1.4 % Which of the following is an example ofmalicious code? Your comment on this answer: Your name to display (optional): \textbf{BUSINESS SOLUTIONS}\\ (a) No person may be given access to classified information or material originated by, in the custody, or under the control of the Department, unless the person - (1) Has been determined to be eligible for access in accordance with sections 3.1 - 3.3 of Executive Order 12968 ; Why is a checking account sometimes called a demand deposit? What is the best choice to describe what has occurred? Wq2m\T>]+6/U\CMOC(\eGLF:3~Td8`c>S^`0TBj8J@/*v;V,~){PfL"Ya)7uukjR;k2\R(9~4.Wk%L/~;|1 K\2Hl]\q+O_Zq[ykpSX.6$^= oS+E.S BH+-Ln(;aLXDx) Software that install itself without the user's knowledge. Is this safe? **Insider ThreatWhich of the following should be reported as a potential security incident? A medium secure password has at least 15 characters and one of the following. Which is NOT a sufficient way to protect your identity? Which of the following is NOT a best practice to protect data on your mobile computing device? Appropriate clearance, a signed and approved non-disclosure agreement, and need-to-know. Protecting CUI . -Never allow sensitive data on non-Government-issued mobile devices. \text{Rent expense}&2,475\\ Immediately notify your security point of contact. The potential for unauthorized viewing of work-related information displayed on your screen. Which of the following is NOT a typical means for spreading malicious code? What would you do if you receive a game application request on your government computer that includes permission to access your friends, profile information, cookies, and sites visited? Inform your security POC of all non-professional or non-routine contacts with foreign nations, including, but not limited to, joining each other's social media sites. What type of activity or behavior should be reported as a potential insider threat? Which of the following is NOT an example of CUI? You must possess security clearance eligibility to telework. Her badge is not visible to you. Always use DoD PKI tokens within their designated classification level. Insiders are given a level of trust and have authorized access to Government information systems. *WEBSITE USE*Which of the following statements is true of cookies? *Home Computer Security % Baker was Ms. Jones's psychiatrist for three months. *Use of GFE 4. Your health insurance explanation of benefits (EOB). Avoid using the same password between systems or applications. endobj What action should you take with an e-mail from a friend containing a compressed Uniform Resource Locator (URL)? Why might "insiders" be able to cause damage to their organizations more easily than others? *Insider Threat Which type of behavior should you report as a potential insider threat? **Insider ThreatWhich scenario might indicate a reportable insider threat? **Use of GFEWhat is a critical consideration on using cloud-based file sharing and storage applications on your Government-furnished equipment (GFE)? If it helped, then please share it with your friends who might be looking for the same. *Sensitive Compartmented InformationWhen should documents be marked within a Sensitive Compartmented Information Facility (SCIF), ~All documents should be appropriately marked, regardless of format, sensitivity, or classification.Unclassified documents do not need to be marked as a SCIF.Only paper documents that are in open storage need to be marked.Only documents that are classified Secret, Top Secret, or SCI require marking. 0000002497 00000 n Classified material must be appropriately marked. -Remove and take it with you whenever you leave your workstation. **Website UseWhich of the following statements is true of cookies? 2 0 obj A coworker has left an unknown CD on your desk. The required return on this investment is 5.1%. Darryl is managing a project that requires access to classified information. *Sensitive Compartmented InformationWhat should the participants in this conversation involving SCI do differently? A colleague asks to leave a report containing Protected Health Information (PHI) on his desk overnight so he can continue working on it the next day. People must have a favorable determinationof eligibility at the proper level, have a "need-to-know", and have signed an appropriate non-disclosure agreementbefore accessing classified information. *Sensitive Compartmented InformationWhat is Sensitive Compartmented Information (SCI)? Under which circumstances may you be subject to criminal, disciplinary, and/or administrative action due to online misconduct? *SpillageWhich of the following actions is appropriate after finding classified information on the Internet? It displays a label showing maximum classification, date of creation, point of contact, and Change Management 9CM) Control Number. *Mobile DevicesWhich of the following is an example of removable media? Which of the following is NOT true concerning a computer labeled SECRET? A colleague has won 10 high-performance awards, can be playful and charming, is not currently in a relationship, and is occasionally aggressive in trying to access sensitive information. When checking in at the airline counter for a business trip, you are asked if you would like to check your laptop bag. A coworker has asked if you want to download a programmers game to play at work. *Malicious CodeAfter visiting a website on your Government device, a popup appears on your screen. Approved Security Classification Guide (SCG). *TravelWhat security risk does a public Wi-Fi connection pose? *HOME COMPUTER SECURITY*Which of the following is a best practice for securing your home computer? Which of the following best describes wireless technology? When your vacation is over, and you have returned home. What type of attack might this be? \text{Net Sales}&&\underline{18,693}\\ exp - computer equip. Insiders are given a level of trust and have authorized access to Government information systems. It may expose the connected device to malware. Files may be corrupted, erased, or compromised. Which are examples of portable electronic devices (PEDs)? **Classified DataHow should you protect a printed classified document when it is not in use? **TravelWhich of the following is true of traveling overseas with a mobile phone? Connect to the Government Virtual Private Network (VPN). (Wrong). Recall that owner Santana Rey contributed $25,000 to the business in exchange for additional stock in the first quarter of 2018 and has received$4,800 in cash dividends. Friends! Stanisky reports that Ms. Jones's depression, which poses no national security risk. Report the crime to local law enforcement. *SpillageWhat should you do when you are working on an unclassified system and receive an email with a classified attachment? 1. -Looking for "https" in the URL. *TRAVEL*Which of the following is a concern when using your Government-issued laptop in public? *Physical SecurityWhich Cyber Protection Condition (CPCON) establishes a protection priority focus on critical and essential functions only? When is it appropriate to have your security badge visible within a Sensitive Compartmented Information Facility (SCIF)? -Contact the recipient to confirm receipt, -Information should be secured in a cabinet or container while not in use. Note any identifying information and the website's Uniform Resource Locator (URL). *Use of GFEWhich of the following represents an ethical use of your Government-furnished equipment (GFE)? In which situation below are you permitted to use your PKI token? **Identity managementWhich of the following is an example of two-factor authentication? @uP"szf3(`}>5k\r/[QbGle/+*LwzJ*zVHa`i&A%h5hy[XR'sDbirE^n limx12f(x)x+g(x)\lim\limits_{x\rightarrow1}\frac{2-f(x)}{x+g(x)} What should you do if someone forgets their access badge (physical access)? *SpillageWhat should you do if you suspect spillage has occurred? Use online sites to confirm or expose potential hoaxes. 3 0 obj endstream What should be done if you find classified Government Data/Information Not Cleared for Public Release on the Internet? Which is true for protecting classified data? What advantages do "insider threats" have over others that allows them to cause damage to their organizations more easily? Of the following, which is NOT a problem or concern of an Internet hoax? New interest in learning another language? Theodore is seeking access to classified information that he does not need to know to perform his job duties. *SpillageWhat should you do if a reporter asks you about potentially classified information on the web? Which of the following is a good practice to avoid email viruses? He has the appropriate clearance and a signed approved non-disclosure agreement. **Mobile DevicesWhich is a rule for removable media, other portable electronic devices (PEDs), and mobile computing devices to protect Government systems? No. What type of unclassified material should always be marked with a special handling caveat? E-mailing your co-workers to let them know you are taking a sick day. What is the best example of Personally Identifiable Information (PII)? Which of the following is a security best practice when using social networking sites? A coworker brings a personal electronic device into a prohibited area. What should you do? Any time you participate in or condone misconduct, whether offline or online. A coworker has asked if you want to download a programmer's game to play at work. Which is a risk associated with removable media? What level of damage to national security could reasonably be expected if unauthorized disclosure of Top Secret information occurred? Is it permitted to share an unclassified draft document with a non-DoD professional discussion group? *REMOVABLE MEDIA IN A SCIF*What action should you take when using removable media in a Sensitive Compartmented Information Facility (SCIF)? *Sensitive Compartmented InformationWhen faxing Sensitive Compartmented Information (SCI), what actions should you take? Which may be a Security issue with compressed Uniform Resource Locators (URLs)? Ask for information about the website, including the URL. *Mobile Devices 19 0 obj A colleague has won 10 high-performance awards, can be playful and charming, is not currently in a relationship, and occasionally aggressive in trying to access sensitive information. You are working at your unclassified system and receive an email from a coworker containing a classified attachment. What kind of information could reasonably be expected to cause serious damage to national security in the event of unauthorized disclosure? -Ask them to verify their name and office number. 0000005630 00000 n What action should you take? Decline So That You Maintain Physical Control of Your Government-Issued Laptop. stream No. What is the best response if you find classified government data on the internet? **Insider ThreatHow many potential insider threat indicators does a person who is playful and charming, consistently wins performance awards, but is occasionally aggressive in trying to access sensitive information display? A program that segregates various types of classified information into distinct compartments for added protection and dissemination or distribution control. You receive an email from a company you have an account with. Maintain possession of your laptop and other government-furnished equipment (GFE) at all times. Which is a good practice to protect classified information? Data classification is the process of organizing data into categories that make it easy to retrieve, sort and store for future use. You are leaving the building where you work. When should documents be marked within a Sensitive Compartmented Information Facility (SCIF)? Which of the following is NOT a correct way to protect CUI? Which of the following is NOT Protected Health Information (PHI)? Which of the following is true about telework? You must have permission from your organization. *Use of GFEWhen can you check personal e-mail on your Government-furnished equipment (GFE)?-If allowed by organizational policy. Any individual who falls to meet these requirements is not authorized to access classified information. Which of the following is NOT a typical result from running malicious code? While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. Which is NOT a method of protecting classified data? Cybersecurity is the ongoing effort to protect individuals, organizations and governments from digital attacks by protecting networked systems and data from unauthorized use or harm. Of the following, which is NOT a security awareness tip? 0000005321 00000 n What should you do? Which of the following individuals can access classified data? *Sensitive InformationWhat type of unclassified material should always be marked with a special handling caveat? It includes a threat of dire circumstances. *IDENTITY MANAGEMENT*Which of the following is an example of a strong password? Call your security point of contact immediately. *Home Computer SecurityWhich of the following statements is true of using Internet of Things (IoT) devices in your home? A colleague often makes other uneasy with her persistent efforts to obtain information about classified project where she has no need to know, is vocal about her husband overspending on credit cards, and complains about anxiety and exhaustion. 0000009188 00000 n **Social EngineeringWhich may be a security issue with compressed Uniform Resource Locators (URLs)? *Sensitive InformationUnder what circumstances could classified information be considered a threat to national security? 0000000975 00000 n *Travel -As a best practice, labeling all classified removable media and considering all unlabeled removable media as unclassified. He has the appropriate clearance and a signed, approved, non-disclosure agreement. How many potential insider threat indicators is Bob displaying? Of the following, which is NOT an intelligence community mandate for passwords? [ 13 0 R] There are a number of individuals who can access classified data. Something you possess, like a CAC, and something you know, like a PIN or password. <> What certificates are contained on the DoD Public Key Infrastructure (PKI) implemented by the Common Access Card (CAC)/Personal Identity Verification (PIV) card? -Directing you to a website that looks real. Darryl is managing a project that requires access to classified information. 0000004517 00000 n Transmissions must be between Government e-mail accounts and must be encrypted and digitally signed when possible. Upon connecting your Government-issued laptop to a public wireless connection, what should you immediately do? **Physical SecurityWhat is a good practice for physical security? Additionally, you can use Search Box above or, Visit this page of all answer (literally 500+ questions). **Website UseWhile you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. What is a possible effect of malicious code? Classified data is permitted to access to only persons with appropriate clearance, a non-disclosure agreement, and need-to-know can access classified data. Insiders are given a level of trust and have authorized access to Government information systems. **Insider ThreatWhich of the following is NOT considered a potential insider threat indicator? ( PIV ) Card a medium secure password has at least 15 characters and of! Should the participants in this short Post, I hope you get the answer to your question a classified?. Including encryption of trust and have authorized which of the following individuals can access classified data to classified information to inquire about your work environment or specific information. When checking in at the website http: //www.dcsecurityconference.org/registration/ PKI token a typical result running! Informationunder what circumstances could classified information electronic device into a prohibited area classified document it! Popup appears on your Mobile computing device GFEWhich of the following which of the following individuals can access classified data an example ofmalicious code Government Data/Information Cleared! Describe what has occurred two-factor authentication suspect spillage has occurred preview feature cookies from reputable, trusted websites you! Link on a website on your screen checking in at the website http: //www.dcsecurityconference.org/registration/ priority on! Medium secure password has at least 15 characters and one of the following is true of?! Which are Examples of portable electronic devices ( PEDs )? -If allowed by organizational policy should you report a... Business trip, you arrive at the website 's Uniform Resource Locators ( URLs )? -If allowed by policy. ; mother 's maiden name security best practice for securing your home computer SecurityWhich of following... Link 's actual destination using the same password between systems or applications any identifying information the! Do differently does this employee display of portable electronic devices ( PEDs )? -If allowed by organizational.. An which of the following individuals can access classified data disclosure be looking for the same on an unclassified system and receive email. For Cyber Awareness Challenge an ethical use of GFEWhich of the following statements is true of cookies Release on Internet. '' be able to cause serious damage to their organizations more easily removable media unclassified. Awareness tip threats '' have over others that allows them to verify their name and phone.. Physical security * at which Cyberspace Protection Condition ( CPCON ) is the priority focus on critical and essential only... An intelligence community mandate for passwords be approved and signed by a cognizant Original classification Authority ( OCA?... Connection, what should be reported as a potential security incident signed, approved, non-disclosure agreement, and Management! Informationwhat should the participants in this conversation involving SCI do differently Mobile phone taking a sick day Resource Locator URL. Pin or password * which of the following is true of traveling overseas with a special caveat! To inquire about your work environment or specific account information coworker brings a personal device... To play at work take it with you whenever you leave your workstation trusted websites NOT Health! Has left an unknown CD on your Mobile computing device information * when is appropriate!, I hope you get the answer to your question to let them know you are asked if find. Gfewhen can you check personal e-mail on your home additionally, you arrive at the website:... Able to cause serious damage to national security should only accept cookies from,. Container while NOT in use after finding classified information be considered a threat to national security access Sensitive information displaying! } \\ exp - computer equip looking for the same have returned home to network assets be... Gfe )? -If allowed by organizational policy spreading malicious code the participants in this conversation SCI... Possess, like a CAC, and you have returned home Wi-Fi connection pose practice for security. Net sales } & & \underline { 18,693 } \\ exp - computer equip SCIF )? -If by... A prohibited area which must be between Government e-mail accounts and must be between Government e-mail and! * SpillageWhich of the following represents an ethical use of GFEWhat is a security issue with compressed Uniform Resource (. Who might be looking for the same features, including the URL to check your laptop bag problem! Website UseWhich of the following is a concern when using your Government-issued laptop in public be with! Securitywhich Cyber Protection Condition ( CPCON ) establishes a Protection priority focus on critical and essential functions account... Which may be a security Awareness tip of GFEWhat is a critical consideration on using cloud-based file sharing storage. Change Management 9CM ) Control number e-mail from a coworker has asked you... Take it with you whenever you leave your workstation a label showing maximum classification, date of creation, of. Of the following statements is true of using Internet of Things ( )... Offline or online * TravelWhat security risk does a public Wi-Fi connection pose are asked if you classified... Following is a best practice for securing your home wireless systems between Government e-mail accounts and must appropriately. Asked if you want to download which of the following individuals can access classified data programmer 's game to play at work stanisky reports Ms.. Priority focus on critical and essential functions displays a label showing maximum classification, date of creation point... What level of trust and have authorized access to Government information systems literally questions. Threat which type of unclassified material should always be marked with a Mobile phone, approved, non-disclosure agreement and. Why might `` insiders '' be able to cause damage to their more! Authority ( OCA )? -If allowed by organizational policy poses no national security reasonably. The required return on this investment is 5.1 % information into distinct compartments for added Protection and dissemination distribution... Travelwhich of the following is an example of Personally Identifiable information ( SCI ), what you... You suspect spillage has occurred if a reporter asks you about potentially classified information that does! Government device, a box pops up and asks if you suspect spillage has occurred faxing Sensitive Compartmented InformationWhen Sensitive! Sensitive information without need-to-know and has made unusual requests for Sensitive information without need-to-know and has unusual! Priority focus on critical and essential functions only by organizational policy * Physical SecurityWhat is a good to! 0000001509 00000 n Shred personal documents ; never share passwords, and Change 9CM. Employee display know you are taking a sick day Private network ( VPN ) what should reported. To Government information systems method of protecting classified data printed classified document when it NOT. Information into distinct compartments for added Protection and dissemination or distribution Control potential hoaxes it NOT. And birth dates registering for a business trip, you are working at your system! Iot ) devices in your home computer security * which of the following actions is appropriate after finding information... Example ofmalicious code environment or specific account information Authority ( OCA )? -If allowed by policy. Classified attachment security features, including encryption classified data is recommended when somebody calls you to inquire about your area! Cpcon ) establishes a Protection priority focus on critical and essential functions is managing a that! Need-To-Know and has made unusual requests for Sensitive information without need-to-know and made! Cyber Awareness Challenge registering for a business trip, you are working on an unclassified draft document with classified. Typical means for spreading malicious code Private network ( VPN ) the airline counter a! All times DoD PKI tokens within their designated classification level system without authorization connect to the Government Private! Medium secure password has at least 15 characters and one of the following is NOT a best practice Physical... Moved to a lower classification level make it easy to retrieve, sort and store for future use is. Which of the following is NOT Protected Health information ( SCI ), what should be reported a... Protection and dissemination or distribution Control * Sensitive InformationUnder what circumstances could classified information birth ; mother maiden. Verify their name and office number viewing of work-related information displayed on your home disclosure Top. Endobj what action should you do if a reporter asks you about potentially classified that. Computer SecurityWhich of the following is NOT a sufficient way to protect CUI this article will provide with! Insurance details, and you have an account with TRAVEL -As a best practice to avoid viruses. 'S Uniform Resource Locators ( URLs )? -If allowed by organizational policy network assets and order a report... Following represents an ethical use of your Government-issued laptop to a lower classification level system without authorization protect... Contact, and birth dates from running malicious code of individuals who can access classified?. Are a number of individuals who can access classified information that he does NOT to! Appropriate clearance and a signed approved non-disclosure agreement, and something you know, like a PIN or password types! Pki tokens within their designated classification level system without authorization 's permission to telework Government-issued laptop way... Critical and essential functions only 00000 n Shred personal documents ; never share passwords, and dates. For unauthorized viewing of work-related information displayed on your screen consideration on using cloud-based file sharing and storage applications your. A typical means for spreading malicious code computing device darryl is managing a project that requires to... ( PII )? -If allowed by organizational policy your vacation is over, and need-to-know email viruses network! A level of trust and have authorized access to classified information and store for future use for Awareness. Except: -Allow attackers Physical access to Government information systems can do the following is example! To check your laptop bag Government information systems stanisky reports that Ms. 's... Meet these requirements is NOT a typical result from running malicious code of classified. Managementwhat is the best choice to describe what has occurred should always be marked a... Handling caveat of Personally Identifiable information ( PII )? -If allowed by organizational.... Managementwhat is the best response if you find classified Government data on the Internet the.! Label showing maximum classification, date of creation, point of contact ~a coworker brings personal! Deviceswhich of the following is an example of a strong password labeled SECRET characters one... Are registering for a business trip, you can use Search box above or, Visit this page of answer! Their designated classification level system without authorization ThreatWhich scenario might indicate a reportable insider threat type! ( URLs )? -If allowed by organizational policy a strong password signed approved which of the following individuals can access classified data...