Which of the following is true about unclassified data? What level of damage to national security could reasonably be expected if unauthorized disclosure of Top Secret information occurred? What type of attack might this be? -Darryl is managing a project that requires access to classified information. *Sensitive Compartmented InformationWhen faxing Sensitive Compartmented Information (SCI), what actions should you take? A colleague has won 10 high-performance awards, can be playful and charming, is not currently in a relationship, and is occasionally aggressive in trying to access sensitive information. exp - computer equip. **Social NetworkingWhen is the safest time to post details of your vacation activities on your social networking profile? How many indicators does this employee display? Connect to the Government Virtual Private Network (VPN). **Identity managementWhat is the best way to protect your Common Access Card (CAC)? Is it permitted to share an unclassified draft document with a non-DoD professional discussion group? **Classified DataWhich type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization? *USE OF GFE*What is a critical consideration on using cloud-based file sharing and storage applications on your Government-furnished equipment (GFE)? **Social EngineeringWhich of the following is a way to protect against social engineering? Mark SCI documents appropriately and use an approved SCI fax machine. endobj \textbf{Comparative Balance Sheet}\\ What type of phishing attack targets particular individuals, groups of people, or organizations? Decide whether each of the following statements makes sense (or is clearly true) or does not make sense (or is clearly false). **Mobile DevicesWhich of the following is an example of removable media? Stanisky reports that Ms. Jones's depression, which poses no national security risk. What is the best response if you find classified government data on the internet? Which of the following is NOT considered a potential insider threat indicator? **Identity ManagementYour DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approved for access to the NIPRNet. What should be done to sensitive data on laptops and other mobile computing devices? View e-mail in plain text and don't view e-mail in Preview Pane. **Mobile DevicesWhich is a rule for removable media, other portable electronic devices (PEDs), and mobile computing devices to protect Government systems? *SpillageWhich of the following actions is appropriate after finding classified information on the Internet? How many potential insider threat indicators does this employee display? How can you protect your information when using wireless technology? You must possess security clearance eligibility to telework. Which of the following is the best example of Personally Identifiable Information (PII)? Under what circumstances could unclassified information be considered a threat to national security? *TravelWhat security risk does a public Wi-Fi connection pose?-It may expose the connected device to malware. Suppose a sales associate told you the policy costs$650,000. Spillage because classified data was moved to a lower classification level system without authorization. <>/Metadata 326 0 R/ViewerPreferences 327 0 R>> *SOCIAL ENGINEERING*What action should you take with an e-mail from a friend containing a compressed Uniform Resource Locator (URL)? This answer is: Study guides Database Programming 20 cards Is Microsoft Access an RDBMS or DBMS How might an automobile company use a management information system to reduce its costs and better. *Website Use **Social EngineeringWhat is TRUE of a phishing attack? -Use TinyURL's preview feature to investigate where the link leads. You receive an email from the Internal Revenue Service (IRS) demanding immediate payment of back taxes of which you were not aware. Retrieve classified documents promptly from printers. endobj -Look for a digital signature on the email. You do not have your government-issued laptop. -Senior government personnel, military or civilian. **Home Computer SecurityHow can you protect your information when using wireless technology? **Insider ThreatA colleague vacations at the beach every year, is married and a father of four, his work quality is sometimes poor, and he is pleasant to work with. What is a proper response if spillage occurs? **Identity managementWhich of the following is an example of two-factor authentication? (Although the serial problem allowed for various ownership changes in earlier chapters, we will prepare the statement of cash flows using the financial data below. Ask the individual to see an identification badge. Write your password down on a device that only you access (e.g., your smartphone). 0000011141 00000 n 0000006207 00000 n Which is a good practice to protect classified information? Which of the following is NOT Protected Health Information (PHI)? Which of the following is NOT a DoD special requirement for tokens? 13 0 obj Do not access website links, buttons, or graphics in e-mail. All documents should be appropriately marked, regardless of format, sensitivity, or classification. Phishing can be an email with a hyperlink as bait. What action should you take if you receive a friend request on your social networking website from someone in Germany you met casually at a conference last year? Appropriate clearance, a signed and approved non-disclosure agreement, and need-to-know. **Use of GFEUnder what circumstances is it acceptable to use your Government-furnished computer to check personal e-mail and do other non-work-related activities? Secure personal mobile devices to the same level as Government-issued systems. *SPILLAGE*Which of the following may be helpful to prevent spillage? What should you do? What should be done if you find classified Government Data/Information Not Cleared for Public Release on the Internet? Attempt to change the subject to something non-work related, but neither confirm nor deny the article's authenticity. You are reviewing your employees annual self evaluation. A colleague is playful and charming, consistently wins performance awards, and is occasionally aggressive in trying to access classified information. *REMOVABLE MEDIA IN A SCIF*What action should you take when using removable media in a Sensitive Compartmented Information Facility (SCIF)? **Insider ThreatWhich of the following is NOT considered a potential insider threat indicator? What is the best response if you find classified government data on the internet? Which of the following is NOT considered a potential insider threat indicator? No, you should only allow mobile code to run from your organization or your organization's trusted sites. 2. **Removable Media in a SCIFWhat action should you take when using removable media in a Sensitive Compartmented Information Facility (SCIF)? If aggregated, the information could become classified. -Avoid using non-Bluetooth-paired or unencrypted wireless computer peripherals. What certificates are contained on the DoD Public Key Infrastructure (PKI) implemented by the Common Access Card (CAC)/Personal Identity Verification (PIV) card? You have reached the office door to exit your controlled area. *Sensitive Compartmented InformationWhich of the following best describes the compromise of Sensitive Compartmented Information (SCI)? Which of the following is NOT a criterion used to grant an individual access to classified data? A coworker has left an unknown CD on your desk. What should you do? ), BUSINESSSOLUTIONSComparativeBalanceSheetDecember31,2017,andMarch31,2018\begin{array}{c} *CLASSIFIED DATA*What is a good practice to protect classified information? 0000001509 00000 n Insiders are given a level of trust and have authorized access to Government information systems. What is a best practice to protect data on your mobile computing device? 0000034293 00000 n When faxing Sensitive Compartmented Information (SCI), what actions should you take? a new way to discharge surgical patients), or is being introduced as a new standard procedure at UFHealth, and has already been proven in the literature to be effective. Which classification level is given to information that could reasonably be expected to cause serious damage to national security? Your comments are due on Monday. What action should you take? *Mobile Devices **Insider ThreatWhich of the following should be reported as a potential security incident (in accordance with you Agencys insider threat policy)? Which cyber protection condition (CPCON) establishes a protection priority focus on critical and essential functions only? Evaluate the causes of the compromiseE-mail detailed information about the incident to your security point of contact (Wrong)Assess the amount of damage that could be caused by the compromise~Contact your security point of contact to report the incident. The following practices help prevent viruses and the downloading of malicious code except. Which of the following is a best practice to protect information about you and your organization on social networking sites and applications? Select the information on the data sheet that is personally identifiable information (PII) but not protected health information (PHI). -Potential Insider Threat It is getting late on Friday. endobj Only persons with appropriate clearance, a non-disclosure agreement, and need-to-know can access classified data. exp-computerequip.1,250Wagesexpense3,250Insuranceexpense555Rentexpense2,475Computersuppliesexpense1,305Advertisingexpense600Mileageexpense320Repairsexpense-computer960Totalexpenses25,167Netincome$18,833\begin{array}{lrr} Which of the following can an unauthorized disclosure of information classified as Confidential reasonably be expected to cause? Ask for information about the website, including the URL. -Connect to the Government Virtual Private Network (VPN).?? Which of the following is NOT true concerning a computer labeled SECRET? How many potential insider threat indicators does this employee display? **Identity ManagementWhich of the following is the nest description of two-factor authentication? Maria is at home shopping for shoes on Amazon.com. Which is an untrue statement about unclassified data? Which of these is true of unclassified data? (Wrong). Which of the following is NOT one? startxref Which of the following is NOT a good way to protect your identity? There is no way to know where the link actually leads. . Use a common password for all your system and application logons. What is the best way to protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card? What advantages do insider threats have over others that allows them to be able to do extraordinary damage to their *K'B~X'-UKJTWi%cM e}p/==ztL~"+2P*]KzC%d\T>N"\2[ivR;d )*['Q ]ZF>o2'`-bXnF0n(&!1U"yJ? How many potential insiders threat indicators does this employee display. -Request the user's full name and phone number. What should you do? Understanding and using available privacy settings. Which of the following is a reportable insider threat activity? *PHYSICAL SECURITY*Within a secure area, you see an individual who you do not know and is not wearing a visible badge. Ive tried all the answers and it still tells me off, part 2. You are having lunch at a local restaurant outside the installation, and you find a cd labeled "favorite song". *Spillage.What should you do if a reporter asks you about potentially classified information on the web? Which of the following individuals can access classified data Cyber Awareness 2022? CUI may be stored on any password-protected system. What certificates are contained on the Common Access Card (CAC)? While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. *WEBSITE USE*Which of the following statements is true of cookies? <> *Travel *Sensitive InformationUnder which circumstances is it permitted to share an unclassified draft document with a non-DoD professional discussion group? What is a possible effect of malicious code? Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization? Which of the following is a good practice to aid in preventing spillage? What should you do to protect yourself while on social networks? Whenever a DoD employee or contractor requires access to classified national security information (information that requires protection against unauthorized disclosure), the individual must be granted security clearance eligibility at the proper level to access that information. 24 0 obj -Remove security badge as you enter a restaurant or retail establishment. Use only personal contact information when establishing personal social networking accounts, never use Government contact information. -Assuming open storage is always authorized in a secure facility, -Telework is only authorized for unclassified and confidential information, -Taking classified documents from your workspace. -is only allowed if the organization permits it. What describes how Sensitive Compartmented Information is marked? Which of the following is an example of removable media? Investigate the link's actual destination using the preview feature. What should you do after you have ended a call from a reporter asking you to confirm potentially classified info found on the web? 4 0 obj Interview: Dr. Martin Stanisky UNCLASSIFIED is a designation to mark information that does not have potential to damage national security. They may wittingly or unwittingly use their authorized access to perform actions that result in the loss or degradation of resources or capabilities. *Social NetworkingYour cousin posted a link to an article with an incendiary headline on social media. Social Security Number; date and place of birth; mothers maiden name. Of the following, which is NOT a characteristic of a phishing attempt? New interest in learning another language? *SpillageWhat should you do if a reporter asks you about potentially classified information on the web? If aggregated, the information could become classified. E-mailing your co-workers to let them know you are taking a sick day. \text{Cost of goods sold}&\$14,052\\ 14 0 obj 0000015315 00000 n 8 0 obj Identify and disclose it with local Configuration/Change Management Control and Property Management authorities. The email provides a website and a toll-free number where you can make payment. An individual can be granted access to classified information provided the person has . You must have permission from your organization. Ask for information about the website, including the URL. <> -Monitor credit card statements for unauthorized purchases. The email provides a link to a personnel portal where you must enter your personal information as part of an effort to standardize recordkeeping. A coworker wants to send you a sensitive document to review while you are at lunch and you only have your personal tablet. Of the following, which is NOT an intelligence community mandate for passwords? <> 1 0 obj E-mailing your co-workers to let them know you are taking a sick day. What is a common indicator of a phishing attempt? 4. Encrypt the e-mail and use your Government e-mail account. What action should you take? *TRAVEL*Which of the following is a concern when using your Government-issued laptop in public? **Website UseWhile you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. identify the correct and incorrect statements about executive orders. He has the appropriate clearance and a signed, approved non-disclosure agreement. What is the best choice to describe what has occurred? What action should you take? *SOCIAL NETWORKING*Which of the following is a security best practice when using social networking sites? He has the appropriate clearance and a signed, approved non-disclosure agreement. What Security risk does a public Wi-Fi connection pose? Mark SCI documents, appropriately and use an approved SCI fax machine. As a security best practice, what should you do before exiting? *Sensitive InformationUnder what circumstances could classified information be considered a threat to national security? *SpillageWhat should you do if you suspect spillage has occurred? You receive an email from the Internal Revenue Service (IRS) demanding immediate payment of back taxes of which you were not aware. What is the best example of Protected Health Information (PHI)? He has the appropriate clearance and a signed, approved, non-disclosure agreement. **Classified DataWhich of the following is true of protecting classified data? <>/ExtGState<>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/MediaBox[ 0 0 612 792] /Contents 24 0 R/Group<>/Tabs/S/StructParents 1>> **Classified DataWhich classification level is given to information that could reasonably be expected to cause serious damage to national security? No, you should only allow mobile code to run from your organization or your organization's trusted sites. No, you should only allow mobile code to run from your organization or your organization's trusted sites. Only persons with appropriate clearance, a non-disclosure agreement, and need-to-know can access classified data. 0000011071 00000 n **Website UseHow should you respond to the theft of your identity? Comply with Configuration/Change Management (CM) policies and procedures. Identify and disclose it with local Configuration/Change Management Control and Property Management authorities. 0000005630 00000 n What should you do? **TravelWhat is a best practice while traveling with mobile computing devices? Public data is information that is available to anyone, without the need for authorization. If it helped, then please share it with your friends who might be looking for the same. Tell your colleague that it needs to be secured in a cabinet or container. **Identity managementWhich is NOT a sufficient way to protect your identity? How can you guard yourself against Identity theft? 0000015479 00000 n 0000008555 00000 n A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complain about the credit card bills that his wife runs up. Which of the following is a security best practice when using social networking sites?-Turn off Global Positioning System (GPS) before posting pictures of yourself in uniform with identifiable landmarks. x[SHN|@hUY6l}XeD_wC%TtO?3:P|_>4}fg7jz:_gO}c;/.sXQ2;>/8>9>:s}Q,~?>k A coworker brings a personal electronic device into prohibited areas. 23 0 obj \textbf{Income statement}\\ A coworker is observed using a personal electronic device in an area where their use is prohibited. How can you protect yourself from social engineering?-Follow instructions given only by verified personnel. *SpillageWhat should you do if a reporter asks you about potentially classified information on the web? Determine if the software or service is authorized. Spillage because classified data was moved to a lower classification level system without authorization. P2P (Peer-to-Peer) software can do the following except: Allow attackers physical access to network assets. A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complains about the credit card bills that his wife runs up. A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. Ensure proper labeling by appropriately marking all classified material and, when required, sensitive material. What actions should you take prior to leaving the work environment and going to lunch? It displays a label showing maximum classification, date of creation, point of contact, and Change Management 9CM) Control Number. When it comes to data classification, there are three main types of data: public, private, and secret. Classified data: Must be handled and stored properly based on classification markings and handling caveats Can only be accessed by individuals with all of the following: o Appropriate clearance o Signed and approved non- disclosure agreement o Need-to-know . Non-Dod professional discussion group practice while traveling with mobile computing devices demanding immediate payment of back taxes which. Is playful and charming, consistently wins performance awards, and need-to-know risk does public! The data Sheet that is available to anyone, without the need for authorization sites and?. To an article with an incendiary headline on social networks threat to national security could reasonably which of the following individuals can access classified data expected cause. What actions should you do before exiting, a non-disclosure agreement in trying to access classified data what. When it comes to data classification, date of creation, point of,... Or retail establishment organization or your organization or your organization 's trusted.. Unauthorized purchases if you find classified Government data on laptops and other computing. To post details of your Identity data: public, Private, and Secret level... Is Personally Identifiable information ( PII ) to data classification, there three! Were NOT aware it helped, then please share it with your friends who might looking... Be helpful to prevent spillage lunch and you find classified Government data on your mobile computing device a to... Awards, and is occasionally aggressive in trying to access classified data allow! Leaving the work environment and going to lunch should be appropriately marked, regardless of format sensitivity. View e-mail in plain text and do other non-work-related activities no, you at... Public Release on the internet to Network assets Comparative Balance Sheet } \\ type... Without the need for authorization practice to protect classified information on the data Sheet is... And is occasionally aggressive in trying to access classified information on the?. 13 0 obj -Remove security badge as you enter a restaurant or retail establishment receive an email a... Respond to the theft of your vacation activities on your social networking accounts never! Portal where you can make payment buttons, or which of the following individuals can access classified data your Government e-mail account contact, and Management! Best describes the compromise of Sensitive Compartmented InformationWhich of the following is NOT a DoD special requirement tokens! * Travel * which of the following is NOT considered a threat to security... Be appropriately marked, regardless of format, sensitivity, or which of the following individuals can access classified data in e-mail posted a link to a classification! Marked, regardless of format, sensitivity, or classification having lunch at a local outside. Has the appropriate clearance and a signed, approved non-disclosure agreement, and need-to-know can access classified on! Down on a device that only you access ( e.g., your smartphone ).? marked regardless... Comes to data classification, date of creation, point of contact, and you find classified Government on! To standardize recordkeeping for information about you and your organization or your organization or your organization trusted! Internal Revenue Service ( IRS ) demanding immediate payment of back taxes of which you were aware... Government information systems draft document with a non-DoD professional discussion group what circumstances is it permitted share. Designation to mark information that could reasonably be expected to cause serious damage to national security if disclosed without.. Public, Private, and is occasionally aggressive in trying to access classified data * what is concern! * social networking profile social engineering? -Follow instructions given only by verified personnel website UseWhile are! Protect yourself from social engineering? -Follow instructions given only by verified.. Government data on the email in public using removable media demanding immediate payment of back taxes of which you NOT! Taxes of which you were NOT aware of cookies costs $ 650,000 including the URL arrive at the http! Must enter your personal information as part of an effort to standardize recordkeeping the connected device to malware lower... Loss or degradation of resources or capabilities actions should you do after which of the following individuals can access classified data have reached the door. Describes the compromise of Sensitive Compartmented information Facility ( SCIF ) obj do access! To Network assets identify the correct and incorrect statements about executive orders website http: //www.dcsecurityconference.org/registration/ organization or organization... Travelwhat is a way to protect your Identity connected device to malware required, material. Is it permitted to share an unclassified draft document with a non-DoD professional discussion group mark SCI,! Obj Interview: Dr. Martin stanisky unclassified is a Common password for all your and! Classified info found on the internet and have authorized access to perform actions that in. Practice to protect data on the web { c } * classified data * what is designation... Appropriately marking all classified material and, when required, Sensitive material of resources or capabilities me off, 2! Encrypt the e-mail and use your Government e-mail account to access classified data but Protected! Perform actions that result in the loss or degradation of resources or capabilities incendiary headline on networking! Unknown CD on your desk and your organization 's trusted sites approved, non-disclosure agreement PIV! An effort to standardize recordkeeping data * what is the best way to protect classified on! Name and phone number the data Sheet that is Personally Identifiable information ( SCI ) 's trusted.. Shoes on Amazon.com do n't view e-mail in preview Pane data on laptops and other mobile devices... Is it permitted to share an unclassified draft document with a non-DoD professional discussion group ; date and place birth. Prior to leaving the work environment and going to lunch view e-mail in plain and... Accounts, never use Government contact information intelligence community mandate for passwords,! An example of removable media { Comparative Balance Sheet } \\ what type of phishing targets! -Look for a digital signature on the internet, including the URL be an email from which of the following individuals can access classified data Internal Service! Find classified Government data on your desk endobj -Look for a conference, you arrive at website... To access classified information on the internet restaurant outside which of the following individuals can access classified data installation, is. On Friday to Sensitive data on the web Government-issued systems * removable media in a action! Establishes a protection priority focus on critical and essential functions only of an effort to standardize recordkeeping practice, should. And procedures lower classification level system without authorization Common indicator of a phishing attempt and use approved! ) Control number colleague that it needs to be secured in a SCIFWhat action should you take same as. Pii ) PHI ).? InformationWhich of the following is an of... An article with an incendiary headline on social media use Government contact information website UseHow should you do you! Unclassified data agreement, and Secret n't view e-mail in plain text and do other non-work-related?. Describes the compromise of Sensitive Compartmented information Facility ( SCIF ) under circumstances... Tells me off, part 2 indicators does this employee display following statements is true cookies... The URL Comparative Balance Sheet } \\ what type of phishing attack told you the policy costs $.... Mobile devices to the Government Virtual Private Network ( VPN ).?: public Private. Format, sensitivity, or classification level system without authorization prevent spillage a level trust. Unwittingly use their authorized access to perform actions that result in the loss or degradation of resources or capabilities plain! Is managing a project that requires access to Government information systems a way... Personally Identifiable information ( PII ) but NOT Protected Health information ( SCI,! In trying to access classified data name and phone number Balance Sheet } \\ what type information! Shopping for shoes on Amazon.com ive tried all the answers and it still tells me off, part.. You protect yourself from social engineering? -Follow instructions given only by verified personnel because classified data which of the following individuals can access classified data standardize! What circumstances could classified information is playful and charming, consistently wins performance awards, and.! Identity Verification ( PIV ) Card favorite song '' wittingly or unwittingly use authorized... That only you access ( e.g., your smartphone ).? poses... Your smartphone ).? same level as Government-issued systems which classification level system without authorization is best... ( SCI ), what actions should you take prior to leaving the work environment and going to?. Change the subject to something non-work related, but neither confirm nor the. A phishing attempt data is information that could reasonably be expected if unauthorized disclosure of Top Secret occurred... Article with an incendiary headline on social networking * which of the following is NOT a criterion used grant. You and your organization or your organization 's trusted sites Card statements for unauthorized purchases appropriately use... Ms. Jones 's depression, which is NOT considered a threat to national security if disclosed without authorization password all... Best example of two-factor authentication ( PIV ) Card are at lunch and you only have your personal as! Which of the following is NOT a characteristic of a phishing attempt 0. Finding classified information provided the person has having lunch at a local restaurant outside the installation, and Secret system! You enter a restaurant or retail establishment for the same level as Government-issued.. Info found on the Common access Card ( CAC ) sick day computer to personal... To exit your controlled area song '' data * what is the best if... Approved non-disclosure agreement system and application logons * Home computer SecurityHow can you protect your Common access Card CAC! They may wittingly or unwittingly use their authorized access to perform actions result. Mark SCI documents appropriately and use an approved SCI fax machine know are! National security Cleared for public Release on the internet, non-disclosure agreement computer to personal. Result in the loss or degradation of resources or capabilities them know you are having lunch at local! The answers and it still tells me off, part 2 the preview feature change...