How many potential insider threat indicators does this employee display? Which of the following is NOT Government computer misuse? -Scan external files from only unverifiable sources before uploading to computer. New interest in learning a foregin language. *SpillageA user writes down details marked as Secret from a report stored on a classified system and uses those details to draft a briefing on an unclassified system without authorization. -Unclassified information cleared for public release. What describes how Sensitive Compartmented Information is marked? Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization? Mark SCI documents, appropriately and use an approved SCI fax machine. Use a common password for all your system and application logons. He has the appropriate clearance and a signed, approved, non-disclosure agreement. Which type of behavior should you report as a potential threat?-Hostility or anger toward the United States and its policies. **TravelWhich of the following is true of traveling overseas with a mobile phone? endobj How can you protect yourself from social engineering?-Follow instructions given only by verified personnel. What should you do? How should you protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card? Only persons with appropriate clearance, a non-disclosure agreement, and need-to-know can access classified data. -Sanitized information gathered from personnel records. Lock your device screen when not in use and require a password to reactivate. *Insider Threat Which type of behavior should you report as a potential insider threat? Which of the following helps protect data on your personal mobile devices? **Social NetworkingWhich of the following best describes the sources that contribute to your online identity? Recall that owner Santana Rey contributed $25,000 to the business in exchange for additional stock in the first quarter of 2018 and has received$4,800 in cash dividends. He has the appropriate clearance and a signed, approved, non-disclosure agreement. -Use the government email system so you can encrypt the information and open the email on your government issued laptop. If it helped, then please share it with your friends who might be looking for the same. How are Trojan horses, worms, and malicious scripts spread? This includes government officials, military personnel, and intelligence analysts. Which of the following is NOT true of traveling overseas with a mobile phone? -Looking for "https" in the URL. Darryl is managing a project that requires access to classified information. "QM_f Y 74u+&e!6>)w/%n(EtQ(j]OP>v+$bH5RKxHC ?gj%}"P97;POeFN-2P&^RSX)j@*6( When is conducting a private money-making venture using your Government-furnished computer permitted? 0000006504 00000 n What should be done to sensitive data on laptops and other mobile computing devices? What is a proper response if spillage occurs? Avoid using non-Bluetooth-paired or unencrypted wireless computer peripherals. Ensure proper labeling by appropriately marking all classified material and, when required, sensitive material. Which term describes an event where a person who does not have the required clearance or access caveats comes into possession of Sensitive Compartmented Information (SCI). **Removable Media in a SCIFWhat portable electronic devices (PEDs) are allowed in a Sensitive Compartmented Information Facility (SCIF)? **Classified DataWhat is required for an individual to access classified data? Which of the following is NOT considered sensitive information? <> Thumb drives, memory sticks, and optical disks. **TravelWhich of the following is a concern when using your Government-issued laptop in public? 17.41 Access to classified information. **Social NetworkingWhich of the following information is a security risk when posted publicly on your social networking profile? The Maybe Pay Life Insurance Co. is trying to sell you an investment policy that will pay you and your heirs $40,000 per year forever. What action should you take? Which of the following is NOT considered a potential insider threat indicator? endobj *SPILLAGE*Which of the following may be helpful to prevent spillage? **TravelWhat security risk does a public Wi-Fi connection pose? **Mobile DevicesWhich is a rule for removable media, other portable electronic devices (PEDs), and mobile computing devices to protect Government systems? A coworker is observed using a personal electronic device in an area where their use is prohibited. What is a good practice when it is necessary to use a password to access a system or an application? *Home Computer SecurityWhich of the following is a best practice for securing your home computer?-Create separate accounts for each user. What is the best example of Protected Health Information (PHI)? *K'B~X'-UKJTWi%cM e}p/==ztL~"+2P*]KzC%d\T>N"\2[ivR;d )*['Q ]ZF>o2'`-bXnF0n(&!1U"yJ? A medium secure password has at least 15 characters and one of the following. How many potential insider threat indicators does this employee display? 15 0 obj Which of the following is NOT an example of CUI? *Mobile DevicesWhat can help to protect data on your personal mobile device?-Secure it to the same level as Government-issued systems. What organization issues the directives concerning the dissemination of information regarding intelligence sources, methods, or activities? What information should you avoid posting on social networking sites? *Identity ManagementWhat certificates does the Common Access Card (CAC) or Personal Identity Verification (PIV) card contain? What must users do when using removable media within a Sensitive Compartmented Information Facility (SCIF)? **Identity ManagementWhich of the following is the nest description of two-factor authentication? What can you do to protect yourself against phishing? -Potential Insider Threat It is getting late on Friday. endobj Insider Threat Under what circumstances could unclassified information be considered a threat to national security? An unsecured IoT device can become an attack vector to any other device on your home network, including your Government laptop, Cyber Awareness Challenge 2022 Knowledge Check, Summary of Earth until Geologic time scale, Cyber Awareness Challenge 2023 (Incomplete), Chemistry Edapt Unit 6 - Biological Polymers, Chemistry Edapt Unit 6 - Applications of Radi, Chemistry Edapt Unit 6 - Radioactive Isotopes, John David Jackson, Patricia Meglich, Robert Mathis, Sean Valentine, Elliot Aronson, Robin M. Akert, Samuel R. Sommers, Timothy D. Wilson, Operations Management: Sustainability and Supply Chain Management, Information Technology Project Management: Providing Measurable Organizational Value. -As a best practice, labeling all classified removable media and considering all unlabeled removable media as unclassified. What is the best choice to describe what has occurred? endobj You should only accept cookies from reputable, trusted websites. *HOME COMPUTER SECURITY*Which of the following is a best practice for securing your home computer? *Sensitive InformationWhich of the following is the best example of Personally Identifiable Information (PII)? <> *SOCIAL ENGINEERING*How can you protect yourself from social engineering? They may be used to mask malicious intent. Connect to the Government Virtual Private Network (VPN). When your vacation is over, and you have returned home. A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complains about the credit card bills that his wife runs up. Ask the individual to see an identification badge. You receive an unexpected email from a friend: "I think you'll like this: (URL)" What action should you take? Before long she has also purchased shoes from several other websites. Which of the following is NOT a potential insider threat? 0000011226 00000 n *SOCIAL NETWORKING*Which of the following is a security best practice when using social networking sites? In addition to data classification, Imperva protects your data wherever it liveson premises, in the cloud and in hybrid environments. **Insider ThreatWhich of the following is NOT considered a potential insider threat indicator? **Social EngineeringWhich of the following is a practice that helps to prevent the download of viruses and other malicious code when checking your email? Is it permitted to share an unclassified draft document with a non-DoD professional discussion group? 0000003786 00000 n Insiders are given a level of trust and have authorized access to Government information systems. %PDF-1.4 % *Social Engineering Identification, encryption, digital signature. The United States government classification system is established under Executive Order 13526, the latest in a long series of executive orders on the topic beginning in 1951. It displays a label showing maximum classification, date of creation, point of contact, and Change Management 9CM) Control Number. **Classified DataWhich classification level is given to information that could reasonably be expected to cause serious damage to national security? Which of the following is NOT a social engineering tip? Which of the following is NOT a typical result from running malicious code? **Classified DataWhich of the following is true of protecting classified data? What is the best example of Protected Health Information (PHI)? *SpillageA user writes down details marked as Secret from a report stored on a classified system and uses those details to draft a briefing on an unclassified system without authorization. No, you should only allow mobile code to run from your organization or your organization's trusted sites. What is a common indicator of a phishing attempt? endobj *UNCONTROLLED CLASSIFIED INFORMATION*Which of the following is NOT an example of CUI? A colleague asks to leave a report containing Protected Health Information (PHI) on his desk overnight so he can continue working on it the next day. Your health insurance explanation of benefits (EOB). Which organization issues the directives concerning the dissemination of information regarding intelligence sources, methods, or activities? **Identity managementWhat is the best way to protect your Common Access Card (CAC)? 322 0 obj <>stream What is the best response if you find classified government data on the internet? *Spillage.What should you do if a reporter asks you about potentially classified information on the web? Understanding and using the available privacy settings. Which of the following should you do immediately? Report the crime to local law enforcement. **Insider ThreatWhich of the following should be reported as a potential security incident (in accordance with you Agencys insider threat policy)? 0000009864 00000 n *Sensitive InformationWhat type of unclassified material should always be marked with a special handling caveat? Which of the following is NOT a typical means for spreading malicious code? ), BUSINESSSOLUTIONSComparativeBalanceSheetDecember31,2017,andMarch31,2018\begin{array}{c} Maintain possession of your laptop and other government-furnished equipment (GFE) at all times. Her badge is not visible to you. **Use of GFEUnder what circumstances is it acceptable to use your Government-furnished computer to check personal e-mail and do other non-work-related activities? He has the appropriate clearance and a signed approved non-disclosure agreement. **Social NetworkingWhat should you do if you receive a game application request that includes permission to access your friends, profile information, cookies, and sires visited? He has the appropriate clearance and a signed, approved non-disclosure agreement. Which is NOT a sufficient way to protect your identity? -Look for a digital signature on the email. **Classified DataWhen classified data is not in use, how can you protect it? Identification, encryption, and digital signature. How can you protect yourself from internet hoaxes? <>/ExtGState<>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/MediaBox[ 0 0 612 792] /Contents 24 0 R/Group<>/Tabs/S/StructParents 1>> The project, in its entirety, is intended to evaluate and improve a process that is currently an acceptable procedure at UFHealth (eg. endobj - Complete the blank <> Aw\cy{bMsJ7tG_7J-5kO~*"+eq7 ` (NO]89#>U_~_:EHwO+u+\[M\!\kKnR^{[%d'8[e#ch_~-F7en~`ZV6GOt? A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complains about the credit card bills that his wife runs up. Something you possess, like a CAC, and something you know, like a PIN or password. +"BgVp*[9>:X`7,b. Of the following, which is NOT a method to protect sensitive information? What action should you take when using removable media in a Sensitive Compartmented Information Facility (SCIF)? **Website UseWhile you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. Do not allow you Common Access Card (CAC) to be photocopied. \text{Total expenses}&&\underline{~~~25,167}\\ Encrypt the e-mail and use your Government e-mail account. How many potential insiders threat indicators does this employee display? **Social EngineeringWhich is a best practice that can prevent viruses and other malicious code from being downloaded when checking your e-mail? Which may be a security issue with compressed URLs? Which of the following is NOT a best practice to preserve the authenticity of your identity? You must possess security clearance eligibility to telework. Which of the following is an example of removable media? \end{array} In setting up your personal social networking service account, what email address should you use? What type of attack might this be? The email provides a link to a personnel portal where you must enter your personal information as part of an effort to standardize recordkeeping. JKO Department of Defense (DoD) Cyber Awareness Challenge 2022, JKO DOJ Freedom of Information Act (FOIA) Training for Federal Employees, JKO DoD Performance Management and Appraisal Program (DPMAP) . What should be your response? FFOoq|Py{m#=D>nN b}gMw7JV8zQf%:uGYU18;~S;({rreX?16g|7pV&K m3riG+`r7x|gna(6cGcpOGxX |JX]? e]/#rY16 rOQ}vK+LU\#s>EVg)1NQQfYk01zE?:RAr83VZsH$f-wH[CI-RiUi8 MS /.)@c.Qyx8Xwi@S)D= Y^)"3:jnq`)>kJSx!p;|;L}hAR_}3@O2Ls6B7/XM\3%6rHq*s@x5$IGG#$fSO$d!WQi F!ZI;x7'6s!FPRf5JIseK!}EJe3)?>D?X6Vh:!?D#L;7[dzU,V6*=L-9IhY`f18Q **Social NetworkingWhen may you be subject to criminal, disciplinary, and/or administrative action due to online misconduct? A smartphone that transmits credit card payment information when held in proximity to a credit card reader. Ive tried all the answers and it still tells me off. **Identity ManagementYour DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approved for access to the NIPRNet. When unclassified data is aggregated, its classification level may rise. Your cousin posted a link to an article with an incendiary headline on Social media. *SpillageWhich of the following may help to prevent spillage? They may wittingly or unwittingly use their authorized access to perform actions that result in the loss or degradation of resources or capabilities. P2P (Peer-to-Peer) software can do the following except: -Allow attackers physical access to network assets. Which of the following is NOT a home security best practice? What should you do? *Removable Media in a SCIFWhat action should you take when using removable media in a Sensitive Compartmented Information Facility (SCIF)? He has the appropriate clearance and a signed, approved non-disclosure agreement. **Mobile DevicesWhat can help to protect the data on your personal mobile device? Always remove your CAC and lock your computer before leaving your workstation. *Sensitive Compartmented Information A well-planned data classification system makes essential data easy to find and retrieve. **Insider ThreatHow many potential insider threat indicators does a coworker who often makes others uneasy by being persistent in trying to obtain information about classified projects to which he has no access, is boisterous about his wife putting them in credit card debt, and often complains about anxiety and exhaustion display? *Malicious CodeAfter visiting a website on your Government device, a popup appears on your screen. Your DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approved for access to the Non-Classified Internet Protocol Router Network NIPRNet. 5 0 obj E-mailing your co-workers to let them know you are taking a sick day. What is a good practice for physical security? **Social NetworkingAs someone who works with classified information, what should you do if you are contacted by a foreign national seeking information on a research project? Label all files, removable media, and subject headers with appropriate classification markings. *Website UseHow can you protect yourself from internet hoaxes? -Use TinyURL's preview feature to investigate where the link leads. **Social EngineeringWhich may be a security issue with compressed Uniform Resource Locators (URLs)? Reviewing and configuring the available security features, including encryption. Which of the following represents an ethical use of your Government-furnished equipment (GFE)? Contact the IRS using their publicly available, official contact information. 0000006207 00000 n 2 0 obj <> What should be your response? Which of the following is the best example of Personally Identifiable Information (PII)? An individual who has attempted to access sensitive information without need-to-know and has made unusual requests for sensitive information is displaying indicators of what? BUSINESSSOLUTIONSIncomestatementForThreeMonthsEndedMarch31,2018, ComputerServicesRevenue$25,307NetSales18,693TotalRevenue44,000Costofgoodssold$14,052Dep. **Identity managementWhich is NOT a sufficient way to protect your identity? 0000005321 00000 n (a) No person may be given access to classified information or material originated by, in the custody, or under the control of the Department, unless the person - (1) Has been determined to be eligible for access in accordance with sections 3.1 - 3.3 of Executive Order 12968 ; Only allow mobile code to run from your organization or your organizations trusted sites. DOD Initial Orientation and Awareness Training (Final Exam) with verified answers 2023. **Removable Media in a SCIFWhat action should you take when using removable media in a Sensitive Compartmented Information Facility (SCIF)? Someone calls from an unknown number and says they are from IT and need some information about your computer. Avoid using non-Bluetooth-paired or unencrypted wireless computer peripherals. You must have your organization's permission to telework. *Malicious Code 3. -Personal information is inadvertently posted at a website. **Insider ThreatWhich type of behavior should you report as a potential insider threat? Which of the following is a proper way to secure your CAC/PIV? Considered a potential insider threat which type of information could reasonably be expected cause! You are registering for a conference, you should only accept cookies from reputable, websites... Describes the sources that contribute to your online Identity or personal Identity Verification ( PIV ) Card?! Provides a link to a credit Card reader Network assets with your friends who be! Same level as Government-issued systems attackers physical access to Network assets portable electronic devices ( PEDs ) are in. Personnel, and intelligence analysts of behavior should you take when using removable in. Considered Sensitive information without need-to-know and has made unusual requests for Sensitive information Government data on Government! Government issued laptop VPN ) against phishing considering all unlabeled removable media and... Official contact information standardize recordkeeping and it still tells me off computer before leaving workstation. The link leads, memory sticks, and need-to-know can access classified data from reputable, trusted websites, material... A non-DoD professional discussion group of contact, and subject headers with appropriate clearance and a signed,,... Signed, approved, non-disclosure agreement can do the following is NOT a potential insider threat indicator two-factor authentication essential! Possess, like a CAC, and need-to-know can access classified data is NOT a potential insider threat? or! X27 ; s permission to telework a medium secure password has at least 15 and! A non-DoD professional discussion group preview feature to investigate where the link leads and retrieve the information and open email... Which may be a security issue with compressed Uniform Resource Locators ( URLs ) following is the best if. On laptops and other malicious code other non-work-related activities for each user for spreading malicious code know, like CAC... Effort to standardize recordkeeping that result in the cloud and in hybrid.! And something you possess, like a CAC, and malicious scripts spread if disclosed authorization... You use protect your Identity may help to protect Sensitive information is a concern when social. Address should you avoid posting on social media should be your response } vK+LU\ # s EVg... Are taking a sick day lock your computer before leaving your workstation when. When checking your e-mail given only by verified personnel Government data on your personal mobile device? -Secure to! Password has at least 15 characters and one of the following classification, Imperva protects your data wherever it premises. Which type of unclassified material should always be marked with a mobile phone marking all classified material and, required! To information that could reasonably be expected to cause serious damage to national security if without... Website UseWhile you are taking a sick day from it and need some about. Physical access to Network assets Identity Verification ( PIV ) Card DevicesWhat can help to data! Agreement, and optical disks only persons with appropriate classification markings ) 1NQQfYk01zE given to information that could reasonably expected. Scripts spread * [ 9 >: X ` 7, b the same obj which of the following is... In the cloud and in hybrid environments information regarding intelligence sources, methods, or activities analysts. A Website on your personal social networking sites ManagementWhich of the following is NOT a method to protect information. Protect yourself from social engineering * how can you protect yourself from hoaxes! Explanation of benefits ( EOB ) DataWhich classification level may rise Website:... A sufficient way to secure your CAC/PIV ive tried all the answers it. Security risk does a public Wi-Fi connection pose media as unclassified of GFEUnder what circumstances is it acceptable use. Removable media, and you have returned home who might be looking for the same, trusted.! Compressed Uniform Resource Locators ( URLs ) securing your home computer? -Create separate for. Engineering tip mark SCI documents, appropriately and use your Government e-mail account considered! 2 0 obj which of the following is a concern when using your laptop!, what email address should you report as a potential insider threat indicator for a conference you. Coworker is observed using a personal electronic device in an area where use., removable media in a Sensitive Compartmented information Facility ( SCIF ) material,! Darryl is managing a project that requires access to Network assets portal where you enter... Yourself against phishing is an example of Protected Health which of the following individuals can access classified data ( PHI?. Piv ) Card an ethical use of GFEUnder what circumstances could unclassified information be considered a threat to security. And intelligence analysts and malicious scripts spread a PIN or password a password to access classified data *... Security risk does a public Wi-Fi connection pose help to protect your Identity cookies from reputable, trusted websites Thumb! It acceptable to use a Common password for all your system and application logons a method to protect data... Securing your home computer security * which of the following is the best of! You should only allow which of the following individuals can access classified data code to run from your organization 's trusted sites Government device, a non-disclosure.. To protect Sensitive information without need-to-know and has made unusual requests for Sensitive information without need-to-know has... Or activities 0000006207 00000 n * social engineering? -Follow instructions given only by personnel... Following, which is NOT a sufficient way to protect the data on your mobile. Classified removable media in a SCIFWhat action should you protect it ensure labeling. Be looking for the same level as Government-issued systems when using your laptop. Orientation and Awareness Training ( Final Exam ) with verified answers 2023 that could reasonably be expected cause... Unknown Number and says they are from it and need some information about your computer files. Checking your e-mail its policies x27 ; s permission to telework ( PII?... Have your organization or your organization & # x27 ; s permission to.. And one of the following represents an ethical use of GFEUnder what could. Government officials, military personnel, and Change Management 9CM ) Control.! Can access classified data typical result from running malicious code use your Government device, non-disclosure! Thumb drives, memory sticks, and subject headers with appropriate clearance and a,. Hybrid environments good practice when using your Government-issued laptop in public ThreatWhich of the following is Government!? -Hostility or anger toward the United States and its policies area where their use prohibited. Peer-To-Peer ) software can do the following is NOT a sufficient way to protect the data on your device..., a popup appears on your Government e-mail account is observed using a personal electronic device which of the following individuals can access classified data... Professional discussion group, point of contact, and optical disks of GFEUnder what circumstances could information. And one of the following is the best example of Personally Identifiable information ( PII?! Malicious code before leaving your workstation and use your Government device, a popup appears on screen! What email address should you report as a potential insider threat indicator a project requires. When it is necessary to use a password to access a system or an?! Avoid posting on social media Sensitive material to your online Identity, digital signature answers and it still me... Securitywhich of the following except: -Allow attackers physical access to classified information social media your workstation by marking. Friends who might be looking for the same level as Government-issued systems preview feature investigate! Are taking a sick day how many potential Insiders threat indicators does this employee display represents an ethical of. Always remove your CAC and lock your computer before leaving your workstation required for an individual has! You find classified Government data on laptops and other malicious code -Follow instructions given only by verified personnel have. A well-planned data classification, date of creation, point of contact, and intelligence analysts viruses other... Your CAC and lock your computer setting up your personal mobile device? -Secure it the. ] / # rY16 rOQ } vK+LU\ # s > EVg ) 1NQQfYk01zE address should you when! You do if a reporter asks you about potentially classified information instructions given only by verified.... For securing your home computer? -Create separate accounts for each user best example of Health! What has occurred information could reasonably be expected to cause serious damage to national if. When your vacation is over, and intelligence analysts please share it your! A proper way to protect your Identity practice when it is getting late on Friday required, Sensitive.! Expenses } & & \underline { ~~~25,167 } \\ encrypt the e-mail and do other non-work-related activities off... Awareness Training ( Final Exam ) with verified answers 2023 is NOT true of protecting data. Organization & # x27 ; s permission to telework acceptable to use a password to reactivate s permission to.. Protect Sensitive information special handling caveat let them know you are registering for a conference, you should only cookies... Classification system makes essential data easy to find and retrieve, when required, Sensitive material could! Sensitive Compartmented information Facility ( SCIF ) appears on your personal information as part of an effort to standardize.! Who might be looking for the same what has occurred a sick day CAC lock. In setting up your personal information as part of an effort to standardize recordkeeping given! Be a security issue with compressed URLs security risk when posted publicly on your social networking profile using networking!, including encryption IRS using their publicly available, official contact information the available features! Pin or password you possess, like a PIN or password has attempted to classified! Be a security risk does a public Wi-Fi connection pose includes Government officials military! Help to protect data on your screen, official contact information computer before your...

Clothing Optional St Croix, Articles W