Check Also: Cyber Awareness Challenge answers.
Question | Answer |
---|---|
Which of the following may help prevent spillage? | Follow procedures for transferring data to… |
Which of the following is a good practice to prevent spillage? | Always check to make sure you are using the correct network for the level of data. |
You find information that you know to be classified on the internet. What should you do? | Note the website’s URL and report the situation to your security point of contact. |
Which of the following is a good practice to protect classified information? | Store classified data appropriately in a GSA-approved vault/container. |
What is the basis for the handling and storage of classified data? | Classification markings and handling caveats. |
What level of damage can the unauthorized disclosure of information classified as TOP SECURITY reasonably be expect to cause? | Exceptionally grave… |
How many potential insider threat indicators are displayed? VIDEO GAMES, SOCIAL MEDIA and forget to secure smartphone? | 1 indicator |
Which of the following is a reportable insider threat activity? | Attempting to access sensitive info without a need-to-know. |
Which of the following is a potential insider threat indicator? | Difficult circumstances; death of a spouse. |
Which of the following is a security best practice when using social networking sites? | Avoid posting your mother’s maiden name. |
How can you protect your organization on social networking sites? | Ensure there are no identifiable landmarks visible in any photos… |
Spillage/social media – A trusted friend in your social network post a link to vaccine info on a website unknown to you. What action should you take? | Research the source to evaluate its credibility and reliability. |
Which designation includes PII and PHI? | CUI |
Uncontrolled Unclassified Information – Which of the following is true of Protected Health Information (PHI)? | It is created or received by a healthcare provider, health plan or employer. |
Uncontrolled Unclassified Information – Which of the following is true of CUI? | CUI must be handled using safeguarding or dissemination controls? |
Uncontrolled Unclassified Information/ Physical Security – Which of the following best describes good physical security? | Lionel stops an individual in his secure area… |
Uncontrolled Unclassified Information/ Identity Management – What is true about a Common Access Card (CAC)? | You should remove and take your CAC/PIV card whenever you leave your workstation. |
Uncontrolled Unclassified Information/ identity Management – Which of the following is true of using a DoD Public Key Infrastructure (PKI) token? | It should only be in a system while actively using it for a PKI-required task. |
Uncontrolled Unclassified Information/ Sensitive Compartmented Information – What must authorized personnel do before permitting another individual to enter a Sensitive Compartmented Information Facility (SCIF)? | Confirm the individual’s need-to-know and access. |
Uncontrolled Unclassified Information/ Sensitive Compartmented Information – Which of the following is true of Sensitive Compartmented Information (SCI)? | Access requires Top Secret clearance and indoctrination into the SCI program. |
Uncontrolled Unclassified Information/ Removable media – Which of the following is true of portable electronic devices (PEDs) in a Sensitive Compartmented Information Facility (SCIF)? | only connect government-owned PEDs to the same level classification information system when authorized. |
Malicious Code/ websites – Which of the following statements is true of cookies? | You should confirm that a site that wants to store a cookie uses an encrypted link. |
Malicious Code – Which of the following is a way to prevent the spread of malicious code? | Scan all external files before uploading to your computer. |
What is a common indicator of a phishing attempt? | A claim that you must update or validate information |
Malicious Code/ social engineering – How can you protect yourself form social engineering? | Verify the identity of all individuals. |
Malicious Code/ social engineering – Which of the following describes an appropriate use of Government email? | Use digital signature when sending attachments of hyperlinks. |
Malicious Code/ travel – What risk does a public Wi-Fi connection pose? | It may expose the information sent to theft. |
Malicious Code/ use of GFE – Which of the following personally-owned computer peripherals is permitted for use with Government-furnished equipment? | A headset with a microphone through a Universal Serial Bus (USB) port. |
Malicious Code/ Mobile Devices – Which of the following is a best practice for using removable media? | Avoid inserting removable media with unknown content into your computer. |
Malicious Code/ Mobile devices Which is an example of removable media? | external hard drive |
Malicious Code/ home computer security – Which is best practice for securing your home computer? | install system security patches. 2. Create separate accounts for each user. |
Question | Best Answer |
---|---|
How to send employee self-evaluations for weekend work? | Use government email with encryption. |
Lend government issued mobile device? | Decline. |
Where to store PII/PHI? | Secured cabinet/container. |
Not an intelligence community password mandate? | 45-day max age. |
Not government computer misuse? | Checking work email. |
Not a telework guideline? | Removing classified documents. |
Forget access badge? | Alert security office. |
Phishing protection? | All of the above. |
Classified data protection? | Encrypt and avoid discussing over phone. |
Call about work environment/account info? | Verify name and office number. |
Released classified information causing “grave damage”? | Top Secret. |
Not sensitive information? | Sanitized personnel records. |
Not a criterion for classified data access? | Senior government position. |
Internet hoax problem? | Directing to fake websites. |
Label media containing Privacy Act info, PII, PHI? | True. |
Home security best practice (NOT)? | Weekly virus scan when off. |
Wireless technology? | Inherently not secure. |
Leaving work building? | Remove security badge. |
Avoiding email viruses? | Delete emails from unknown senders. |
Mobile computing devices (NOT to be plugged in)? | All of the above. |
Protecting removable media (NOT)? | Labeling all classified media. |
Not PII? | Hobby. |
Not protecting sensitive information (NOT)? | Unlocked containers after hours. |
Travel tip (NOT)? | Using DoD CAC on public card readers for unclassified info. |
Webmail use? | Allowed only if permitted. |
Ethical government email use (NOT)? | Distributing company newsletter. |
High-ranking official targeted attack? | Whaling. |
Strong password? | All of the above. |
Encrypted email with “secret” attachment? | Contact security POC. |
Phishing attack protection? | Look for digital certificates. |
Compromised account email action? | Notify security. |
Found suspicious CD? | Leave it. |
Securely transporting company info on removable media? | Encrypt the media. |
Always label removable media? | Yes. |
Not PHI? | Medical care facility name. |
Authorized work computer activity (NOT)? | Checking personal email. |
Spear phishing impersonation verification? | Digital signatures. |
Most important security type? | Physical. |
Improperly configured wireless device vulnerability? | True. |
Question | Best Answer |
---|---|
Securing CAC/PIV | Remove and take it with you. |
Leaving for lunch | All of the above (lock workstation, log off, secure CAC/PIV). |
P2P software and network assets | P2P does not allow physical access. |
Guarding against identity theft | All of the above (protect SSN, shred documents, monitor accounts). |
Leaving your work area | Remove your CAC/PIV first. |
Webmail security features | Webmail may bypass built-in security. |
Phishing attempt characteristic | Not directing to a real website. |
Accessing classified information | Requires all of the above (need-to-know, clearance, authorization). |
Disclosing confidential information | Damage to national security. |
Releasing unclassified information | Not permissible before being cleared. |
Not sensitive information | Unclassified information cleared for public release. |
Protecting yourself on social networks | Validate friend requests through another source. |
Protecting classified data | Not assuming open storage is authorized. |
Preventing spillage | All of the above (be mindful, avoid public sharing, use strong passwords). |
Alex’s personal information vulnerability | Carrying his Social Security Card. |
DoD CAC use in public devices | Prohibited. |
Malicious code example | Trojan horses. |
Not PII | Mother’s maiden name. |
Classified information classification | Assigned by a supervisor. |
Tracking Maria’s web browsing | Cookies. |
Unclassified data aggregation | May change its classification. |
Medium secure password requirement | At least 15 characters and one special character. |
PII, PHI, and financial information type | Sensitive. |
CAC/PIV certificates | All of the above (authentication, digital signature). |
Potential insider threat indicators | All of the above (unauthorized access attempts, unusual requests). |
Not a social engineering tip | Following instructions from verified personnel. |
Bob’s potential insider threat indicators | 3 (divorce, financial difficulty, hostile behavior). |
Classified email attachment action | Alert your security POC. |
Identity theft victim action | Monitor credit card statements. |
Removable media examples | Thumb drives, memory sticks, flash drives. |
PHI information | Physical or mental health of an individual. |
Finding classified government data online | Report it to your security office. |
https site legitimacy and personal information | Not all https sites are legitimate, avoid entering personal information. |
Sending sensitive information with fax | Confirm receipt with the recipient. |
Protecting against insider threats | Report any suspicious behavior. |
Not a potential insider threat | Member of a religion or faith. |
Not a security awareness tip | Removing security badge in public. |
ActiveX type | Mobile code. |
Saving cookies best practice | Not relying on “https” alone, check site legitimacy. |
Telework requirement (NOT) | Only authorized for unclassified and confidential information. |
Unknown caller asking for computer information | Request caller’s full name and phone number. |
Not a wireless security practice | Turning off computer when not in use. |
What malicious code cannot do | Make your computer more secure. |
Data requiring proper handling | Classified data. |
Information to avoid posting on social media | All of the above (personal, work, financial). |
Unknown CD action | Put it in the trash. |
Not a DoD special requirement for tokens | Using NIPRNet tokens on higher classification systems. |
UNCLASSIFIED information | Does not have potential to damage national security. |
Phone survey attack type | Social engineering. |
“Spillage” definition | Personal information inadvertently posted online. |
Securing data on laptops and mobile devices | Encrypt the sensitive data. |
Home computer security | All of the above (firewalls, antivirus, updates, strong passwords). |
Spreading Trojan horses, worms, and malicious scripts | Email attachments. |
Not preventing viruses and malicious code downloads | Scanning only external files from unverifiable sources. |
Leave a comment