SPILLAGE
Which of the following may be helpful to prevent spillage?
Be aware of classification markings and all handling caveats.
SPILLAGE
Which of the following may be helpful to prevent spillage?
Label all files, removable media, and subject headers with appropriate classification markings.
CLASSIFIED DATA
Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization?
Secret
CLASSIFIED DATA
What is a good practice to protect classified information?
Ensure proper labeling by appropriately marking all classified material and, when required, sensitive material.
INSIDER THREAT
Based on the description below how many potential insider threat indicators are present? A colleague often makes others uneasy by being persistent in trying to obtain information about classified projects to which he has no access, is boisterous about his wife putting them in credit card debt, and often complains about anxiety and exhaustion display?
3 or more indicators
INSIDER THREAT
What threat do insiders with authorized access to information or information systems pose?
They may wittingly or unwittingly use their authorized access to perform actions that result in the loss or degradation of resources or capabilities.
INSIDER THREAT
Which of the following is NOT considered a potential insider threat indicator?
New interest in learning a foregin language.
SOCIAL NETWORKING
When may you be subject to criminal, disciplinary, and/or administrative action due to online misconduct?
If you participate in or condone it at any time.
SOCIAL NETWORKING
When is the safest time to post details of your vacation activities on your social networking profile?
After you have returned home following the vacation.
SOCIAL NETWORKING
Which of the following is a security best practice when using social networking sites?
Understanding and using the available privacy settings.
UNCONTROLLED CLASSIFIED INFORMATION
Which of the following is NOT an example of CUI?
Press release data
UNCONTROLLED CLASSIFIED INFORMATION
Which of the following is NOT a correct way to protect CUI?
Sensitive information may be stored on any password-protected system.
Select the information on the data sheet that is personally identifiable information (PII) But not protected health information (PHI)
Jane Jones
Social security number: 123-45-6789
Select the information on the data sheet that is protected health information (PHI)
Jane has been Dr…ect patient..ect.
PHYSICAL SECURITY
Within a secure area, you see an individual who you do not know and is not wearing a visible badge
Ask the individual to see an identification badge.
IDENTITY MANAGEMENT
What certificates does the Common Access Card (CAC) or Personal Identity Verification (PIV) card contain?
Identification, encryption, and digital signature
IDENTITY MANAGEMENT
Which of the following is an example of a strong password?
eA1xy2!P
SENSITIVE COMPARTMENTED INFORMATION
When faxing Sensitive Compartmented Information (SCI), what actions should you take?
Mark SCI documents appropriately and use an approved SCI fax machine.
SENSITIVE COMPARTMENTED INFORMATION
When is it appropriate to have your security badge visible within a sensitive compartmented information facility (SCIF)?
At all times while in the facility.
REMOVABLE MEDIA IN A SCIF
What action should you take when using removable media in a Sensitive Compartmented Information Facility (SCIF)?
Identify and disclose it with local Configuration/Change Management Control and Property Management authorities
MALICIOUS CODE
Which of the following is NOT a way malicious code spreads?
Legitimate software updates
WEBSITE USE
Which of the following statements is true of cookies?
You should only accept cookies from reputable, trusted websites.
SOCIAL ENGINEERING
How can you protect yourself from internet hoaxes?
Use online sites to confirm or expose potential hoaxes
SOCIAL ENGINEERING
How can you protect yourself from social engineering?
Follow instructions given only by verified personnel
SOCIAL ENGINEERING
What action should you take with an e-mail from a friend containing a compressed Uniform Resource Locator (URL)?
Investigate the link’s actual destination using the preview feature
TRAVEL
Which of the following is a concern when using your Government-issued laptop in public?
Others may be able to view your screen.
USE OF GFE
What is a critical consideration on using cloud-based file sharing and storage applications on your Government-furnished equipment (GFE)?
Determine if the software or service is authorized
MOBILE DEVICES
Which of the following is an example of near field communication (NFC)?
A smartphone that transmits credit card payment information when held in proximity to a credit card reader.
MOBILE DEVICES
Which of the following is an example of removable media?
Flash Drive
HOME COMPUTER SECURITY
Which of the following is a best practice for securing your home computer?
Create separate accounts for each user.
*Spillage
Which of the following may help to prevent spillage?
Label all files, removable media, and subject headers with appropriate classification markings.
*Spillage
Which of the following actions is appropriate after finding classified information on the internet?
Note any identifying information and the website’s Uniform Resource Locator (URL)
*Classified Data
Which of the following individuals can access classified data?
Darryl is managing a project that requires access to classified information. He has the appropriate clearance and a signed, approved, non-disclosure agreement.
*Insider Threat
Which type of behavior should you report as a potential insider threat?
Hostility and anger toward the United States and its policies
*Insider Threat
Which of the following practices may reduce your appeal as a target for adversaries seeking to exploit your insider status?
Remove your security badge after leaving your controlled area or office building
*Social Networking
Your cousin posted a link to an article with an incendiary headline on social media. What action should you take?
Research the source of the article to evaluate its credibility and reliability
*Social Networking
Which of the following is a security best practice when using social networking sites?
Use only your personal contact information when establishing your account
*Controlled Unclassified Information
Select the information on the data sheet that is personally identifiable information (PII) but not protected health information (PHI)
Jane Jones
Social Security Number: 123-45-6789
*Controlled Unclassified Information
Select the information on the data sheet that is protected health information (PHI)
Interview: Dr. Nora Baker
Dr. Baker was Ms. Jones’s psychiatrist for three months. Dr. Baker reports that the sessions addressed Ms. Jones’s depression, which poses no national security risk
*Physical Security
Which Cyber Protection Condition (CPCON) establishes a protection priority focus on critical and essential functions only?
CPCON 2
*Identity Management
What certificates does the Common Access Card (CAC) or Personal Identity Verification (PIV) card contain?
Identification, encryption, digital signature
*Identity Management
What is the best way to protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card?
Maintain possession of it at all times
*Sensitive Compartmented Information
When faxing Sensitive Compartmented Information (SCI), what actions should you take?
Mark SCI documents, appropriately and use an approved SCI fax machine
*Sensitive Compartmented Information
When is it appropriate to have your security badge visible within a Sensitive Compartmented Information Facility (SCIF)?
At all times while in the facility
*Removable Media in a SCIF
What action should you take when using removable media in a Sensitive Compartmented Information Facility (SCIF)?
Identify and disclose it with local Configuration/Change Management Control and Property Management authorities
*Malicious Code
After visiting a website on your Government device, a popup appears on your screen. The popup asks if you want to run an application. Is this safe?
No, you should only allow mobile code to run from your organization or your organization’s trusted sites
*Malicious Code
Which of the following statements is true of cookies?
You should only accept cookies from reputable, trusted websites
*Website Use
What action should you take with an e-mail from a friend containing a compressed Uniform Resource Locator (URL)?
Investigate the link’s actual destination using the preview feature
*Website Use
How can you protect yourself from internet hoaxes?
Use online sites to confirm or expose potential hoaxes
*Social Engineering
What is a common indicator of a phishing attempt?
A threat of dire consequences
*Travel
What security risk does a public Wi-Fi connection pose?
It may expose the connected device to malware
*Use of GFE
Which of the following represents an ethical use of your Government-furnished equipment (GFE)?
E-mailing your co-workers to let them know you are taking a sick day
*Mobile Devices
What can help to protect the data on your personal mobile device?
Secure it to the same level as Government-issued systems
*Mobile Devices
Which of the following is an example of removable media?
Flash drive
*Home Computer Security
Which of the following statements is true of using Internet of Things (IoT) devices in your home?
An unsecured IoT device can become an attack vector to any other device on your home network, including your Government laptop