Three or more. Store classified data appropriately in a GSA-approved vault/container when not in use. Which of the following is NOT true concerning a computer labeled SECRET? Which of these is true of unclassified data? *Sensitive Compartmented Information Which of the following best describes the compromise of Sensitive Compartmented Information (SCI)? Which of the following is NOT Government computer misuse? (removable media) If an incident occurs involving removable media in a Sensitive Compartmented Information Facility (SCIF), what action should you take? Which of the following individuals can access classified data? Which of the following practices reduces the chance of becoming a target by adversaries seeking insider information? A trusted friend in your social network posts a link to vaccine information on a website unknown to you. 1.1.5 Controlled Unclassified Information. (Spillage) Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization? Hostility or anger toward the United States and its policies. Your DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approves for access to the NIPRNET. **Social Networking When is the safest time to post details of your vacation activities on your social networking website? Asked 8/5/2020 6:29:36 PM. Being cognizant of classification markings and labeling practices are good strategies to avoid inadvertent spillage. cyber. Store classified data appropriately in a GSA-approved vault/container. You can email your employees information to yourself so you can work on it this weekend and go home now. Ctrl+F (Cmd+F) will help you a lot when searching through such a large set of questions. Changes to various data systems that store and sometimes share sensitive information outside EPA. **Identity Management Your DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approved for access to the NIPRNet. Within a secure area, you see an individual you do not know. Carrying his Social Security Card with him, DoD employees are prohibited from using a DoD CAC in card-reader-enabled public device, Assigned a classification level by a supervisor. ~All documents should be appropriately marked, regardless of format, sensitivity, or classification. Only persons with appropriate clearance, a non-disclosure agreement, and need-to-know can access classified data. Matt Monroe, a 20-year U. S. Air Force veteran and current operations manager at Omnistruct, explains the breakdown, "There are four classified information categories in the military based on the severity of damage that the information's release would cause. Which of the following is true about unclassified data? A coworker wants to send you a sensitive document to review while you are at lunch and you only have your personal tablet. Use only personal contact information when establishing personal social networking accounts, never use Government contact information. (Malicious Code) While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. Secure it to the same level as Government-issued systems. Leaked classified or controlled information is still classified/controlled even if it has already been compromised. **Classified Data Which of the following is a good practice to protect classified information? Only allow mobile code to run from your organization or your organizations trusted sites. Original classification authority Correct. For example, when you buy propane for your barbecue, your tank is placed on a scale while it is filled under high pressure (Figure 7). What is required for an individual to access classified data? Controlled Unclassified Information (CUI) Purpose of the CUI Program. *Sensitive Compartmented Information What should the owner of this printed SCI do differently? Unclassified Information Student Guide . T/F. Malicious code can mask itself as a harmless e-mail attachment, downloadable file, or website. Attempting to access sensitive information without need-to-know. Remove your security badge, common access card (CAC), or personal identity verification (PIV) card. internet. This is information that, if released to the public, carries no injury to personal, industry, or government interests. **Mobile Devices Which of the following helps protect data on your personal mobile devices? What type of social engineering targets senior officials? Sensitive information may be stored on any password-protected system. CUI includes, but is not limited to Controlled Technical Information (CTI), Personally Identifiable Information (PII), Protected Health Information (PHI), financial information, personal or payroll information, proprietary data and operational information. Which of the following should be reported as a potential security incident (in accordance with your Agencys insider threat policy)? Spillage because classified data was moved to a lower classification level system without authorization. However, agency personnel and contractors should first consult their agency's CUI implementing policies and program management for guidance. correct. Note any identifying information and the websites Uniform Resource Locator (URL). How should you respond? (Sensitive Information) Which of the following is true about unclassified data? How can you protect yourself on social networking sites? Which of the following is not a best practice to preserve the authenticity of your identity? This answer has been confirmed as correct and helpful. Which of the following is an example of malicious code? CUI may be stored on any password-protected system. Which of the following is a clue to recognizing a phishing email? You are logged on to your unclassified computer and just received an encrypted email from a co-worker. Adversaries exploit social networking sites to disseminate fake news. Which of the following is true about telework? Unauthorized Disclosure of Classified Information and Controlled Unclassified Information . Ensure that the wireless security features are properly configured. What should you do? Should you always label your removable media? After you have returned home following the vacation. (Correct)-It does not affect the safety of Government missions.-It never requires classification markings. What level of damage can the unauthorized disclosure of information classified as Top Secret reasonably be expected to cause? Proactively identify potential threats and formulate holistic mitigation responses. Data about you collected from all sites, apps, and devices that you use can be aggregated to form a profile of you. February 8, 2022. Under What Circumstances Could Unclassified? Sensitive information. Report the crime to local law enforcement. **Insider Threat Which type of behavior should you report as a potential insider threat? Press release data. How many potential insider threat indicators does this employee display? *Malicious Code Which of the following is NOT a way that malicious code spreads? **Identity Management Which of the following is the nest description of two-factor authentication? Thats the only way we can improve. Secure personal mobile devices to the same level as Government-issued systems. Classification markings and handling caveats. Which of the following is a best practice to protect information about you and your organization on social networking sites and applications? NARA has the authority and responsibility to manage the CUI Program across the Federal government. Classified material must be appropriately marked. A Teams. (Spillage) Which of the following is a good practice to aid in preventing spillage? Before long she has also purchased shoes from several other websites. It includes a threat of dire circumstances. Which is NOT a method of protecting classified data? When unclassified data is aggregated, its classification level may rise. *Spillage Which of the following is a good practice to prevent spillage? Linda encrypts all of the sensitive data on her government issued mobile devices. internet-quiz. What should Sara do when publicly available Internet, such as hotel Wi-Fi? Of the following, which is NOT a characteristic of a phishing attempt? Which of the following is true of the Common Access Card (CAC)? Research the source to evaluate its credibility and reliability. **Website Use Which of the following statements is true of cookies? (social networking) When may you be subjected to criminal, disciplinary, and/or administrative action due to online misconduct? Correct. You know this project is classified. Based on the description that follows, how many potential insider threat indicator(s) are displayed? New interest in learning another language? For Government-owned devices, use approved and authorized applications only. Which of the following is NOT a DoD special requirement for tokens? **Insider Threat What do insiders with authorized access to information or information systems pose? When using a public device with a card reader, only use your DoD CAC to access unclassified information, is only allowed if the organization permits it. What actions should you take with a compressed Uniform Resource Locator (URL) on a website known to you? How can you guard yourself against Identity theft? -It never requires classification markings. Which of following is true of protecting classified data? Federal agencies routinely generate, use, store, and share information that, while not classified, still requires some level of protection from unauthorized access and release. What type of data must be handled and stored properly based on classification markings and handling caveats? **Insider Threat Which of the following is NOT considered a potential insider threat indicator? Which of the following is NOT a potential insider threat? Prudence faxes CUI using an Unclassified cover sheet via a Secret fax machine. Remove your security badge after leaving your controlled area or office building. CPCON 4 (Low: All Functions) Identification, encryption, and digital signature. **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? What is the best way to protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card? A pop-up window that flashes and warns that your computer is infected with a virus. Correct. Insiders are given a level of trust and have authorized access to Government information systems. New answers. CUI is an umbrella term that encompasses many different markings toidentifyinformationthat is not classified but which should be protected. (Sensitive Information) What guidance is available from marking Sensitive Information information (SCI)? Search by Location. ~All documents should be appropriately marked, regardless of format, sensitivity, or classification. Tell us about it through the REPORT button at the bottom of the page. Do not access website links in e-mail messages. Which of these is true of unclassified data?-It must be released to the public immediately.-Its classification level may rise when aggregated. A colleague vacations at the beach every year, is married and a father of four, sometimes has poor work quality, and works well with his team. A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. *Spillage What is a proper response if spillage occurs? What is a rule for removable media, other portable electronic devices (PEDs), and mobile computing devices to protect Government systems? 1.1.1 Spillage. What information most likely presents a security risk on your personal social networking profile? (Sensitive Information) What must the dissemination of information regarding intelligence sources, methods, or activities follow? Correct. Search by Subject Or Level. (GFE) When can you check personal e-mail on your Government-furnished equipment (GFE)? *Sensitive Compartmented Information What should the participants in this conversation involving SCI do differently? In the following situations, determine if the duty describes would be one of the Fed is responsible or is not responsible to enforce. Which of the following is true about unclassified data? Which of the following is NOT an example of Personally Identifiable Information (PII)? Paul verifies that the information is CUI, includes a CUI marking in the subject header and digitally signs an e-mail containing CUI. Please click here to see any active alerts. Correct Alex demonstrates a lot of potential insider threat indicators. What describes how Sensitive Compartmented Information is marked? How can you avoid downloading malicious code? Search the Registry: Categories, Markings and Controls: Category list CUI markings __________, To supervise bank holding companies and state member banks __________, To make loans to businesses who want to expand their operations __________, To operate the check-clearing system for the nation __________, to provide financial services to the federal government and serve as the bankers bank for commercial banks and other depositary institutions __________, To serve as the fiscal agent of the U.S. government __________, To place printed paper currency and newly minted coins into circulation __________. How many potential insider threat indicators does this employee display? **Social Engineering Which of the following is a practice that helps to prevent the download of viruses and other malicious code when checking your email? They provide guidance on reasons for and duration of classification of information. Refer the reporter to your organizations public affairs office. Which of the following is a good practice for telework? **Social Networking Which of the following information is a security risk when posted publicly on your social networking profile? *Spillage Which of the following actions is appropriate after finding classified information on the Internet? What does Personally Identifiable information (PII) include? E-mailing your co-workers to let them know you are taking a sick day. Following instructions from verified personnel. What type of security is part of your responsibility and placed above all else?, If your wireless device is improperly configured someone could gain control of the device? What should you do? Log in for more information. Retrieve classified documents promptly from printers. correct. Taking classified documents from your workspace. Your password and the second commonly includes a text with a code sent to your phone. The following table lists the number of drivers in the United States, the number of fatal accidents, and the number of total accidents in each age group in 2002. Attempting to access sensitive information without need-to-know, Avoid talking about work outside of the workplace or with people without a need-to-know, Report the suspicious behavior in accordance with their organizations insider threat policy. What level of damage to national security could reasonably be expected if unauthorized disclosure of Top Secret information occurred? Accepting the default privacy settings. Retrieve classified documents promptly from printers. EPA anticipates beginning CUI practices (designating, marking, safeguarding, disseminating, destroying, and decontrolling) starting in FY2023. Like the number of people in a class, the number of fingers on your hands, or the number of children someone has. With WEKA users, you can access WEKA sample files. Classified information that should be unclassified and is downgraded. How do you respond? CPCON 2 (High: Critical and Essential Functions) Paul verifies that the information is CUI, includes a CUI marking in the subject header, and digitally signs an e-mail containing CUI. How do you respond? a. Personal information is inadvertently posted at a website. Which of the following does NOT constitute spillage? -Its classification level may rise when aggregated. 1.To provide opportunities for individuals and businesses to open checking accounts __________, To write rules and guidelines for financial institutions under its supervision __________, To be the lender of last resort for financial institutions __________, To conduct the nations monetary policy with the goals of maintaining full employment and price stability __________, 5. What should you do? Read the latest news from the Controlled Unclassified Information (CUI) program. Which of the following is true of transmitting Sensitive Compartmented Information (SCI)? Maybe Correct. Which may be a security issue with compressed urls? (Correct) -It does not affect the safety of Government missions. What action should you take? Which of the following makes Alexs personal information vulnerable to attacks by identity thieves? Which of the following is true of telework? **Classified Data What level of damage can the unauthorized disclosure of information classified as Confidential reasonably be expected to cause? **Travel Which of the following is true of traveling overseas with a mobile phone? **Identity management Which is NOT a sufficient way to protect your identity? Her badge is not visible to you. (Travel) Which of the following is a concern when using your Government-issued laptop in public? (social networking) When is the safest time to post details of your vacation activities on your social networking profile? **Insider Threat Which scenario might indicate a reportable insider threat? A 3%3\%3% penalty is charged for payment after 303030 days. What is an indication that malicious code is running on your system? They can be part of a distributed denial-of-service (DDoS) attack. *Sensitive Information Under what circumstances could classified information be considered a threat to national security? What is a best practice to protect data on your mobile computing device? Correct. Maintain possession of your laptop and other government-furnished equipment (GFE) at all times. What should you do? When traveling or working away from your main location, what steps should you take to protect your devices and data? -It never requires classification markings. Which of the following is true of downloading apps? How should you respond? Setting weekly time for virus scan when you are not on the computer and it is powered off. not correct. Ensure there are no identifiable landmarks visible in any photos taken in a work setting that you post. When vacation is over, after you have returned home. ~All documents should be appropriately marked, regardless of format, sensitivity, or classification. ALways mark classified information appropriately and retrieve classified documents promptly from the printer. 1.1 Standard Challenge Answers. *Spillage You find information that you know to be classified on the Internet. CUI may be stored on any password-protected system. A medium secure password has at least 15 characters and one of the following. What should you do? On a NIPRNET system while using it for a PKI-required task. All data transfers via the internet are not 100% secure and there might be some security vulnerabilities. Ive tried all the answers and it still tells me off. **Mobile Devices What can help to protect the data on your personal mobile device? It displays a label showing maximum classification, date of creation, point of contact, and Change Management 9CM) Control Number. Decline to let the person in and redirect her to security. Who designates whether information is classified and its classification level? Spear Phishing attacks commonly attempt to impersonate email from trusted entities. Sensitive information may be stored on any password-protected system. Which of the following does NOT constitute spillage? Write your password down on a device that only you access. *Controlled Unclassified Information Which of the following is NOT a correct way to protect CUI? When leaving your work area, what is the first thing you should do? What type of activity or behavior should be reported as a potential insider threat? Which of the following is NOT true of traveling overseas with a mobile phone? **Removable Media in a SCIF What must users ensure when using removable media such as compact disk (CD)? Always check to make sure you are using the correct network for the level of data. Which is a way to protect against phishing attacks? What should be your response? How can you protect your information when using wireless technology? What should you do? *Spillage Which of the following is a good practice to aid in preventing spillage? Contents hide. How many potential insider threat indicators does this employee display? Under what circumstances could unclassified information be considered a threat to national security? correct. Reviewing and configuring the available security features, including encryption. Executive Order 13556, Controlled Unclassified Information, requires the Executive Branch to establish an open and uniform program for managing [unclassified] information that requires safeguarding or dissemination controls pursuant to and consistent with laws, regulations, and Government-wide policies. The National Archives and Records Administration (NARA) was named the Executive Agent (EA) responsible for overseeing the CUI Program. correct. A coworker brings a personal electronic device into prohibited areas. Which of the following is NOT one? Immediately notify your security point of contact. **Insider Threat A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. What should you do if someone forgets their access badge (physical access)? Approved Security Classification Guide (SCG). He has the appropriate clearance and a signed, approved, non-disclosure agreement. A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. Senior government personnel, military or civilian. A vendor conducting a pilot program with your organization contacts you for organizational data to use in a prototype. **Insider Threat What is an insider threat? Store it in a GSA approved vault or container. *Controlled Unclassified Information Which of the following is NOT an example of CUI? They may wittingly or unwittingly use their authorized access to perform actions that result in the loss or degradation of resources or capabilities. You know that this project is classified. *Classified Data Never allow sensitive data on non-Government-issued mobile devices. Aggregating it does not affect its sensitivyty level. (Malicious Code) What are some examples of malicious code? Classified data: (Scene) Which of the following is true about telework? The Chinese Spy Balloon Showdown The discovery of a Chinese surveillance balloon floating over the United States has added to the rising tensions between the two superpowers. The email provides a link to a personnel portal where you must enter your personal information as part of an effort to standardize recordkeeping. Social Security Number, date and place of birth, mothers maiden name. Right-click the link and select the option to preview??? cyber-awareness. not correct Social Security Number; date and place of birth; mothers maiden name. Which of the following is not considered a potential insider threat indicator? #2) Select the "Pre-Process" tab. What can you do to protect yourself against phishing? Store it in a General Services Administration (GSA)-approved vault or container. Verify the identity of all individuals.??? Correct. Some examplesyou may be familiar with: TheFederalCUI Registry,shows authorized categoriesandassociated markings, as well as applicable safeguarding, dissemination, and decontrol procedures. Which of the following is true of Controlled Unclassified information (CUI)? Which of the following does not constitute spillage. Which of the following actions can help to protect your identity? Which Of The Following Statements About Adding Social Networks To Hootsuite Is False? What Are Some Examples Of Malicious Code Cyber Awareness? b. taking away a toy or treat What should be your response? Which scenario might indicate a reportable insider threat security incident? Others may be able to view your screen. Delete email from senders you do not know. Back up your data: This will help you recover your data if it's lost or corrupted. What is a security best practice to employ on your home computer? (Identity Management) What certificates are contained on the Common Access Card (CAC)?