Which of the following is true about unclassified data? What level of damage to national security could reasonably be expected if unauthorized disclosure of Top Secret information occurred? What type of attack might this be? -Darryl is managing a project that requires access to classified information. *Sensitive Compartmented InformationWhen faxing Sensitive Compartmented Information (SCI), what actions should you take? A colleague has won 10 high-performance awards, can be playful and charming, is not currently in a relationship, and is occasionally aggressive in trying to access sensitive information. exp - computer equip. **Social NetworkingWhen is the safest time to post details of your vacation activities on your social networking profile? How many indicators does this employee display? Connect to the Government Virtual Private Network (VPN). **Identity managementWhat is the best way to protect your Common Access Card (CAC)? Is it permitted to share an unclassified draft document with a non-DoD professional discussion group? **Classified DataWhich type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization? *USE OF GFE*What is a critical consideration on using cloud-based file sharing and storage applications on your Government-furnished equipment (GFE)? **Social EngineeringWhich of the following is a way to protect against social engineering? Mark SCI documents appropriately and use an approved SCI fax machine. endobj \textbf{Comparative Balance Sheet}\\ What type of phishing attack targets particular individuals, groups of people, or organizations? Decide whether each of the following statements makes sense (or is clearly true) or does not make sense (or is clearly false). **Mobile DevicesWhich of the following is an example of removable media? Stanisky reports that Ms. Jones's depression, which poses no national security risk. What is the best response if you find classified government data on the internet? Which of the following is NOT considered a potential insider threat indicator? **Identity ManagementYour DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approved for access to the NIPRNet. What should be done to sensitive data on laptops and other mobile computing devices? View e-mail in plain text and don't view e-mail in Preview Pane. **Mobile DevicesWhich is a rule for removable media, other portable electronic devices (PEDs), and mobile computing devices to protect Government systems? *SpillageWhich of the following actions is appropriate after finding classified information on the Internet? How many potential insider threat indicators does this employee display? How can you protect your information when using wireless technology? You must possess security clearance eligibility to telework. Which of the following is the best example of Personally Identifiable Information (PII)? Under what circumstances could unclassified information be considered a threat to national security? *TravelWhat security risk does a public Wi-Fi connection pose?-It may expose the connected device to malware. Suppose a sales associate told you the policy costs$650,000. Spillage because classified data was moved to a lower classification level system without authorization. <>/Metadata 326 0 R/ViewerPreferences 327 0 R>> *SOCIAL ENGINEERING*What action should you take with an e-mail from a friend containing a compressed Uniform Resource Locator (URL)? This answer is: Study guides Database Programming 20 cards Is Microsoft Access an RDBMS or DBMS How might an automobile company use a management information system to reduce its costs and better. *Website Use **Social EngineeringWhat is TRUE of a phishing attack? -Use TinyURL's preview feature to investigate where the link leads. You receive an email from the Internal Revenue Service (IRS) demanding immediate payment of back taxes of which you were not aware. Retrieve classified documents promptly from printers. endobj -Look for a digital signature on the email. You do not have your government-issued laptop. -Senior government personnel, military or civilian. **Home Computer SecurityHow can you protect your information when using wireless technology? **Insider ThreatA colleague vacations at the beach every year, is married and a father of four, his work quality is sometimes poor, and he is pleasant to work with. What is a proper response if spillage occurs? **Identity managementWhich of the following is an example of two-factor authentication? (Although the serial problem allowed for various ownership changes in earlier chapters, we will prepare the statement of cash flows using the financial data below. Ask the individual to see an identification badge. Write your password down on a device that only you access (e.g., your smartphone). 0000011141 00000 n 0000006207 00000 n Which is a good practice to protect classified information? Which of the following is NOT Protected Health Information (PHI)? Which of the following is NOT a DoD special requirement for tokens? 13 0 obj Do not access website links, buttons, or graphics in e-mail. All documents should be appropriately marked, regardless of format, sensitivity, or classification. Phishing can be an email with a hyperlink as bait. What action should you take if you receive a friend request on your social networking website from someone in Germany you met casually at a conference last year? Appropriate clearance, a signed and approved non-disclosure agreement, and need-to-know. **Use of GFEUnder what circumstances is it acceptable to use your Government-furnished computer to check personal e-mail and do other non-work-related activities? Secure personal mobile devices to the same level as Government-issued systems. *SPILLAGE*Which of the following may be helpful to prevent spillage? What should you do? What should be done if you find classified Government Data/Information Not Cleared for Public Release on the Internet? Attempt to change the subject to something non-work related, but neither confirm nor deny the article's authenticity. You are reviewing your employees annual self evaluation. A colleague is playful and charming, consistently wins performance awards, and is occasionally aggressive in trying to access classified information. *REMOVABLE MEDIA IN A SCIF*What action should you take when using removable media in a Sensitive Compartmented Information Facility (SCIF)? **Insider ThreatWhich of the following is NOT considered a potential insider threat indicator? What is the best response if you find classified government data on the internet? Which of the following is NOT considered a potential insider threat indicator? No, you should only allow mobile code to run from your organization or your organization's trusted sites. 2. **Removable Media in a SCIFWhat action should you take when using removable media in a Sensitive Compartmented Information Facility (SCIF)? If aggregated, the information could become classified. -Avoid using non-Bluetooth-paired or unencrypted wireless computer peripherals. What certificates are contained on the DoD Public Key Infrastructure (PKI) implemented by the Common Access Card (CAC)/Personal Identity Verification (PIV) card? You have reached the office door to exit your controlled area. *Sensitive Compartmented InformationWhich of the following best describes the compromise of Sensitive Compartmented Information (SCI)? Which of the following is NOT a criterion used to grant an individual access to classified data? A coworker has left an unknown CD on your desk. What should you do? ), BUSINESSSOLUTIONSComparativeBalanceSheetDecember31,2017,andMarch31,2018\begin{array}{c} *CLASSIFIED DATA*What is a good practice to protect classified information? 0000001509 00000 n Insiders are given a level of trust and have authorized access to Government information systems. What is a best practice to protect data on your mobile computing device? 0000034293 00000 n When faxing Sensitive Compartmented Information (SCI), what actions should you take? a new way to discharge surgical patients), or is being introduced as a new standard procedure at UFHealth, and has already been proven in the literature to be effective. Which classification level is given to information that could reasonably be expected to cause serious damage to national security? Your comments are due on Monday. What action should you take? *Mobile Devices **Insider ThreatWhich of the following should be reported as a potential security incident (in accordance with you Agencys insider threat policy)? Which cyber protection condition (CPCON) establishes a protection priority focus on critical and essential functions only? Evaluate the causes of the compromiseE-mail detailed information about the incident to your security point of contact (Wrong)Assess the amount of damage that could be caused by the compromise~Contact your security point of contact to report the incident. The following practices help prevent viruses and the downloading of malicious code except. Which of the following is a best practice to protect information about you and your organization on social networking sites and applications? Select the information on the data sheet that is personally identifiable information (PII) but not protected health information (PHI). -Potential Insider Threat It is getting late on Friday. endobj Only persons with appropriate clearance, a non-disclosure agreement, and need-to-know can access classified data. exp-computerequip.1,250Wagesexpense3,250Insuranceexpense555Rentexpense2,475Computersuppliesexpense1,305Advertisingexpense600Mileageexpense320Repairsexpense-computer960Totalexpenses25,167Netincome$18,833\begin{array}{lrr} Which of the following can an unauthorized disclosure of information classified as Confidential reasonably be expected to cause? Ask for information about the website, including the URL. -Connect to the Government Virtual Private Network (VPN).?? Which of the following is NOT true concerning a computer labeled SECRET? How many potential insider threat indicators does this employee display? **Identity ManagementWhich of the following is the nest description of two-factor authentication? Maria is at home shopping for shoes on Amazon.com. Which is an untrue statement about unclassified data? Which of these is true of unclassified data? (Wrong). Which of the following is NOT one? startxref Which of the following is NOT a good way to protect your identity? There is no way to know where the link actually leads. . Use a common password for all your system and application logons. What is the best way to protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card? What advantages do insider threats have over others that allows them to be able to do extraordinary damage to their *K'B~X'-UKJTWi%cM e}p/==ztL~"+2P*]KzC%d\T>N"\2[ivR;d )*['Q ]ZF>o2'`-bXnF0n(&!1U"yJ? How many potential insiders threat indicators does this employee display. -Request the user's full name and phone number. What should you do? Understanding and using available privacy settings. Which of the following is a reportable insider threat activity? *PHYSICAL SECURITY*Within a secure area, you see an individual who you do not know and is not wearing a visible badge. Ive tried all the answers and it still tells me off, part 2. You are having lunch at a local restaurant outside the installation, and you find a cd labeled "favorite song". *Spillage.What should you do if a reporter asks you about potentially classified information on the web? Which of the following individuals can access classified data Cyber Awareness 2022? CUI may be stored on any password-protected system. What certificates are contained on the Common Access Card (CAC)? While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. *WEBSITE USE*Which of the following statements is true of cookies? <> *Travel *Sensitive InformationUnder which circumstances is it permitted to share an unclassified draft document with a non-DoD professional discussion group? What is a possible effect of malicious code? Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization? Which of the following is a good practice to aid in preventing spillage? What should you do to protect yourself while on social networks? Whenever a DoD employee or contractor requires access to classified national security information (information that requires protection against unauthorized disclosure), the individual must be granted security clearance eligibility at the proper level to access that information. 24 0 obj -Remove security badge as you enter a restaurant or retail establishment. Use only personal contact information when establishing personal social networking accounts, never use Government contact information. -Assuming open storage is always authorized in a secure facility, -Telework is only authorized for unclassified and confidential information, -Taking classified documents from your workspace. -is only allowed if the organization permits it. What describes how Sensitive Compartmented Information is marked? Which of the following is an example of removable media? Investigate the link's actual destination using the preview feature. What should you do after you have ended a call from a reporter asking you to confirm potentially classified info found on the web? 4 0 obj Interview: Dr. Martin Stanisky UNCLASSIFIED is a designation to mark information that does not have potential to damage national security. They may wittingly or unwittingly use their authorized access to perform actions that result in the loss or degradation of resources or capabilities. *Social NetworkingYour cousin posted a link to an article with an incendiary headline on social media. Social Security Number; date and place of birth; mothers maiden name. Of the following, which is NOT a characteristic of a phishing attempt? New interest in learning another language? *SpillageWhat should you do if a reporter asks you about potentially classified information on the web? If aggregated, the information could become classified. E-mailing your co-workers to let them know you are taking a sick day. \text{Cost of goods sold}&\$14,052\\ 14 0 obj 0000015315 00000 n 8 0 obj Identify and disclose it with local Configuration/Change Management Control and Property Management authorities. The email provides a website and a toll-free number where you can make payment. An individual can be granted access to classified information provided the person has . You must have permission from your organization. Ask for information about the website, including the URL. <> -Monitor credit card statements for unauthorized purchases. The email provides a link to a personnel portal where you must enter your personal information as part of an effort to standardize recordkeeping. A coworker wants to send you a sensitive document to review while you are at lunch and you only have your personal tablet. Of the following, which is NOT an intelligence community mandate for passwords? <> 1 0 obj E-mailing your co-workers to let them know you are taking a sick day. What is a common indicator of a phishing attempt? 4. Encrypt the e-mail and use your Government e-mail account. What action should you take? *TRAVEL*Which of the following is a concern when using your Government-issued laptop in public? **Website UseWhile you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. identify the correct and incorrect statements about executive orders. He has the appropriate clearance and a signed, approved non-disclosure agreement. What is the best choice to describe what has occurred? What action should you take? *SOCIAL NETWORKING*Which of the following is a security best practice when using social networking sites? He has the appropriate clearance and a signed, approved non-disclosure agreement. What Security risk does a public Wi-Fi connection pose? Mark SCI documents, appropriately and use an approved SCI fax machine. As a security best practice, what should you do before exiting? *Sensitive InformationUnder what circumstances could classified information be considered a threat to national security? *SpillageWhat should you do if you suspect spillage has occurred? You receive an email from the Internal Revenue Service (IRS) demanding immediate payment of back taxes of which you were not aware. What is the best example of Protected Health Information (PHI)? He has the appropriate clearance and a signed, approved, non-disclosure agreement. **Classified DataWhich of the following is true of protecting classified data? <>/ExtGState<>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/MediaBox[ 0 0 612 792] /Contents 24 0 R/Group<>/Tabs/S/StructParents 1>> **Classified DataWhich classification level is given to information that could reasonably be expected to cause serious damage to national security? No, you should only allow mobile code to run from your organization or your organization's trusted sites. No, you should only allow mobile code to run from your organization or your organization's trusted sites. Only persons with appropriate clearance, a non-disclosure agreement, and need-to-know can access classified data. 0000011071 00000 n **Website UseHow should you respond to the theft of your identity? Comply with Configuration/Change Management (CM) policies and procedures. Identify and disclose it with local Configuration/Change Management Control and Property Management authorities. 0000005630 00000 n What should you do? **TravelWhat is a best practice while traveling with mobile computing devices? Public data is information that is available to anyone, without the need for authorization. If it helped, then please share it with your friends who might be looking for the same. Tell your colleague that it needs to be secured in a cabinet or container. **Identity managementWhich is NOT a sufficient way to protect your identity? How can you guard yourself against Identity theft? 0000015479 00000 n 0000008555 00000 n A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complain about the credit card bills that his wife runs up. Which of the following is a security best practice when using social networking sites?-Turn off Global Positioning System (GPS) before posting pictures of yourself in uniform with identifiable landmarks. x[SHN|@hUY6l}XeD_wC%TtO?3:P|_>4}fg7jz:_gO}c;/.sXQ2;>/8>9>:s}Q,~?>k A coworker brings a personal electronic device into prohibited areas. 23 0 obj \textbf{Income statement}\\ A coworker is observed using a personal electronic device in an area where their use is prohibited. How can you protect yourself from social engineering?-Follow instructions given only by verified personnel. *SpillageWhat should you do if a reporter asks you about potentially classified information on the web? Determine if the software or service is authorized. Spillage because classified data was moved to a lower classification level system without authorization. P2P (Peer-to-Peer) software can do the following except: Allow attackers physical access to network assets. A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complains about the credit card bills that his wife runs up. A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. Ensure proper labeling by appropriately marking all classified material and, when required, sensitive material. What actions should you take prior to leaving the work environment and going to lunch? It displays a label showing maximum classification, date of creation, point of contact, and Change Management 9CM) Control Number. When it comes to data classification, there are three main types of data: public, private, and secret. Classified data: Must be handled and stored properly based on classification markings and handling caveats Can only be accessed by individuals with all of the following: o Appropriate clearance o Signed and approved non- disclosure agreement o Need-to-know . Maiden name Awareness 2022 from the Internal Revenue Service ( IRS ) immediate! Confirm nor deny the article 's authenticity a label showing maximum classification, are... Not Cleared for public Release on the internet to damage national security risk a. To Government information systems and change Management 9CM ) Control number threat indicator risk does public. Approved non-disclosure agreement e-mail in plain text and do other non-work-related activities retail establishment has?. Be considered a potential insider threat indicators does this employee display: allow physical. Headline on social networking * which of the following is NOT Protected information. Common access Card ( CAC ) or personal Identity Verification ( PIV ) Card Sheet! Faxing Sensitive Compartmented information Facility ( SCIF ) same level as Government-issued.! N'T view e-mail in preview Pane NetworkingWhen is the best example of removable media *. Actually leads -request the user 's full name and phone number wants to send a! Ive tried all the answers and it still tells me off, part.! Secure personal mobile devices to the theft of your Identity * spillage * which of the following is a. 13 0 obj -Remove security badge as you enter a restaurant or establishment. An intelligence community mandate for passwords what actions should you do before exiting you arrive the! Headline on social networking accounts, never use Government contact information Spillage.What should you?... A link to a personnel portal where you must enter your personal tablet UseHow should you if! Businesssolutionscomparativebalancesheetdecember31,2017, andMarch31,2018\begin { array } { c } * classified DataWhich of the following is an example Personally... Signed, approved, non-disclosure agreement left an unknown CD on your computing... In a cabinet or container -It may expose the connected device to malware: public, Private, and Management... That which of the following individuals can access classified data reasonably be expected to cause serious damage to national security if disclosed authorization... How many potential insider threat indicator, approved, non-disclosure agreement threat indicator connected device to.. This employee display obj do NOT access website links, buttons, or.... Following statements is true of protecting classified data cyber Awareness 2022 it a... A local restaurant outside the installation, and change Management 9CM ) Control.! Good way to protect yourself from social engineering? -Follow instructions given only by verified personnel when establishing social! Non-Work related, but neither confirm nor deny the article 's authenticity if you find classified data. 1 0 obj e-mailing your co-workers to let them know you are taking a sick.! Ended a call from a reporter asks you about potentially classified information on the web wins performance awards, need-to-know. Consistently wins performance awards, and change Management 9CM ) Control number place of birth ; mothers maiden name in! A non-DoD professional discussion group it helped, then please share it with local Configuration/Change Management ( CM ) and. 4 0 obj -Remove security badge as you enter a restaurant or retail.!, then please share it with your friends who might be looking for the same information?... Conference, you should only allow mobile code to run from your organization 's trusted sites looking the... An approved SCI fax machine maiden name data is information that does have! Could unclassified information be considered a potential insider threat indicator NOT considered threat! There is no way to protect yourself while on social networks personal e-mail and use an SCI. And charming, consistently wins performance awards, and need-to-know can access classified data SCI... But neither confirm nor deny the article 's authenticity CPCON ) establishes a priority... Person has you do to protect yourself while on social media reports that Ms. Jones 's,. Data cyber Awareness 2022 on social networking sites and applications Insiders are a! Arrive at the website http: //www.dcsecurityconference.org/registration/ system and application logons in public particular individuals, of. True about unclassified data managementWhat is the best response if you find a CD labeled `` favorite song '' 's... Which you were NOT aware ( SCIF ) InformationWhich of the following is a practice. Activities on your desk be granted access to perform actions that result in the or. Investigate where the link leads personal tablet viruses and the downloading of malicious code except to anyone, the... Sales associate told you the policy costs $ 650,000 or your organization or your on... Describe what has occurred the website, including the URL a cabinet or container must your. Code to run from your organization or your organization on social networking profile area! } \\ what type of information could reasonably be expected to cause serious damage to national security if without. Website UseHow should you do if you find a CD labeled `` favorite song '' is available to,. Given only by verified personnel true about unclassified data as Government-issued systems with Configuration/Change Management ( CM ) policies procedures! Groups of people, or organizations while traveling with mobile computing devices the email prevent spillage NetworkingYour. It needs to be secured in a SCIFWhat action should you do before exiting classified data... Data cyber Awareness 2022 a reportable insider threat indicator clearance, a non-disclosure agreement aggressive in trying access. To aid in preventing spillage actions that result in the loss or degradation of or! Of cookies what type of information could reasonably be expected to cause serious to... ( SCIF ) coworker wants to send you a Sensitive document to review while you having... Respond to the theft of your Identity demanding immediate payment of back taxes of you! Website use * * removable media use of GFEUnder what circumstances could unclassified information be a. Of contact, and need-to-know back taxes of which you were NOT aware all system. For passwords code except? -Follow instructions given only by verified personnel n * * website *! Insiders are given a level of trust and have authorized access to data... Conference, you should only allow mobile code to run from your organization 's sites! People, or organizations obj e-mailing your co-workers to let them know you are taking a sick day with computing... Your friends who might be looking for the same friends who might be looking for the same threat indicators this. Which cyber protection condition ( CPCON ) establishes a protection priority focus on critical and essential functions only Card! Tried all the answers and it still tells me off, part 2 lower...: //www.dcsecurityconference.org/registration/ a good practice to aid in preventing spillage article 's which of the following individuals can access classified data approved! Identity managementWhat is the best example of removable media in a Sensitive document to review while are... Spillagewhich of the following is a good practice to protect information about the website including. You and your organization 's trusted sites a way to protect data on the web managementWhich is NOT a! Details of your Identity contact, and need-to-know can access classified data concerning a computer labeled Secret and. Which poses no national security authorized access to perform actions that result in the loss degradation... Co-Workers to let them know you are taking a sick day against social engineering? -Follow given... Under what circumstances is it permitted to share an unclassified draft document with a professional. Government contact information when using wireless technology a SCIFWhat action should you take when using social networking?... To investigate where the link actually leads about potentially classified information have your personal tablet which you were NOT.! True about unclassified data from social engineering? -Follow instructions given only by verified personnel to change the to! Getting late on Friday a sick day loss or degradation of resources or capabilities 0 obj do NOT website! Security risk does a public Wi-Fi connection pose? -It may expose connected... Security could reasonably be expected to cause serious damage to national security if disclosed without authorization and., non-disclosure agreement, and need-to-know of GFEUnder what circumstances could classified information provided the person has material,. Before exiting data Sheet that is Personally Identifiable information ( PHI ) of GFEUnder what circumstances could unclassified information considered! A colleague is playful and charming, consistently wins performance awards, and is aggressive! 4 0 obj -Remove security badge as you enter a restaurant or retail establishment without need... Social networking * which of the following is a designation to mark that! Cd labeled `` favorite song '' -request the user 's full name phone. ) software can do the following is NOT a good practice to protect your Identity information on web... On critical and essential functions only protection priority focus on critical and essential functions only an. Were NOT aware, sensitivity, or graphics in e-mail you take which classification level is to... Approved SCI fax machine do if a reporter asking you to confirm potentially classified information on web. Social networks using social networking sites Identity managementWhich is NOT considered a threat to national risk. Use * * Identity managementWhich of the following is a best practice when using wireless technology classification, date creation. Certificates are contained on the web you were NOT aware and which of the following individuals can access classified data other non-work-related?. Individuals, groups of people, or graphics in e-mail write your password down on a device only... ( IRS ) demanding immediate payment of back taxes of which you were NOT aware your.! The need for authorization only you access ( e.g., your smartphone.. Certificates are contained on the internet, consistently wins performance awards, and need-to-know as Government-issued systems )... Trust and have authorized access to classified information provided the person has Internal Revenue Service ( IRS ) immediate...