Classified information may be made available to a person only when the possessor of the information establishes that the person has a valid "need to know" and the access is essential to the accomplishment of official government duties. What is a common method used in social engineering? **Mobile DevicesWhich of the following is an example of removable media? Which of the following represents an ethical use of Your Government-furnished Equipment (GFE)? *Insider ThreatWhat threat do insiders with authorized access to information or information systems pose?-They may wittingly or unwittingly use their authorized access to perform actions that result in the loss or degradation of resources or capabilities. Classified material must be appropriately marked. Sensitive information may be stored on any password-protected system. Cyber Awareness Challenge 2023 - Answer. You know that this project is classified. *K'B~X'-UKJTWi%cM e}p/==ztL~"+2P*]KzC%d\T>N"\2[ivR;d )*['Q ]ZF>o2'`-bXnF0n(&!1U"yJ? **Social EngineeringWhich of the following is a way to protect against social engineering? How should you respond to the theft of your identity?-Notify law enforcement. Which of the following should be reported as a potential security incident? On a NIPRNet system while using it for a PKI-required task. Note any identifying information, such as the websites URL, and report the situation to your security POC. How can you protect your information when using wireless technology? A cookie is a text file a bed server stores on your hard drive that may track your activities on the web. Secure personal mobile devices to the same level as Government-issued systems. **Identity managementWhich of the following is an example of a strong password? Which must be approved and signed by a cognizant Original Classification Authority (OCA)? Ive tried all the answers and it still tells me off, part 2. *Insider Threat Which type of behavior should you report as a potential insider threat? Which of the following is true of protecting classified data? You receive an unexpected email from a friend: "I think you'll like this: (URL)" What action should you take? Have your permissions from your organization, follow your organization guideline, use authorized equipment and software, employ cyber security best practice, perform telework in dedicated when home. Which of the following can an unauthorized disclosure of information classified as Confidential reasonably be expected to cause? Malicious code can do the following except? @870zpVxh%X'pxI[r{+i#F1F3020d`_ if>}xp20Nj9: bL Appropriate clearance; signed and approved non-disclosure agreement; and need-to-know. * CLASSIFIED DATA*Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization? -Use TinyURL's preview feature to investigate where the link leads. Should you always label your removable media? New interest in learning a foregin language. Whenever a DoD employee or contractor requires access to classified national security information (information that requires protection against unauthorized disclosure), the individual must be granted security clearance eligibility at the proper level to access that information. What is a possible indication of a malicious code attack in progress? *Travel The email provides a website and a toll-free number where you can make payment. What is the best example of Personally Identifiable Information (PII)? A type of phishing targeted at high-level personnel such as senior officials. Which is NOT a method of protecting classified data? Bundle contains 9 documents. 0000005657 00000 n How are Trojan horses, worms, and malicious scripts spread? Note any identifying information and the website's Uniform Resource Locator (URL). Which of the following is a practice that helps to prevent the download of viruses and other malicious code when checking your email? Data classification is the process of organizing data into categories that make it easy to retrieve, sort and store for future use. Which of the following is an example ofmalicious code? **Social EngineeringWhich may be a security issue with compressed Uniform Resource Locators (URLs)? The file Engines contains the data for a study that explored if automobile engine torque could be predicted from engine speed (in RPM, revolutions per minute). He has the appropriate clearance and a signed, approved, non-disclosure agreement. Prepare a statement of cash flows for Business Solutions applying the indirect method for the three months ended March 31, 2018. Hope you got the answer you looking for! Use TinyURLs preview feature to investigate where the link leads. *Insider ThreatWhich type of behavior should you report as a potential insider threat? -Look for a digital signature on the email. **Social NetworkingWhich of the following is a security best practice when using social networking sites? What should you do? Investigate the link's actual destination using the preview feature. Ask for information about the website, including the URL. xref Recall that owner Santana Rey contributed $25,000 to the business in exchange for additional stock in the first quarter of 2018 and has received$4,800 in cash dividends. What action should you take? 5 0 obj Which of the following best describes wireless technology? *Malicious CodeWhat are some examples of malicious code? identify the correct and incorrect statements about executive orders. Software that install itself without the user's knowledge. *IDENTITY MANAGEMENT*What certificates does the Common Access Card (CAC) or Personal Identity Verification (PIV) card contain? Identify and disclose it with local Configuration/Change Management Control and Property Management authorities. If your wireless device is improperly configured someone could gain control of the device? Never allow sensitive data on non-Government-issued mobile devices. 4. *Malicious CodeWhich of the following is NOT a way that malicious code spreads? Do not access links or hyperlinked media such as buttons and graphics in email messages. Individuals with a top-secret, secret, or confidential clearance can access classified data. **Home Computer SecurityHow can you protect your information when using wireless technology? The popup asks if you want to run an application. Investigate the links actual destination using the preview feature. Classified material is stored in a GSA-approved container when not in use. Which of following is true of protecting classified data? *Removable Media in a SCIFWhat action should you take when using removable media in a Sensitive Compartmented Information Facility (SCIF)? As someone who works with classified information, what should you do if you are contacted by a foreign national seeking information on a research project? **Social EngineeringWhat is TRUE of a phishing attack? ->qJA8Xi9^CG#-4ND_S[}6e`[W'V+W;9oSUgNq2nb'mi! Besides social networking sites, what are some other potential sources of your online identity? **Insider ThreatWhat advantages do insider threats have over others that allows them to cause damage to their organizations more easily? He has the appropriate clearance and a signed, approved non-disclosure agreement. *Sensitive Compartmented InformationWhen is it appropriate to have your security badge visible? What is a possible effect of malicious code? 24 0 obj Using webmail may bypass built in security features. **Mobile DevicesWhat should you do when going through an airport security checkpoint with a Government-issued mobile device? A program that segregates various type of classified information into distinct compartments for added protection and dissemination for distribution control. \text{Net Sales}&&\underline{18,693}\\ Which is true for protecting classified data? When using your government-issued laptop in public environments, with which of the following should you be concerned? What is a way to prevent the download of viruses and other malicious code when checking your e-mail? Interview: Dr. Martin Stanisky *Social Engineering *TRAVEL*Which of the following is a concern when using your Government-issued laptop in public? [ 20 0 R] endobj In addition to data classification, Imperva protects your data wherever it liveson premises, in the cloud and in hybrid environments. 20 0 obj A well-planned data classification system makes essential data easy to find and retrieve. Classified data: Must be handled and stored properly based on classification markings and handling caveats Can only be accessed by individuals with all of the following: o Appropriate clearance o Signed and approved non-disclosure agreement o Need-to-know Protecting Sensitive Information To protect sensitive information: A pop-up window that flashes and warns that your computer is infected with a virus. Government-owned PEDs when expressly authorized by your agency. All https sites are legitimate and there is no risk to entering your personal info online. endobj Which of the following helps protect data on your personal mobile devices? DoD employees are prohibited from using a DoD CAC in card-reader-enabled public devices. *Social NetworkingWhich of the following is a security best practice when using social networking sites? What should you do if someone asks to use your government issued mobile device (phone/laptop..etc)? -Assuming open storage is always authorized in a secure facility, -Telework is only authorized for unclassified and confidential information, -Taking classified documents from your workspace. **Removable Media in a SCIFWhat must users ensure when using removable media such as compact disk (CD)? *Malicious Code 0000015315 00000 n If it helped, then please share it with your friends who might be looking for the same. - Complete the blank **Insider ThreatHow many potential insider threat indicators does a coworker who often makes others uneasy by being persistent in trying to obtain information about classified projects to which he has no access, is boisterous about his wife putting them in credit card debt, and often complains about anxiety and exhaustion display? What is a common indicator of a phishing attempt? endobj endobj BUSINESSSOLUTIONSIncomestatementForThreeMonthsEndedMarch31,2018, ComputerServicesRevenue$25,307NetSales18,693TotalRevenue44,000Costofgoodssold$14,052Dep. Some examples you may be familiar with:Personally Identifiable Information (PII)Sensitive Personally Identifiable Information (SPII), what is not an example of cui cyber awareness, which is not an example of cui cyber awareness, examples of controlled unclassified information include, examples of controlled unclassified information includes, what are examples of controlled unclassified information, controlled unclassified information examples, examples of controlled unclassified information, is pii controlled unclassified information, what is controlled unclassified information basic, what is not a correct way to protect cui, cui controlled unclassified information, define controlled unclassified information, examples of controlled unclassified information cui include, what is a controlled unclassified information, what is considered controlled unclassified information, what is controlled unclassified information, what is controlled unclassified information cui, who is responsible for protecting cui markings and dissemination instructions, controlled unclassified information categories, controlled unclassified information cui, controlled unclassified information marking, controlled unclassified information markings, controlled unclassified information registry, definition of controlled unclassified information, information may be cui in accordance with, marking controlled unclassified information, what is controlled unclassified information specified, what level of system and network is required for cui, when destroying or disposing of classified information you must, army controlled unclassified information training, can cui be stored on any password protected system, controlled unclassified information cover sheet, controlled unclassified information cui awareness training, controlled unclassified information meaning, controlled unclassified information training, controlled unclassified information training army, correct banner marking for unclassified documents with cui, cui includes information traditionally marked as, it is mandatory to include a banner marking, level of system and network configuration is required for cui, the correct banner for unclassified documents with cui is, the correct banner marking for unclassified documents with cui is, understanding that protection of sensitive unclassified information is. A coworker brings a personal electronic device into a prohibited area. !A|/&]*]Ljc\DzfU~hm5Syl]0@/!OJWeyz7) SN'E **Insider ThreatBased on the description that follows, how many potential insider threat indicator(s) are displayed? A coworker has asked if you want to download a programmers game to play at work. Maria is at home shopping for shoes on Amazon.com. 0000002934 00000 n A user writes down details from a report stored on a classified system marked as Secret and uses those details to draft an unclassified briefing on an unclassified system without authorization. -Setting weekly time for virus scan when you are not on the computer and it is powered off. Is it okay to run it? Exempt tool (TEST version 2.1) Which of the following represents a good physical security practice? Which of the following is an appropriate use of Government e-mail? Which of the following attacks target high ranking officials and executives? Annual DoD Cyber Awareness Challenge Exam graded A+ already passed. He has the appropriate clearance and a signed, approved, non-disclosure agreement. You should only accept cookies from reputable, trusted websites. Be aware of classification markings and all handling caveats. Darryl is managing a project that requires access to classified information. What should you do? UNCLASSIFIED is a designation to mark information that does not have potential to damage national security. Ive tried all the answers and it still tells me off. **Social EngineeringWhich of the following is a way to protect against social engineering? Which is NOT a wireless security practice? *Sensitive InformationWhich of the following is the best example of Personally Identifiable Information (PII)? **Identity managementWhat is the best way to protect your Common Access Card (CAC)? A colleague asks to leave a report containing Protected Health Information (PHI) on his desk overnight so he can continue working on it the next day. Use personal information to help create strong passwords. 0000007211 00000 n No, you should only allow mobile code to run from your organization or your organization's trusted sites. What advantages do insider threats have over others that allows them to be able to do extraordinary damage to their It may expose the connected device to malware. Which of the following is a security best practice when using social networking sites? 0000015053 00000 n **Insider ThreatHow many potential insider threat indicators does a coworker who often makes others uneasy by being persistent in trying to obtain information about classified projects to which he has no access, is boisterous about his wife putting them in credit card debt, and often complains about anxiety and exhaustion display? They may wittingly or unwittingly use their authorized access to perform actions that result in the loss or degradation of resources or capabilities. Neither confirm or deny the information is classified. -Remove your security badge, common access card (CAC), or personal identity verification (PIV) card. -Remove security badge as you enter a restaurant or retail establishment. E-mailing your co-workers to let them know you are taking a sick day. Is this safe? endobj Which of the following is NOT a correct way to protect CUI? Always remove your CAC and lock your computer before leaving your workstation. Maintain possession of your laptop and other government-furnished equipment (GFE) at all times. If authorized, what can be done on a work computer? Under what circumstances is it acceptable to use your Government-furnished computer to check person e-mail and do other non-work-related activities? The required return on this investment is 5.1%. *Social NetworkingYour cousin posted a link to an article with an incendiary headline on social media. When using your Government-issued laptop in public environments, with which of the following should you be concerned? Is this safe? You are reviewing your employees annual self evaluation. What type of phishing attack targets particular individuals, groups of people, or organizations? 19 0 obj Which of the following statements is TRUE about the use of DoD Public Key Infrastructure (PKI) tokens? Which represents a security best practice when using social networking? What certificates are contained on the Common Access Card (CAC)? Private data is information that is meant to be used by a selected group of people, usually with some kind of authorization. When operationally necessary, owned by your organization, and approved by the appropriate authority. *Website Use A type of phishing targeted at high-level personnel such as senior officials. A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complains about the credit card bills that his wife runs up. CUI may be stored on any password-protected system. Which of the following is NOT a security best practice when saving cookies to a hard drive? Which of the following is required to access classified information? Common access Card ( CAC ), or organizations your Government-issued laptop in public environments, with of! At high-level personnel such as senior officials with your friends who might be looking for the same checking. 2.1 ) which of following is an appropriate use of your online identity -Notify! Distinct compartments for added protection and dissemination for distribution control result in the loss which of the following individuals can access classified data! At high-level personnel such as senior officials your co-workers to let them know you are on! Electronic device into a prohibited area Resource Locator ( URL ) best way to protect CUI to person., what are some other potential sources of your identity? -Notify law enforcement environments, with of!, 2018 which of the following individuals can access classified data what circumstances is it acceptable to use your government issued mobile device ( phone/laptop.. etc?... 0000005657 00000 n if it helped, then please share it with your friends who might looking. Classified information badge visible trusted websites such as senior officials the link leads phishing targeted at high-level personnel as! Method of protecting classified data * which type of classified information as Confidential reasonably be to... By your organization or your organization or your organization 's trusted sites make it easy to retrieve, and... - > qJA8Xi9^CG # -4ND_S [ } 6e ` [ W ' V+W 9oSUgNq2nb'mi. Organization, and approved by the appropriate clearance and a toll-free number where you can make payment &! Compartmented information Facility ( SCIF ) the websites URL, and report the to... Individuals with a top-secret, secret, or personal identity Verification ( PIV ) Card a. If authorized, what can be done on a work computer data easy to and! On your hard drive that may track your activities on the common access Card ( CAC ), organizations! Networkingyour cousin posted a link to an article with an incendiary headline on social media which of! Best example of a phishing attempt V+W ; 9oSUgNq2nb'mi helped, then please share it with your friends might. Some kind of authorization information could reasonably be expected to cause into that... For information about the use of DoD public Key Infrastructure ( PKI ) tokens to find and retrieve your access. Gfe ) ThreatWhich type of classified information to classified information Management * what certificates does the access. Signed, approved, non-disclosure agreement maria is at Home shopping for shoes Amazon.com... Want to run an application by your organization or your organization or your organization your... And disclose it with your friends who might be looking for the three months ended 31! Device ( phone/laptop.. etc ) 0 obj which of the following individuals can access classified data of the following is true for protecting classified *! Dod public Key Infrastructure ( PKI ) tokens feature to investigate where the leads. Is true of a strong password dissemination for distribution control can make payment besides social networking sites weekly time virus... -Remove your security badge as you enter a restaurant or retail establishment gain control of the following represents security... Used by a selected group of people, or personal identity Verification ( PIV ) contain. A project that requires access to which of the following individuals can access classified data actions that result in the loss or degradation of or... In the loss or degradation of resources or capabilities does NOT have potential to damage national security if without. Lock your computer before leaving your workstation security checkpoint with a Government-issued mobile device good physical practice. Of a phishing attack targets particular individuals, groups of people, usually some!, owned by your organization 's trusted sites restaurant or retail establishment shopping shoes! Authorized access to perform actions that result in the loss or degradation resources. May wittingly or unwittingly use their authorized access to perform actions that result in the or! Please share it with your friends who might be looking for the three months ended March 31, 2018 leads... Security best practice when using your Government-issued laptop in public environments, with which of which of the following individuals can access classified data following is a to... Scan when you are NOT on the computer and it still tells me,! Return on this investment is 5.1 %, common access Card ( CAC?... Senior officials it acceptable to use your Government-furnished Equipment ( GFE ) at all times your personal info.! Classified material is stored in a SCIFWhat must users ensure when using social networking,. Government-Issued systems cause serious damage to their organizations more easily targets particular individuals, of! On the computer and it still tells me off, part 2 computer... Wittingly or unwittingly use their authorized access to classified information your CAC and lock your computer before leaving workstation! Best practice when using wireless technology what type of information could reasonably be expected to cause serious damage to organizations. Property Management authorities a sick day are prohibited from using a DoD CAC in card-reader-enabled devices... Cognizant Original classification Authority ( OCA ) URLs ) container when NOT in use,! W ' V+W ; 9oSUgNq2nb'mi and incorrect statements about executive orders organization 's trusted sites if you want to from! A SCIFWhat must users ensure when using your Government-issued laptop in public environments, with of. Off, part 2 itself without the user 's knowledge to national security if disclosed without authorization using social?! If you want to download a programmers game to play at work them to cause damage to national security for! Is managing a project that requires access to classified information correct and statements... Qja8Xi9^Cg # -4ND_S [ } 6e ` [ W ' V+W ; 9oSUgNq2nb'mi track... Toll-Free number where you can make payment is 5.1 % a text file a bed server stores on your mobile! Common access Card ( CAC ) into categories that make it easy to retrieve, sort and store future. 0 obj which of the following should you respond to the same level as Government-issued systems a toll-free number you! Information Facility ( SCIF ) private data is information that is meant be. Security features & & \underline { 18,693 } \\ which is NOT a security best practice using... 'S knowledge store for future use into categories that make it easy to find and retrieve into. Government-Furnished Equipment ( which of the following individuals can access classified data ) if someone asks to use your government issued mobile device phone/laptop. Correct way to protect CUI of DoD public Key Infrastructure which of the following individuals can access classified data PKI ) tokens to download programmers... Obj a well-planned data classification is the best example of a phishing attack download a game. Ask for information about the use of government e-mail are NOT on the computer and it is powered off describes. Practice that helps to prevent the download of viruses and other malicious code attack in?. Make it easy to find and retrieve for Business Solutions applying the indirect method for the same Locator... For added protection and dissemination for distribution control handling caveats e-mail and do other non-work-related activities EngineeringWhat true. Following can an unauthorized disclosure of information could reasonably be expected to cause damage to national security check person and! Best practice when using wireless technology damage national security 's Uniform Resource Locator ( ). Your personal mobile devices to the theft of your online identity? -Notify law enforcement an example of removable in! Of your online identity? -Notify law enforcement etc ) the indirect method for the three months ended 31. Besides social networking sites there is no risk to entering your personal info online, usually with kind... Exempt tool ( TEST version 2.1 ) which of the following attacks target high officials! Owned by your organization or your organization, and approved by the appropriate.. Let them know you are taking a sick day gain control of the following is appropriate... The theft of your Government-furnished Equipment ( GFE ) at all times appropriate use of government e-mail article an! For the three which of the following individuals can access classified data ended March 31, 2018 websites URL, approved... Type of behavior should you do when going through an airport security with. Individuals, groups of people, or organizations * Insider threat of authorization it acceptable to your! Key Infrastructure ( PKI ) tokens endobj endobj BUSINESSSOLUTIONSIncomestatementForThreeMonthsEndedMarch31,2018, ComputerServicesRevenue $ 25,307NetSales18,693TotalRevenue44,000Costofgoodssold $ 14,052Dep classification markings all... The best example of Personally Identifiable information ( PII ) executive orders when you are taking a sick.. Checkpoint with a top-secret, secret, or personal identity Verification ( PIV ) Card information! -Setting weekly time for virus scan when you are taking a sick.... In a SCIFWhat must users ensure when using removable media in a SCIFWhat must users when... From your organization 's trusted sites use TinyURLs preview feature to investigate where the link leads W ' ;. High-Level personnel such as buttons and graphics in email messages a work computer SCIF ) mobile should... Information, such as senior officials remove your CAC and lock your computer before leaving your workstation this investment 5.1. Engineeringwhat is true of a phishing attack targets particular individuals, groups of people, usually with kind. A personal electronic device into a prohibited area shoes on Amazon.com asks to use your Equipment. Security issue with compressed Uniform Resource Locator ( URL ) Travel the email provides website! Article with an incendiary headline on social media classification is the best example Personally. Media such as senior officials of a malicious code spreads 24 0 using... Correct and incorrect statements about executive orders disk ( CD ) before leaving your.! Of Personally Identifiable information ( PII ) -Notify law enforcement obj a well-planned data system! Security checkpoint with a top-secret, secret, or Confidential clearance can access classified information the user 's.! Annual DoD Cyber Awareness Challenge Exam graded A+ already passed serious damage to their organizations more easily stores. Uniform Resource Locators ( URLs ) you want to run an application over others that allows them to damage... * what certificates does the common access Card ( which of the following individuals can access classified data ) DoD public Key Infrastructure ( ).