What is a security best practice to employ on your home computer? Should you always label your removable media? I may decide not to consent to these terms, but, if I do not consent to all of these terms, then I agree not to proceed with creating an account or moving forward with filling out the application, and I understand that I will not be . **Identity management Which is NOT a sufficient way to protect your identity? (social networking) When is the safest time to post details of your vacation activities on your social networking profile? Is it okay to run it? You know this project is classified. (Sensitive Information) What certificates are contained on the Common Access Card (CAC)? You receive a call on your work phone and youre asked to participate in a phone survey. You find information that you know to be classified on the Internet. *Spillage What should you do if you suspect spillage has occurred? A colleague abruptly becomes hostile and unpleasant after previously enjoying positive working relationships with peers, purchases an unusually expensive car, and has unexplained absences from work. Executive Order 13526 Classified National Security Information, PersonallyIdentifiable Information (PII), Sensitive Personally Identifiable Information (SPII), Proprietary Business Information (PBI) or currently known within EPA as Confidential Business Information (CBI), Unclassified Controlled Technical Information (UCTI). What should you do if someone forgets their access badge (physical access)? Who designates whether information is classified and its classification level? **Identity management Which of the following is NOT a best practice to preserve the authenticity of your identity? P2P (Peer-to-Peer) software can do the following except: Allow attackers physical access to network assets. Unclassified information cleared for public release. Which is a way to protect against phishing attacks? **Insider Threat A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. **Social Engineering Which is a best practice that can prevent viruses and other malicious code from being downloaded when checking your e-mail? Why might "insiders" be able to cause damage to their organizations more easily than others? They provide guidance on reasons for and duration of classification of information. Correct. Definition 1 / 24 -It must be released to the public immediately. Controlled unclassified information. Law Enforcement Sensitive (LES),and others. **Social Networking Which of the following information is a security risk when posted publicly on your social networking profile? Ask the individual to see an identification badge. Write your password down on a device that only you access. Keeping a database from being accessed by unauthorized visitors C. Restricting a subject at a lower classification level from accessing data at a higher classification level D. Preventing an . You must have your organizations permission to telework. Always check to make sure you are using the correct network for the level of data. Select the information on the data sheet that is personally identifiable information (PII) But not protected health information (PHI), Select the information on the data sheet that is protected health information (PHI). Linda encrypts all of the sensitive data on her government issued mobile devices. -It must be released to the public immediately. Antihistamines are used to treat the symptoms, such as sneezing, that are due to inflammation caused by irritants in the airways. Which of the following is true of Unclassified information? 1.1.3 Insider Threat. (Spillage) What type of activity or behavior should be reported as a potential insider threat? Explain. *Sensitive Compartmented Information What should the owner of this printed SCI do differently? Controlled Unclassified Information (CUI) is information that requires safeguarding or dissemination controls pursuant to and consistent with applicable law, regulations, and government-wide policies but is not classified under Executive Order 13526 or the Atomic Energy Act, as amended. Let us have a look at your work and suggest how to improve it! Which is a risk associated with removable media? You receive an unexpected email from a friend: "I think you'll like this: (URL)" What action should you take? THIS IS THE BEST ANSWER . Correct. Debra ensures not correct Organizational Policy Not correct **Social Networking What should you do if you receive a game application request that includes permission to access your friends, profile information, cookies, and sites visited? (Sensitive Information) Which of the following is true about unclassified data? Your comments are due on Monday. Which of the following is a potential insider threat indicator? Which of the following includes Personally Identifiable Information (PII) and Protected Health Information (PHI)? Assuming open storage is always authorized in a secure facility. Information improperly moved from a higher protection level to a lower protection level. Decline So That You Maintain Physical Control of Your Government-Issued Laptop. Follow procedures for transferring data to and from outside agency and non-Government networks. A program that segregates various type of classified information into distinct compartments for added protection and dissemination for distribution control. *Malicious Code Which of the following is NOT a way that malicious code spreads? It may be compromised as soon as you exit the plane. Classified Information can only be accessed by individuals with. Classification markings and handling caveats. Under which circumstances may you be subject to criminal, disciplinary, and/or administrative action due to online misconduct? Which of the following is true of downloading apps? Lock your device screen when not in use and require a password to reactivate. (Malicious Code) What are some examples of removable media? New answers. CUI must be handled using safeguarding or dissemination controls. How can you protect yourself on social networking sites? Question 1: The business impact analysis (BIA) identifies the resources for which a business continuity plan (BCP) is necessary. Unauthorized Disclosure of Classified Information for DoD, Security Awareness: Derivative Classification Answers, CITI Ethics, Responsible Conduct, RCR, Law, HTH And IRB Answers, EVERFI Achieve Consumer Financial Education Answers, Security Pro: Chapter 3 (3.1.8) & 4.1 Security Policies Answers, CITI Module #3 Research in Public Elementary and Secondary Schools, Answers to CTS Unit 7 Lab 7-2: Protocols and Services SNMP, Google Analytics Individual Qualification Exam Answers, Everfi Module 4 Credit Scores Quiz Answers, Which Of The Following Is Not Considered A Potential Insider Threat Indicator. What structures visible in the stained preparation were invisible in the unstained preparation? (Malicious Code) Upon connecting your Government-issued laptop to a public wireless connection, what should you immediately do? A coworker has asked if you want to download a programmer's game to play at work. **Insider Threat What advantages do insider threats have over others that allows them to cause damage to their organizations more easily? What should you do? (Correct)-It does not affect the safety of Government missions.-It never requires classification markings. *Sensitive Information Under what circumstances could classified information be considered a threat to national security? Classified information is defined in PL 96-456, the Classified Information Procedures Act: PII, PHI, and financial information is classified as what type of information? correct. CPCON 5 (Very Low: All Functions). As a best practice, labeling all classified removable media and considering all unlabeled removable media as unclassified. (Malicious Code) Which of the following is NOT a way that malicious code spreads? Reviewing and configuring the available security features, including encryption. Briefly describe what you have learned. Which of the following is a practice that helps to protect you from identity theft? Upon connecting your Government- issued laptop to a public wireless connection, what should you immediately do? Follow procedures for transferring data to and from outside agency and non-Government networks. What should you do? Controlled Unclassified Information (CUI) Purpose of the CUI Program. Understanding and using the available privacy settings. What should you do? Ensure proper labeling by appropriately marking all classified material. What are the requirements to be granted access to sensitive compartmented information (SCI)? DoD Unclassified data: Must be cleared before being released to the public May require applci aton i of Controled l Uncasl sed Iifi nformaton i (CU)I access and distribution controls Must be clearly marked as Unclassified or CUI if included in a classified document or classified storage area When operationally necessary, owned by your organization, and approved by the appropriate authority. Never write down the PIN for your CAC. Mark SCI documents appropriately and use an approved SCI fax machine. **Social Engineering What action should you take with an e-mail from a friend containing a compressed Uniform Resource Locator (URL)? 870 Summit Park Avenue Auburn Hills, MI 48057. Confirm the individuals need-to-know and access. Which of the following is true of protecting classified data? You should only accept cookies from reputable, trusted websites. *Sensitive Compartmented Information What should the participants in this conversation involving SCI do differently? What type of data must be handled and stored properly based on classification markings and handling caveats? What action should you take? b. taking away a toy or treat Correct. Infographic - Text version Infographic [PDF - 594 KB] Report a problem or mistake on this page Date modified: 2020-12-14 An investment in knowledge pays the best interest.. What should you do? not correct. **Mobile Devices Which is a rule for removable media, other portable electronic devices (PEDs), and mobile computing devices to protect Government systems? How many potential insider threat indicators does this employee display? *Spillage A user writes down details marked as Secret from a report stored on a classified system and uses those details to draft a briefing on an unclassified system without authorization. What is NOT Personally Identifiable Information (PII)? Which of the following is NOT true concerning a computer labeled SECRET? (Spillage) Which of the following is a best practice to protect information about you and your organization on social networking sites and applications? Information should be secured in a cabinet or container while not in use. Which of the following is NOT true of traveling overseas with a mobile phone? ~All documents should be appropriately marked, regardless of format, sensitivity, or classification. **Website Use While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. However, agency personnel and contractors should first consult their agency's CUI implementing policies and program management for guidance. Which of the following is NOT a requirement for telework? **Social Networking When is the safest time to post details of your vacation activities on your social networking profile? How many insider threat indicators does Alex demonstrate? Press release data. **Removable Media in a SCIF What portable electronic devices (PEDs) are allowed in a Sensitive Compartmented Information Facility (SCIF)? Sanitized information gathered from personnel records. UNCLASSIFIED is a designation to mark information that does not have potential to damage national security. CUI is not classified information. Which of the following best describes good physical security? If authorized, what can be done on a work computer? Tell us about it through the REPORT button at the bottom of the page. A headset with a microphone through a Universal Serial Bus (USB) port. Based on the description that follows how many potential insider threat indicators are displayed? Identify and disclose it with local Configuration/Change Management Control and Property Management authorities. This task is performed with the aim of finding similarities in data points and grouping similar data points together. Search (Wrong). Ans: True Question 2: The Government Information Security Reform Act (Security Reform Act) of 2000 focuses on management View the full answer What describes how Sensitive Compartmented Information is marked? How many potential insiders threat indicators does this employee display. (Travel) Which of the following is a concern when using your Government-issued laptop in public? This is information that, if released to the public, carries no injury to personal, industry, or government interests. Three or more. Do not download it. ?Access requires Top Secret clearance and indoctrination into SCI program.??? Alex demonstrates a lot of potential insider threat indicators. Create separate user accounts with strong individual passwords. What actions should you take with a compressed Uniform Resource Locator (URL) on a website known to you? *Sensitive Information What type of unclassified material should always be marked with a special handling caveat? Spillage because classified data was moved to a lower classification level system without authorization. How should you respond? Not correct. Which of the following personally-owned computer peripherals is permitted for use with Government-furnished equipment? Q&A for work. You receive an unexpected email from a friend: I think youll like this: https://tinyurl.com/2fcbvy. What action should you take? What type of social engineering targets senior officials? **Travel Which of the following is true of traveling overseas with a mobile phone? (Insider Threat) Based on the description that follows, how many potential insider threat indicator(s) are displayed? What is a best practice for protecting controlled unclassified information (CUI)? (Malicious Code) While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. not correct Maintain possession of your laptop and other government-furnished equipment (GFE) at all times. How should you protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card? When vacation is over, after you have returned home. What is a possible indication of a malicious code attack in progress? While it may seem safer, you should NOT use a classified network for unclassified work. When can you check personal email on your government furnished equipment? On a NIPRNET system while using it for a PKI-required task. Which of the following is true of transmitting Sensitive Compartmented Information (SCI)? Proactively identify potential threats and formulate holistic mitigation responses. Paul verifies that the information is CUI, includes a CUI marking in the subject header and digitally signs an e-mail containing CUI. Prudence faxes CUI using an Unclassified cover sheet via a Secret fax machine. T/F. Everything you need to know aboutControlled UnclassifiedInformation(CUI). Controlled Unclassified Information (CUI) is informationthat requires safeguarding or dissemination controls consistent with applicable laws, regulations, and Government-wide policies, but is not classified under Executive Order 13526 "Classified National Security Informat What are examples of CUI? Setting weekly time for virus scan when you are not on the computer and it is powered off. It should only be in a system while actively using it for a PKI-required task. Follow instructions given only by verified personnel. what should be your response be? Unclassified is a security classification assigned to official information that does not warrant the assignment of Confidential, Secret, or Top Secret markings but which is not publicly-releasable without authorization. Which of the following is a good practice to prevent spillage. Store it in a GSA approved vault or container. How do you think antihistamines might work? This bag contains your government-issued laptop. Updated 8/5/2020 8:06:16 PM. Which of the following is a security best practice for protecting Personally Identifiable Information (PII)? No. NARAissuespolicy directives and publishesan annualreportto the President of the United Stateson the status of agency CUI Program implementation in accordance with Executive Order 13556, Controlled Unclassified Information. **Classified Data Which of the following must you do before using and unclassified laptop and peripherals in a collateral environment? **Insider Threat What do insiders with authorized access to information or information systems pose? Classified material must be appropriately marked. **Social Networking As someone who works with classified information, what should you do if you are contacted by a foreign national seeking information on a research project? Question. Protection may be required for privacy, law enforcement, contractual protections, or other reasons. Use online sites to confirm or expose potential hoaxes, Follow instructions given only by verified personnel, Investigate the links actual destination using the preview feature, Determine if the software or service is authorized. (Malicious Code) What is a good practice to protect data on your home wireless systems? 1.1 Standard Challenge Answers. Since the URL does not start with https, do not provide you credit card information. You must have your organizations permission to telework. The website requires a credit card for registration. **Identity Management Which of the following is the nest description of two-factor authentication? Which of the following is NOT a correct way to protect sensitive information? Use a common password for all your system and application logons. Do not access links or hyperlinked media such as buttons and graphics in email messages. What can help to protect the data on your personal mobile device. While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. Use TinyURL's preview feature to investigate where the link leads. Which of the following is true of Security Classification Guides? In setting up your personal social networking service account, what email address should you use? Please click here to see any active alerts. correct. It is releasable to the public without clearance. **Classified Data Which of the following can an unauthorized disclosure of information classified as Confidential reasonably be expected to cause? How many potential insider threat indicators does this employee display? The age of the driver may top the list of variables. *Spillage Which of the following is a good practice to aid in preventing spillage? Under what circumstances could unclassified information be considered a threat to national security? Badges must be visible and displayed above the waist at all times when in the facility. Learn more about Teams Carrying his Social Security Card with him, DoD employees are prohibited from using a DoD CAC in card-reader-enabled public device, Assigned a classification level by a supervisor. How can you protect your information when using wireless technology? CPCON 2 (High: Critical and Essential Functions) Which scenario might indicate a reportable insider threat security incident? If aggregated, the information could become classified. correct. (Sensitive Information) What guidance is available from marking Sensitive Information information (SCI)? -It never requires classification markings. What type of security is part of your responsibility and placed above all else?, If your wireless device is improperly configured someone could gain control of the device? **Use of GFE Under what circumstances is it acceptable to use your Government-furnished computer to check personal e-mail and do other non-work-related activities? Executive Order 13556, Controlled Unclassified Information, requires the Executive Branch to establish an open and uniform program for managing [unclassified] information that requires safeguarding or dissemination controls pursuant to and consistent with laws, regulations, and Government-wide policies. The National Archives and Records Administration (NARA) was named the Executive Agent (EA) responsible for overseeing the CUI Program. After clicking on a link on a website, a box pops up and asks if you want to run an application. (Home computer) Which of the following is best practice for securing your home computer? Some examplesyou may be familiar with: TheFederalCUI Registry,shows authorized categoriesandassociated markings, as well as applicable safeguarding, dissemination, and decontrol procedures. what should you do? Social Security Number, date and place of birth, mothers maiden name. (Spillage) Which of the following practices may reduce your appeal as a target for adversaries seeking to exploit your insider status? You many only transmit SCI via certified mail. Correct, Someone who uses authorized access, wittingly or unwittingly, to harm national security through unauthorized disclosure or other actions that may cause the loss or degradation of resources or capabilities. After work hours, storing sensitive information in unlocked containers, desks, or cabinets if security is not present. Digitally signed e-mails are more secure. correct. Never allow sensitive data on non-Government-issued mobile devices. After you have returned home following the vacation. What is a rule for removable media, other portable electronic devices (PEDs), and mobile computing devices to protect Government systems? What is the danger of using public Wi-Fi connections? Do not access website links, buttons, or graphics in e-mail. Note the websites URL and report the situation to your security point of contact. They can become an attack vector to other devices on your home network. Added 8/5/2020 8:06:16 PM. *Sensitive Compartmented Information What is Sensitive Compartmented Information (SCI)? Like the number of people in a class, the number of fingers on your hands, or the number of children someone has. Which of the following is a best practice to protect information about you and your organization on social networking sites and applications? *Insider Threat Which of the following is a potential insider threat indicator? It never requires classification markings, is true about unclassified data. A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. (Sensitive Information) What must the dissemination of information regarding intelligence sources, methods, or activities follow? Validate friend requests through another source before confirming them. cyber-awareness. Which of the following is an example of a strong password? Attempt to change the subject to something non-work related, but neither confirm nor deny the articles authenticity. They broadly describe the overall classification of a program or system. Secure it to the same level as Government-issued systems. View email in plain text and dont view email in Preview Pane. Others may be able to view your screen. Report the crime to local law enforcement. Which may be a security issue with compressed Uniform Resource Locators (URLs)? -TRUE The use of webmail is -is only allowed if the organization permits it Using webmail may bypass built in security features. Which of the following is a security best practice when using social networking sites? If you participate in or condone it at any time. 1 Answer/Comment. Avoid talking about work outside of the workplace or with people without a need-to-know. cyber-awareness. *Spillage What should you do when you are working on an unclassified system and receive an email with a classified attachment? Remove your security badge, common access card (CAC), or personal identity verification (PIV) card. How Do I Answer The CISSP Exam Questions? (Mobile Devices) Which of the following statements is true? What is required for an individual to access classified data? Which of the following is true about unclassified data? You must have your organization's permission to telework c. You may use unauthorized software as long as your computer's antivirus software is up to date.