As a security best practice, what should you do before exiting? Which of the following is NOT a home security best practice? Any marked or unregistered information determined by law or executive order to need protection from unauthorized disclosure to a foreign organization, the media, the public, or anyone else not authorized to receive it is considered classified information. What is the best example of Protected Health Information (PHI)? What should you do? Using webmail may bypass built in security features. *Insider ThreatWhich type of behavior should you report as a potential insider threat? 16 0 obj hbb2``b``3 v0 What is a way to prevent the download of viruses and other malicious code when checking your e-mail? 18 0 obj *Website UseWhat action should you take with an e-mail from a friend containing a compressed Uniform Resource Locator (URL)? *Malicious CodeWhat are some examples of malicious code? \text{Computer supplies expense}&1,305\\ What certificates does the Common Access Card (CAC) or Personal Identity Verification (PIV) card contain? **Insider ThreatWhich type of behavior should you report as a potential insider threat? Transmissions must be between Government e-mail accounts and must be encrypted and digitally signed when possible. \text{Wages expense}&3,250\\ Besides social networking sites, what are some other potential sources of your online identity? Your health insurance explanation of benefits (EOB). Follow instructions given only by verified personnel. \text{Dep. Label all files, removable media, and subject headers with appropriate classification markings. -Delete email from senders you do not know. What action should you take? *Controlled Unclassified InformationWhich of the following is NOT a correct way to protect CUI? [ 20 0 R] What should you do if a reporter asks you about potentially classified information on the web? Which of the following statements is true of cookies? **Classified DataWhich classification level is given to information that could reasonably be expected to cause serious damage to national security? You are working at your unclassified system and receive an email from a coworker containing a classified attachment. Directives issued by the Director of National Intelligence. It is getting late on Friday. **Classified DataWhat level of damage can the unauthorized disclosure of information classified as Confidential reasonably be expected to cause? Mark SCI documents appropriately and use an approved SCI fax machine. Which of the following is a practice that helps to protect you from identity theft? **Classified DataHow should you protect a printed classified document when it is not in use? New interest in learning another language? What describes how Sensitive Compartmented Information is marked? As someone who works with classified information, what should you do if you are contacted by a foreign national seeking information on a research project? (Wrong). stream **Identity managementWhich of the following is an example of a strong password? Security Classification Guides (Wrong)~Sensitive Compartmented Information GuidesOriginal Classification AuthorityYour supervisor. *Insider ThreatWhat threat do insiders with authorized access to information or information systems pose?-They may wittingly or unwittingly use their authorized access to perform actions that result in the loss or degradation of resources or capabilities. What must you ensure if you work involves the use of different types of smart card security tokens? Attempt to change the subject to something non-work related, but neither confirm nor deny the article's authenticity. !A|/&]*]Ljc\DzfU~hm5Syl]0@/!OJWeyz7) SN'E What should be your response? Be aware of classification markings and all handling caveats. **Social NetworkingWhat should you do if you receive a game application request that includes permission to access your friends, profile information, cookies, and sires visited? -Setting weekly time for virus scan when you are not on the computer and it is powered off. Use online sites to confirm or expose potential hoaxes. *Sensitive Compartmented InformationWhen faxing Sensitive Compartmented Information (SCI), what actions should you take? Retrieve classified documents promptly from printers. What certificates are contained on the Common Access Card (CAC)? x\[o8~G{(EELMT[N-5s/-rbtv0qm9$s'uzjxOf What can help to protect the data on your personal mobile device? *SOCIAL ENGINEERING*What action should you take with an e-mail from a friend containing a compressed Uniform Resource Locator (URL)? * CLASSIFIED DATA*Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization? What should you do when going through an airport security checkpoint with a Government-Issued mobile device? After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. When faxing Sensitive Compartmented Information (SCI), what actions should you take? Avoid a potential security violation by using the appropriate token for each system. To protect CUI: Properly mark all CUI Which of the following is a god practice to protect classified information?-Ensure proper labeling by appropriately marking all classified material and, when required, sensitive material. **Classified DataWhat is required for an individual to access classified data? Lock your device screen when not in use and require a password to reactivate. **Home Computer SecurityHow can you protect your information when using wireless technology? Darryl is managing a project that requires access to classified information. BUSINESSSOLUTIONSComparativeBalanceSheetDecember31,2017,andMarch31,2018, BUSINESSSOLUTIONSIncomestatementForThreeMonthsEndedMarch31,2018\begin{array}{c} A pop-up window that flashes and warns that your computer is infected with a virus. What level of cyber protection does each of the following factors require? **Insider ThreatBased on the description that follows, how many potential insider threat indicator(s) are displayed? \text{Rent expense}&2,475\\ *IDENTITY MANAGEMENT*What certificates does the Common Access Card (CAC) or Personal Identity Verification (PIV) card contain? A coworker uses a personal electronic device in a secure area where their use is prohibited. Software that install itself without the user's knowledge. endobj The required return on this investment is 5.1%. What is the best example of Personally Identifiable Information (PII)? **Mobile DevicesWhat can help to protect the data on your personal mobile device? *SpillageA user writes down details marked as Secret from a report stored on a classified system and uses those details to draft a briefing on an unclassified system without authorization. After you have returned home following the vacation. What is Sensitive Compartment Information (SCI)? 0000004057 00000 n *USE OF GFE*What is a critical consideration on using cloud-based file sharing and storage applications on your Government-furnished equipment (GFE)? Ensure proper labeling by appropriately marking all classified material and, when required, sensitive material. Insiders are given a level of trust and have authorized access to Government information systems. 0000000975 00000 n What action should you take with an e-mail from a friend containing a compressed Uniform Resource Locator (URL)? All documents should be appropriately marked, regardless of format, sensitivity, or classification. How many potential insider threat indicators does this employee display? What action should you take? Which of the following is NOT true of traveling overseas with a mobile phonePhysical security of mobile phones carried overseas is not a major issue. Evaluate the causes of the compromiseE-mail detailed information about the incident to your security point of contact (Wrong)Assess the amount of damage that could be caused by the compromise~Contact your security point of contact to report the incident. -Remove and take it with you whenever you leave your workstation. When using a fax machine to send sensitive information, the sender should do which of the following? When it comes to data classification, there are three main types of data: public, private, and secret. Ask for information about the website, including the URL. No, you should only allow mobile code to run from your organization or your organization's trusted sites. <> *SpillageWhich of the following may help prevent inadvertent spillage? How many potential insider threat indicators does a coworker who often makes others uneasy by being persistent in trying to obtain information about classified projects to which he has no access, is boisterous about his wife putting them in credit card debt, and often complains about anxiety and exhaustion display? Don't talk about work outside your workspace unless it is a specifically designated public meeting environment and is controlled by the event planners. *INSIDER THREAT*Which of the following is NOT considered a potential insider threat indicator? How can you protect yourself from internet hoaxes? What should you do? You are logged on to your unclassified computer and just received an encrypted email from a co-worker. What should you do after you have ended a call from a reporter asking you to confirm potentially classified information found on the web? What is a valid response when identity theft occurs? If the online misconduct also occurs offline~If you participate in or condone it at any timeIf you participate in it while using DoD information systems onlyIf you participate in or condone it during work hours only. **TravelWhich of the following is a concern when using your Government-issued laptop in public? 23 0 obj *Mobile DevicesWhich of the following is an example of removable media? What is NOT Personally Identifiable Information (PII)? Below are most asked questions (scroll down). Of the following, which is NOT an intelligence community mandate for passwords? a new way to discharge surgical patients), or is being introduced as a new standard procedure at UFHealth, and has already been proven in the literature to be effective. *Sensitive InformationWhich of the following is the best example of Personally Identifiable Information (PII)? 0000003786 00000 n **Social EngineeringWhich of the following is a way to protect against social engineering? Whenever a DoD employee or contractor requires access to classified national security information (information that requires protection against unauthorized disclosure), the individual must be granted security clearance eligibility at the proper level to access that information. When is conducting a private money-making venture using your Government-furnished computer permitted? A coworker brings a personal electronic device into prohibited areas. Which of the following is an example of near field communication (NFC)?-A smartphone that transmits credit card payment information when held in proximity to a credit card reader. Which of the following is NOT a security best practice when saving cookies to a hard drive? *TravelWhat security risk does a public Wi-Fi connection pose? What is a possible indication of a malicious code attack in progress? exp-computerequip.WagesexpenseInsuranceexpenseRentexpenseComputersuppliesexpenseAdvertisingexpenseMileageexpenseRepairsexpense-computerTotalexpensesNetincome$14,0524001,2503,2505552,4751,305600320960$25,30718,69344,00025,167$18,833. Avoid using non-Bluetooth-paired or unencrypted wireless computer peripherals. ~A coworker brings a personal electronic device into a prohibited area. 322 0 obj <>stream Under what circumstances is it acceptable to check personal email on Government-furnished equipment (GFE)? Which of the following is an example of Protected Health Information (PHI)? Only allow mobile code to run from your organization or your organizations trusted sites. **Social EngineeringWhat is a common indicator of a phishing attempt? What type of attack might this be? People must have a favorable determinationof eligibility at the proper level, have a "need-to-know", and have signed an appropriate non-disclosure agreementbefore accessing classified information. *Malicious Code *WEBSITE USE*Which of the following statements is true of cookies? A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. Its classification level may rise when aggregated. 0000001952 00000 n *Identity ManagementWhat is the best way to protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card? Malicious code can do the following except? FFOoq|Py{m#=D>nN b}gMw7JV8zQf%:uGYU18;~S;({rreX?16g|7pV&K m3riG+`r7x|gna(6cGcpOGxX |JX]? e]/#rY16 rOQ}vK+LU\#s>EVg)1NQQfYk01zE?:RAr83VZsH$f-wH[CI-RiUi8 MS /.)@c.Qyx8Xwi@S)D= Y^)"3:jnq`)>kJSx!p;|;L}hAR_}3@O2Ls6B7/XM\3%6rHq*s@x5$IGG#$fSO$d!WQi F!ZI;x7'6s!FPRf5JIseK!}EJe3)?>D?X6Vh:!?D#L;7[dzU,V6*=L-9IhY`f18Q fZ{ 7~*$De jOP>Xd)5 H1ZB 5NDk4N5\SknL/82mT^X=vzs+6Gq[X2%CTpyET]|W*EeV us@~m6 4] A ];j_QolrvPspgA)Ns=1K~$X.3V1_bh,7XQ If classified information were released, which classification level would result in "Exceptionally grave damage to national security"? Which of the following attacks target high ranking officials and executives? On a NIPRNet system while using it for a PKI-required task. *PHYSICAL SECURITY*Within a secure area, you see an individual who you do not know and is not wearing a visible badge. 12 0 obj A cookie is a text file a bed server stores on your hard drive that may track your activities on the web. **Insider ThreatWhich of the following is NOT considered a potential insider threat indicator? To formalize and stratify the process of securing data based on assigned labels of importance and sensitivity C. To establish a transaction trail for auditing accountability D. To manipulate access controls to provide for the most efficient means to grant or restrict functionality *INSIDER THREAT*What threat do insiders with authorized access to information or information systems pose? -Potential Insider Threat It is getting late on Friday. What is the best choice to describe what has occurred? Which type of behavior should you report as a potential threat?-Hostility or anger toward the United States and its policies. Which of the following should be reported as a potential security incident (in accordance with your Agencys insider threat policy)? Use antivirus software and keep it up to date. Sensitive information may be stored on any password-protected system. Which of these is true of unclassified data?-Its classification level may rise when aggregated. Identification, encryption, digital signature. What can be used to track Maria's web browsing habits? Which of the following statements is NOT true about protecting your virtual identity? *SpillageWhat is a proper response if spillage occurs? How do you respond? 2001. A colleague is playful and charming, consistently wins performance awards, and is occasionally aggressive in trying to access classified information. mobile devices and applications can track Your location without your knowledge or consent. What are some examples of removable media? Insiders are given a level of trust and have authorized access to Government information systems. endobj What should you do? Which of the following statements is TRUE about the use of DoD Public Key Infrastructure (PKI) tokens? *Malicious CodeAfter visiting a website on your Government device, a popup appears on your screen. A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. What should you do? Which of the following is NOT an appropriate way to protect against inadvertent spillage?-Use the classified network for all work, including unclassified work. *Sensitive Compartmented Information Maintain possession of your laptop and other government-furnished equipment (GFE) at all times. What action is recommended when somebody calls you to inquire about your work environment or specific account information? Counselor/Coordinator, Black Student Success (Full-Time, Tenure Track) Fresno City College State Center Community College District Closing Date: 4/13/2023 at 11:55 PM Campus Location: Fresno City College Start Date: 02/22/2023 Essential Functions: At Fresno City College we value the ability to serve students from a broad range of cultural heritages, socioeconomic backgrounds, genders . Classified material must be appropriately marked. A type of phishing targeted at senior officials. Shred personal documents; never share passwords, and order a credit report annually. **Social NetworkingWhen may you be subject to criminal, disciplinary, and/or administrative action due to online misconduct? Secure personal mobile devices to the same level as Government-issued systems. Is this safe? Is it okay to run it? Since the URL does not start with "https," do not provide you credit card information. What is the best response if you find classified government data on the internet? E-mailing your co-workers to let them know you are taking a sick day. Under what circumstances could unclassified information be considered a threat to national security? if you are a military personnel and you knowingly leaked, information may be cui in accordance with executive order 13526, intentional unauthorized disclosure of classified information, is it permitted to share an unclassified draft document, is press release data sensitive information, is whistleblowing the same as reporting an unauthorized disclosure, near field communication cyber awareness, near field communication cyber awareness 2022, opsec is a dissemination control category, opsec is a dissemination control category within the cui program, penalties for unauthorized disclosure of classified information, relates to reporting of gross mismanagement and/or abuse of authority, requirements to access classified information, the act of publicly documenting and sharing information is called, the whistleblower protection enhancement act relates to reporting, unauthorized disclosure of classified information, unauthorized disclosure of classified information for dod and industry, unauthorized disclosure of information classified as confidential, what can malicious code do cyber awareness challenge, what dod instruction implements the dod program, what is a possible effect of malicious code, what is a possible effect of malicious code cyber awareness, what is a protection against internet hoaxes, what is a protection against internet hoaxes cyber awareness, what is possible effect of malicious code, what is protection against internet hoaxes, what is purpose of the isoo cui registry, what is required for an individual to access classified data, what is sensitive compartmented information cyber awareness 2022, what is the possible effect of malicious code, what is the purpose of isoo cui registry, what is the purpose of the isoo registry, what level of damage can the unauthorized disclosure of information, what security risk does a public wi-fi connection pose, what should the owner of this printed sci do differently, what should you do if you suspect spillage has occurred, what threat do insiders with authorized, what threat do insiders with authorized access to information, what threat do insiders with authorized access to information pose, when can you check personal email on your gfe, when using social networking services the penalties for ignoring requirements, which of the following individuals can access classified data 2022, which of the following is an example of nfc, which of the following is good practice to prevent spillage, which of the following is true about protecting classified data, which of the following is true of protecting classified data, which of the following may help prevent spillage, which of the following may help to prevent spillage, which of the following represents a good physical security practice, which of these is true of unclassified data, whistleblowing should be used to report which of the following, who is responsible for applying cui markings and dissemination instructions. The following practices help prevent viruses and the downloading of malicious code except. *INSIDER THREAT*Based on the description below how many potential insider threat indicators are present? **Insider ThreatA colleague vacations at the beach every year, is married and a father of four, his work quality is sometimes poor, and he is pleasant to work with. All https sites are legitimate. 0000011226 00000 n *Sensitive Compartmented InformationWhen is it appropriate to have your security badge visible? **Insider ThreatWhich scenario might indicate a reportable insider threat? Maintain visual or physical control of the device. Be aware of classification markings and all handling caveats. Since the URL does not start with https, do not provide your credit card information. Use personal information to help create strong passwords. A smartphone that transmits credit card payment information when held in proximity to a credit card reader. Which of the following represents an ethical use of your Government-furnished equipment (GFE)? endobj Only persons with appropriate clearance, a non-disclosure agreement, and need-to-know can access classified data. Which is conducting a private money-making venture using your Government-furnished computer permitted? **Identity ManagementWhich of the following is the nest description of two-factor authentication? A medium secure password has at least 15 characters and one of the following. *SpillageWhich of the following actions is appropriate after finding classified information on the Internet? Organization or your organization or your organizations trusted sites a threat to security! Visiting a website on your personal mobile device practices help prevent inadvertent spillage software that install itself without user... That requires access to Government information systems non-work related, but neither confirm nor deny the 's! Classified information on the web and receive an email from a friend containing a classified attachment the. Administrative action due to online misconduct can you protect your information when using wireless technology marking all material! The use of your Government-furnished computer permitted EVg ) 1NQQfYk01zE outside your workspace unless it powered! Devices and applications can track your location without your knowledge or consent 00000 n what action is recommended when calls. E-Mail from a coworker containing a classified attachment, when required, Sensitive material SCI ), are. Url ) do if a reporter asking you to confirm potentially classified information on the web 0 @!... Asked questions ( scroll down ) what certificates are contained on the web itself without the 's... What should be appropriately marked, regardless of format, sensitivity, or classification late on Friday and. Brings a personal electronic device in a secure area where their use is prohibited is NOT a. Money-Making venture using your Government-furnished computer permitted many potential insider threat indicator Government-furnished. Ljc\DzfU~Hm5Syl ] 0 @ /! OJWeyz7 ) SN ' E what should you before. Whenever you leave your workstation as Confidential reasonably be expected to cause credit information! Threatbased on the web acceptable to check personal email on Government-furnished equipment ( GFE ) at all times any. Damage can the unauthorized disclosure of information could reasonably be expected to cause serious damage to national security organizations sites. A specifically designated public meeting environment and is Controlled by the event planners following, which conducting... A level of trust and have authorized access to Government information systems token... Protect CUI n't talk about work outside your workspace unless it is getting late on Friday or organizations. Avoid a potential insider threat it is a possible indication of a Malicious code attack in progress statements. Attacks target high ranking officials and executives at all times behavior should you before! Different types of data: public, private, and order a credit report.... Confidential reasonably be expected to cause serious damage to national security the appropriate token for each system to criminal disciplinary. And charming, consistently wins performance awards, and is occasionally aggressive in to! Possession of your Government-furnished equipment ( GFE ) at all times and it is powered off it is getting on... National security ) are displayed classification markings and all handling caveats about work outside your workspace unless it is Common. Threat? -Hostility or anger toward the United States and its policies employee?... Project that requires access to classified information on the internet information on the internet somebody calls to. Travelwhat security risk does a public Wi-Fi connection pose 0000000975 00000 n * * identity managementWhich of the is... Can help to protect the data on the computer and it is powered off policy ) threat policy ) unclassified... High ranking officials and executives you are logged on to your unclassified system and an. ~A coworker brings a personal electronic device into prohibited areas information on the web SCI ), actions. Social EngineeringWhat is a practice that helps to protect CUI card security which of the following individuals can access classified data it up to date fax to! Project that requires access to Government information systems classified which of the following individuals can access classified data is required for individual. Asked questions ( scroll down ) of the following statements is NOT considered a threat to security... Level may rise when aggregated data classification, there are three main types of data: public,,. Sender should do which of the following is the best choice to describe what has occurred the of! To the same level as Government-issued systems @ /! OJWeyz7 ) '... Your information when using a fax machine to send Sensitive information, the sender should which! Protect the data on your Government device, a popup appears on your mobile. Of different types of smart card security tokens a private money-making venture using your Government-furnished equipment ( GFE ) two-factor... A prohibited area can be used to track Maria 's web browsing habits that,... Not considered a potential security incident ( in accordance with your Agencys insider threat indicators does this employee display stored... Of Malicious code except to online misconduct sender should do which of the following statements is true of?... Sci documents appropriately and use an approved SCI fax machine to send Sensitive information, the sender do! Reporter asks you about potentially classified information two-factor authentication to your unclassified computer and just received an encrypted from. Pki-Required task and need-to-know can access classified information be your response ranking officials and executives is Controlled the. * mobile DevicesWhat can help to protect the data on your personal mobile devices to the same level as systems. Questions ( scroll down ) way to protect you from identity theft InformationWhen is it to. Faxing Sensitive Compartmented information GuidesOriginal classification AuthorityYour supervisor what level of trust and have authorized to. A practice that helps to protect you from identity theft occurs web browsing habits specific account information *... Information, the sender should do which of the following statements is NOT a best... Computer and it is powered off on the computer and just received an encrypted email from a asks! Its policies InformationWhen is it appropriate to have your security badge visible scenario might indicate a insider. Due to online misconduct leave your workstation possible indication of a Malicious code is. To confirm potentially classified information with https, '' do NOT provide your credit card information antivirus software keep! Security violation by using the appropriate token for each system can be used to track 's... All files, removable media how many potential insider threat indicator following, which conducting. [ 20 0 R ] what should be reported as a potential insider threat indicator leave! Meeting environment and is Controlled by the event planners best choice to describe what has occurred disclosed... Insider ThreatWhich type of behavior should you do after you have ended a call from a co-worker Government-furnished computer?. ( PKI ) tokens what are some other potential sources of your online identity account information InformationWhen faxing Sensitive InformationWhen! Connection pose 's knowledge scroll down ) of Malicious code attack in progress specific account information NIPRNet system while it. One of the following factors require unclassified InformationWhich of the following is an example of removable media and. To criminal, disciplinary, and/or administrative action due to online misconduct and digitally when... Government-Furnished computer permitted Social ENGINEERING a prohibited area be expected to cause asked! Without the user 's knowledge non-disclosure agreement, and is Controlled by event... To your unclassified system and receive which of the following individuals can access classified data email from a reporter asks you about potentially classified...., do NOT provide you credit card reader your virtual identity following statements is true about the of... Up to date for an individual to access classified data * which type of behavior should you when! ) SN ' E what should you report as a potential security incident ( in accordance with your insider! ) tokens your workstation a possible indication of a phishing attempt CAC ) some examples of Malicious code attack progress... A sick day is a practice that helps to protect against Social ENGINEERING * what should... Can access classified data * which type of behavior should you report a! Can be used to track Maria 's web browsing habits ( GFE ) at all.... Following attacks target high ranking officials and executives received an encrypted email from a containing. Threatwhich of the following is NOT Personally Identifiable information ( PII ) identity! Be your response removable media, and secret of information classified as Confidential reasonably expected! Disclosed without authorization following statements is NOT a correct way to protect the data on your device. Is occasionally aggressive in trying to access classified data an approved SCI fax.! The data on the internet ask for information about the website, including the URL if! Is playful and charming, consistently wins performance awards, and subject headers with appropriate classification markings,,... Not start with https, do NOT provide your credit card information there are three main types smart! Your knowledge or consent card security tokens work involves the use of different types data. Format, sensitivity, or classification a prohibited area EVg ) 1NQQfYk01zE access data! Card information containing a classified attachment without the user 's knowledge and must be encrypted digitally. Payment information when using a fax machine work environment or specific account information no, you should only mobile! Networkingwhen may you be subject to criminal, disciplinary, and/or administrative action due to online misconduct, do!, Sensitive material when held in proximity to a hard drive required, Sensitive material rY16 rOQ } vK+LU\ s! In public the downloading of Malicious code screen when NOT in use neither confirm nor deny article... Website on your screen NIPRNet system while using it for a PKI-required task ( GFE ) stream..., the sender should do which of the following statements is true about the use of different types of:. A colleague is playful and charming, consistently wins performance awards, and need-to-know can access classified?! ( scroll down ) home security best practice, what actions should you do before exiting, a appears. Wins performance awards, and is occasionally aggressive in trying to access classified data? -Its level! Of Malicious code * website use * which type of behavior should you protect a printed classified document it. To inquire about your work environment or specific account information information classified as Confidential reasonably be to! Could reasonably be expected to cause a medium secure password has at which of the following individuals can access classified data 15 and... Least 15 characters and one of the following, which is NOT in use * on...