Insider Threat Awareness and Annual Required Security Training
Below is a compiled set of questions and answers from the Insider Threat Awareness Exam. Each question is followed by its correct answer. This document is intended for training and reference purposes.
---
## 1. Potential Insider Threat (NITTF Definition)
**Question**
> Which of the following scenarios describes individuals who may pose a potential insider threat, based on the National Insider Threat Task Force (NITTF) definition?
1. Ron is unemployed and married to a DOD employee who has been granted Secret eligibility.
2. Maria is a project manager for a cleared defense contractor. She has been granted Secret eligibility.
3. Susan works in sanitation for a cleared defense contractor. She has not been granted national security eligibility.
4. Jin is a vendor for the DOD. He has not been granted national security eligibility, but often visits cleared facilities.
**Answer**
- Maria
- Susan
- Jin
(Ron does not have direct access and thus does **not** meet the definition.)
---
## 2. Potential Insider Threat Behaviors (Select All That Apply)
**Question**
> Which of the following scenarios describe a potential insider threat?
- An analyst makes a protected disclosure about SECRET information she’s been asked to review and finds concerns about as part of her official duties.
- An engineer regularly leaves their security badge in their desk and relies on others to let him in the building.
- An employee takes a photo at their desk and posts it to social media. Documents marked CONFIDENTIAL are visible in the photo.
- A project manager at a cleared facility accidentally takes home a document marked Controlled Unclassified Information (CUI).
**Answer**
- The analyst making a **protected disclosure** is **not** a potential insider threat (this is legitimate whistleblowing through approved channels).
- **Potential insider threat**:
- The engineer leaving the badge behind.
- The employee posting photos of CONFIDENTIAL documents.
- The project manager who accidentally takes home CUI.
---
## 3. Potential Insider Threat (Same NITTF Question Variation)
**Question**
> Which of the following scenarios describes individuals who may pose a potential insider threat, based on the National Insider Threat Task Force (NITTF) definition?
1. Ron is unemployed and married to a DOD employee who has been granted Secret eligibility.
2. Maria is a project manager for a cleared defense contractor. She has been granted Secret eligibility.
3. Susan works in sanitation for a cleared defense contractor. She has not been granted national security eligibility.
4. Jin is a vendor for the DOD. He has not been granted national security eligibility, but often visits cleared facilities.
**Answer**
- Maria
- Susan
- Jin
(Ron does not have direct access and thus does **not** meet the definition.)
---
## 4. Facility Targeting by a Potential Adversary
**Question**
> Victoria believes her facility is being targeted by a potential adversary. What could she have experienced or observed to believe this?
1. The media reported on new technology under development at Victoria’s facility.
2. Her facility’s website analytics indicate that a competitor visited their public website.
3. Her facility’s cybersecurity tools indicate suspicious network activity.
4. A direct competitor recently won work with Victoria’s biggest client.
**Answer**
Her facility’s cybersecurity tools indicating **suspicious network activity** is the best indication they are being targeted.
---
## 5. Social Media Contact Asking About DOD Program
**Question**
> Julien is a DOD program manager. He recently accepted a friend request from a woman on social media. Over time, she started asking increasingly direct questions about Julien’s work. What should Julien do and why?
**Answer**
**Report it** as it may be part of a broader effort to gather information about DOD programs.
---
## 6. Repeated Security Violations and Personnel Issues
**Question**
> Susan regularly violates her organization’s security policies. She has trouble getting along with her coworkers and has been written up for personnel issues and security violations several times. Based on this information, might she be at increased risk of becoming an insider threat?
**Answer**
Yes. Susan’s consistent violations of security policies and difficulty in coworker relationships are frequent **risk indicators** associated with potential insider threats.
---
## 7. Possible Insider Threat Vulnerabilities (Select All That Apply)
**Question**
> Consider the following scenarios. Which may indicate an insider threat vulnerability?
1. Jose is a systems analyst and changed his work schedule with supervisor approval.
2. Sophia spends time using Google to search open-source info and reads articles unrelated to her work.
3. Shawn works in facilities management for a cleared defense contractor and doesn’t think the rules apply to him. He’s been written up several times for violating security procedures.
4. Hema is a DOD engineer who asks her coworker to grant her access to classified systems, though she does not have a need-to-know.
**Answer**
- **Shawn** (repeated security violations)
- **Hema** (attempting to gain unauthorized access)
---
## 8. Which Actions Require Reporting? (Single Best Answer)
**Question**
> Consider the following scenarios. Which are required to be reported?
- Ming made approved copies of classified material.
- Leo was rushed to make a deadline and bypassed security rules to finish on time.
- Sol approved the authorized disclosure of classified material.
- Lana made authorized back-ups of classified material.
**Answer**
Leo’s action (bypassing security rules) **must be reported** due to a security violation.
---
## 9. Which Behaviors Must Be Reported? (Select All That Apply)
**Question**
> Consider the following scenarios. Which behaviors must be reported?
- Joe follows procedure to get access to a classified system for a new project.
- Frank suddenly started drinking a lot and shows up to work intoxicated, falling asleep at his desk.
- Nissrine copies all the information she can get her hands on, including classified information, and files it away in a locked storage unit.
- Rima’s coworker tells her she’s frustrated with her job and hates her boss, looking for a new job.
**Answer**
- **Frank’s** behavior (frequent intoxication at work)
- **Nissrine’s** behavior (excessive copying of info, including classified)
---
## 10. Unexplained Wealth or Lifestyle
**Question**
> Jack works for a cleared defense contractor. He recently purchased a large, expensive home far outside the price range of his salary. It’s unclear how he was able to make such a large purchase. What should coworkers do?
**Answer**
**Report it.** Financial concerns are a potential risk indicator.
---
## 11. Substance Abuse and Seeking Help
**Question**
> Carmen has been drinking a lot. She knows it’s a problem and can’t stop on her own. What can Carmen do to help reach a positive outcome?
**Answer**
**Contact the Employee Assistance Program (EAP).**
---
## 12. Responsibility to Report Potential Threat
**Question**
> Several employees noticed Paul exhibiting potential risk indicators. Who is responsible for reporting the potential threat?
- Security personnel
- Human Resources
- Coworkers
- Leadership personnel
**Answer**
All of them share the responsibility to report.
---
## 13. Changes in Personal Life and Large Purchases
**Question**
> Theo is a DOD employee. He shared with his coworker that he ended his engagement, bought an expensive car, and is moving across the country. To whom should his coworker report this behavior?
**Answer**
The **Insider Threat Program**.
---
## 14. Suspicious Email Correspondence
**Question**
> After a conference, Jacqueline, a DOD contractor, received repeated emails from another attendee requesting specific information about the technology she presented. Jacqueline blocked the emails. Should she report this, and why?
**Answer**
Yes. She should report this to her **Facility Security Officer (FSO)** as a potential collection attempt.
---
## 15. Foreign Collection Attempt
**Question**
> Robb is a DOD employee targeted by a foreign collection attempt. To whom should Robb report a potential threat?
**Answer**
The **Insider Threat Program**.
---
## 16. Asked to Contribute Classified Info
**Question**
> Ross is a Federal employee. He was targeted at a conference and asked to contribute classified and proprietary information to a research project. To whom should he report the contact?
**Answer**
**Insider Threat Program, security officer, or supervisor.**