FEMA IS-906: Workplace Security Awareness Answers

We thoroughly check each answer to a question to provide you with the most correct answers. Found a mistake? Tell us about it through the REPORT button at the bottom of the page. Ctrl+F (Cmd+F) will help you a lot when searching through such a large set of questions.

  1. Which of the following statements is NOT true about peer-to-peer (P2P) software?
    Some P2P programs have remote-control capabilities, allowing users to take control of a computer from another computer somewhere else in the world.
    P2P software includes any data storage device that you can remove from a computer and take with you to a peer’s computer.
    P2P software provides direct access to another computer. Some examples include file sharing, Internet meeting, or chat messaging software.
    Peer-to-peer software can bypass firewall and antivirus systems by hiding activities of users, such as file transfers.
  2. Vulnerability can be defined as: Physical features or operational attributes that render an entity open to exploitation or susceptible to a given hazard.The diminished capacity of an individual or group to anticipate, cope with, resist and recover from the impact of a natural or man-made hazard.

    A natural or manmade occurrence, individual, entity, or action that has or indicates the potential to harm life, information, operations, the environment, and/or property.

    The impact or effect of an event, incident, or occurrence.

  3. TRUE OR FALSE: When noticing a suspicious vehicle on the property, a responsible employee should approach the driver and ask if he/she needs assistance.True


  4. Controlling doors and other entrances is an example of a measure taken to address:Criminal and terrorist threats.

    Information and cyber threats.

    Workplace violence threats.

    Access and security control threats.

  5. TRUE OR FALSE: The security goals of confidentiality, availability, and integrity of data can be adversely impacted by malicious code.


  6. TRUE OR FALSE: Bomb threat checklists are extremely valuable and should be made available at all workstations.



  7. Password procedures, information encryption software, and firewalls are examples of measures taken to address:

    Criminal and terrorist threats.

    Access and security control threats.

    Information and cyber threats.

    Workplace violence threats.

  8. Tricking someone to reveal personal information, passwords, and other information that can compromise a security system is known as:

    Social Engineering

    Mass Marketing

    Telephone Solicitation


  9. TRUE OR FALSE: If you notice indicators of potentially violent behaviour in a coworker, you must wait until you see something violent actually happen before reporting your suspicions to security personnel or human resources.



  10. The potential for an unwanted outcome resulting from an incident, event, or occurrence is:





  11. When addressing a suspected intruder, it is best to:

    Attempt to shake hands with the individual, to see if the handshake is reciprocated.

    Leave it up to coworkers who know more people in the building to decide what to do.

    Use open-ended questions when asking the person the purpose of his/her visit.

    Maintain civility and trust your intuition about whether to let him or her pass.

  12. Indicators of potential workplace violence:

    Cannot usually be identified before an employee ‘snaps’ and commits a violent act.

    Can often be managed and treated if recognized.

    Are completely individualized and therefore impossible to protect against.

    Can only be recognized by trained mental health experts.

  13. An unlawful or unauthorized acquisition, by fraud or deceit, is known as a:



    Container Breach


  14. Any software or program that comes in many forms and is designed to disrupt the normal operation of a computer by allowing an unauthorized process to occur or by granting unauthorized access is known as:

    Trojan Horse

    Malicious Code


    Peer-to-peer Software

  15. When employees collect or handle personally identifiable information (PII), they should:

    Share that information with other coworkers upon request.

    Recognize that sharing PII is often permissible if done for what one believes is the greater good of the community.

    Collect as much PII as they can at first contact with the individual to avoid having to get other data later.

    Apply the ‘need to know’ principle before disclosing PII to other personnel.

Was this helpful?