*Spillage Which of the following actions is appropriate after finding classified information on the Internet? All data transfers via the internet are not 100% secure and there might be some security vulnerabilities. **Insider Threat Which type of behavior should you report as a potential insider threat? In the following situations, determine if the duty describes would be one of the Fed is responsible or is not responsible to enforce. -Ask them to verify their name and office number It contains certificates for identification, encryption, and digital signature. Which method would be the BEST way to send this information? **Social Networking What should you do if you receive a game application request that includes permission to access your friends, profile information, cookies, and sires visited? *Sensitive Compartmented Information What must the dissemination of information regarding intelligence sources, methods, or activities follow? **Classified Data What is required for an individual to access classified data? Which of the following is a proper way to secure your CAC/PIV? What type of security is part of your responsibility and placed above all else?, If your wireless device is improperly configured someone could gain control of the device? What should be your response? Of the following, which is NOT a characteristic of a phishing attempt? Permitted Uses of Government-Furnished Equipment (GFE). Spear Phishing attacks commonly attempt to impersonate email from trusted entities. Unknown data is categorized by the system; an analyst then reviews the results (Spillage) What should you do when you are working on an unclassified system and receive an email with a classified attachment? Maybe. They broadly describe the overall classification of a program or system. Maybe How many potential insiders threat indicators does this employee display? What should you do? You are logged on to your unclassified computer and just received an encrypted email from a co-worker. What should you do if someone asks to use your government issued mobile device (phone/laptop..etc)? CUI includes, but is not limited to Controlled Technical Information (CTI), Personally Identifiable Information (PII), Protected Health Information (PHI), financial information, personal or payroll information, proprietary data and operational information. which of the following is true about unclassified Courses 442 View detail Preview site What is considered a mobile computing device and therefore shouldnt be plugged in to your Government computer? (social networking) When may you be subjected to criminal, disciplinary, and/or administrative action due to online misconduct? Based on the description that follows, how many potential insider threat indicator(s) are displayed? CUI is government created or owned information that requires safeguarding or dissemination controls consistent with applicable laws, regulations and government wide policies. Unclassified documents do not need to be marked as a SCIF. Your health insurance explanation of benefits (EOB). CPCON 2 (High: Critical and Essential Functions) Which of the following is NOT a requirement for telework? It may expose the connected device to malware. At EPA, the CUI Program is housed in the Libraries and Accessibility Division (LAD) within the Office of Mission Supports (OMS), Office of Enterprise Information Programs (OEIP). Amendments to a variety of policy documents as well as others referencing Confidential Business Information (CBI) submissions or handling, Changes to paper and e-forms and instructions for their submission to EPA. **Insider Threat What advantages do insider threats have over others that allows them to cause damage to their organizations more easily? Looking at your MOTHER, and screaming THERE SHE BLOWS! Which designation marks information that does not have potential to damage national security? Refer the reporter to your organizations public affairs office. Which of the following statements is TRUE about the use of DoD Public Key Infrastructure (PKI) tokens? **Classified Data Which classification level is given to information that could reasonably be expected to cause serious damage to national security? What should be your response? What is the best choice to describe what has occurred? Your DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approves for access to the NIPRNET. What should you do? Q&A for work. As long as the document is cleared for public release, you may release it outside of DoD. After you have returned home following the vacation. How are Trojan horses, worms, and malicious scripts spread? I may decide not to consent to these terms, but, if I do not consent to all of these terms, then I agree not to proceed with creating an account or moving forward with filling out the application, and I understand that I will not be . Which of the following best describes a way to safely transmit Controlled Unclassified Information (CUI)? which of the following is true about unclassified data. CPCON 4 (Low: All Functions) This answer has been confirmed as correct and helpful. *Sensitive Compartmented Information What should the participants in this conversation involving SCI do differently? DoD Unclassified data: Must be cleared before being released to the public May require applci aton i of Controled l Uncasl sed Iifi nformaton i (CU)I access and distribution controls Must be clearly marked as Unclassified or CUI if included in a classified document or classified storage area 1).Compared with CK, straw addition treatments (S and SG) significantly (P < 0.01) increased the emission rate and cumulative emission of CO 2 and the cumulative CO 2 . asked in Internet by voice (265k points) Question : Which of the following is true about unclassified data? Government-owned PEDs, if expressly authorized by your agency. Which of the following must you do before using an unclassified laptop and peripherals in a collateral classified environment? Classified information that should be unclassified and is downgraded. In which situation below are you permitted to use your PKI token? What should be your response? The date of full implementation of the CUI Program will be announced by the EPAs CUI Senior Agency Official (CUI SAO) and updated here on EPAs public web page. Physical security of mobile phones carried overseas is not a major issue. Which of the following is an example of punishment by application? **Insider Threat A colleague vacations at the beach every year, is married and a father of four, his work quality is sometimes poor, and he is pleasant to work with. No, you should only allow mobile code to run from your organization or your organizations trusted sites. What level of damage can the unauthorized disclosure of information classified as confidential reasonably be expected to cause? If you receive a phone call from a stranger asking for information about your invoice payment process, you should: Crucial information about a user or organization can be gained through. **Social Networking Which of the following is a security best practice when using social networking sites? Remove your security badge, common access card (CAC), or personal identity verification (PIV) card. Which of the following is NOT sensitive information? A coworker wants to send you a sensitive document to review while you are at lunch and you only have your personal tablet. Paul verifies that the information is CUI, includes a CUI marking in the subject header, and digitally signs an e-mail containing CUI. In which situation below are you permitted to use your PKI token? You must have your organization's permission to telework. Ensure proper labeling by appropriately marking all classified material and, when required, sensitive material. Not correct. Which of following is true of protecting classified data? Which of the following should be reported as a potential security incident (in accordance with your Agencys insider threat policy)? Correct. What structures visible in the stained preparation were invisible in the unstained preparation? Which of the following is NOT a type of malicious code? Use the classified network for all work, including unclassified work. Correct. Examples are: Patient names, Social Security numbers, Drivers license numbers, insurance details, and birth dates. Which of the following best describes good physical security? A coworker removes sensitive information without authorization. *Spillage After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. What does Personally Identifiable information (PII) include? **Social Engineering Which is a best practice that can prevent viruses and other malicious code from being downloaded when checking your e-mail? Always use DoD PKI tokens within their designated classification level. *Malicious Code Which of the following is NOT a way that malicious code spreads? Dont assume open storage in a secure facility is authorized Maybe. 1.To provide opportunities for individuals and businesses to open checking accounts __________, To write rules and guidelines for financial institutions under its supervision __________, To be the lender of last resort for financial institutions __________, To conduct the nations monetary policy with the goals of maintaining full employment and price stability __________, 5. Memory sticks, flash drives, or external hard drives. Which of the following is an example of removable media? Which of the following is true of Internet of Things (IoT) devices? What should you do? A medium secure password has at least 15 characters and one of the following. When using your government-issued laptop in public environments, with which of the following should you be concerned? Memory sticks, flash drives, or external hard drives. (Mobile Devices) When can you use removable media on a Government system? Your cousin posted a link to an article with an incendiary headline on social media. A. What is a security best practice to employ on your home computer? *Sensitive Compartmented Information When faxing Sensitive Compartmented Information (SCI), what actions should you take? (Malicious Code) What are some examples of removable media? Contents hide. Which of these is true of unclassified data? 1.1.3 Insider Threat. The website requires a credit card for registration. internet-quiz. Store it in a shielded sleeve to avoid chip cloning. Scan external files from only unverifiable sources before uploading to computer. **Insider Threat What type of activity or behavior should be reported as a potential insider threat? -It never requires classification markings. What kind of information could reasonably be expected to cause serious damage to national security in the event of unauthorized disclosure? *Spillage You find information that you know to be classified on the Internet. What is the danger of using public Wi-Fi connections? What certificates are contained on the DoD Public Key Infrastructure (PKI) implemented by the Common Access Card (CAC)/Personal Identity Verification (PIV) card? **Use of GFE What is a critical consideration on using cloud-based file sharing and storage applications on your Government-furnished equipment (GFE)? To transmit large payments through Fedwire __________, To regulate and supervise the stock market to provide stability and security to individual investors. Spillage can be either inadvertent or intentional. **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? ~All documents should be appropriately marked, regardless of format, sensitivity, or classification. We recommend Norton Security or McAfee Total Protection. Antihistamines are used to treat the symptoms, such as sneezing, that are due to inflammation caused by irritants in the airways. Only paper documents that are in open storage need to be marked. (Sensitive Information) Which of the following is true about unclassified data? (GFE) When can you check personal e-mail on your Government-furnished equipment (GFE)? Which of the following is an example of a strong password? Which of the following is an example of malicious code? CUI may be stored on any password-protected system. Some examplesyou may be familiar with: TheFederalCUI Registry,shows authorized categoriesandassociated markings, as well as applicable safeguarding, dissemination, and decontrol procedures. You receive an email from a company you have an account with. Store it in a shielded sleeve to avoid chip cloning. **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? A Which of the following should you NOT do if you find classified information on the internet? Bob, a coworker, has been going through a divorce, has financial difficulties and is displaying hostile behavior. What should you do? Ensure there are no identifiable landmarks visible in any photos taken in a work setting that you post. Correct Which of the following does NOT constitute spillage? *Classified Data How do you respond? (Wrong). When using a public device with a card reader, only use your DoD CAC to access unclassified information, is only allowed if the organization permits it. Which of the following is NOT a correct way to protect CUI? Preventing an authorized reader of an object from deleting that object B. When teleworking, you should always use authorized and software. A colleague asks to leave a report containing protected health information (PHI) on his desk overnight so he can continue working on it the next day. Which of the following may help to prevent inadvertent spillage? correct. correct. CPCON 3 (Medium: Critical, Essential, and Support Functions) What is a best practice for protecting controlled unclassified information (CUI)? *Spillage What should you do if you suspect spillage has occurred? **Identity Management Which of the following is the nest description of two-factor authentication? Not correct However, agency personnel and contractors should first consult their agency's CUI implementing policies and program management for guidance. Explain. (Malicious Code) Which of the following is NOT a way that malicious code spreads? If aggregated, the information could become classified. Where. Discrete data involves whole numbers (integers - like 1, 356, or 9) that can't be divided based on the nature of what they are. Make note of any identifying information and the website URL and report it to your security office. **Identity management What is the best way to protect your Common Access Card (CAC)? Correct. Contact the IRS using their publicly available, official contact information. Which of the following is not considered a potential insider threat indicator? internet-quiz. When is the best time to post details of your vacation activities on your social networking website? Store classified data appropriately in a GSA-approved vault/container. Of the following, which is NOT a security awareness tip? Keeping a database from being accessed by unauthorized visitors C. Restricting a subject at a lower classification level from accessing data at a higher classification level D. Preventing an . Always check to make sure you are using the correct network for the level of data. Were mitochondria as abundant in human epithelial cells as in onion epidermal cells (procedure 4.6)? Neither confirm or deny the information is classified. Cyber Awareness Challenge Knowledge Check 2023 Answers, Cyber Awareness Challenge 2022 Knowledge Check Answers. Store your Common Access Card (CAC) or Personal Identity Verification (PIV) card in a shielded sleeve ~Write your password down on a device that only you access (e.g., your smartphone) Change your password at least every 3 months Enable two-factor authentication whenever available, even for personal accounts. **Social Networking As someone who works with classified information, what should you do if you are contacted by a foreign national seeking information on a research project? what should be your response be? It is getting late on Friday. What action should you take first? (Sensitive Information) What type of unclassified material should always be marked with a special handling caveat? It should only be in a system while actively using it for a PKI-required task. Correct. (Sensitive Information) What should you do if a commercial entity, such as a hotel reception desk, asks to make a photocopy of your Common Access Card (CAC) for proof of Federal Government employment? You know this project is classified. What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF. internet. What is a possible indication of a malicious code attack in progress? f. Get an answer. They can become an attack vector to other devices on your home network. ~All documents should be appropriately marked, regardless of format, sensitivity, or classification. A headset with a microphone through a Universal Serial Bus (USB) port. The physical security of the device. E-mailing your co-workers to let them know you are taking a sick day. cyber. A colleague has won 10 high-performance awards, can be playful and charming, is not currently in a relationship, and is occasionally aggressive in trying to access sensitive information. Which of the following is a reportable insider threat activity? Security Classification Guides (SCGs).??? Secure .gov websites use HTTPS How many potential insiders threat indicators does this employee display. Social Security Number; date and place of birth; mothers maiden name. T/F. Which of the following is not a best practice to preserve the authenticity of your identity? **Insider Threat What do insiders with authorized access to information or information systems pose? It may be compromised as soon as you exit the plane. Which of the following may be helpful to prevent inadvertent spillage? Phishing can be an email with a hyperlink as bait. Which of the following is true about unclassified data? What should you do if someone forgets their access badge (physical access)? -Its classification level may rise when aggregated. Which of the following actions is appropriate after finding classified Government information on the internet? Correct. You have reached the office door to exit your controlled area. A colleague is playful and charming, consistently wins performance awards, and is occasionally aggressive in trying to access classified information. How do you respond? Use TinyURL's preview feature to investigate where the link leads. Directing you to a website that looks real. cyber-awareness. Media containing Privacy Act information, PII, and PHI is not required to be labeled. **Insider Threat What function do Insider Threat Programs aim to fulfill? What should you do if a reporter asks you about potentially classified information on the web? Social Security Number, date and place of birth, mothers maiden name. Which may be a security issue with compressed Uniform Resource Locators (URLs)? *Spillage Which of the following may help prevent inadvertent spillage? Spillage because classified data was moved to a lower classification level system without authorization. Linda encrypts all of the sensitive data on her government-issued mobile devices. That trust is bounded by the Oath of Office we took willingly. What is an individual's Personally Identifiable Information (PII) or Protected Health Information (PHI) considered? He has the appropriate clearance and a signed, approved, non-disclosure agreement. ~A coworker brings a personal electronic device into a prohibited area. A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. Connect to the Government Virtual Private Network (VPN). Her badge is not visible to you. Use a common password for all your system and application logons. correct. How can you protect your organization on social networking sites? Classified information is defined in PL 96-456, the Classified Information Procedures Act: A passenger in the Land Rover Freelander that T-boned the hatchback said the BMW had been driven out of the unclassified road towards Shipton-under-Wychwood 'like a bat out of hell' - giving . Teams. Report the suspicious behavior in accordance with their organizations insider threat policy. NARAissuespolicy directives and publishesan annualreportto the President of the United Stateson the status of agency CUI Program implementation in accordance with Executive Order 13556, Controlled Unclassified Information.
