____________ represents the two major components of learning to read: word recognition and language comprehension.

SVR

The Reading Rope identifies three major strands or subskills that contribute to printed word ____________; phonological awareness, decoding, and sight word recognition.

recognition

_______________ awareness emphasizing the strong predictive relationship between phonemic awareness and learning to read an alphabetic writing system.

Phonological

__________ is the ability to translate a word from print to speech, usually by employing knowledge of sound-symbol correspondences.

Decoding

To know what the word actually says, the reader must look closely at all the letters and ______ them into sound and sense.

recode

_________ ___________ ____________ is the goal of word study, or the point of learning to decode by phonics and to recognize orthographic patterns, is to develop automatic recognition of words.

Sight Word Recognition

The term __________ refers to three different aspects; phoneme-grapheme correspondence, strategy for decoding new words, essential component of reading (one of the five pillars).

phonics

Phonics instruction offers a critical _______________ for most students in the regular classroom and in intervention programs.

advantage

Explicit, _____________, cumulative instruction that teaches students to decode graphemes and blend the corresponding phonemes and/or syllables received stronger suppor in high-level research than other types of instruction.

systematic

Phonics may not be ______________ with a given student if that student’s phonological awareness is seriously underdeveloped because phonemic awareness is the foundation for acquiring decoding skill.

effective

Scope and sequence of phonics and word-reading skills determine lesson design and sequence, and type of reading practice. Is what feature of the reading program?

Organization

Decodable; contains high proportion of pattern words that have been taught. Is what feature of the reading program?

Texts for Reading

Phonemic awareness, explicit phonics, fluency, vocabulary, comprehension, writing; use of decodalbe text at K-1 level. Is what feature of the reading program?

Content

About half the time spent on word work (phonological awareness, phonics, fluency in word recognition), the rest on language and oral reading in K-1. Is what feature of the reading program?

Instructional Time

More teacher-led activities; teacher actively leads students through decoding activities and guided practice. Is what feature of the reading program?

Method/Teacher Role

Students asked to look carefully at the word, sound it out, check and see if it makes sense. Is what feature of the reading program?

Corrective Feedback

Skill building from sounds to words to sentences to text with high percentage of words that have been taught. Is what feature of the reading program?

Types of Practice

Components of a ____________ ______________ Plan include; state goal and purpose, practice phonological awareness, review previous lesson, introduce new concept, provide guided practic, provide extended practic, practic dictation, connect to word meaning, read text.

Phonics Lesson

LETRS Unit 3 Session 2 Answers

T/F? Roughly half of all words in English can be spelled correctly based on established sound-symbol correspondences.

true

Complete this sentence: A complex syllable is a syllable that contains a ______ . a. digraph b. consonant blend c. vowel team d. VCe pattern

b. consonant blend

Complete this sentence: Vowel teams in English can have up to ______ letters. two three four five

four

Which set(s) of words include only words that have consonant digraphs, and no words with blends? Select all that apply. a. father, shin, reach b. cheek, less, silk c. rough, phone, bang d. stripe, laugh, wish

a. father, shin, reach c. rough, phone, bang

Which set of words illustrates both the Floss rule and the “-ck” rule? a. flick, sack, lock b. fuss, cell, will c. soak, flake, lurk d. slick, kiss, cuff

d. slick, kiss, cuff

LETRS Unit 3 Session 3 Answers

Students are likely to demonstrate one set of phase characteristics before _________________ to the next phase, in which the student’s approach to reading will be qualitatively different from the previous phase.

graduating

Teaching must be _____________ to the appropriate student level for growth to occur.

matched

A student knows some, but not all, _____________ ___________ names and forms; practice alphabet matching, naming, and ordering until alphabet letters can be named in random order and put in order.

alphabet letter

A student may be aware of how ______ looks – alternating letters, spacing, etc.; practice writing the letters until the alphabet can be written to dictation (model), dictation (no model) and memory. Use lowercase for writing; use uppercase and lowercase for naming.

print

A student may not understand the concept of a _______ _________; has little phonemic awareness; Gradually build associations between gestures, key words, and speech sounds. Emphasize articulation.

speech sound

A student is beginning to match words ________ by initial consonants; Blend the parts of compounds, then syllables, then onset-rime units, then phonemes in one-syllable, simple words.

orally

A student may lack knowledge of word ____________ or information required to understand text; Build vocabulary through read-alouds, theme units, and expressive language games. Stimulate verbal expression through retelling, structured conversation, and question-response routines.

meaning

A student tries to sound out by associating sound with _____ letter and, perhaps, another letter or two; guesses at the rest; Match all sounds on consonant and vowel charts to key words and common spellings.

first

A student wants to ______ on context (e.g., pictures, topical knowledge) to guess at words; Blend known phoneme-grapheme correspondences into words, left to right, as consonants and vowels are learned. Practice automatic recognition of high-frequency words (regular and irregular, a few per week.

rely

A student begins to read simple _____ with known words; Start to read decodable text with known letter-sound correspondences and high-frequency words.

sentences

A student attends to books read aloud, ______ and _________ questions, and retells what the reading is about; Browse text and predict before reading.

asks and answers

A student understands the _________ of classroom instruction; Differentiate question words (who, what, when, where, why, how); ask and answer questions. Retell or summarize what was read.

language

A student writes simple sentences to ____________; participates in shared writing; composes orally and attempts new spellings; Begin to spell high-frequency words accurately and to spell regular words by sound.

dictation

A student can spell words ______________, with all the speech sounds represented (letter name spellings still common); Increase knowlege of rime patterns, word families, “choice” spellings for consonants, and most common spellings for all vowel sounds.

phonetically

A student shows knowlege of letter ______________ and orthographic constraints; Read and spell blends and diagraphs.

patterns

A student is learning the most common _______ words for reading and spelling; Read and spells words with short vowels, vowel-consonant-e, and inflections such as -ed, -s, -ing.

sight

A student is starting to chunk common ____________ and letter sequences – such as -ing and -ack-and to read by analogy; Learn vowel teams and vowel-r patterns.

syllables

A student can read decodable text, although not ___________; commonly reads word by word; Read decodable text with learned patterns and sight words, increase fluency. Reread for context if decoding attempt does not make sense. Partner read; use peer-assisted tutoring routines. Expand theme-related vocabulary. Write and publish first storybooks.

fluently

A student can generalize phonics skills to ___________ words, then uses context as backup; Increase accuracy and automaticity with high-frequency words and regular words for reading.

unknown

A student is increasing __________ in passge; Decode two-syllable and three-syllable words, using most common syllable division principles.

fluency

A student recognizes more than 200 _________-______________ words by sight; Increase speed to 60-90 words per minute with independent reading material (95% correct).

high-frequency

A student uses context to fully identify the ____________ of new words; Expand vocabulary at rate of 800 or more words per year through second grade, then at the rate of 2,000 words per per.

meanings

A student can employ beginning comprehension ___________ – browsing, anticipating, questioning, clarifying, retelling and summarizing – with teacher support; Deepen awareness of different genres-narrative and expository-and how they are organized.

strategies

A student can ____________ readable compositions with capitals, end punctuation, and most words spelled correctly or phonetically; Plan before writing and stick to the plan.

compose

If students are lacking basic phonemic awareness, it is likely that their needs fit the profile of _____________ learners.

prealphabetic

If students have partial phonemic awareness, but not full phonemic awareness, and are beginning to pair alphabet letters with sounds, the students may fit the profile of __________ ________________ learners.

early alphabetic

If students have phonemic awareness and can spell each sound phonetically, but are just learning how printed words are actually spelled, they are likely in the _________ ____________ phase.

later alphabetic

If students have phonemic awareness and knowledge of basic phonics but need to read whole words, syllables, and morphemes with more fluency, they are probably in the ___________ __________ phase.

consolidated alphabetic

One of Ehri’s most important points is that sight word learning – fast recognition of words – is _____________ by and correlated with phonic knowledge, or the ability to match phonemes and grapheme rapidly and accurately.

facilitated

The most direct way to measure automatic recognition of real words is with graded lists, read under ________ and _________ conditions.

timed and untimed

LETRS Unit 3 Session 4 Answers

Students should be introduced to one new letter name every ______ or ________ days.

one or two

During the first _____________ weeks of Kindergarten, the names of all the letters, uppercase and lowercase, should be direct taught through a combination of direct teaching and play-based experience with manipulatives.

6-8

Knowledge of letter names and fluency of letter naming in Kindergarten are among the best __________ of later reading success.

predictors

______________ of letter naming include; beginning of orthographic processing;discrimination of confusable letters, clues of phoneme-grapheme matching, spelling (orally and silent) requires memory for letter names.

Advantages

Early Kindergarten students need daily experiences with hands on _______________ such as alphabet puzzles; shapes for letter building, sand tracing, whipped cream, sandpaper or templates for matching wooden or plastic letter shapes.

manipulatives

Before asking young children to hold a pencil and control it in a small space, teachers by writing large objects or _________ shapes.

tracing

Young learners need __________ guidelines to learn differences between tall letters, short letters and letters below the baseline.

spatial

When children learn to write individual letters, they are developing both _____________ (hand movement) and ________________ (letter recognition) skill.

graphomotor and orthographic

Effective teaching for writing includes; ___________ descriptions and verbal coaching and showing model letters with numbered __________ indicating the sequence of strokes.

verbal; arrows

These letters require a ________________ circle; a,c,o,d,g,q.

counterclockwise

These letters require a _______________ first line; b,f,h,l,j.i,k,m,n,p,r,t,u

downward

These letters with _______________ lines and diagnols; e,s,v,w,x,y,z

horizontal

The ____________ of every instructional sequence is accurate, automatic word recognition, and/or recall of specific words for writing.

goal

Teachers should follow a ____________ to teach new correpondences explicitly.

routine

It is __________________ to ask students to write lengthy compositions by hand before they have automatized good letter-formation habits.

counterproductive

___________________ procedures are best introduced in phonics lessons using simple CVC words (e.g., sun, mop, red) that do not have blends.

Blending

Encourage students to begin to blend words silently or in a __________ before saying the whole word aloud.

whisper

LETRS Unit 3 Session 5 Answers

To reinforce the mental habit of using _________ ____________ skills, each lesson should provide practice reading between 15-30 words that have the sound-symbol correspondences that the students has been taught.

phonic decoding

Sounds and graphemes must be processed to commit a word to _____________.

memory

In a ________ sort, the teacher tells the students how to sort the words and procives the names of the categories. Closed sorts are more structure than open sorts and are excellent for guided practice of a concept that has been taught.

closed

________ sorts are open-ended and therfore more difficult than closed sorts. Not all words fit into the specified categories; some fit in doesn’t belong.

Open

It is important to be clear whether students should sort words by sound _____________ or spelling _______________.

pattern

______________ __________ is a good way to reinforce the idea that some graphemes are used only at the ends of words.

Word building

The purpose of a _______ _______ is to give students practice recognizing subtle differences between and among similar-sounding words. Should differ in only one phoneme.

word chain

__________ __________ are groups of words that share recurring rime unit, meaning the vowel and what follows in a syllable.

Word families

Some words have ____________ ______________ which facilitates word recognition, so it is important to teach word meanings to beginning readers.

multiple meanings

Learning multiple meanings of words ________ up the word retrieval and word recognition and contributes to both vocabulary development and reading fluency.

speed

Words in ______ are helpful for beginning readers.

context

_____________ _____________ activities in which students must decide if words belong in the same meaning category are also productive for both building the mental dictionary and reinforcing decoding skills.

Word classification

LETRS Unit 3 Session 6 Answers

Pattern words that are easy to read are also easy for students to spell.

False

Sentence dictation routines should include reminders about basic writing conventions (e.g., capitalization, end punctuation).

True

Which is the best definition of the term sight words?

any words a reader can recognize instantly and read

A teacher groups the following words on a word wall: mind, kind, find, bind, and rind. What do the words have in common? Select all that apply.

b. They share a spelling pattern. c. Their spellings are somewhat irregular.

How often should teachers introduce students to new irregular, high-frequency words?

three to five times per week

LETRS Unit 3 Session 7 Answers

Leveled texts are ranked on objective readability criteria, gradually becoming more difficult as students progress through the levels.

false

If a teacher follows a systematic process for transferring phonics skills to text, it’s reasonable to expect students to read a decodable passage independently after a week of instruction.

true

A school library has available a series of lavishly illustrated predictable texts written in verse. What are the most appropriate ways to use these in the classroom?

a. Use them as teacher read-alouds to enhance oral language and comprehension skills.

Students are reading a decodable text that uses only pattern words or high-frequency words students have been taught. What level of reading accuracy is reasonable to expect?

95%

Over the course of a week of phonics instruction, which step in the Transfer to Text Process is the first that can be phased out?

b. Practice reading skill words in isolation before reading them in a passage.

LETRS Unit 3 Session 8 Answers

The quality of Tier 2 and Tier 3 instruction is the most important variable affecting student progress in grades K-3.

false

Successful implementation of an RTI or MTSS model depends on collaboration among all faculty.

true

What proportion of students are likely to need Tier 2 or Tier 3 instruction even when Tier 1 instruction is effective?

c. at least 20%

Based on the assessment data presented in this session, what can you conclude about how teachers professional development (PD) affects students’ performance outcomes?

d. PD to build teacher expertise and provide coaching supports significantly improved student performance.

Your district has selected a solid, research-based core instructional program for reading. Which guideline best explains how an individual teacher should implement this program?

b. Follow it, but if necessary supplement it, or adjust the pacing to meet students’ needs.

Which statement best describes the relationship between reading comprehension and word decoding in a beginning reader’s development?

accurate, fast word recognition is necessary for development of reading fluency and text comprehension

Near the close of the day, a kindergarten teacher guides the students in conversation about the day’s activities. She writes down what is said on large chart paper, then reads it to the class. This activity would aid their literacy development primarily by promoting which skill?

phonological awareness

What is the most important implication of the Four-Part Processing Model for Word Recognition?

reading depends on constructing pathways between the phonological, orthographic, and meaning processors

After results of a winter screening, six second-graders scored in the “somewhat at risk” range. What is the next step the teacher team should take?

analyze the screening results and gather additional diagnostic assessment data

How is the word sn-ow divided?

onset-rime

How many spoken syllables are in the word frightening?

3

How many spoken syllables are in the word cleaned?

1

What is the main reason that the ability to identify, segment, blend, and manipulate individual phonemes in spoken words is important for reading an alphabetic writing system?

the skill ultimately supports the ability to read words “by sight”

Students with relative weaknesses in basic phonemic awareness are most likely to make progress if the teacher provides which practice?

asks students to look into a mirror while they describe the way that target phonemes are formed in the mouth

Which student is demonstrating the most advanced level of phonemic awareness?

the student substituting a sound in a given word and saying the new word

A student spells skin as sgin. What type of phonological error did she make?

substitution of a voiced for an unvoiced consonant

Having students listen to a word, say it, and then mentally reverse the sounds in the word is an instructional activity that would be most appropriate for which students?

those who have mastered basic phonemic awareness

How can phonics instruction be organized to be most effective?

around a preplanned progression through a logical scope and sequence

Which word group might a teacher include in a lesson focused on identification of consonant blends?

plan, squirm, train

Which word group might a teacher include in a lesson focused on reviewing consonant digraphs?

phone, throne, shown

In the early alphabetic phase of word-reading development, students know some letter-sound correspondences and most letter names. A student at this level is most likely to progress with what type of instruction?

blending 2-3 phoneme-grapheme correspondences within simple, one-syllable words

Of all the phonic correspondences represented in these words, which pattern is likely to be learned after the others?

vine

Which of the following tasks would best provide practice for automating letter recognition in kindergarten?

naming uppercase and lowercase printed letters in random order

Choose the best key word for introduction of short e (/ĕ/).

echo

Which of the following is the best example of a well-designed word list for a word chaining activity?

rat, chat, chap, chip, rip, rap

A teacher has posted a word wall in first grade, using alphabetic order to list the words the students must learn. For example, under T are the words to, too, them, the, this, and then. How could the teacher best ensure that students will recognize and spell these words?

by removing regularly spelled “th” words and teaching them through sound blending.

A good phonics lesson should include opportunities for students to apply the phoneme-grapheme relationships that have been explicitly taught. Which text type would best provide the practice needed?

decodeable text

In which word does the grapheme representing /k/ indicate that the word is probably from Greek?

character

Which of the following words is most probably “Latin-based”?

??

Which of the following is a feature of English spelling?

words never end in the letters j or v.

In phoneme-grapheme mapping, students first segment and mark boxes for the phonemes. If students were mapping the graphemes in the word wife, how many boxes (phonemes) would they need?

3

In phoneme-grapheme mapping, students first segment and mark boxes for the phonemes. Then, they map the graphemes. If students were mapping the graphemes in the word dodged, how many boxes (phonemes) would they need?

4

In phoneme-grapheme mapping, students first segment and mark boxes for the phonemes. Then, they map the graphemes. If students were mapping the graphemes in the word void, how many boxes (phonemes) would they need?

3

In phoneme-grapheme mapping, students first segment and mark boxes for the phonemes. Then, they map the graphemes. If students were mapping the graphemes in the word stream, how many boxes (phonemes) would they need?

5

In phoneme-grapheme mapping, students first segment and mark boxes for the phonemes. Then, they map the graphemes. If students were mapping the graphemes in the word blaming, how many boxes (phonemes) would they need?

6

In phoneme-grapheme mapping, students first segment and mark boxes for the phonemes. Then, they map the graphemes. If students were mapping the graphemes in the word thrill, how many boxes (phonemes) would they need?

4

Which three letters could signal that c is pronounced /s/?

i, e, y

The /k/ sound in lake and lack is spelled differently. Why do we use the ck spelling in lack?

it follows a single short vowel at the end of a stressed syllable.

Which of the following two-syllable words contains an open syllable and a closed syllable?

??

Which of the following two-syllable words contains a vowel team syllable and a syllable with a vowel-r pattern?

owner

A second-grade student writes: “I have finely finished my math project.” Her misspelling of the word finally most likely indicates which of the following?

she needs to know how the meaningful parts (morphemes) distinguish a word

Which word might be found in a lesson on adjective suffixes?

native

How can a teacher explain to students why there is a double n in beginning?

the base word ends in a single consonant preceded by a single vowel, and the suffix begins with a vowel.

Which of the following misspelled words would be considered to be a morphological spelling error?

“playd” for played

Which of the following is a phonologically based spelling error?

“paz” for praise

The best definition for reading fluency is which of the following?

oral reading with accuracy, expression, and sufficient speed to support comprehension

To support students’ automatic word recognition, a first-grade teacher should first teach students which strategy?

how to apply their knowledge of consistent phonics patterns in controlled text

If a second-grader lacks fluency when reading aloud, what is the language skill that the teacher should assess first?

phonology and decoding

If a midyear first-grader reaches benchmark on screening for correct letter sounds, but does not read any whole words accurately when asked to read simple nonsense syllables, what type of instruction should this student receive?

instruction in fluent phoneme blending

Which of these students has the greatest need for intervention focused on systematic, explicit phonics instruction?

a second-grader who relies on context clues to identify words but has trouble sounding out unfamiliar words, including nonsense words

PALS Precourse Self-Assessment Answers 2023

Section 1: Rhythm Identification Answers

For section 1, identify the rhythm by selecting the single best answer.

Clinical clues: heart rate 44/min; no detectable pulses.

Pulseless electrical activity

Answer: Pulseless electrical activity.

Clinical clue: heart rate 214/min.

Wide complex tachycardia

Answer: Wide complex tachycardia.

Clinical clues: age 7 years; heart rate 38/min.

Sinus bradycardia

Answer: Sinus bradycardia.

Clinical clues: initial rhythm associated with heart rate 300/min.

SVT converting to sinus rhythm after adenosine administration

Answer: SVT converting to sinus rhythm after adenosine administration.

Clinical clues: heart rate 150/min.

Wide-complex tachycardia

Answer: Wide complex tachycardia.

Clinical clues: age 8 years; heart rate 78/min.

Normal sinus rhythm

Answer: Normal sinus rhythm.

Clinical clues: febrile infant; heart rate 188/min.

Sinus tachycardia

Answer: Sinus tachycardia.

Clinical clues: age 3 months; heart rate 65/min.

Sinus bradycardia

Answer: Sinus bradycardia.

Clinical clues: heart rate 200/min; no detectable pulses.

Torsades de pointed

Answer: Torsades de pointed.

Clinical clue: no detectable pulses.

Asystole

Answer: Asystole.

Clinical clues: initial rhythm associated with no detectable pulses.

VF with successful defib and resumption of organized rhythm

Answer: VF with successful defib and resumption of organized rhythm.

Clinical clues: no consistent heart rate detected; no detectable pulses.

Ventricular fibrillation

Answer: Ventricullar fibrillation.

Clinical clue: heart rate 300/min.

Supraventricular tachycardia

Answer: Supraventricular tachycardia (SVT).

Section 2: Pharmacology Answers

A 9-year-old boy is agitated and leaning forward on the bed in obvious respiratory distress. The patient is speaking in short phrases and tells you that he has asthma but does not carry an inhaler. He has nasal flaring, severe suprasternal and intercostal retractions, and decreased air movement with prolonged expiratory time and wheezing. You administer 100% oxygen by a nonrebreathing mask. His SpO2 is 92%. Which medication do you prepare to give to this patient?

A. Adenosine
B. Procainamide
C. Amiodarone
D. Albuterol (Correct)

Which oxygen delivery system most reliably delivers a high (90% or greater) concentration of inspired oxygen to a 7-year-old child?

A. Face tent
B. Simple oxygen mask
C. Nonrebreathing face mask (Correct)
D. Nasal cannula

You are part of a team attempting to resuscitate a child with ventricular fibrillation cardiac arrest. You delivered 2 unsynchronized shocks. A team member established IO access, so you give a dose of epinephrine, 0.01 mg/kg IO. At the next rhythm check, persistent ventricular fibrillation is present. You administer a 4-J/kg shock and resume CPR. Which drug and dose should be administered next?

A. Magnesium sulfate 25 to 50 mg/kg IO
B. Epinephrine 0.1 mg/kg IO
C. Atropine 0.02 mg/kg IO
D. Amiodarone 5 mg/kg IO (Correct)

Which statement is correct about the effects of epinephrine during attempted resuscitation?

A. Epinephrine decreases myocardial oxygen consumption
B. Epinephrine is contraindicated in ventricular fibrillation
C. Epinephrine stimulates spontaneous contractions when asystole is present (Correct)
D. Epinephrine decreases peripheral vascular resistance and reduces myocardial afterload

You are called to help treat an infant with severe symptomatic bradycardia (heart rate 66/min) associated with respiratory distress. The bradycardia persists despite establishment of an effective airway, oxygenation, and ventilation. There is no heart block present. Which is the first drug you should administer?

A. Atropine
B. Dopamine
C. Adenosine
D. Epinephrine (Correct)

Which statement is correct about endotracheal drug administration during resuscitative efforts for pediatric patients?

A. The intravenous drug dose should be used
B. It is the preferred route of drug administration
C. It is the least desirable route of administration (Correct)
D. The drug dose used is lower than the intravenous dose

Which statement is correct about the use of calcium chloride in pediatric patients?

A. It has the same bioavailability of elemental calcium as calcium gluconate
B. The recommended dose is 1 to 2 mg/kg
C. Routine administration is not indicated during cardiac arrest (Correct)
D. It is indicated for hypercalcemia, hypokalemia, and hypomagnesemia

A previously healthy infant with a history of vomiting and diarrhea is brought to the emergency department by her parents. During your assessment, you find that the infant responds only to painful stimulation. The infant’s respiratory rate is 40 breaths per minute, and central pulses are rapid and weak. The infant has good bilateral breath sounds, cool extremities, and a capillary refill time of more than 5 seconds. The infant’s blood pressure is 85/65 mm Hg, and glucose is 30 mg/dL (1.65 mmol/L). You administer 100% oxygen via face mask and start an IV. Which treatment is the most appropriate for this infant?

A. Administer a bolus of isotonic crystalloid 20 mL/kg over 5 to 20 minutes, and also give D25W 2 to 4 mL/kg IV (Correct)
B. Administer lactated Ringer’s solution 20 mL/kg over 60 minutes
C. Administer D50W 0.45% sodium chloride 20 mL/kg bolus over 15 minutes
D. Administer D10W 20 mL/kg bolus over 5 minutes

Initial impression of a 2-year-old girl shows her to be alert with mild breathing difficulty during inspiration and pale skin color. On primary assessment, she makes high-pitched inspiratory sounds (mild stridor) when agitated; otherwise, her breathing is quiet. Her SpO2 is 92% on room air, and she has mild inspiratory intercostal retractions. Lung auscultation reveals transmitted upper airway sounds with adequate distal breath sounds bilaterally. Which is the most appropriate initial intervention for this child?

A. IV dexamethasone
B. Humidified oxygen as tolerated (Correct)
C. Nebulized albuterol
D. Endotracheal intubation

Paramedics are called to the home of a 1-year-old child. Their initial assessment reveals a child who responds only to painful stimuli and has irregular breathing, faint central pulses, bruises over the abdomen, abdominal distention, and cyanosis. Bag-mask ventilation with 100% oxygen is initiated. The child’s heart rate is 36/min. Peripheral pulses cannot be palpated, and central pulses are barely palpable. The cardiac monitor shows sinus bradycardia. Two-rescuer CPR is started. Upon arrival to the emergency department, the child is intubated and ventilated with 100% oxygen, and IV access is established. The heart rate is now 150/min with weak central pulses but no distal pulses. Systolic blood pressure is 74 mm Hg. Which intervention should be provided next?

A. Rapid bolus of 20 mL/kg of isotonic crystalloid (Correct)
B. Amiodarone 5 mg/kg IV
C. Atropine 0.02 mg/kg IV
D. Epinephrine 0.01 mg/kg IV

Section 3: Practical Application Answers

You need to provide rescue breaths to a child victim with a pulse. What is the appropriate rate for delivering breaths?

A. 1 breath every 6 seconds
B. 1 breath every 3 to 5 seconds
C. 2 breaths every 6 to 8 seconds
D. 1 breath every 2 to 3 seconds (Correct)

A 3-year-old unresponsive, apneic child is brought to the emergency department. EMS personnel report that the child became unresponsive as they arrived at the hospital. The child is receiving CPR with bag-mask ventilation. The rhythm shown here is on the cardiac monitor. A biphasic manual defibrillator is present. You quickly use the length from head to heel of the child on a color-coded length-based resuscitation tape to estimate the approximate weight as 15 kg. Which therapy is most appropriate for this child at this time?

A. Attempt defibrillation at 10 J, and then resume CPR, beginning with compressions
B. Attempt defibrillation at 30 J, and then open the airway and check for a pulse
C. Attempt defibrillation at 30 J, and then resume CPR, beginning with compressions (Correct)
D. Establish IV/IO access and administer epinephrine 0.01 mg/kg IV/IO

You are supervising a student who is inserting an IO needle into an infant’s tibia. The student asks you what she should look for to know that she has successfully inserted the needle into the bone marrow cavity. What do you tell her?

A. “Once inserted, the shaft of the needle moves easily in all directions within the bone.”
B. “Proper placement will always yield blood return.”
C. “Pulsatile blood flow will be present in the needle hub.”
D. “Fluids can be administered freely without local soft tissue swelling.” (Correct)

A 4-year-old boy is in pulseless arrest in the pediatric intensive care unit. High-quality CPR is in progress. You quickly review his chart and find that his baseline-corrected QT interval on a 12-lead ECG is prolonged. The monitor shows recurrent episodes of the rhythm shown here. The patient has received 1 dose of epinephrine 0.01 mg/kg, but the rhythm shown here continues. If this rhythm persists at the next rhythm check, which medication would be most appropriate to administer at that time?

A. Epinephrine 0.1 mg/kg IV
B. Lidocaine 1 mg/kg IV
C. Adenosine 0.1 mg/kg IV
D. Magnesium sulfate 25 to 50 mg/kg IV (Correct)

You are caring for a 3-year-old with vomiting and diarrhea. You have established IV access. The child’s pulses are palpable but faint, and the child is now lethargic. The heart rate is variable (range, 44/min to 62/min). You begin bag-mask ventilation with 100% oxygen. When the heart rate does not improve, you begin chest compressions. The rhythm shown here is seen on the cardiac monitor. Which would be the most appropriate therapy to consider next?

A. Atropine 0.02 mg/kg IV (Correct)
B. Epinephrine 0.1 mg/kg IV
C. Transcutaneous pacing
D. Synchronized cardioversion at 0.5 J/kg

What ratio of compressions to breaths should be used for 1-rescuer child CPR?

A. 100 to 120 compressions per minute with no breaths
B. 30 compressions to 2 breaths (Correct)
C. 15 compressions to 2 breaths
D. 50 compressions to 1 breath

A pale and very sleepy but arousable 3-year-old child with a history of diarrhea is brought to the hospital. Primary assessment reveals a respiratory rate of 45/min with good breath sounds bilaterally. Heart rate is 150/min, blood pressure is 90/64 mm Hg, and SpO2 is 92% in room air. Capillary refill is 5 seconds, and peripheral pulses are weak. After placing the child on a nonrebreathing face mask (10-L/min flow) with 100% oxygen and obtaining vascular access, which is the most appropriate immediate treatment for this child?

A. Administer a dopamine infusion at 2 to 5 mcg/kg per minute
B. Begin a maintenance crystalloid infusion
C. Obtain a chest x-ray
D. Administer a bolus of 20 mL/kg isotonic crystalloid (Correct)

How can rescuers ensure that they are providing effective breaths when using a bag-mask device?

A. By delivering breaths quickly and forcefully
B. By observing the chest rise with each breath (Correct)
C. By allowing air to release around the mask
D. By always having oxygen attached to the bag

You are giving chest compressions for a child in cardiac arrest. What is the proper depth of compressions for a child?

A. Compress the chest at least one third the depth of the chest, approximately 2 inches (5 cm) (Correct)
B. Compress the chest at least one fourth the depth of the chest, approximately 1.5 inches (4 cm)
C. Compress the chest at least two thirds the depth of the chest, approximately 4 inches (10 cm)
D. Compress the chest at least one half the depth of the chest, approximately 3 inches (8 cm)

You find an infant who is unresponsive, is not breathing, and does not have a pulse. You shout for nearby help, but no one arrives. What action should you take next?

A. Provide CPR for 60 seconds before leaving to activate the emergency response system
B. Activate the emergency response system after giving CPR for 90 seconds
C. Provide CPR for approximately 2 minutes before leaving to activate the emergency response system (Correct)
D. Activate the emergency response system after giving CPR for 10 minutes

You and another rescuer begin CPR. Your colleague begins compressions, and you notice that the compression rate is too slow. What should you say to offer constructive feedback?

A. “You need to compress at a rate of 100 to 120 per minute.” (Correct)
B. “You need to compress at a rate of at least 100 per minute.”
C. “You need to compress at a rate of at least 120 per minute.”
D. “You need to compress at a rate of 80 to 120 per minute.”

A child becomes unresponsive in the emergency department and is not breathing. You are uncertain if a faint pulse is present. You shout for help and provide ventilation with 100% oxygen. The rhythm shown here is seen on the cardiac monitor. What is your next action?

A. Establish IV access and give epinephrine 0.01 mg/kg IV
B. Prepare for transcutaneous pacing
C. Establish IV access and give atropine 0.01 mg/kg IV
D. Start high-quality CPR (Correct)

An 8-month-old infant is brought to the emergency department for evaluation of severe diarrhea and dehydration. On arrival to the emergency department, the infant becomes unresponsive, apneic, and pulseless. You shout for help and start CPR. Another provider arrives, at which point you switch to 2-rescuer CPR. The rhythm shown here is seen on the cardiac monitor. The infant is intubated and ventilated with 100% oxygen. An IO line is established, and a dose of epinephrine is given. While continuing high-quality CPR, what do you do next?

A. Give atropine 0.02 mg/kg IO
B. Give amiodarone 5 mg/kg IO
C. Give normal saline 20 mL/kg IO rapidly (Correct)
D. Give epinephrine 0.1 mg/kg IO

A 3-year-old boy presents with multiple-system trauma. The child was an unrestrained passenger in a high-speed motor vehicle crash. On primary assessment, he is unresponsive to voice or painful stimulation. His respiratory rate is 5/min, heart rate and pulses are 170/min, systolic blood pressure is 60 mm Hg, capillary refill is 5 seconds, and SpO2 is 75% on room air. Which action should you take first?

A. Establish immediate vascular access
B. Provide 100% oxygen by simple mask
C. While a colleague provides spinal motion restriction, open the airway with a jaw thrust and provide bag-mask ventilation (Correct)
D. Perform immediate endotracheal intubation

A 7-year-old boy is found unresponsive, apneic, and pulseless. CPR is ongoing. The child is intubated, and vascular access is established. The ECG monitor shows an organized rhythm with a heart rate of 45/min, but a pulse check reveals no palpable pulses. High-quality CPR is resumed, and an initial IV dose of epinephrine is administered. Which intervention should you perform next?

A. Perform defibrillation
B. Perform synchronized cardioversion
C. Administer epinephrine
D. Identify and treat reversible causes (Correct)

You are preparing to use a manual defibrillator in the pediatric setting. Which best describes when it is appropriate to use the smaller, pediatric-sized paddles?

A. If the child weights less than 40 kg or is less than 10 years old
B. If the child weights less than 20 kg or is less than 3 years old
C. If the child weights less than 30 kg or is less than 5 years old
D. If the child weighs less than 10 kg or is less than 1 year old (Correct)

During bag-mask ventilation, how should you hold the mask to make an effective seal between the child’s face and the mask?

A. Push the jaw forward by using a jaw-thrust maneuver
B. Position your fingers using the E-C clamp technique (Correct)
C. Position your fingers using the bridge of the nose as a guide
D. Use the 2 thumb‒encircling hands technique

An 18-month-old child has a 1-week history of cough and runny nose. The child has diffuse cyanosis and is responsive only to painful stimulation with slow respirations and rapid central pulses. The child’s respiratory rate has decreased from 65/min to 10/min, severe inspiratory intercostal retractions are present, heart rate is 160/min, SpO2 is 65% in room air, and capillary refill is less than 2 seconds. Which are the most appropriate immediate interventions for this toddler?

A. Administer 100% oxygen by face mask, obtain an arterial blood gas, and establish vascular access
B. Administer 100% oxygen by face mask, establish vascular access, and obtain a chest x-ray stat
C. Open the airway and provide positive-pressure ventilation using 100% oxygen and a bag-mask device (Correct)
D. Establish vascular access and administer a 20 mL/kg bolus of isotonic crystalloid

An 8-year-old child was struck by a car. He arrives in the emergency department alert, anxious, and in respiratory distress. His cervical spine is immobilized, and he is receiving a 10-L/min flow of 100% oxygen by nonrebreathing face mask. His respiratory rate is 60/min, heart rate 150/min, systolic blood pressure 70 mm Hg, and SpO2 84%. Breath sounds are absent over the right chest but present over the left chest, and the trachea is deviated to the left. He has weak central pulses and absent distal pulses. Which intervention should be performed next?

A. Perform needle decompression of the right chest (Correct)
B. Provide bag-mask ventilation
C. Establish IV access
D. Perform endotracheal intubation

What compression-to-ventilation ratio should be used for 2-rescuer infant CPR?

A. 15 compressions to 2 breaths (Correct)
B. 5 compressions to 1 breath
C. 20 compressions to 2 breaths
D. 30 compressions to 2 breaths

You just assisted with the elective endotracheal intubation of a child with respiratory failure and a perfusing rhythm. Which provides a reliable, prompt assessment of correct endotracheal tube placement in this child?

A. Adequate bilateral breath sounds and chest expansion plus detection of ETCO2 with waveform capnography (Correct)
B. Absence of audible breath sounds over the abdomen during positive-pressure ventilation
C. Confirmation of appropriate oxygen and carbon dioxide tensions on arterial blood gas analysis
D. Auscultation of breath sounds over the lateral chest bilaterally plus presence of mist in the endotracheal tube

A 10-month-old infant boy is brought to the emergency department. Your initial assessment reveals a lethargic, pale infant with slow respirations and slow, weak central pulses. One team member begins ventilation with a bag-mask device with 100% oxygen. A second team member attaches the monitor/defibrillator and obtains vital signs while a third team member attempts to establish IV/IO access. The patient’s heart rate is 38/min with the rhythm shown here. The infant’s blood pressure is 58/38 mm Hg, and capillary refill is 4 seconds. His central pulses remain weak, and distal pulses cannot be palpated. Chest compressions are started and IO access is obtained. Which medication do you anticipate will be given next?

A. Atropine 0.02 mg/kg IV/IO
B. Epinephrine 0.01 mg/kg IV/IO (Correct)
C. Epinephrine 0.1 mg/kg IV/IO
D. Adenosine 0.1 mg/kg rapid IV/IO

A 1-year-old boy is brought to the emergency department for evaluation of poor feeding, irritability, and sweating. The child is lethargic but arousable. He has labored breathing, very rapid pulses, and a dusky color. His respiratory rate is 68/min, heart rate 300/min, and blood pressure 70/45 mm Hg. He has weak brachial pulses and absent radial pulses, a capillary refill of 6 seconds, SpO2 85% in room air, and good bilateral breath sounds. You administer high-flow oxygen and place the child on a cardiac monitor and see the rhythm shown here. The child has no history of congenital heart disease. IV access has been established. Which therapy is most appropriate for this child?

A. Administer isotonic crystalloid fluid bolus of 20 mL/kg
B. Consult with pediatric cardiology
C. Perform immediate defibrillation
D. Administer adenosine 0.1 mg/kg IV rapid push (Correct)

You are evaluating an irritable 6-year-old girl with mottled skin color. The patient is febrile (temperature 40°C [104°F]), and her extremities are cold with capillary refill of 5 seconds. Distal pulses are absent and central pulses are weak. Heart rate is 180/min, respiratory rate is 45/min, and blood pressure is 98/56 mm Hg. How would you categorize this child’s condition?

A. Hypotensive shock associated with inadequate tissue perfusion
B. Compensated shock associated with tachycardia and inadequate tissue perfusion (Correct)
C. Hypotensive shock associated with inadequate tissue perfusion and significant hypotension
D. Compensated shock requiring no intervention

You find a 10-year-old boy to be unresponsive. You shout for help, and after finding that he is not breathing and has no pulse, you and a colleague begin CPR. Another colleague activates the emergency response system, brings the emergency equipment, and places the child on a cardiac monitor/defibrillator, which reveals the rhythm shown here. You attempt defibrillation at 2 J/kg and give 2 minutes of CPR. The rhythm persists at the second rhythm check, at which point you attempt defibrillation with 4 J/kg. A fourth colleague arrives, starts an IV, and administers 1 dose of epinephrine 0.01 mg/kg. If ventricular fibrillation or pulseless ventricular tachycardia persists after 2 minutes of CPR, you will administer another shock. Which drug and dose should be administered next?

A. Atropine 0.02 mg/kg IV
B. Lidocaine 1 mg/kg IV (Correct)
C. Adenosine 0.1 mg/kg IV
D. Epinephrine 0.1 mg/kg IV

Why is allowing complete chest recoil important when performing high-quality CPR?

A. The heart will refill with blood between compressions (Correct)
B. It will reduce the risk of rib fractures
C. The rate of chest compressions will increase
D. There will be a reduction in rescuer fatigue

You are assisting in the elective intubation of an average-sized 4-year-old child with respiratory failure. A colleague is retrieving the color-coded length-based tape from the resuscitation cart. Which of the following is likely to be the estimated size of the uncuffed endotracheal tube for this child?

A. 4-mm tube
B. 6-mm tube
C. 5-mm tube (Correct)
D. 3-mm tube

You are alone and witness a child suddenly collapse. There is no suspected head or neck injury. A colleague responded to your shout for help and is activating the emergency response system and is retrieving the resuscitation equipment, including a defibrillator. After delivering 30 compressions, what would be your next action?

A. Use a bag-mask device to deliver 6 breaths per minute
B. Check for a carotid pulse for no more than 10 seconds
C. Open the airway with a head tilt‒chin lift maneuver and give 2 breaths (Correct)
D. Assess for lack of breathing or only gasping for 10 seconds

You are caring for a 6-year-old patient who is receiving positive-pressure mechanical ventilation via an endotracheal tube. The child begins to move his head and suddenly becomes cyanotic, and his heart rate decreases. His SpO2 is 65%. You remove the child from the mechanical ventilator and begin to provide manual ventilation with a bag via the endotracheal tube. During manual ventilation with 100% oxygen, the child’s color and heart rate improve slightly and his blood pressure remains adequate. Breath sounds and chest expansion are present and adequate on the right side and are present but consistently diminished on the left side. The trachea is not deviated, and the neck veins are not distended. A suction catheter passes easily beyond the tip of the endotracheal tube. Which of the following is the most likely cause of this child’s acute deterioration?

A. Tension pneumothorax on the right side
B. Equipment failure
C. Tracheal tube displacement into the right main bronchus (Correct)
D. Tracheal tube obstruction

With First-Grade Students, How Much Instructional Time Should Be Spent on English Language Arts?

2 hours or more

Teachers should rely heavily on the results of screeners such as Acadience Reading K-6 Next to determine which skills should be taught to students.

False

By second grade, the most effective approach to teaching reading comprehension emphasizes:

All of the above in roughly equal proportion

Which of the following is not a criterion for high-quality text?

Relevance to what’s going on that day

One test of a robust curriculum in grades K-3 is whether, upon walking into a classroom, an observer can tell what students are learning about.

True

LETRS Unit 7 Session 2 Answers

The students most likely to benefit from strategy instruction are those who (select all that apply):

Are in grades four and above; have acquired good decoding skills but aren't familiar with a particular strategy

The best time to employ strategy instruction is when:

Students are ready for it, in the context of lessons with a larger purpose

Which of these steps in the "gradual release of responsibility" of strategy instruction is out of sequence?

The teacher models the thinking process by thinking aloud.

Good readers tend to move on, even when the passage is not making sense to them.

False

"Imagine what would happen if the polar ice caps melted" is an example of what type of question?

Creating

LETRS Unit 7 Session 3 Answers

Well-designed questions (select all that apply):

Are text-dependent AND focus on the "why" and "how" of a topic

Which of the following is an example of elaborative/questioning?

"Would you have reacted the same way the girl did?"

"How do you know that she liked her new home?" is an example of:

Implicit questioning

Teaching comprehension can be accomplished by testing students with multiple-choice questions after they've completed independent reading.

False

Pivotal points to ask questions include places where (select all that apply):

Sentences connect to one another; meanings of new words become clear; students should grasp how the text's discourse is organized.

LETRS Unit 7 Session 4 Answers

What is the purpose of after-reading activities? Select all that apply.

They let students transform the information into a new format; They help students see reading as more than a chore; They check students' comprehension of key ideas.

According to research, which practice is essential for building an enduring mental model of a text?

Reading the text multiple times with varied purposes

Which of the following is an after-reading activity?

Summarizing the main ideas from the text

According to research, what macroprocesses help students "own" the information from a text?

Selecting, ordering, and transforming the main ideas

Why are after-reading activities effective?

They reinforce the structure and purpose of the text.

LETRS Unit 7 Session 5 Answers

Which of the following statements is true?

Teachers should explicitly teach the text structure of both informational and narrative texts.

When should teachers introduce the purpose of a text?

Before the first read

Vocabulary activities before reading should focus primarily on which type(s) of language? Select all that apply.

Tier 2 vocabulary words; figurative languages and idiomatic phrases

An effective reading comprehension lesson will include (select all that apply):

An introduction of background knowledge needed to comprehend the text; a graphic organizer that helps students visualize the structure of the text; an after-reading activity to transform information from the text into a new format; questions to ask during reading, tied to specific places in the text

Teachers should do all of the following during reading, except:

Explicitly teach Tier 2 vocabulary words

LETRS Unit 7 Session 6 Answers

All of the following are features of African American English except:

Speakers often form sentences without a subject

What kind of vocabulary instruction may be appropriate for English Learners, but is not usually needed for native English speakers?

Definitions and examples for Tier 1 vocabulary words

Which of the following statements about dialects are true? Select all that apply.

Dialects have rules for grammar and punctuation; dialect speakers often have difficulty translating speech into print

What is code switching?

The ability to switch between a nonstandard dialect and Standard English depending on the situation

What is a best practice when working with dialect speakers?

Build language awareness so that students can code-switch between their dialect and Standard English

Which of the following is true of removable media and portable electronic devices (PEDs)?

 they have similar features, and the same rules and protections apply to both

What security issue is associated with compressed Uniform Resource Locators (URLs)?

They may be used to mask Malicious intent

Which of the following may help to prevent spillage?

Follow procedures for transferring data to and from outside agency and non-Government networks

Which of the following is a good practice for telework?

Position your monitor so it is not facing others

What does spillage refer to?

Information improperly moved from higher to lower protection level

Which of the following is a good practice to protect classified information?

Don't assume open storage is authorized?????

Which scenario might indicate a reportable insider threat?

A colleague removes sensitive information without seeking authorization

Which of the following is a reportable insider threat activity?

Attempting to access sensitive information without need to know

What function do Insider Threat Programs aim to fulfill?

How can you protect your organization on social networking sites?

Ensure there are no identifiable landmarks visible in photos

What piece of information is safest to include on your social media profile?

Which of the following is a security best practice when using social networking sites?

Avoiding posting your mother's maiden name.

Which of the following statements is true?

Adversaries exploit social networking sites to disseminate fake news.

Which of the following statements is true?

Many apps and smart devices collect and share your personal information and contribute to your online identity.

A trusted friend in your social network posts vaccine information on a website unknown to you. What action should you take?

RESEARCH THE SOURCE TO EVALUATE ITS CREDIBILITY AND RELIABILITY

Which of the following best describes a way to safely transmit Controlled Unclassified Information (CUI)?

Debra ensures all recipients have requires clearance and need to know before sending via encrypted email

Which of the following is true of PHI?

It is created of received by a healthcare provider, health plan, or employer

What designation includes PII and PHI?

CUI

Which of the following is true of CUI?

CUI must be handled using safeguarding or dissemination controls

Which of the following is NOT PII?

High school attended

Which of the following describes good physical security

Lionel stops an individual in his secure area who's not wearing a badge

Which of the following is true of using a DoD Public Key Infrastructure PKI token?

It should only be in a system when actively using it for a PKI-required task.

Which of the following is true of the CAC or PIV card

You should remove and take your CAC/PIV when you leave your station.

Which of the following is an example of two-factor authentication?

CAC and PIN

Which of the following is true of sharing information in a SCIF?

Individuals must avoid referencing derivatively ......

A compromise of SCI occurs when a person who doesn't have required clearance or access caveats comes into possession of SCI

in any manner

Which of the following is true of transmitting SCI?

You may only transport SCI if you have been courier briefed for SCI

Which of the following is NOT a potential consequence of using removable media unsafely in a SCIF?

Damage to the removable media

How should you label removable media used in a SCIF?

With the maximum classification, date of creation, POC, and CM Control Number

Which of the following is true of downloading apps?

For Government-owned devices, use approved and authorized applications only

Which of the following statements is true of cookies?

You should confirm that a site that wants to store a cookie uses an encrypted link

How should you respond to the theft of your identity?

Contact credit Reporting agencies

"to respond to identity theft if it occurs: contact credit reporting agencies, contact financial institutions to cancel accounts, monitor credit card statements for unauthorized purchases, report the crime to local law enforcement"

Which of the following is true of internet hoaxes?

They can be part of a DDoS attack.

Which of the following is true?

Digitally signed emails are more secure.

What action should you take with a compressed URL on a website known to you?

Search for instructions on how to preview where the link actually leads

Which of the following is a concern when using your Government issued laptop in public?

The physical security of the device

What security risk does a public Wi-Fi connection pose?

It may expose the information sent to theft

Which of the following is NOT a permitted way to connect a personally-owned monitor to your GFE?

USB

Which of the following is a best practice for using removable media?

Avoid inserting removable media with unknown content into your computer

Which of the following is NOT a risk associated with NFC?

Additional data charges

How can you protect data on your mobile computing and portable electronic devices (PEDs)

Enable automatic screen locking after a period of inactivity

Which of the following best describes the conditions under which mobile devices and apps can track your location?

It may occur at any time without your knowledge or consent.

How should you secure your home wireless network for teleworking?

Implement Wi-Fi Protected Access 2 (WPA2) Personal encryption at a minimum

Which of the following does NOT constitute spillage?

Classified information that should be unclassified and is downgraded. Spillage occurs when information is “spilled” from a higher classification or protection level to a lower classification or protection level. Spillage can be either inadvertent or intentional.

Which of the following is NOT an appropriate way to protect against inadvertent spillage?

Use the classified network for all work, including unclassified work. Being cognizant of classification markings and labeling practices are good strategies to avoid inadvertent spillage. While it may seem safer, you should NOT use a classified network for unclassified work.

Which of the following should you NOT do if you find classified information on the internet?

Download the information. Leaked classified or controlled information is still classified/controlled even if it has already been compromised. Do not download it.

Classified Data

What level of damage to national security can you reasonably expect Top Secret information to cause if disclosed?

Exceptionally grave damage. Top Secret information could be expected to cause exceptionally grave damage to national security of disclosed.

Which of the following is true about telework?

You must have your organization’s permission to telework. When teleworking, you should always use authorized and software.

Which of the following is true of protecting classified data?

Classified material must be appropriately marked. Even within a secure facility, don’t assume open storage is permitted.

Insider Threat

In addition to avoiding the temptation of greed to betray his country, what should Alex do differently?

Avoid talking about work outside of the workplace or with people without a need-to-know.

How many insider threat indicators does Alex demonstrate?

Three or more. Alex demonstrates a lot of potential insider threat indicators.

What should Alex’s colleagues do?

Report the suspicious behavior in accordance with their organization’s insider threat policy.

Social Networking

Privacy settings

All to Friends Only. Only friends should see all biographical data such as where Alex lives and works.

Controlled Unclassified Information

Which of the following is NOT an example of CUI?

Press release data. CUI includes, but is not limited to Controlled Technical Information (CTI), Personally Identifiable Information (PII), Protected Health Information (PHI), financial information, personal or payroll information, proprietary data and operational information.

Which of the following is NOT a correct way to protect CUI?

CUI may be stored on any password-protected system. CUI may be stored only on authorized systems or approved devices.

Select the information on the data sheet that is personally identifiable information (PII).

PII includes, but is not limited to, social security numbers, date and places of birth, mothers’ maiden names, biometric records, and PHI.

Physical Security

CPCON LevelDoD Risk LevelPriority FocusCPCON 1Very HighCritical FunctionsCPCON 2HighCritical and Essential FunctionsCPCON 3MediumCritical, Essential, and Support FunctionsCPCON 4LowAll FunctionsCPCON 5Very LowAll Functions

What should the employee do differently?

Remove his CAC and lock his workstation.

What should the employee do differently?

Decline to let the person in and redirect her to security. Don’t allow other access or to piggyback into secure areas.

Identity Management

Identify security violations:

Always take your CAC when you leave your workstation. Never write down the PIN for your CAC.

Sensitive Compartmented Information

When is it appropriate to have your security badge visible?

At all times while in the facility. Badges must be visible and displayed above the waist at all times when in the facility.

What should the owner of this printed SCI do differently?

Retrieve classified documents promptly from printers. ALways mark classified information appropriately and retrieve classified documents promptly from the printer.

What should the participants in this conversation involving SCI do differently?

Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed.

Removable Media in a SCIF

What portable electronic devices (PEDs) are permitted in a SCIF?

Only expressly authorized government-owned PEDs.

What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF

All of these. Classified DVD distribution should be controlled just like any other classified media.

Malicious Code

Malicious code can do damage by corrupting files, erasing your hard drive, and/or allowing hackers access.

Which of the following is an example of malicious code?

Software that installs itself without the user’s knowledge. Malicious code can mask itself as a harmless e-mail attachment, downloadable file, or website.

How can malicious code cause damage?

All of these.

How can you avoid downloading malicious code?

Do not access website links in e-mail messages.

Website Use

What to choose?

Look for the HTTPS in URL.

Social Engineering

To protect against social engineering:

• Do not participate in telephone surveys;

• Do not give out personal information

• Do not give out computer or network information

• Do not follow instructions from unverified personnel

• Contact your security POC or help desk

Required Profile Update

Report e-mail.

Account Alert

Delete e-mail.

Great Book Deals

Delete e-mail.

Travel

What should Sara do when publicly available Internet, such as hotel Wi-Fi?

Only connect with the Government VPN.

What is the danger of using public Wi-Fi connections?

Both of these.

Use of GFE

Permitted Uses of Government-Furnished Equipment (GFE)

Viewing or downloading pornography – No
Gambling online – No
Conducting a private money-making venture – No
Using unauthorized software – No
Illegaly downloading copyrighted material – No
Making unauthorized configuration changes – No

Mobile Devices

When is it okay to charge a personal mobile device using government-furnished equipment (GFE)?

This is never okay.

Which of the following demonstrates proper protection of mobile devices?

Linda encrypts all of the sensitive data on her government issued mobile devices.

Home Computer Security

What to choose?

Update – Install – Enable – Exit

Cyber Awareness Challenge Knowledge Check 2023 Answers

Spillage

What does “spillage” refer to?

Information improperly moved from a higher protection level to a lower protection level. – Correct

You find information that you know to be classified on the Internet. What should you do?

Note the website’s URL and report the situation to your security point of contact. – Correct

You receive an inquiry from a reporter about government information not cleared for public release. How should you respond?

Refer the reporter to your organization’s public affairs office. – Correct

A vendor conducting a pilot program with your organization contacts you for organizational data to use in a prototype. How should you respond?

Refer the vendor to the appropriate personnel. – Correct

Which of the following is a good practice to prevent spillage?

Always check to make sure you are using the correct network for the level of data. – Correct

Classified Data

Which of the following is a good practice for telework?

Position your monitor so that it is not facing others or easily observed by others when in use – Correct

What level of damage can the unauthorized disclosure of information classified as Top Secret reasonably be expected to cause?

Exceptionally grave damage to national security. – Correct

Which of the following is a good practice to protect classified information?

Store classified data in a locked desk drawer when not in use

What level of damage can the unauthorized disclosure of information classified as confidential reasonably be expected to cause?

Damage to national security. – Correct

Which of the following must you do before using an unclassified laptop and peripherals in a collateral classified environment?

Ensure that any cameras, microphones, and Wi-Fi embedded in the laptop are physically disabled.- Correct

What is the basis for the handling and storage of classified data?

Organizational policy

Who designates whether information is classified and its classification level?

Original classification authority – Correct

Insider Threat

Which of the following is a potential insider threat indicator?

Unusual interest in classified information. – Correct Difficult life circumstances, such as death of spouse

What function do Insider Threat Programs aim to fulfill?

Proactively identify potential threats and formulate holistic mitigation responses. – Correct

What is an insider threat?

Someone who uses authorized access, wittingly or unwittingly, to harm national security through unauthorized disclosure or other actions that may cause the loss or degradation of resources or capabilities. – Correct

Based on the description that follows, how many potential insider threat indicator(s) are displayed? A colleague is playful and charming, consistently wins performance awards, and is occasionally aggressive in trying to access classified information.

1 indicator.

Based on the description that follows, how many potential insider threat indicator(s) are displayed? A colleague enjoys playing video games online, regularly use social media, and frequently forgets to secure her smartphone elsewhere before entering areas where it is prohibited.

1 indicator.

Based on the description that follows, how many potential insider threat indicator(s) are displayed? A colleague abruptly becomes hostile and unpleasant after previously enjoying positive working relationships with peers, purchases an unusually expensive new car, and has unexplained absences from work.

3 or more indicators. – Correct

Which of the following is a reportable insider threat activity?

Attempting to access sensitive information without need-to-know. – Not correct.

Social Networking

A trusted friend in your social network posts a link to vaccine information on a website unknown to you. What action should you take?

Research the source to evaluate its credibility and reliability.

Which piece of information is safest to include on your social media profile?

Your favorite movie. – Correct Photos of your pet – Correct

When may you be subject to criminal, disciplinary, and/or administrative action due to online harassment, bullying, stalking, hazing, discrimination, or retaliation?

If you participate in or condone it at any time.

How can you protect yourself on social networking sites?

Validate friend requests through another source before confirming them. – Correct

Ensure there are no identifiable landmarks visible in any photos taken in a work setting that you post

Controlled Unclassified Information

Which designation marks information that does not have potential to damage national security?

Unclassified – Correct

Which designation includes Personally Identifiable Information (PII) and Protected Health Information (PHI)?

Controlled unclassified information. – correct

What is a best practice for protecting controlled unclassified information (CUI)?

Store it in a locked desk drawer after working hours. – correct

Which of the following is true of Controlled Unclassified information (CUI)?

CUI must be handled using safeguarding or dissemination controls. – Correct

Which of the following is true of Protected Health Information (PHI)?

It is created or received by a healthcare provider, health plan, or employer. – Correct

Which of the following is NOT an example of Personally Identifiable Information (PII)?

High school attended. – correct

Which of the following is a security best practice for protecting Personally Identifiable Information (PII)?

Only use Government-furnished or Government-approved equipment to process PII. – correct

Which of the following is true of Unclassified Information?

It does not require markings or distribution controls. – not correct Aggregating it does not affect its sensitivyty level. – not correct It is releasable to the public without clearance. – not correct

Physical Security

Which of the following best describes good physical security?

Lionel stops an individual in his secure area who is not wearing a badge. – Correct

Identity Management

Which of the following is an example of a strong password?

%2ZN=Ugq – correct

What is the best way to protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card?

Store it in a shielded sleeve. – Correct

Which of the following is true of the Common Access Card (CAC) or Personal Identity Verification (PIV) card?

You should remove and take your CAC/PIV card whenever you leave your workstation. – correct

Which of the following is true of using DoD Public key Infrastructure (PKI) token?

It should only be in a system while actively using it for a PKI-required task. – Correct

Which of the following is true of the Common Access Card (CAC)?

It contains certificates for identification, encryption, and digital signature. – correct

Which of the following is an example of two-factor authentication?

A Common Access Card and Personal Identification Number. – correct

Sensitive Compartmented Information

What must authorized personnel do before permitting another individual to enter a Sensitive Compartmented Information Facility (SCIF)?

Confirm the individual’s need-to-know and access. – correct

Which of the following is true of Security Classification Guides?

They broadly describe the overall classification of a program or system. – Not correct They provide guidance on reasons for and duration of classification of information.

Which of the following is true of Sensitive Compartmented Information (SCI)?

Access requires a formal need-to-know determination issued by the Director of National Intelligence.??Access requires Top Secret clearance and indoctrination into SCI program.???

Which of the following is true of sharing information in a Sensitive Compartmented Information Facility (SCIF)?

Individuals must avoid referencing derivatively classified reports classified higher than the recipient.???

A compromise of Sensitive Compartmented Information (SCI) occurs when a person who does not have the required clearance or access caveats comes into possession of SCI_________.???

In any manner.

Which of the following is true of transmitting Sensitive Compartmented Information (SCI)?

You many only transmit SCI via certified mail. – not correct

Malicious Code

Which of the following is NOT a type of malicious code?

Macros. – Not correct.

Which of the following is true of downloading apps?

For Government-owned devices, use approved and authorized applications only. – Correct

Website Use

Which of the following actions can help to protect your identity?

Shred personal documents.

Social Engineering

What type of social engineering targets senior officials?

Whaling. – correct

How can you protect yourself from social engineering?

Verify the identity of all individuals.???

What actions should you take with a compressed Uniform Resource Locator (URL) on a website known to you?

Right-click the link and select the option to preview???

Which of the following is true?

Digitally signed e-mails are more secure. – correct

Which of the following is true of internet hoaxes?

They can be part of a distributed denial-of-service (DDoS) attack. – correct

Travel

Which of the following is a concern when using your Government-issued laptop in public?

Others may be able to view your screen. The physical security of the device. – Correct

Use of GFE

Which of the following personally-owned computer peripherals is permitted for use with Government-furnished equipment?

A headset with a microphone through a Universal Serial Bus (USB) port. – correct

Mobile Devices

Which of the following is an example of removable media?

Memory sticks, flash drives, or external hard drives. – correct

How can you protect data on your mobile computing and portable electronic devices (PEDs)?

Enable automatic screen locking after a period of inactivity. – correct

Home Computer Security

Which of the following is true of Internet of Things (IoT) devices?

They can become an attack vector to other devices on your home network. – correct

Cyber Awareness Challenge 2022 Knowledge Check Answers

*UNCONTROLLED CLASSIFIED INFORMATION*
Which of the following is NOT a correct way to protect CUI?

CUI may be stored on any password-protected system.

Which of the following is a good practice to prevent spillage?

Be aware of classification markings and all handling caveats.

*Spillage
Which of the following may help prevent inadvertent spillage?

Label all files, removable media, and subject headers with appropriate classification markings.

Which of the following is not considered a potential insider threat indicator?

New interest in learning another language

Which of the following is a good practice to protect classified information

Ensure proper labeling by appropriately marking all classified material.

Which of the following is true of traveling overseas with a mobile phone

Physical security of mobile phones carried overseas is not a major issue.

*Classified Data Which of the following individuals can access classified data?

Darryl is managing a project that requires access to classified information. He has the appropriate clearance and a signed, approved, non-disclosure agreement.

Which of the following best describes the sources that contribute to your online identity

Data about you collected from all sites, apps, and devices that you use can be aggregated to form a profile of you.

Which of the following is true of telework?

You must have your organization’s permission to telework.

Which scenario might indicate a reportable insider threat security incident?

A coworker is observed using a personal electronic device in an area where their use is prohibited.

Based on the description that follows how many potential insider threat indicators are displayed?

3 or more indicators

What can help to protect the data on your personal mobile device

Secure personal mobile devices to the same level as Government-issued systems.

How should you protect a printed classified document when it is not in use?

Store it in a GSA approved vault or container.

Which of the following actions is appropriate after finding classified Government information on the internet?

Note any identifying information and the website’s URL

How many insider threat indicators does Alex demonstrate?

Three or more.

Which of the following information is a security risk when posted publicly on your social networking profile?

Your birthday

Which may be a security issue with compressed urls?

There is no way to know where the link actually leads.

Which of the following may help to prevent inadvertent spillage?

Label all files, removable media, and subject headers with appropriate classification markings.

A colleague asks to leave a report containing protected health information (PHI) on his desk overnight so he can continue working on it the next day. How do you respond?

tell your colleague that it needs to be secured in a cabinet or container

**Insider Threat Which type of behavior should you report as a potential insider threat?

Hostility or anger toward the United States and its policies.

Which of the following represents an ethical use of your Government-furnished equipment (GFE)?

E-mailing your co-workers to let them know you are taking a sick day

Which of the following is NOT an example of sensitive information?

press release data

What do you do if a spillage occurs?

Immediately notify your security point of contact.

What does Personally Identifiable information (PII) include?

Social Security Number, date and place of birth, mother’s maiden name

What is an indication that malicious code is running on your system?

file corruption

What should you consider when using a wireless keyboard with your home computer?

Reviewing and configuring the available security features, including encryption.

Which of the following is true of protecting classified data?

Classified material must be appropriately marked.

What is required for an individual to access classified data?

Appropriate clearance; signed and approved non-disclosure agreement; and need-to-know.

Which of the following is a best practice for physical security?

Report suspicious activity.

Which of the following should be reported as a potential security incident?

A coworker removes sensitive information without authorization

What are some potential insider threat indicators?

difficult life circumstances such as substance abuse, divided loyalty or allegiance to the U.S., and extreme, persistent interpersonal difficulties

When is the best time to post details of your vacation activities on your social networking website?

When your vacation is over, and you have returned home.

When can you check personal email on your government furnished equipment?

If your organization allows it.

Which of the following does not constitute spillage

Classified information that should be unclassified and is downgraded.

Which of the following is a best practice to protect information about you and your organization on social networking sites and applications?

Use only personal contact information when establishing personal social networking accounts, never use Government contact information.

You have reached the office door to exit your controlled area. As a security best practice, what should you do before exiting?

Remove your security badge, common access card (CAC), or personal identity verification (PIV) card.

What certificates are contained on the Common Access Card (CAC)?

Identification, encryption, and digital signature

How should you protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card?

Store it in a shielded sleeve to avoid chip cloning.

Which is it appropriate to have your security badge visible within a Sensitive Compartmented Information Facility (SCIF)

At all times when in the facility

What are the requirements to be granted access to sensitive compartmented information (SCI)?

The proper security clearance and indoctrination into the SCI program

Which is a risk associated with removable media?

Spillage of classified information.

While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. The website requires a credit card for registration. What should you do?

Since the URL does not start with “https,” do not provide your credit card information.

What helps protect from spear phishing?

be wary of suspicious e-mails that use your name and/or appear to come from inside your organization.

What is a way to prevent the download of viruses and other malicious code when checking your e-mail?

View email in plain text and don’t view email in Preview Pane.

Which of the following is not a best practice to preserve the authenticity of your identity?

Write your password down on a device that only you access.

Which of the following is a practice that helps to prevent the download of viruses and other malicious code when checking your email?

Do not access links or hyperlinked media such as buttons and graphics in email messages.

What is best practice while traveling with mobile computing devices?

Maintain possession of your laptop and other government-furnished equipment (GFE) at all times.

A Coworker has asked if you want to download a programmers game to play at work. what should be your response be?

I’ll pass

What is a rule for removable media, other portable electronic devices (PEDs), and mobile computing devices to protect Government systems?

Do not use any personally owned/non-organizational removable media on your organization’s systems.

A man you do not know is trying to look at your Government-issued phone and has asked to use it. What should you do?

Decline to lend the man your phone.

What is a security best practice to employ on your home computer?

Create separate user accounts with strong individual passwords.

(Spillage) What should you do if a reporter asks you about potentially classified information on the web?

Refer the reporter to your organization’s public affairs office.

(Spillage) Which of the following is a good practice to aid in preventing spillage?

Be aware of classification markings and all handling caveats.

*Social Networking Your cousin posted a link to an article with an incendiary headline on social media. What action should you take?

Research the source of the article to evaluate its credibility and reliability

(Spillage) After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. You know this project is classified. What should be your response?

Attempt to change the subject to something non-work related, but neither confirm nor deny the article’s authenticity.

(Spillage) What should you do when you are working on an unclassified system and receive an email with a classified attachment?

Call your security point of contact immediately.

(Spillage) What is required for an individual to access classified data?

Appropriate clearance; signed and approved non-disclosure agreement; and need-to-know.

(Spillage) When classified data is not in use, how can you protect it?

Store classified data appropriately in a GSA-approved vault/container.

(Insider Threat) A colleague vacations at the beach every year, is married and a father of four, his work quality is sometimes poor, and he is pleasant to work with. How many potential insider threat indicators does this employee display?

0 indicators

(Insider Threat) Based on the description that follows, how many potential insider threat indicator(s) are displayed? A colleague is playful and charming, consistently wins performance awards, and is occasionally aggressive in trying to access classified information.

1 indicators

(Spillage) What type of activity or behavior should be reported as a potential insider threat?

Coworker making consistent statements indicative of hostility or anger toward the United States and its policies.

Which of the following is NOT an appropriate way to protect against inadvertent spillage?

Use the classified network for all work, including unclassified work

(Spillage) What advantages do “insider threats” have over others that allows them to cause damage to their organizations more easily?

Insiders are given a level of trust and have authorized access to Government information systems.

(Spillage) Which of the following is a best practice to protect information about you and your organization on social networking sites and applications?

Use only personal contact information when establishing personal social networking accounts, never use Government contact information.

(Spillage) When is the safest time to post details of your vacation activities on your social networking website?

When your vacation is over, after you have returned home

(social networking) When is the safest time to post details of your vacation activities on your social networking profile?

After you have returned home following the vacation

(Spillage) Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization?

Secret

(Spillage) Which of the following practices may reduce your appeal as a target for adversaries seeking to exploit your insider status?

Remove your security badge after leaving your controlled area or office building.

(Sensitive Information) What type of unclassified material should always be marked with a special handling caveat?

For Official Use Only (FOUO)

(Sensitive Information) Which of the following is NOT an example of sensitive information?

Press release data

(Sensitive Information) Which of the following is true about unclassified data?

When unclassified data is aggregated, its classification level may rise.

(Sensitive Information) Which of the following represents a good physical security practice?

Use your own security badge, key code, or Common Access Card (CAC)/Personal Identity Verification (PIV) card.

(Sensitive Information) What certificates are contained on the Common Access Card (CAC)?

Identification, encryption, and digital signature

(Sensitive Information) What should you do if a commercial entity, such as a hotel reception desk, asks to make a photocopy of your Common Access Card (CAC) for proof of Federal Government employment?

Do not allow your CAC to be photocopied.

(Sensitive Compartmented Information) What describes how Sensitive Compartmented Information is marked?

Approved Security Classification Guide (SCG)

(Sensitive Compartmented Information) Which of the following best describes the compromise of Sensitive Compartmented Information (SCI)?

A person who does not have the required clearance or assess caveats comes into possession of SCI in any manner.

(Malicious Code) What are some examples of malicious code?

Viruses, Trojan horses, or worms

(Malicious Code) Which of the following is NOT a way that malicious code spreads?

Legitimate software updates

(Malicious Code) While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. The website requires a credit card for registration. What should you do?

Since the URL does not start with “https,” do not provide your credit card information.

(Malicious Code) Which email attachments are generally SAFE to open?

Attachments contained in a digitally signed email from someone known

(Malicious Code) What is a common indicator of a phishing attempt?

It includes a threat of dire circumstances.

(Malicious Code) Which of the following is true of Internet hoaxes?

They can be part of a distributed denial-of-service (DDoS) attack.

(Malicious Code) Upon connecting your Government-issued laptop to a public wireless connection, what should you immediately do?

Connect to the Government Virtual Private Network (VPN).

(Malicious Code) A coworker has asked if you want to download a programmer’s game to play at work. What should be your response?

I’ll pass

(Malicious Code) What are some examples of removable media?

Memory sticks, flash drives, or external hard drives

(Malicious Code) Which are examples of portable electronic devices (PEDs)?

laptops, fitness bands, tablets, smartphones, electric readers, and Bluetooth devices

(Malicious Code) What is a good practice to protect data on your home wireless systems?

Ensure that the wireless security features are properly configured.

(controlled unclassified information) Which of the following is NOT an example of CUI?

press release data

(controlled unclassified information) Which of the following is NOT correct way to protect CUI?

CUI may be stored on any password-protected system.

(Physical Security) which Cyberspace Protection Condition (CPCON) establishes a protection priority focus on critical and essential functions only?

(Answer) CPCON 2 (High: Critical and Essential Functions) – CPCON 1 (Very High: Critical Functions) CPCON 3 (Medium: Critical, Essential, and Support Functions) CPCON 4 (Low: All Functions) CPCON 5 (Very Low: All Functions)

(Identity Management) What certificates are contained on the Common Access Card (CAC)?

Identification, encryption, and digital signature

(Identity Management) Which of the following is an example of two-factor authentication?

Your password and the second commonly includes a text with a code sent to your phone

(Sensitive Information) What guidance is available from marking Sensitive Information information (SCI)?

Security Classification Guide (SCG)

(Sensitive Information) What must the dissemination of information regarding intelligence sources, methods, or activities follow?

The Director of National Intelligence.

(removable media) If an incident occurs involving removable media in a Sensitive Compartmented Information Facility (SCIF), what action should you take?

Notify your security point of contact

Which of the following actions can help to protect your identity?

Order a credit report annually

What is whaling?

(A type of phishing targeted at senior officials)

Which is a best practice that can prevent viruses and other malicious code from being downloaded when checking your e-mail?

Do not access website links, buttons, or graphics in e-mail

What type of social engineering targets particular individuals, groups of people, or organizations?

Spear phishing

(Travel) Which of the following is a concern when using your Government-issued laptop in public?

Others may be able to view your screen.

(GFE) When can you check personal e-mail on your Government-furnished equipment (GFE)?

If allowed by organizational policy

(Mobile Devices) Which of the following statements is true?

Mobile devices and applications can track your location without your knowledge or consent.

(Mobile Devices) When can you use removable media on a Government system?

When operationally necessary, owned by your organization, and approved by the appropriate authority

(Home computer) Which of the following is best practice for securing your home computer?

Create separate accounts for each user

*SPILLAGE*
Which of the following may be helpful to prevent spillage?

Be aware of classification markings and all handling caveats.

*SPILLAGE*
Which of the following may be helpful to prevent spillage?

Label all files, removable media, and subject headers with appropriate classification markings.

* CLASSIFIED DATA*
Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization?

Secret

*CLASSIFIED DATA*
What is a good practice to protect classified information?

Ensure proper labeling by appropriately marking all classified material and, when required, sensitive material.

*INSIDER THREAT*
Based on the description below how many potential insider threat indicators are present? A colleague often makes others uneasy by being persistent in trying to obtain information about classified projects to which he has no access, is boisterous about his wife putting them in credit card debt, and often complains about anxiety and exhaustion display?

3 or more indicators

*INSIDER THREAT*
What threat do insiders with authorized access to information or information systems pose?

They may wittingly or unwittingly use their authorized access to perform actions that result in the loss or degradation of resources or capabilities.

*SOCIAL NETWORKING*
When is the safest time to post details of your vacation activities on your social networking profile?

After you have returned home following the vacation.

*UNCONTROLLED CLASSIFIED INFORMATION*
Which of the following is NOT an example of CUI?

Press release data

Select the information on the data sheet that is personally identifiable information (PII) But not protected health information (PHI)

Jane Jones
Social security number: 123-45-6789

Select the information on the data sheet that is protected health information (PHI)

Jane has been Dr…ect patient..ect.

*PHYSICAL SECURITY*
At which Cyberspace Protection Condition (CPCON) is the priority focus on critical and essential functions?

Answer: CPCON 2

*PHYSICAL SECURITY*
Within a secure area, you see an individual who you do not know and is not wearing a visible badge

Ask the individual to see an identification badge.

*IDENTITY MANAGEMENT*
What certificates does the Common Access Card (CAC) or Personal Identity Verification (PIV) card contain?

Identification, encryption, and digital signature

*SENSITIVE COMPARTMENTED INFORMATION*
When faxing Sensitive Compartmented Information (SCI), what actions should you take?

Mark SCI documents appropriately and use an approved SCI fax machine.

*REMOVABLE MEDIA IN A SCIF*
What action should you take when using removable media in a Sensitive Compartmented Information Facility (SCIF)?

Identify and disclose it with local Configuration/Change Management Control and Property Management authorities

Which of the following is true of telework?

You must have permission from your organization.

*MALICIOUS CODE*
Which of the following is NOT a way malicious code spreads?

Legitimate software updates

*WEBSITE USE*
Which of the following statements is true of cookies?

You should only accept cookies from reputable, trusted websites.

*SOCIAL ENGINEERING*
How can you protect yourself from internet hoaxes?

Use online sites to confirm or expose potential hoaxes

*SOCIAL ENGINEERING*
What action should you take with an e-mail from a friend containing a compressed Uniform Resource Locator (URL)?

Investigate the link’s actual destination using the preview feature

*TRAVEL*
Which of the following is a concern when using your Government-issued laptop in public?

Others may be able to view your screen.

*USE OF GFE*
What is a critical consideration on using cloud-based file sharing and storage applications on your Government-furnished equipment (GFE)?

Determine if the software or service is authorized

*MOBILE DEVICES*
Which of the following is an example of near field communication (NFC)?

A smartphone that transmits credit card payment information when held in proximity to a credit card reader.

*MOBILE DEVICES*
Which of the following is an example of removable media?

Flash Drive

*HOME COMPUTER SECURITY*
Which of the following is a best practice for securing your home computer?

Create separate accounts for each user.

*Spillage
A user writes down details marked as Secret from a report stored on a classified system and uses those details to draft a briefing on an unclassified system without authorization. What is the best choice to describe what has occurred?

Spillage because classified data was moved to a lower classification level system without authorization.

*Spillage
What should you do when you are working on an unclassified system and receive an email with a classified attachment?

Call your security point of contact immediately

*Spillage
Which of the following demonstrates proper protection of mobile devices?

Linda encrypts all of the sensitive data on her government-issued mobile devices.

*Spillage
What should you do if a reporter asks you about potentially classified information on the web?

Ask for information about the website, including the URL.

*Spillage
.What should you do if a reporter asks you about potentially classified information on the web?

Refer the reporter to your organization’s public affairs office.

*Spillage
What is a proper response if spillage occurs?

~Immediately notify your security POC.

**Classified Data
When classified data is not in use, how can you protect it?

Store classified data appropriately in a GSA-approved vault/container.

**Classified Data
What is required for an individual to access classified data?

Appropriate clearance, a signed and approved non-disclosure agreement, and need-to-know

**Classified Data
Which classification level is given to information that could reasonably be expected to cause serious damage to national security?

Secret

**Classified Data
What is a good practice to protect classified information?

Ensure proper labeling by appropriately marking all classified material and, when required, sensitive material.

**Classified Data
Which of the following can an unauthorized disclosure of information classified as Confidential reasonably be expected to cause?

Damage to national security

**Insider Threat
A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. How many potential insider threat indicators does this employee display?

1 Indicator(wrong)
~3 or more indicators

**Insider Threat
A colleague vacations at the beach every year, is married and a father of four, his work quality is sometimes poor, and he is pleasant to work with. How many potential insider threat indicators does this employee display?

0 indicators

**Insider Threat
How many potential insider threat indicators does a coworker who often makes others uneasy by being persistent in trying to obtain information about classified projects to which he has no access, is boisterous about his wife putting them in credit card debt, and often complains about anxiety and exhaustion display?

3 or more indicators

**Insider Threat
How many potential insider threat indicators does a person who is playful and charming, consistently wins performance awards, but is occasionally aggressive in trying to access sensitive information display?

1 indicator

**Insider Threat
What advantages do “insider threats” have over others that allows them to cause damage to their organizations more easily?

Insiders are given a level of trust and have authorized access to Government information systems

**Insider Threat
What type of activity or behavior should be reported as a potential insider threat?

Coworker making consistent statements indicative of hostility or anger toward the United States in its policies.

**Insider Threat
Which of the following should be reported as a potential security incident?

A coworker removes sensitive information without authorization

**Insider Threat
Which of the following should be reported as a potential security incident (in accordance with you Agency’s insider threat policy)?

~A coworker brings a personal electronic device into a prohibited area.

**Social Networking
When is the safest time to post details of your vacation activities on your social networking website?

When vacation is over, after you have returned home

**Social Networking
What should you do if you receive a game application request that includes permission to access your friends, profile information, cookies, and sires visited?

Decline the request

*Sensitive Information
Under which circumstances is it permitted to share an unclassified draft document with a non-DoD professional discussion group?

As long as the document is cleared for public release, you may share it outside of DoD.

*Sensitive Information
What is the best example of Personally Identifiable Information (PII)?

Date and place of birth

*Sensitive Information
Which of the following is the best example of Personally Identifiable Information (PII)?

Passport number

*Sensitive Information
Which of the following is an example of Protected Health Information (PHI)?

Medical test results

*Sensitive Information
What type of unclassified material should always be marked with a special handling caveat?

For Official Use Only (FOUO)

*Sensitive Information
Under what circumstances could classified information be considered a threat to national security?

If aggregated, the information could become classified.

**Physical Security
What is a good practice for physical security?

Challenge people without proper badges.

**Physical Security
At which Cyberspace Protection Condition (CPCON) is the priority focus on critical functions only?

CPCON 1

**Identity Management
Your DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approved for access to the NIPRNet. In which situation below are you permitted to use your PKI token?

On a NIPRNet system while using it for a PKI-required task

**Identity Management
Which of the following is the nest description of two-factor authentication?

Something you possess, like a CAC, and something you know, like a PIN or password

**Identity management
Which is NOT a sufficient way to protect your identity?

Use a common password for all your system and application logons.

**Identity management
What is the best way to protect your Common Access Card (CAC)?

Maintain possession of it at all times.

*Sensitive Compartmented Information
What is a Sensitive Compartmented Information (SCI) program?

A program that segregates various type of classified information into distinct compartments for added protection and dissemination for distribution control.

*Sensitive Compartmented Information
Which of the following best describes the compromise of Sensitive Compartmented Information (SCI)?

A person who does not have the required clearance or assess caveats comes into possession of SCI in any manner.

*Sensitive Compartmented Information
When should documents be marked within a Sensitive Compartmented Information Facility (SCIF)

~All documents should be appropriately marked, regardless of format, sensitivity, or classification.
Unclassified documents do not need to be marked as a SCIF.
Only paper documents that are in open storage need to be marked.
Only documents that are classified Secret, Top Secret, or SCI require marking. (Wrong)

*Sensitive Compartmented Information
Which must be approved and signed by a cognizant Original Classification Authority (OCA)?

Security Classification Guide (SCG)

**Removable Media in a SCIF
What must users ensure when using removable media such as compact disk (CD)?

It displays a label showing maximum classification, date of creation, point of contact, and Change Management 9CM) Control Number.

*Malicious Code
What are some examples of malicious code?

Viruses, Trojan horses, or worms

**Website Use
While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. The website requires a credit card for registration. What should you do?

Since the URL does not start with “https,” do not provide you credit card information.

**Social Engineering
Which of the following is a practice that helps to prevent the download of viruses and other malicious code when checking your email?

Do not access links or hyperlinked media such as buttons and graphics in email messages.

**Social Engineering
What is TRUE of a phishing attack?

Phishing can be an email with a hyperlink as bait.

**Social Engineering
Which of the following is a way to protect against social engineering?

Follow instructions given only by verified personnel.

**Travel
What is a best practice while traveling with mobile computing devices?

Maintain possession of your laptop and other government-furnished equipment (GFE) at all times.

**Use of GFE
Under what circumstances is it acceptable to use your Government-furnished computer to check personal e-mail and do other non-work-related activities?

If allowed by organizational policy

**Mobile Devices
Which is a rule for removable media, other portable electronic devices (PEDs), and mobile computing devices to protect Government systems?

Do not use any personally owned/non-organizational removable media on your organization’s systems.

**Mobile Devices
Which of the following helps protect data on your personal mobile devices?

Secure personal mobile devices to the same level as Government-issued systems.

**Home Computer Security
How can you protect your information when using wireless technology?

Avoid using non-Bluetooth-paired or unencrypted wireless computer peripherals.

What is the best response if you find classified government data on the internet?

Note any identifying information, such as the website’s URL, and report the situation to your security POC.

What information posted publicly on your personal social networking profile represents a security risk?

Your place of birth

What is the best example of Protected Health Information (PHI)?

Your health insurance explanation of benefits (EOB)

What does Personally Identifiable Information (PII) include?

Social Security Number; date and place of birth; mother’s maiden name

What certificates are contained on the DoD Public Key Infrastructure (PKI) implemented by the Common Access Card (CAC)/Personal Identity Verification (PIV) card?

Identification, encryption, and digital signature

What describes how Sensitive Compartmented Information is marked?

Approved Security Classification Guide (SCG)

Which is a risk associated with removable media?

Spillage of classified information.

What is an indication that malicious code is running on your system?

File corruption

What is a valid response when identity theft occurs?

Report the crime to local law enforcement.

What is whaling?

A type of phishing targeted at high-level personnel such as senior officials.

What is a best practice to protect data on your mobile computing device?

Lock your device screen when not in use and require a password to reactivate.

What is a possible indication of a malicious code attack in progress?

A pop-up window that flashes and warns that your computer is infected with a virus.

Which of the following may be helpful to prevent inadvertent spillage?

Which of the following may be helpful to prevent inadvertent spillage?

What should you do after you have ended a call from a reporter asking you to confirm potentially classified info found on the web?

Alert your security point of contact.

Which of the following is NOT an example of sensitive information?

Which of the following is NOT an example of sensitive information?

PII

SSN, date and place of birth, mother’s maiden name, biometric records, PHI, passport number

PHI

Subset of PII, health information that identifies the individual, relates to physical or mental health of an individual, provision of health care to an individual, or payment of healthcare for individual

Which of the following is NOT a typical result from running malicious code?

Disable cookies

What kind of information could reasonably be expected to cause serious damage to national security in the event of unauthorized disclosure?

Secret

Telework

Have your permissions from your organization, follow your organization guideline, use authorized equipment and software, employ cyber security best practice, perform telework in dedicated when home.

Which of the following should be reported as a potential security incident (in accordance with your Agency’s insider threat policy)?

A coworker brings a personal electronic device into prohibited areas.

A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complains about the credit card bills that his wife runs up. How many potential insider threat indicators does this employee display?

3 or more indicators

A colleague has won 10 high-performance awards, can be playful and charming, is not currently in a relationship, and occasionally aggressive in trying to access sensitive information. How many potential insider threat indicators does this employee display?

1 indicator

What information most likely presents a security risk on your personal social networking profile?

Mother’s maiden name

Which of the following represents a good physical security practice?

Use your own security badge, key code, or Common Access Card (CAC)/Personal Identity Verification (PIC) card.

How should you protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card?

Store it in a shielded sleeve to avoid chip cloning.

Which of the following statements is NOT true about protecting your virtual identity?

Use personal information to help create strong passwords.

While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. The website requires a credit card for registration. What should you do?

Since the URL does not start with “https,” do not provide your credit card information.

You receive an email from the Internal Revenue Service (IRS) demanding immediate payment of back taxes of which you were not aware. The email provides a website and a toll-free number where you can make payment. What action should you take?

Contact the IRS using their publicly available, official contact information.

Which of the following is a practice that helps to prevent the download of viruses and other malicious code when checking your email?

Do not access links or hyperlinked media such as buttons and graphics in email messages.

Which of the following is NOT true of traveling overseas with a mobile phone?

Physical security of mobile phones carried overseas is not a major issue.

A coworker has asked if you want to download a programmer’s game to play at work. What should be your response?

I’ll pass.

A coworker wants to send you a sensitive document to review while you are at lunch and you only have your personal tablet. What should you do?

Never allow sensitive data on non-Government-issued mobile devices.

A man you do not know is trying to look at your Government-issued phone and has asked to use it. What should you do?

Decline to lend the man your phone.

How can you protect your information when using wireless technology?

Avoid using non-Bluetooth-paired or unencrypted wireless computer peripherals.

What should you do if a reporter asks you about potentially classified information on the web?

Neither confirm or deny the information is classified.

Which of the following may be helpful to prevent inadvertent spillage?

Label all files, removable media, and subject headers with appropriate classification markings.

What kind of information could reasonably be expected to cause serious damage to national security in the event of unauthorized disclosure?

Secret

Which of the following is NOT true concerning a computer labeled SECRET?

May be used on an unclassified network.

A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complains about the credit card bills that his wife runs up. How many potential insider threat indicators does this employee display?

3 or more indicators

Which of the following should be reported as a potential security incident?

A coworker removes sensitive information without approval.

Which of the following should be reported as a potential security incident (in accordance with your Agency’s insider threat policy)?

A coworker brings a personal electronic device into prohibited areas.

When would be a good time to post your vacation location and dates on your social networking website?

When you return from your vacation.

In setting up your personal social networking service account, what email address should you use?

Your personal email address.

Which of the following is NOT a correct way to protect sensitive information?

Sensitive information may be stored on any password-protected system.

Which of these is true of unclassified data?

It’s classification level may rise when aggregated.

Is it permitted to share an unclassified draft document with a non-DoD professional discussion group?

As long as the document is cleared for public release, you may share it outside of DoD.

Within a secure area, you see an individual you do not know. Her badge is not visible to you. What is the best course of action?

Ask the individual to identify herself.

How should you protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card?

Store it in a shielded sleeve to avoid chip cloning.

Your DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approves for access to the NIPRNET. In which situation below are you permitted to use your PKI token?

On a NIPRNET system while using it for a PKI-required task

After clicking on a link on a website, a box pops up and asks if you want to run an application. Is it okay to run it?

No. Only allow mobile code to run from your organization or your organization’s trusted sites.

Upon connecting your Government- issued laptop to a public wireless connection, what should you immediately do?

Connect to the Government Virtual Private Network (VPN).

What do you do if spillage occurs?

Immediately notify your security point of contact.

What should you do after you have ended a call from a reporter asking you to confirm potentially classified information found on the web?

Alert your security point of contact.

Which of the following is NOT a requirement for telework?

You must possess security clearance eligibility to telework.

Who can be permitted access to classified data?

Only persons with appropriate clearance, a non-disclosure agreement, and need-to-know can access classified data.

A colleague has won 10 high-performance awards, can be playful and charming, is not currently in a relationship, and is occasionally aggressive in trying to access sensitive information. How many potential insiders threat indicators does this employee display?

1 indicator

A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. How many potential insiders threat indicators does this employee display?

3 or more indicators

A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complains about the credit card bills that his wife runs up. How many potential insiders threat indicators does this employee display?

3 or more indicators

In setting up your personal social networking service account, what email address should you use?

Your personal email address

What information most likely presents a security risk on your personal social networking profile?

Your place of birth

Which may be a security issue with compressed Uniform Resource Locators (URLs)?

There is no way to know where the link actually leads.

Which of the following is NOT an example of sensitive information?

Press release data

Is it permitted to share an unclassified draft document with a non-DoD professional discussion group?

As long as the document is cleared for public release, you may release it outside of DoD

Which of the following is an example of Protected Health Information (PHI)?

I’ve tried all the answers and it still tells me off. Examples are: Patient names, Social Security numbers, Driver’s license numbers, insurance details, and birth dates

Which of the following represents a good physical security practice?

Use your own security badge, key code, or Common Access Card (CAC)/Personal Identity Verification (PIC) card.

Which of the following is NOT a good way to protect your identity?

Use a single, complex password for your system and application logons.

Which of the following statements is TRUE about the use of DoD Public Key Infrastructure (PKI) tokens?

Always use DoD PKI tokens within their designated classification level.

Which of the following is NOT a typical means for spreading malicious code?

Patching from a trusted source

Which of the following is a practice that helps to protect you from identity theft?

Ordering a credit report annually

Which of the following is a practice that helps to prevent the download of viruses and other malicious code when checking your email?

Do not access links or hyperlinked media such as buttons and graphics in email messages.

You receive an unexpected email from a friend: “I think you’ll like this: https://tinyurl.com/2fcbvy.” What action should you take?

Use TinyURL’s preview feature to investigate where the link leads.

You receive an email from the Internal Revenue Service (IRS) demanding immediate payment of back taxes of which you were not aware. The email provides a website and a toll-free number where you can make payment. What action should you take?

Contact the IRS

When using your government-issued laptop in public environments, with which of the following should you be concerned?

The potential for unauthorized viewing of work-related information displayed on your screen.

Under what circumstances is it acceptable to check personal email on Government-furnished equipment (GFE)?

If your organization allows it.

Which of the following is NOT a best practice to protect data on your mobile computing device?

Lock your device screen when not in use and require a password to reactivate.

When checking in at the airline counter for a business trip, you are asked if you would like to check your laptop bag. This bag contains your government-issued laptop. What should you do?

I’ve tried all the answers and it still tells me off, part 2. Decline So That You Maintain Physical Control of Your Government-Issued Laptop.

How can you protect your information when using wireless technology?

Avoid using non-Bluetooth-paired or unencrypted wireless computer peripherals.

Are you a Boot B*cht?

Yes

It is getting late on Friday. You are reviewing your employees annual self evaluation. Your comments are due on Monday. You can email your employees information to yourself so you can work on it this weekend and go home now. Which method would be the BEST way to send this information?

Use the government email system so you can encrypt the information and open the email on your government issued laptop

What should you do if someone asks to use your government issued mobile device (phone/laptop..etc)?

Decline to lend your phone / laptop

Where should you store PII / PHI?

Information should be secured in a cabinet or container while not in use

Of the following, which is NOT an intelligence community mandate for passwords?

Maximum password age of 45 days

Which of the following is NOT Government computer misuse?

Checking work email

Which is NOT a telework guideline?

Taking classified documents from your workspace

What should you do if someone forgets their access badge (physical access)?

Alert the security office

What can you do to protect yourself against phishing?

All of the above

What should you do to protect classified data?

Answer 1 and 2 are correct

What action is recommended when somebody calls you to inquire about your work environment or specific account information?

Ask them to verify their name and office number

If classified information were released, which classification level would result in “Exceptionally grave damage to national security”?

Top Secret

Which of the following is NOT considered sensitive information?

Sanitized information gathered from personnel records

Which of the following is NOT a criterion used to grant an individual access to classified data?

Senior government personnel, military or civilian

Of the following, which is NOT a problem or concern of an Internet hoax?

Directing you to a website that looks real

Media containing Privacy Act information, PII, and PHI is not required to be labeled.

FALSE

Which of the following is NOT a home security best practice?

Setting weekly time for virus scan when you are not on the computer and it is powered off

Which of the following best describes wireless technology?

It is inherently not a secure technology

You are leaving the building where you work. What should you do?

Remove your security badge

Which of the following is a good practice to avoid email viruses?

Delete email from senders you do not know

What is considered a mobile computing device and therefore shouldn’t be plugged in to your Government computer?

All of the above

Which is NOT a way to protect removable media?

As a best practice, labeling all classified removable media and considering all unlabeled removable media as unclassified

What is NOT Personally Identifiable Information (PII)?

Hobby

Of the following, which is NOT a method to protect sensitive information?

After work hours, storing sensitive information in unlocked containers, desks, or cabinets if security is not present

There are many travel tips for mobile computing. Which of the following is NOT one?

When using a public device with a card reader, only use your DoD CAC to access unclassified information

The use of webmail is

is only allowed if the organization permits it

What is considered ethical use of the Government email system?

Distributing Company newsletter

Which of the following attacks target high ranking officials and executives?

Whaling

What constitutes a strong password?

all of the above

You are logged on to your unclassified computer and just received an encrypted email from a co-worker. The email has an attachment whose name contains the word “secret”. What should you do?

Contact your security POC right away

Which is a way to protect against phishing attacks?

Look for digital certificates

You receive an email from a company you have an account with. The email states your account has been compromised and you are invited to click on the link in order to reset your password. What action should you take?

Notify security

You are having lunch at a local restaurant outside the installation, and you find a cd labeled “favorite song”. What should you do?

Leave the cd where it is

How should you securely transport company information on a removable media?

Encrypt the removable media

Should you always label your removable media?

Yes

Which of the following is NOT Protected Health Information (PHI)?

Medical care facility name

If authorized, what can be done on a work computer?

Check personal email

Spear Phishing attacks commonly attempt to impersonate email from trusted entities. What security device is used in email to verify the identity of sender?

Digital Signatures

What type of security is “part of your responsibility” and “placed above all else?”

Physical

If your wireless device is improperly configured someone could gain control of the device? T/F

TRUE

Which of the following is a proper way to secure your CAC/PIV?

Remove and take it with you whenever you leave your workstation

What actions should you take prior to leaving the work environment and going to lunch?

All of the above

P2P (Peer-to-Peer) software can do the following except:

Allow attackers physical access to network assets

How can you guard yourself against Identity theft?

All of the above

When leaving your work area, what is the first thing you should do?

Remove your CAC/PIV

Using webmail may bypass built in security features.

TRUE

Of the following, which is NOT a characteristic of a phishing attempt?

Directing you to a web site that is real

Classified Information can only be accessed by individuals with

All of the above

Which of the following definitions is true about disclosure of confidential information?

Damage to national security

It is permissible to release unclassified information to the public prior to being cleared.

False

Which of the following is NOT sensitive information?

Unclassified information cleared for public release

Which is NOT a method of protecting classified data?

Assuming open storage is always authorized in a secure facility

What can you do to prevent spillage?

all of the above

Which of the following makes Alex’s personal information vulnerable to attacks by identity thieves?

Carrying his Social Security Card with him

DoD employees are prohibited from using a DoD CAC in card-reader-enabled public device

TRUE

Which of the following is an example of malicious code?

Trojan horses

Which of the following is NOT PII?

Mother’s maiden name

Classified Information is

Assigned a classification level by a supervisor

Maria is at home shopping for shoes on Amazon.com. Before long she has also purchased shoes from several other websites. What can be used to track Maria’s web browsing habits?

Cookies

Which is an untrue statement about unclassified data?

If aggregated, the classification of the information may not be changed

A medium secure password has at least 15 characters and one of the following.

Special character

PII, PHI, and financial information is classified as what type of information?

Sensitive

The CAC/PIV is a controlled item and contains certificates for:

All of the above

An individual who has attempted to access sensitive information without need-to-know and has made unusual requests for sensitive information is displaying indicators of what?

Potential Insider Threat

Which of the following is NOT a social engineering tip?

Following instructions from verified personnel

Bob, a coworker, has been going through a divorce, has financial difficulties and is displaying hostile behavior. How many potential insider threat indicators is Bob displaying?

3

You are working at your unclassified system and receive an email from a coworker containing a classified attachment. What should you do?

Alert your security POC

You check your bank statement and see several debits you did not authorize. You believe that you are a victim of identity theft. Which of the following should you do immediately?

Monitor credit card statements for unauthorized purchases

Thumb drives, memory sticks, and flash drives are examples of

Removable media

What information relates to the physical or mental health of an individual?

PHI

What should be done if you find classified Government Data/Information Not Cleared for Public Release on the Internet?

Make note of any identifying information and the website URL and report it to your security office

All https sites are legitimate and there is no risk to entering your personal info online.

FALSE

When using a fax machine to send sensitive information, the sender should do which of the following?

Contact the recipient to confirm receipt

What should be done to protect against insider threats?

Report any suspicious behavior

Which of the following is NOT a potential insider threat?

Member of a religion or faith

Of the following, which is NOT a security awareness tip?

Remove security badge as you enter a restaurant or retail establishment

ActiveX is a type of this?

Mobile code

Which of the following is NOT a security best practice when saving cookies to a hard drive?

Looking for “https” in the URL. All https sites are legitimate.

Which is NOT a requirement for telework?

Telework is only authorized for unclassified and confidential information

Someone calls from an unknown number and says they are from IT and need some information about your computer. What should you do?

Request the user’s full name and phone number

Which is NOT a wireless security practice?

Turning off computer when not in use

Malicious code can do the following except?

Make your computer more secure

What type of data must be handled and stored properly based on classification markings and handling caveats?

Classified

What information should you avoid posting on social networking sites?

All of the above

A coworker has left an unknown CD on your desk. What should you do?

Put the CD in the trash

Which of the following is NOT a DoD special requirement for tokens?

Using NIPRNet tokens on systems of higher classification level

UNCLASSIFIED is a designation to mark information that does not have potential to damage national security.

TRUE

You receive a call on your work phone and you’re asked to participate in a phone survey. As part of the survey the caller asks for birth date and address. What type of attack might this be?

Social Engineering

“Spillage” occurs when

Personal information is inadvertently posted at a website

What should be done to sensitive data on laptops and other mobile computing devices?

Encrypt the sensitive data

Which of the following should be done to keep your home computer secure?

All of the above

How are Trojan horses, worms, and malicious scripts spread?

By email attachments

The following practices help prevent viruses and the downloading of malicious code except.

Scan external files from only unverifiable sources before uploading to computer

Cyber Awareness Challenge 2022 Answers

1. Who is responsible for information/data security?
   a) The IT department
   b) Security contractors
   c) Management
   d) All computer and system users

2. Which of the following is a clue to recognizing a phishing email?
   a) Link to unknown website
   b) Sender’s email address not recognized
   c) Threats or promises of reward
   d) a, b, and c

3. What does MFA stand for?
   a) Most Favored Ally
   b) Multi-Factor Authentication
   c) Mechanical Function Automation
   d) Many-Fingered Athlete

4. When traveling or working away from your main location, what steps should you take to protect your devices and data?
   a) Do not connect to “free wi-fi”
   b) When connecting to your organization’s network, use a VPN program (Virtual Private Network)
   c) Make sure no one is reading your password or data over your shoulder
   d) a, b and c

5. If you receive a phone call from a stranger asking for information about your invoice payment process, you should:
   a) Provide full and complete answers to all questions
   b) Take all questions down and send answers via email
   c) Answer only questions for which you know the answer for sure
   d) Do not answer questions, but take the caller’s contact info, and consult your IT department and purchasing department

6. Crucial information about a user or organization can be gained through
   a) A phone call
   b) An email with no attachments
   c) A text message
   d) a, b, and c

7. True or False – There is no danger related to clicking on internet links or attachments that come to your email box since the organization’s firewall and virus scan have approved it.

8. True or False – The address an email comes from cannot be faked.

9. True or False – If you click on a unknown link or attachment in an email and then wonder “what you just clicked”, you should wait five minutes to make sure nothing happens and there is no need to contact the IT department.

10. True or False – When disposing of old computers or other electronic devices, emptying the recycle bin or “trash can” and signing out is all that is required.

*Spillage After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. You know that this project is classified. How should you respond?

Attempt to change the subject to something non-work related, but neither confirm nor deny the article’s authenticity

*Spillage Which of the following may help to prevent spillage?

Label all files, removable media, and subject headers with appropriate classification markings.

*Spillage A user writes down details marked as Secret from a report stored on a classified system and uses those details to draft a briefing on an unclassified system without authorization. What is the best choice to describe what has occurred?

Spillage because classified data was moved to a lower classification level system without authorization.

*Spillage What should you do when you are working on an unclassified system and receive an email with a classified attachment?

Call your security point of contact immediately

*Spillage What should you do if a reporter asks you about potentially classified information on the web?

Ask for information about the website, including the URL.

*Spillage .What should you do if a reporter asks you about potentially classified information on the web?

Refer the reporter to your organization’s public affairs office.

*Spillage What should you do if you suspect spillage has occurred?

Immediately notify your security point of contact

*Spillage Which of the following actions is appropriate after finding classified information on the Internet?

Note any identifying information and the website’s Uniform Resource Locator (URL)

**Classified Data When classified data is not in use, how can you protect it?

Store classified data appropriately in a GSA-approved vault/container.

**Classified Data What is required for an individual to access classified data?

Appropriate clearance, a signed and approved non-disclosure agreement, and need-to-know

**Classified Data Which classification level is given to information that could reasonably be expected to cause serious damage to national security?

Secret

**Classified Data Which of the following is a good practice to protect classified information?

Ensure proper labeling by appropriately marking all classified material and, when required, sensitive material

**Classified Data Which of the following is true of protecting classified data?

Classified material must be appropriately marked.

**Classified Data What level of damage can the unauthorized disclosure of information classified as Confidential reasonably be expected to cause?

Damage to national security

**Classified Data Which of the following is true of telework?

You must have permission from your organization.

**Classified Data Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization?

Secret

**Classified Data How should you protect a printed classified document when it is not in use?

Store it in a General Services Administration (GSA)-approved vault or container

**Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? A colleague vacations at the beach every year, is married and a father of four, sometimes has poor work quality, and works well with his team.

~0 indicator

**Insider Threat How many potential insider threat indicators does a coworker who often makes others uneasy by being persistent in trying to obtain information about classified projects to which he has no access, is boisterous about his wife putting them in credit card debt, and often complains about anxiety and exhaustion display?

3 or more indicators

**Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? A colleague is playful and charming, consistently wins performance awards, and is occasionally aggressive in trying to access classified information.

1 indicator

**Insider Threat What advantages do “insider threats” have over others that allows them to cause damage to their organizations more easily?

Insiders are given a level of trust and have authorized access to Government information systems

**Insider Threat What type of activity or behavior should be reported as a potential insider threat?

Coworker making consistent statements indicative of hostility or anger toward the United States in its policies.

**Insider Threat Which of the following should be reported as a potential security incident?

A coworker removes sensitive information without authorization

**Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? A colleague often makes others uneasy with her persistent efforts to obtain information about classified project where she has no need-to-know, is vocal about her husband overspending on credit cards, and complains about anxiety and exhaustion.

3 or more indicators

**Insider Threat Which type of behavior should you report as a potential insider threat?

Hostility or anger toward the United States and its policies

**Insider Threat Which of the following is NOT considered a potential insider threat indicator?

Treated mental health issues

**Insider Threat What do insiders with authorized access to information or information systems pose?

**Social Networking When is the safest time to post details of your vacation activities on your social networking profile?

After you have returned home following the vacation

**Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? A colleague abruptly becomes hostile and unpleasant after previously enjoying positive working relationships with peers, purchases an unusually expensive car, and has unexplained absences from work.

3 or more indicators

*Insider Threat Which of the following is a potential insider threat indicator?

Interest in learning a foreign language

*Insider Threat Which of the following is a reportable insider threat activity?

Attempting to access sensitive information without need-to-know

In addition to avoiding the temptation of greed to betray his country, what should Alex do differently?

Avoid talking about work outside of the workplace or with people without a need-to-know

How many insider threat indicators does Alex demonstrate?

Three or more

What should Alex’s colleagues do?

Report the suspicious behavior in accordance with their organization’s insider threat policy

**Insider Threat What function do Insider Threat Programs aim to fulfill?

Proactively identify potential threats and formulate holistic mitigation responses

**Social Networking What should you do if you receive a game application request that includes permission to access your friends, profile information, cookies, and sites visited?

Decline the request

**Social Networking Which of the following information is a security risk when posted publicly on your social networking profile?

Your personal e-mail address

**Social Networking Which of the following information is a security risk when posted publicly on your social networking profile?

Your mother’s maiden name

**Social Networking Your cousin posted a link to an article with an incendiary headline on social media. What action should you take?

Research the source of the article to evaluate its credibility and reliability

**Social Networking Which of the following best describes the sources that contribute to your online identity?

Data about you collected from all sites, apps, and devices that you use can be aggregated to form a profile of you.

**Social Networking As someone who works with classified information, what should you do if you are contacted by a foreign national seeking information on a research project?

Inform your security point of contact

**Social Networking Which piece if information is safest to include on your social media profile?

Photos of your pet

**Social Networking Which piece if information is safest to include on your social media profile?

Your favorite movie

How can you protect your organization on social networking sites?

Ensure there are no identifiable landmarks visible in any photos taken in a work setting that you post

*Controlled Unclassified Information Which of the following is NOT an example of CUI?

Press release data

*Controlled Unclassified Information Which of the following is NOT a correct way to protect CUI?

CUI may be stored on any password-protected system.

*Controlled Unclassified Information Which is a best practice for protecting Controlled Unclassified Information (CUI)?

Store it in a locked desk drawer after working hours.

Which of the following is not Controlled Unclassified Information (CUI)?

Press release data

Which of the following is true of Unclassified information?

It does not require markings or distribution controls

Which of the following includes Personally Identifiable Information (PII) and Protected Health Information (PHI)?

**Physical Security What is a good practice for physical security?

Challenge people without proper badges.

**Physical Security Within a secure area, you see an individual who you do not know and is not wearing a visible badge. What should you do?

Ask the individual for identification

**Identity Management Your DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approved for access to the NIPRNet. In which situation below are you permitted to use your PKI token?

On a NIPRNet system while using it for a PKI-required task

**Identity Management Which of the following is the nest description of two-factor authentication?

Something you possess, like a CAC, and something you know, like a PIN or password

**Identity management Which is NOT a sufficient way to protect your identity?

Use a common password for all your system and application logons.

**Identity management What is the best way to protect your Common Access Card (CAC)?

Maintain possession of it at all times.

**Identity management Which of the following is NOT a best practice to preserve the authenticity of your identity?

Store your Common Access Card (CAC) or Personal Identity Verification (PIV) card in a shielded sleeve ~Write your password down on a device that only you access (e.g., your smartphone) Change your password at least every 3 months Enable two-factor authentication whenever available, even for personal accounts

**Identity management Which of the following is an example of two-factor authentication?

Your password and a code you receive via text message

**Identity management Which of the following is an example of a strong password?

eA1xy2!P

*Sensitive Compartmented Information What is Sensitive Compartmented Information (SCI)?

A program that segregates various types of classified information into distinct compartments for added protection and dissemination or distribution control

*Sensitive Compartmented Information Which of the following best describes the compromise of Sensitive Compartmented Information (SCI)?

A person who does not have the required clearance or assess caveats comes into possession of SCI in any manner.

*Sensitive Compartmented Information When should documents be marked within a Sensitive Compartmented Information Facility (SCIF)

~All documents should be appropriately marked, regardless of format, sensitivity, or classification. Unclassified documents do not need to be marked as a SCIF. Only paper documents that are in open storage need to be marked.

*Sensitive Compartmented Information Which must be approved and signed by a cognizant Original Classification Authority (OCA)?

Security Classification Guide (SCG)

*Sensitive Compartmented Information What must the dissemination of information regarding intelligence sources, methods, or activities follow?

Directives issued by the Director of National Intelligence

*Sensitive Compartmented Information When faxing Sensitive Compartmented Information (SCI), what actions should you take?

Mark SCI documents appropriately and use an approved SCI fax machine

**Removable Media in a SCIF What must users ensure when using removable media such as compact disk (CD)?

It displays a label showing maximum classification, date of creation, point of contact, and Change Management 9CM) Control Number.

**Removable Media in a SCIF What portable electronic devices (PEDs) are allowed in a Sensitive Compartmented Information Facility (SCIF)?

Government-owned PEDs when expressly authorized by your agency

**Removable Media in a SCIF What action should you take when using removable media in a Sensitive Compartmented Information Facility (SCIF)?

Identify and disclose it with local Configuration/Change Management Control and Property Management authorities

*Malicious Code What are some examples of malicious code?

Viruses, Trojan horses, or worms

*Malicious Code Which of the following is NOT a way that malicious code spreads?

Legitimate software updates

*Malicious Code After visiting a website on your Government device, a popup appears on your screen. The popup asks if you want to run an application. Is this safe?

No, you should only allow mobile code to run from your organization or your organization’s trusted sites.

**Website Use While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. The website requires a credit card for registration. What should you do?

Since the URL does not start with “https,” do not provide you credit card information.

**Website Use How should you respond to the theft of your identity?

Report the crime to local law enforcement

**Website Use Which of the following statements is true of cookies?

You should only accept cookies from reputable, trusted websites.

**Social Engineering Which is a best practice that can prevent viruses and other malicious code from being downloaded when checking your e-mail?

Do not access website links, buttons, or graphics in e-mail

**Social Engineering What is TRUE of a phishing attack?

Phishing can be an email with a hyperlink as bait.

**Social Engineering Which of the following is a way to protect against social engineering?

Follow instructions given only by verified personnel.

**Social Engineering What is whaling?

A type of phishing targeted at senior officials

**Social Engineering What action should you take with an e-mail from a friend containing a compressed Uniform Resource Locator (URL)?

Investigate the link’s actual destination using the preview feature

**Social Engineering How can you protect yourself from internet hoaxes?

Use online sites to confirm or expose potential hoaxes

**Social Engineering Which may be a security issue with compressed Uniform Resource Locators (URLs)?

They may be used to mask malicious intent.

**Travel What is a best practice while traveling with mobile computing devices?

Maintain possession of your laptop and other government-furnished equipment (GFE) at all times.

**Travel Which of the following is true of traveling overseas with a mobile phone?

It may be compromised as soon as you exit the plane.

**Travel What security risk does a public Wi-Fi connection pose?

It may expose the connected device to malware.

**Use of GFE When can you check personal e-mail on your Government-furnished equipment (GFE)?

If allowed by organizational policy

**Use of GFE What is a critical consideration on using cloud-based file sharing and storage applications on your Government-furnished equipment (GFE)?

Determine if the software or service is authorized

**Mobile Devices Which is a rule for removable media, other portable electronic devices (PEDs), and mobile computing devices to protect Government systems?

Do not use any personally owned/non-organizational removable media on your organization’s systems.

**Mobile Devices What can help to protect the data on your personal mobile device?

Secure it to the same level as Government-issued systems

**Mobile Devices What should you do when going through an airport security checkpoint with a Government-issued mobile device?

Maintain visual or physical control of the device

**Home Computer Security How can you protect your information when using wireless technology?

Avoid using non-Bluetooth-paired or unencrypted wireless computer peripherals.

**Home Computer Security What should you consider when using a wireless keyboard with your home computer?

Reviewing and configuring the available security features, including encryption

**Home Computer Security Which of the following is a best practice for securing your home computer?

Create separate accounts for each user

(Spillage) What should you do if a reporter asks you about potentially classified information on the web?

Refer the reporter to your organization’s public affairs office.

(Spillage) Which of the following is a good practice to aid in preventing spillage?

Be aware of classification markings and all handling caveats.

(Spillage) After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. You know this project is classified. What should be your response?

Attempt to change the subject to something non-work related, but neither confirm nor deny the article’s authenticity.

(Spillage) What should you do when you are working on an unclassified system and receive an email with a classified attachment?

Call your security point of contact immediately.

(Spillage) What is required for an individual to access classified data?

Appropriate clearance; signed and approved non-disclosure agreement; and need-to-know.

(Spillage) When classified data is not in use, how can you protect it?

Store classified data appropriately in a GSA-approved vault/container.

(Insider Threat) A colleague vacations at the beach every year, is married and a father of four, his work quality is sometimes poor, and he is pleasant to work with. How many potential insider threat indicators does this employee display?

0 indicators

(Insider Threat) Based on the description that follows, how many potential insider threat indicator(s) are displayed? A colleague is playful and charming, consistently wins performance awards, and is occasionally aggressive in trying to access classified information.

1 indicators

(Spillage) What type of activity or behavior should be reported as a potential insider threat?

Coworker making consistent statements indicative of hostility or anger toward the United States and its policies.

(Spillage) What advantages do “insider threats” have over others that allows them to cause damage to their organizations more easily?

Insiders are given a level of trust and have authorized access to Government information systems.

(Spillage) Which of the following is a best practice to protect information about you and your organization on social networking sites and applications?

Use only personal contact information when establishing personal social networking accounts, never use Government contact information.

(Spillage) When is the safest time to post details of your vacation activities on your social networking website?

When your vacation is over, after you have returned home

(social networking) When is the safest time to post details of your vacation activities on your social networking profile?

After you have returned home following the vacation

(Spillage) What level of damage can the unauthorized disclosure of information classified as confidential reasonably be expected to cause?

Damage to national security

(Spillage) Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization?

Secret

(Spillage) Which of the following practices may reduce your appeal as a target for adversaries seeking to exploit your insider status?

Remove your security badge after leaving your controlled area or office building.

(Sensitive Information) What type of unclassified material should always be marked with a special handling caveat?

For Official Use Only (FOUO)

(Sensitive Information) Which of the following is NOT an example of sensitive information?

Press release data

(Sensitive Information) Which of the following is true about unclassified data?

When unclassified data is aggregated, its classification level may rise.

(Sensitive Information) Which of the following represents a good physical security practice?

Use your own security badge, key code, or Common Access Card (CAC)/Personal Identity Verification (PIV) card.

(Sensitive Information) What certificates are contained on the Common Access Card (CAC)?

Identification, encryption, and digital signature

(Sensitive Information) What should you do if a commercial entity, such as a hotel reception desk, asks to make a photocopy of your Common Access Card (CAC) for proof of Federal Government employment?

Do not allow your CAC to be photocopied.

(Sensitive Compartmented Information) What describes how Sensitive Compartmented Information is marked?

Approved Security Classification Guide (SCG)

(Sensitive Compartmented Information) Which of the following best describes the compromise of Sensitive Compartmented Information (SCI)?

A person who does not have the required clearance or assess caveats comes into possession of SCI in any manner.

(Malicious Code) What are some examples of malicious code?

Viruses, Trojan horses, or worms

(Malicious Code) Which of the following is NOT a way that malicious code spreads?

Legitimate software updates

(Malicious Code) While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. The website requires a credit card for registration. What should you do?

Since the URL does not start with “https,” do not provide your credit card information.

(Malicious Code) Which email attachments are generally SAFE to open?

Attachments contained in a digitally signed email from someone known

(Malicious Code) What is a common indicator of a phishing attempt?

It includes a threat of dire circumstances.

(Malicious Code) Which of the following is true of Internet hoaxes?

They can be part of a distributed denial-of-service (DDoS) attack.

(Malicious Code) Upon connecting your Government-issued laptop to a public wireless connection, what should you immediately do?

Connect to the Government Virtual Private Network (VPN).

(Malicious Code) A coworker has asked if you want to download a programmer’s game to play at work. What should be your response?

I’ll pass

(Malicious Code) What are some examples of removable media?

Memory sticks, flash drives, or external hard drives

(Malicious Code) Which are examples of portable electronic devices (PEDs)?

laptops, fitness bands, tablets, smartphones, electric readers, and Bluetooth devices

(Malicious Code) What is a good practice to protect data on your home wireless systems?

Ensure that the wireless security features are properly configured.

(controlled unclassified information) Which of the following is NOT an example of CUI?

press release data

(controlled unclassified information) Which of the following is NOT correct way to protect CUI?

CUI may be stored on any password-protected system.

(Physical Security) which Cyberspace Protection Condition (CPCON) establishes a protection priority focus on critical and essential functions only?

(Answer) CPCON 2 (High: Critical and Essential Functions) – CPCON 1 (Very High: Critical Functions) CPCON 3 (Medium: Critical, Essential, and Support Functions) CPCON 4 (Low: All Functions) CPCON 5 (Very Low: All Functions)

(Identity Management) What certificates are contained on the Common Access Card (CAC)?

Identification, encryption, and digital signature

(Identity Management) Which of the following is an example of two-factor authentication?

Your password and the second commonly includes a text with a code sent to your phone

(Sensitive Information) What guidance is available from marking Sensitive Information information (SCI)?

Security Classification Guide (SCG)

(Sensitive Information) What must the dissemination of information regarding intelligence sources, methods, or activities follow?

The Director of National Intelligence.

(removable media) If an incident occurs involving removable media in a Sensitive Compartmented Information Facility (SCIF), what action should you take?

Notify your security point of contact

Which of the following actions can help to protect your identity?

Order a credit report annually

What is whaling?

Looking at your MOTHER, and screaming “THERE SHE BLOWS!!” (A type of phishing targeted at senior officials) Which is still your FAT A$$ MOTHER!

Which is a best practice that can prevent viruses and other malicious code from being downloaded when checking your e-mail?

Do not access website links, buttons, or graphics in e-mail

What type of social engineering targets particular individuals, groups of people, or organizations?

Spear phishing

(Travel) Which of the following is a concern when using your Government-issued laptop in public?

Others may be able to view your screen.

(GFE) When can you check personal e-mail on your Government-furnished equipment (GFE)?

If allowed by organizational policy

(Mobile Devices) Which of the following statements is true?

Mobile devices and applications can track your location without your knowledge or consent.

(Mobile Devices) When can you use removable media on a Government system?

When operationally necessary, owned by your organization, and approved by the appropriate authority

(Home computer) Which of the following is best practice for securing your home computer?

Create separate accounts for each user

*Spillage After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. You know this project is classified. What should be your response?

Attempt to change the subject to something non-work related, but neither confirm nor deny the article’s authenticity.

*Spillage Which of the following may help prevent inadvertent spillage?

Label all files, removable media, and subject headers with appropriate classification markings.

*Spillage A user writes down details marked as Secret from a report stored on a classified system and uses those details to draft a briefing on an unclassified system without authorization. What is the best choice to describe what has occurred?

Spillage because classified data was moved to a lower classification level system without authorization.

*Spillage What should you do when you are working on an unclassified system and receive an email with a classified attachment?

Call your security point of contact immediately

*Spillage What should you do if a reporter asks you about potentially classified information on the web?

Ask for information about the website, including the URL.

*Spillage .What should you do if a reporter asks you about potentially classified information on the web?

Refer the reporter to your organization’s public affairs office.

*Spillage What is a proper response if spillage occurs?

~Immediately notify your security POC.

*Spillage Which of the following is a good practice to aid in preventing spillage?

Be aware of classification markings and all handling caveats.

*Spillage You find information that you know to be classified on the Internet. what should you do?

Note the website’s URL and report the situation to your security point of contact.

**Classified Data When classified data is not in use, how can you protect it?

Store classified data appropriately in a GSA-approved vault/container.

**Classified Data What is required for an individual to access classified data?

Appropriate clearance, a signed and approved non-disclosure agreement, and need-to-know

**Classified Data Which classification level is given to information that could reasonably be expected to cause serious damage to national security?

Secret

**Classified Data What is a good practice to protect classified information?

Ensure proper labeling by appropriately marking all classified material and, when required, sensitive material.

**Classified Data Which of the following can an unauthorized disclosure of information classified as Confidential reasonably be expected to cause?

Damage to national security

**Classified Data Which of the following must you do before using and unclassified laptop and peripherals in a collateral environment?

Use personally-owned wired headsets and microphones only in designated areas

**Insider Threat Which of the following is NOT considered a potential insider threat indicator?

New interest in learning a foreign language

**Insider Threat A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. How many potential insider threat indicators does this employee display?

1 Indicator(wrong) ~3 or more indicators

**Insider Threat A colleague vacations at the beach every year, is married and a father of four, his work quality is sometimes poor, and he is pleasant to work with. How many potential insider threat indicators does this employee display?

1 indicator

**Insider Threat How many potential insider threat indicators does a coworker who often makes others uneasy by being persistent in trying to obtain information about classified projects to which he has no access, is boisterous about his wife putting them in credit card debt, and often complains about anxiety and exhaustion display?

3 or more indicators

**Insider Threat How many potential insider threat indicators does a person who is playful and charming, consistently wins performance awards, but is occasionally aggressive in trying to access sensitive information display?

1 indicator

**Insider Threat What advantages do “insider threats” have over others that allows them to cause damage to their organizations more easily?

Insiders are given a level of trust and have authorized access to Government information systems

**Insider Threat What type of activity or behavior should be reported as a potential insider threat?

Coworker making consistent statements indicative of hostility or anger toward the United States in its policies.

**Insider Threat Which of the following should be reported as a potential security incident?

A coworker removes sensitive information without authorization

**Insider Threat Which of the following should be reported as a potential security incident (in accordance with you Agency’s insider threat policy)?

~A coworker brings a personal electronic device into a prohibited area.

**Social Networking When is the safest time to post details of your vacation activities on your social networking website?

When vacation is over, after you have returned home

**Social Networking What should you do if you receive a game application request that includes permission to access your friends, profile information, cookies, and sires visited?

Decline the request

*Sensitive Information Under which circumstances is it permitted to share an unclassified draft document with a non-DoD professional discussion group?

As long as the document is cleared for public release, you may share it outside of DoD.

*Sensitive Information What is the best example of Personally Identifiable Information (PII)?

Date and place of birth

*Sensitive Information Which of the following is the best example of Personally Identifiable Information (PII)?

Passport number

*Sensitive Information Which of the following is an example of Protected Health Information (PHI)?

Medical test results

*Sensitive Information What type of unclassified material should always be marked with a special handling caveat?

For Official Use Only (FOUO)

*Sensitive Information Under what circumstances could classified information be considered a threat to national security?

If aggregated, the information could become classified.

**Physical Security What is a good practice for physical security?

Challenge people without proper badges.

**Identity Management Your DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approved for access to the NIPRNet. In which situation below are you permitted to use your PKI token?

On a NIPRNet system while using it for a PKI-required task

**Identity Management Which of the following is the nest description of two-factor authentication?

Something you possess, like a CAC, and something you know, like a PIN or password

**Identity management Which is NOT a sufficient way to protect your identity?

Use a common password for all your system and application logons.

**Identity management What is the best way to protect your Common Access Card (CAC)?

Maintain possession of it at all times.

*Sensitive Compartmented Information What is a Sensitive Compartmented Information (SCI) program?

A program that segregates various type of classified information into distinct compartments for added protection and dissemination for distribution control.

*Sensitive Compartmented Information Which of the following best describes the compromise of Sensitive Compartmented Information (SCI)?

A person who does not have the required clearance or assess caveats comes into possession of SCI in any manner.

*Sensitive Compartmented Information When should documents be marked within a Sensitive Compartmented Information Facility (SCIF)

~All documents should be appropriately marked, regardless of format, sensitivity, or classification. Unclassified documents do not need to be marked as a SCIF. Only paper documents that are in open storage need to be marked. Only documents that are classified Secret, Top Secret, or SCI require marking. (Wrong)

*Sensitive Compartmented Information Which must be approved and signed by a cognizant Original Classification Authority (OCA)?

Security Classification Guide (SCG)

**Removable Media in a SCIF What must users ensure when using removable media such as compact disk (CD)?

It displays a label showing maximum classification, date of creation, point of contact, and Change Management 9CM) Control Number.

*Malicious Code What are some examples of malicious code?

Viruses, Trojan horses, or worms

**Website Use While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. The website requires a credit card for registration. What should you do?

Since the URL does not start with “https,” do not provide you credit card information.

**Social Engineering Which of the following is a practice that helps to prevent the download of viruses and other malicious code when checking your email?

Do not access links or hyperlinked media such as buttons and graphics in email messages.

**Social Engineering What is TRUE of a phishing attack?

Phishing can be an email with a hyperlink as bait.

**Social Engineering Which of the following is a way to protect against social engineering?

Follow instructions given only by verified personnel.

**Travel What is a best practice while traveling with mobile computing devices?

Maintain possession of your laptop and other government-furnished equipment (GFE) at all times.

**Use of GFE Under what circumstances is it acceptable to use your Government-furnished computer to check personal e-mail and do other non-work-related activities?

If allowed by organizational policy

**Mobile Devices Which is a rule for removable media, other portable electronic devices (PEDs), and mobile computing devices to protect Government systems?

Do not use any personally owned/non-organizational removable media on your organization’s systems.

**Mobile Devices Which of the following helps protect data on your personal mobile devices?

Secure personal mobile devices to the same level as Government-issued systems.

**Home Computer Security How can you protect your information when using wireless technology?

Avoid using non-Bluetooth-paired or unencrypted wireless computer peripherals.

What is the best response if you find classified government data on the internet?

Note any identifying information, such as the website’s URL, and report the situation to your security POC.

What information posted publicly on your personal social networking profile represents a security risk?

Your place of birth

What is the best example of Protected Health Information (PHI)?

Your health insurance explanation of benefits (EOB)

What does Personally Identifiable Information (PII) include?

Social Security Number; date and place of birth; mother’s maiden name

What certificates are contained on the DoD Public Key Infrastructure (PKI) implemented by the Common Access Card (CAC)/Personal Identity Verification (PIV) card?

Identification, encryption, and digital signature

What describes how Sensitive Compartmented Information is marked?

Approved Security Classification Guide (SCG)

Which is a risk associated with removable media?

Spillage of classified information.

What is an indication that malicious code is running on your system?

File corruption

What is a valid response when identity theft occurs?

Report the crime to local law enforcement.

What is whaling?

A type of phishing targeted at high-level personnel such as senior officials.

What is a best practice to protect data on your mobile computing device?

Lock your device screen when not in use and require a password to reactivate.

What is a possible indication of a malicious code attack in progress?

A pop-up window that flashes and warns that your computer is infected with a virus.

Which two of the following describe prohibited actions? (Actions in Defense, pg. 5,6 of 9)

Using civilians to shield or make a military object immune from attack (correct)

Using civilians to shield one's military operations from the enemy (correct)

Forcibly evacuating civilians for their own security

Prohibiting the movement of civilians in order to conduct military operations without interference

Which two of the following cultural centers are most likely to qualify under the 1954 Hague Cultural Property Convention? (Protection of Cultural Property, pg. 2 of 10)

A center square containing monuments representing ancient cultures (correct)

A museum containing artifacts and historical writings (correct)

A new contemporary arts center

A leading performing arts center

Which two of the following statements are true about certain symbols such as the Red Cross and Red Crescent? (Good Faith and Perfidy, pg. 7 of 11)

May not be used for any other purpose (correct)

May only be used to identify a civilian object as protected under the Law of War (correct)

May be used to spy or commit sabotage

May be used to evade capture

What principle of the Law of War forbids the infliction of unnecessary suffering, injury, and destruction? (The Principles of the Law of War, pg. 5 of 8)

Humanity (correct)

Distinction

Proportionality

Military necessity

Select all that apply. What are the Law of War principles? (The Principles of the Law of War, pg. 2 of 8)

Humanity (correct)

Proportionality (correct)

Distinction (correct)

Military Necessity (correct)

Honor (correct)

Which two of the following are true about the principle of Military Necessity? (The Principles of the Law of War, pg. 4 of 8)

It justifies the use of overwhelming force, but not wanton destruction (correct)

It does not justify prohibited actions (correct)

It requires collateral damage must be minimized at all costs without consideration for mission accomplishment

It affirms the assertion, Kriegsraison geht vor kriegsmanier - "necessity in war overrules the manner of warfare"

Humanity is a principle of the Law of War that addresses the immunity of peaceful populations and civilian objects from attack. (The Principles of the Law of War, pg. 6 of 9)

False

True (correct)

The principle of Proportionality obligates military commanders to consider the expected incidental harms from planned attacks, but also the consequences of other military options as well. (The Principles of Proportionality and Distinction, pg. 2 of 9)

False

True (correct)

The Law of War principle of Distinction prohibits the use of camouflage by military forces. (The Principles of Proportionality and Distinction, pg. 6 of 9)

True

False (correct)

The Law of War does not permit wanton destruction. What is wanton destruction? (Combatants and Civilians, pg. 5 of 9)

Military attacks against civilians who directly participate in hostilities

Military attacks which employ superior force

Attacks against objects with a military connection

Destruction without purpose (correct)

Which two of the following persons are exempt from attack? (Military Persons Exempt From Attack, pg. 2 of 8)

Military personnel exclusively assigned to, and engaged in, medical or chaplain duties (correct)

Staff of voluntary aid societies belonging to a neutral country (

What document establishes authorized procedures for interrogating detainees? (Military Persons Exempt From Attack, pg. 4 of 8)

Army Field Manual 2-22.3 Human Intelligence Collector Operations (correct)

Geneva Conventions of 1949

JP 1-04 Legal Support to Military Operations

Hague Conventions of 1899

Which statement on the use of force in individual self-defense to a hostile act or demonstrated hostile intent is most accurate? (Treatment of Civilians, pg. 4 of 8)

The use of force may exceed hostile intent demonstrated by the enemy, as long as the force used is necessary and proportional to counter the threat (correct)

The use of force may not exceed the amount of force used by the enemy

The use of force must not cause collateral damage

The use of force may continue after the hostile act or demonstrated hostile intent has definitively ended

What two of the following statements combine to form the definition of a military objective? (Objects of Attack, pg. 3 of 6)

The partial or total destruction, capture, or neutralization of the object offers a definite military advantage (correct)

An object which by its nature, location, purpose, or use makes an effective contribution to the enemy's military action (correct)

An object that provides morale or inspiration to the entire civilian population and therefore the armed forces of the state

An object that by its location, purpose, or use supports the health and welfare of the civilian population

The populations of parties in conflict are generally divided into two classes; combatants and civilians. (Combatants and Civilians, pg. 3 of 9)

False

True (correct)

Individual military members can claim enemy property they find on the battlefield. (Enemy Property, pg. 5 of 10)

False (correct)

True

What best describes the Law of War? (The Law of War, pg. 3 of 8)

Rules that determine who prevails in international armed conflict

Doctrine observed by the U.S Armed Forces

That part of international law that regulates the conduct of hostilities (correct)

Customs by which States engage in international armed conflict

Which of the following statements does NOT describe the purposes of the Law of War? (The Law of War, pg. 4 of 8)

Facilitating the restoration of peace

Protecting the right of free expression for peoples in conflict (correct)

Ensuring the discipline and efficient use of military force

Protecting of combatants, noncombatants, civilians, and victims of warfare from unnecessary suffering

As a member of the US Armed Forces, the Law of War helps you make the lawful decisions of war in difficult circumstances that arise in armed conflict. (The Law of War, pg. 4 of 8)

False

True (correct)

The Law of War establishes: (The Law of War, pg. 5 of 8)

Rules governing the resort to armed force

Rules between belligerents and neutral parties

Rules between enemies in armed conflict

All of the above (correct)

Of the following, which one is defined as, directives and orders that delineate the authorities and limitations under which the U.S. armed forces will initiate and/or continue the use of force against other forces? (The Law of War and Other Bodies of Law, pg. 5 of 8)

Rules of Engagement (correct)

Law of War

Arms control

Rules on the Use of Force

Which of the following rules pertain to law enforcement

and security duties? (The Law of War and Other Bodies of Law, pg. 5 of 8)

Rules on the Use of Force (correct)

Rules of Engagement

Marten's Clause

Geneva Conventions

The Law of War principle of Honor influences the conduct of activities by encouraging refrain from taking advantage of the adversary's adherence to the Law of War and to encourage combatants to act in good faith in non-hostile relations. (The Principle of Honor, pg. 3 of 6)

True (correct)

False

The proportionality rule only applies __________________. (Proportionality in Attacks, pg. 2 of 10)

when civilians or civilian objects are at risk of harm (correct)

in situations of self-defense

when confronting a vastly inferior force

when confronting civilians who have taken up arms

What is the purpose of the 1954 Hague Cultural Property Convention?

To protect cultural property during armed conflict

Which of the following is an example of perfidy?

Pretending to surrender and then launching an attack

What is the principle of distinction?

The principle that requires combatants to distinguish between military targets and civilians or civilian objects

Which of the following is true about the use of chemical weapons under the Law of War?

The use of chemical weapons is prohibited under the Law of War

What is the principle of proportionality?

The principle that requires military commanders to weigh the expected military advantage against the expected harm to civilians or civilian objects when planning attacks

Which of the following is true about prisoners of war?

Prisoners of war must be treated humanely and cannot be subjected to torture or cruel treatment

What is the purpose of the Geneva Conventions?

To protect individuals who are not or are no longer taking part in hostilities, such as civilians and prisoners of war

Which of the following is true about the treatment of civilians during armed conflict?

Civilians must be treated humanely and cannot be subjected to violence, intimidation, or other forms of harm

What is the principle of military necessity?

The principle that requires military actions to be necessary for the achievement of a legitimate military objective

Which of the following is true about the use of force in self-defense under the Law of War?

The use of force in self-defense must be necessary and proportional to the threat faced.

(ALL OF THE CHECKPOINT QUESTIONS CAN BE SKIPPED)

Assessment

Question: Which item is a benefit of using the travel card?

Answer: Using it prevents travelers from having to use their own money for official travel expenses.

Question: Which statement about an individually billed account (IBA) is true?

Answer: Regardless of reimbursement status, travelers must pay the bill on time.

Question: Which situation will result in an individual being issued a restricted travel card?

Answer: The traveler refuses to authorize a credit score check but completes a DD 2883.

Question: Patricia is preparing to go TDY. Which of the following is NOT an action she should take to prepare?

Answer: Hold onto vouchers from earlier trips, so she can process them all together when she returns.

Question: Vanessa is applying for an IBA. She completed the online application form and then completed the Program & Policies – Travel Card Program [Travel Card 101] training class and provided a copy of her completion certificate to her APC. What does Vanessa need to do next before she can receive a travel card?

Answer: Sign a DD3120 Statement of Understanding and provide it to her APC.

Question: Which is a reason for account suspension?

Answer: Account delinquent after 61 days

Question: Which of the statements about a reported lost or stolen travel card is true?

Answer: The cardholder is responsible for authorized charges made before losing the card.

Question: Mike used his travel card to purchase airfare, lodging, rental car, gasoline, meals, and parking, and used an ATM to obtain a cash withdrawal. Which expenses must Mike split disburse to the travel card vendor when he submits his voucher?

Answer: All of the listed expenses, including the cash withdrawal.

Question: Which is an action you should coordinate with the APC before you start a Permanent Change of Station (PCS) move?

Answer: Ensure your IBA is placed into a PCS and Mission Critical Status

Question: Which statement applies only to restricted cardholders?

Answer: They can upgrade their GTCC by simply requesting their APC to upgrade their account, agree to a new credit score check and have a credit score above 659.

Question: Why should you log into your online or mobile app account with the travel charge card vendor?

Answer: Because it provides easy access to statements, payments, and mobile alerts.

Question: What should you do if there are incorrect transactions on your monthly statement?

Answer: File a dispute with the GTCC vendor within 60 days of the statement date.

1) Children, including the children of military members, may be targets for traffickers online, at schools, or in neighborhoods.

True

2) Prosecutable offenses under Article 134 of the UCMJ related to sex trafficking include prostitution, patronizing a prostitute, and pandering by compelling, inducing, enticing, or procuring an act of prostitution.

True

3) Victims of trafficking can be (Select all that apply):

Female or male

Adult or child

Foreign national or U.S. citizen

Service members, DoD civilians, and DoD contractor employees, DoD family members

4) Trafficking in Persons only occurs in poor regions of the world.

False

5) Check all the following methods to combat TIP that are true:

Avoid establishments that have signs or indicators of TIP

Report all suspected TIP incidents through your chain of command

6) Trafficking in persons occurs for many reasons including:

All of the above

7) At which point should you report a trafficking in persons situation?

Immediately upon suspecting a violation

8) Trafficking in persons is a problem in DoD in what following ways? Select all that apply:

DoD members were penalized for being buyers

DoD contractors have been investigated for sex and labor trafficking

DoD members have been identified as victims of human trafficking

DoD members were prosecuted as traffickers

9) Sex trafficking consists of which of the following? Select all that apply. [Remediation Accessed :N]

Weapon trafficking

The forcing of a person to drink excessively

Drug trafficking

The recruitment, harboring, transportation, provision, obtaining, patronizing, or soliciting of a person for the purpose of a commercial sex act.

10) Which of the following signs most likely indicates a trafficking in persons situation?

A person doesn't have control of their identification documents

11) Suspect actions of traffickers include recruitment, harboring, transporting, providing, obtaining (and for sex trafficking patronizing or soliciting prostitution).

True

12) You have a responsibility to report any trafficking in persons incidents you may witness, avoid establishments that show indicators of trafficking in persons, and report these establishments to your chain of command.

True

1) Which of the following drugs is NOT one of the most abused prescription medications? (Lesson 1: Prescription Medication Abuse, page 3, 4, 5, of 11) [objective1]

Vitamins

2) Which of the following drugs do Servicemembers most abuse? (Lesson 2: Alcohol, page 1 of 12) [objective3]

Alcohol

3) THC is the active ingredient in? (Lesson 3: Marijuana, page 3 of 9) [objective6]

Marijuana

4) Inhalant abuse can cause? (Lesson 5: Inhalants, page 4 , 5 of 8) [objective9]

All of the Answers

5) Physical effects of marijuana include all of the following except? (Lesson 3: Marijuana, page 3 of 9) [objective5]

Indigestion

6) A standard drink of alcohol is considered to be? (Lesson 2: Alcohol, page 2 of 12) [objective4]

12 oz beer, 5 oz wine, 1.5 oz distilled spirits

7) Physiological effects while under the influence of MDMA/Ecstasy are? (Lesson 4: Club Drugs, page 3 of 13) [objective8]

All of the Answers

8) Inhalant abuse is referred to as? (Lesson 5: Inhalants, page 2 of 8) [objective10]

Huffing

9) Which of the following drug(s) is NOT considered a "date rape" drug? (Lesson 4: Club Drugs, page 11 of 13) [objective7]

Cocaine

10) Which of the following is NOT considered a hallucinogen? (Lesson 4: Club Drugs, page 8, 9,10, of 13) [objective2]

Steroids

1) True or False: When possible, it is best to always travel with a cell phone. (Antiterrorism Scenario Training, Page 2) [objective25]

False

True (correct)

2) True or False: In the event of a skyjacking, you should immediately attempt to subdue the skyjackers. (Antiterrorism Scenario Training, Page 4) [objective24]

True

False (correct)

3) True or False: The ticketing area is more secure than the area beyond the security check point. (Antiterrorism Scenario Training, Page 3) [objective12]

False (correct)

True

4) Keeping a well-maintained vehicle is considered a "best practice" from both a security and safety perspective. True or False? (Antiterrorism Scenario Training, Page 2) [objective13]

False

True (correct)

5) True or False: Internet acquaintances can pose a security threat and should be carefully monitored. (Antiterrorism Scenario Training, Page 5) [objective22]

False

True (correct)

6) What is the most increased Force Protection Level for a base/installation? (Introduction to Antiterrorism, Page 10) [objective3]

Alpha

Bravo

Charlie

Delta (correct)

7) True or False: Active resistance should be the immediate response to an active shooter incident. (Antiterrorism Scenario Training, Page 4) [objective9] [Remediation Accessed :N]

True

False (correct)

8) From an antiterrorism perspective, espionage and security negligence are not considered insider threats. (Antiterrorism Scenario Training, Page 2) [objective8]

False (correct)

True

9) True or False: State Department Travel Warnings should be consulted prior to taking trips across the US-Mexican border. (Antiterrorism Scenario Training, Page 2) [objective11]

True (correct)

False

10) True or False: Terrorists usually avoid tourist locations since they are not DOD-related. (Antiterrorism Scenario Training, Page 1)

True

False (correct)

11) What is NOT a physical security measure for your home? (Antiterrorism Scenario Training, Page 2) [objective10]

Hiding a key outside to ensure family members can get in if they lose their keys. (correct)

Monitoring Internet acquaintances of all family members.

Having good relations with neighbors and looking out for each other.

Changing locks to ensure key control.

Confirming that a cleaning company is reliable and licensed.

12) Select all factors that are ways in which you might become the victim of a terrorist attack. (Introduction to Antiterrorism, Page 4) [objective2]

Association (correct)

Predictability (correct)

Location (correct)

Opportunity (correct)

13) Alerts from the National Terrorism Advisory System apply only to the United States and its possessions. (Introduction to Antiterrorism, Page 12) [objective4]

True (correct)

False

14) From the following choices, select the factors you should consider to understand the threat in your environment. (Introduction to Antiterrorism, Page 3) [objective1]

Do terrorist groups attack Americans? (correct)

How active are terrorist groups? (correct)

Are terrorist groups violent? (correct)

How sophisticated are terrorist groups? (correct)

Are terrorist groups in the area? (correct)

Will local citizens warn Americans about terrorist groups? (correct)

What tactics and weapons are used by terrorist groups? (correct)

Are terrorist groups predictable? (correct)

15) True or False: Everyone on an installation has shared responsibility for security. (Antiterrorism Scenario Training, Page 2) [objective19]

True (correct)

False

16) IEDs may come in many forms and may be camouflaged to blend in to the surrounding environment. True or False? (Antiterrorism Scenario Training, Page 3) [objective28]

False

True (correct)

17) Knowing indicators of an unstable person can allow you to identify a potential insider threat before an incident. (Antiterrorism Scenario Training, Page 4) [objective20]

False

True (correct)

18) True or False: Reasons for acquiring hostages include publicity, use as a bargaining chip while executing other crimes, the forcing of political concessions, and ransom. (Antiterrorism Scenario Training, Page 1) [objective15]

False

True (correct)

19) Early symptoms of a biological attack may appear the same as common illnesses. True or False? (Antiterrorism Scenario Training, Page 2) [objective16]

False

True (correct)

20) True or False: Security is a team effort. (Antiterrorism Scenario Training, Page 6) [objective17]

True (correct)

False

21) True or False: Surveillance can be performed through either stationary or mobile means. (Antiterrorism Scenario Training, Page 3) [objective18]

False

True (correct)

22) Electronic audio and video devices are never used by terrorists for surveillance purposes. True or False? (Antiterrorism Scenario Training, Page 4) [objective6]

False (correct)

True

23) True or False: The initial moments of a hostage taking incident can be extremely dangerous. (Antiterrorism Scenario Training, Page 2) [objective27]

True (correct)

False

24) If you identify a possible surveillance attempt you should try to handle the situation yourself. (Antiterrorism Scenario Training, Page 2) [objective5]

True

False (correct)

25) Which one of these does NOT pose a risk to security at a government facility? (Antiterrorism Scenario Training, Page 2) [objective7]

A person found in an inappropriate location of the facility

Inattentive guard personnel

A person expressing boredom with the US mission (correct)

An "escort required" visitor found without an escort

A visitor showing an unusual interest in details of security procedures

26) True or False: Room invasions are not a significant security issue for hotels located within the United States. (Antiterrorism Scenario Training, Page 1) [objective26]

True

False (correct)

27) True or False: Individuals should Fight as last resort and only when your life is in imminent danger. (Active Shooter Fundamentals, Page 4) [objective21]

True (correct)

False

28) Which one of these is NOT a physical security feature you should check when inspecting your hotel room? (Antiterrorism Scenario Training, Page 4) [objective14] [Remediation Accessed :N]

Operational telephone

Functioning locks on doors and windows

Whether or not the door is solid

Lockbox or safe (correct)

Proximity of room to emergency exits

Where can you go to find out if a chemical is authorized on the aircraft?

Select one:

Aircraft Forms

MSDS

00-20-1

QPL -------------------------- Answer

Question 2

Correct

1.00 points out of 1.00

Flag question

Question text

What is the best way to prevent corrosion?

Select one:

Call Sheet Metal

Use Abrasive Mats

Use JP-8 to Clean Aircraft

Constant Cycle of Cleaning/Inspection -------------------------- Answer

Question 3

Correct

1.00 points out of 1.00

Flag question

Question text

What fills air spaces, displaces water, and provides a barrier against corrosive elements?

Select one:

QPL

Paint

Aircraft Wash

Lubrication -------------------------- Answer

Question 4

Correct

1.00 points out of 1.00

Flag question

Question text

What should never be used on aircraft landing gear components?

Select one:

Soap

Lubrication Equipment

Low Pressure Wash Equipment

High Pressure Wash Equipment -------------------------- Answer

Question 5

Correct

1.00 points out of 1.00

Flag question

Question text

What is the best way to prevent water entrapment?

Select one:

Use Stronger Solvent

Lubricate Aircraft

Aircraft Wash

Clear Drain Holes -------------------------- Answer

Derivative classification is:

The process of using existing classified information to create new documents or material and marking the new material consistent with the classification markings that apply to the source information.

//

Why must derivative classifiers use authorized sources of classification guidance only?

To ensure original classification of information is maintained.

//

Who bears principal responsibility for derivative classification accuracy in new products?

Derivative classifiers

//

When derivatively classifying a document one must carefully analyze the material they classify.

True

//

All of the following are steps in derivative classification EXCEPT:

Make recommendations for others to mark the new document.

//

A Security Classification Guide (SCG) is:

(WRONG) An existing classified document, from which information is extracted, paraphrased, restated, and/or generated in a new form for inclusion in another document.

//

Which is the primary source for derivative classification?

Security Classification Guide (SCG)

//

Information taken directly from an existing classified source and stated verbatim in a new or different document is an example of ______

Extracting

//

The Security Classification Guide (SCG) states:

(C) Cpl Rice and Sgt Davis are attending the joint exercise.

(U) The exercise begins 1 May.

(C) The name of the exercise is Jagged Edge.

(S) The name of the attendees and the name of the exercise.

The new document states:

*(C) Cpl Rice and Sgt Davis will both be attending the Jagged Edge exercise.

*Note: The compilation of attendees and the name of the exercise within the same document is classified as SECRET per the SCG.

What concept is used to derivatively classify the statement in the new document?

Classification by Compilation

//

The source document states:

(S) The process takes three hours to complete.

The new document states:

(S) The process takes three hours to complete.

Which concept was used to determine the derivative classification of the new document?

Contained in

//

A properly marked source document contains some Secret information. A new document does not contain the same information. However, the information in the new document will allow a reader to deduce the classified information. This is an example of the concept of _____

(WRONG) Classification by Compilation

//

The concept that involves combining or associating individual elements of unclassified information to reveal an additional association or relationship that warrants protection is called ________

Classification by Compilation

//

Select ALL of the correct responses. Information is prohibited from being classified for what reasons:

To prevent embarrassment

To restrain competition

To conceal violations of law, inefficiencies, or errors

//

Besides protecting national security, information may be classified if it:

Pertains to military plans, weapon systems or operations

//

To promote information sharing, certain guidelines must be followed in DOD Manual 5200.01, Volumes 1 and 3, when classifying and marking information.

False

//

Cleared contractor employees are subject to sanctions for violating any policies in the:

National Industrial Security Program Operating Manual (NISPOM)

//

Sarabeth and Miguel work at similar jobs for the same agency but on different classified projects. They find it helpful to discuss the challenges of their jobs with each other. Sarabeth wanted to share classified information with Miguel, but he does not have a need-to-know for the information. In order to avoid a violation requiring a possible sanction, Miguel should stop the conversation before any classified information is discussed.

True

//

Which of the following are Uniform Code of Military Justice (UCMJ) sanctions?

All of the above

//

You formally challenge the classification of information and the classifying agency provides a partial response. What is your recourse if the classifying agency does not provide a full response within 120 days?

Have the right to forward the challenge to the Interagency Security Classification Appeals Panel (ISCAP).

//

The properly marked source document states:

(U) The name of the exercise is BLUE EAGLE

The new document states:

( ) The exercise is referred to as BLUE EAGLE

What is the classification of the statement in the new document?

Unclassified

1) HIPAA provides individuals with the right to request an accounting of disclosures of their PHI. [Remediation Accessed :N]

True (correct)

False

2) The HIPAA Security Rule applies to which of the following: [Remediation Accessed :N]

PHI transmitted orally

PHI on paper

PHI transmitted electronically (correct)

All of the above

3) Administrative safeguards are:

Administrative actions, and policies and procedures that are used to manage the selection, development, implementation and maintenance of security measures to protect electronic PHI (ePHI). These safeguards also outline how to manage the conduct of the workforce in relation to the protection of ePHI (correct)

Physical measures, including policies and procedures that are used to protect electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion

Information technology and the associated policies and procedures that are used to protect and control access to ePHI

None of the above

4) Physical safeguards are:

Administrative actions, and policies and procedures that are used to manage the selection, development, implementation and maintenance of security measures to protect electronic PHI (ePHI). These safeguards also outline how to manage the conduct of the workforce in relation to the protection of ePHI

Physical measures, including policies and procedures that are used to protect electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion (correct)

Information technology and the associated policies and procedures that are used to protect and control access to ePHI

None of the above

5) Technical safeguards are:

Administrative actions, and policies and procedures that are used to manage the selection, development, implementation and maintenance of security measures to protect electronic PHI (ePHI). These safeguards also outline how to manage the conduct of the workforce in relation to the protection of ePHI

Physical measures, including policies and procedures that are used to protect electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion

Information technology and the associated policies and procedures that are used to protect and control access to ePHI (correct)

None of the above

6) Which HHS Office is charged with protecting an individual patient's health information privacy and security through the enforcement of HIPAA?

Office of Medicare Hearings and Appeals (OMHA)

Office for Civil Rights (OCR) (correct)

Office of the National Coordinator for Health Information Technology (ONC)

None of the above

7) What of the following are categories for punishing violations of federal health care laws?

Criminal penalties

Civil money penalties

Sanctions

All of the above (correct)

8) If an individual believes that a DoD covered entity (CE) is not complying with HIPAA, he or she may file a complaint with the:

DHA Privacy Office

HHS Secretary

MTF HIPAA Privacy Officer

All of the above (correct)

9) A covered entity (CE) must have an established complaint process.

False

True (correct)

10) Which of the following statements about the Privacy Act are true?

Balances the privacy rights of individuals with the Government's need to collect and maintain information

Regulates how federal agencies solicit and collect personally identifiable information (PII)

Sets forth requirements for the maintenance, use, and disclosure of PII

All of the above (correct)

11) Which of the following are examples of personally identifiable information (PII)?

Social Security number

Home address

Telephone

All of the above (correct)

12) Under the Privacy Act, individuals have the right to request amendments of their records contained in a system of records. [Remediation Accessed :N]

True (correct)

False

13) The e-Government Act promotes the use of electronic government services by the public and improves the use of information technology in the government.

False

True (correct)

14) A breach as defined by the DoD is broader than a HIPAA breach (or breach defined by HHS).

False

True (correct)

15) Which of the following are common causes of breaches?

Theft and intentional unauthorized access to PHI and personally identifiable information (PII)

Human error (e.g. misdirected communication containing PHI or PII)

Lost or stolen electronic media devices or paper records containing PHI or PII

All of the above (correct)

16) Which of the following would be considered PHI?

An individual's first and last name and the medical diagnosis in a physician's progress report (correct)

Individually identifiable health information (IIHI) in employment records held by a covered entity (CE) in its role as an employer

Results of an eye exam taken at the DMV as part of a driving test

IIHI of persons deceased more than 50 years

17) The HIPAA Privacy Rule applies to which of the following? [Remediation Accessed :N]

PHI transmitted orally

PHI in paper form

PHI transmitted electronically

All of the above (correct)

18) Which of the following are breach prevention best practices?

Access only the minimum amount of PHI/personally identifiable information (PII) necessary

Logoff or lock your workstation when it is unattended

Promptly retrieve documents containing PHI/PHI from the printer

All of this above (correct)

19) Which of the following are true statements about limited data sets?

A limited data set is PHI that excludes 16 specific direct identifiers of the individual or relatives, employers or household members of the individual, as set forth in the HIPAA Privacy Rule and DoD 's implementing issuance

A limited data set can be used or disclosed only for the purposes of research, public health or health care operations

When disclosing a limited data set, covered entities (CEs)/MTFs are required to obtain satisfactory assurances, in the form of a Data Use Agreement (DUA), signed by the recipient

All of the above (correct)

1) True or False: When possible, it is best to always travel with a cell phone. (Antiterrorism Scenario Training, Page 2) [objective25]

False

True (correct)

________________________________________

2) True or False: In the event of a skyjacking, you should immediately attempt to subdue the skyjackers. (Antiterrorism Scenario Training, Page 4) [objective24]

True

False (correct)

________________________________________

3) True or False: The ticketing area is more secure than the area beyond the security check point. (Antiterrorism Scenario Training, Page 3) [objective12]

True

False (correct)

________________________________________

4) Which of the following is NOT a useful vehicle feature from a security perspective? (Antiterrorism Scenario Training, Page 4) [objective13]

Power locks

Lock on gas cap

Power windows

Wi-Fi capable (correct)

Internal hood release lever

________________________________________

5) True or False: Internet acquaintances can pose a security threat and should be carefully monitored. (Antiterrorism Scenario Training, Page 5) [objective22]

True (correct)

False

________________________________________

6) What is the most increased Force Protection Level for a base/installation? (Introduction to Antiterrorism, Page 10) [objective3]

Alpha

Bravo

Charlie

Delta (correct)

________________________________________

7) True or False: Active resistance should be the immediate response to an active shooter incident. (Antiterrorism Scenario Training, Page 4) [objective9]

True

False (correct)

________________________________________

8) From an antiterrorism perspective, espionage and security negligence are not considered insider threats. (Antiterrorism Scenario Training, Page 2) [objective8]

True

False (correct)

________________________________________

9) True or False: State Department Travel Warnings should be consulted prior to taking trips across the US-Mexican border. (Antiterrorism Scenario Training, Page 2) [objective11]

True (correct)

False

________________________________________

10) True or False: Terrorists usually avoid tourist locations since they are not DOD-related. (Antiterrorism Scenario Training, Page 1)

True

False (correct)

________________________________________

11) Home security can be improved with self-help measures like changing locks, securing windows, and improving outdoor lighting. True or False? (Antiterrorism Scenario Training, Page 2) [objective10]

False

True (correct)

________________________________________

12) Select all factors that are ways in which you might become the victim of a terrorist attack. (Introduction to Antiterrorism, Page 4) [objective2]

Predictability (correct)

Association (correct)

Opportunity (correct)

Location (correct)

________________________________________

13) Alerts from the National Terrorism Advisory System apply only to the United States and its possessions. (Introduction to Antiterrorism, Page 12) [objective4]

True (correct)

False

________________________________________

14) From the following choices, select the factors you should consider to understand the threat in your environment. (Introduction to Antiterrorism, Page 3) [objective1]

Will local citizens warn Americans about terrorist groups? (correct)

Are terrorist groups predictable? (correct)

Are terrorist groups in the area? (correct)

Do terrorist groups attack Americans? (correct)

How sophisticated are terrorist groups? (correct)

What tactics and weapons are used by terrorist groups? (correct)

How active are terrorist groups? (correct)

Are terrorist groups violent? (correct)

________________________________________

15) True or False: Everyone on an installation has shared responsibility for security. (Antiterrorism Scenario Training, Page 2) [objective19]

True (correct)

False

________________________________________

16) IEDs may come in many forms and may be camouflaged to blend in to the surrounding environment. True or False? (Antiterrorism Scenario Training, Page 3) [objective28]

True (correct)

False

________________________________________

17) Knowing indicators of an unstable person can allow you to identify a potential insider threat before an incident. (Antiterrorism Scenario Training, Page 4) [objective20]

True (correct)

False

________________________________________

18) True or False: Reasons for acquiring hostages include publicity, use as a bargaining chip while executing other crimes, the forcing of political concessions, and ransom. (Antiterrorism Scenario Training, Page 1) [objective15]

True (correct)

False

________________________________________

19) Which one of these is a possible indicator of a suspicious letter or package? (Antiterrorism Scenario Training, Page 4) [objective16]

Misspellings of common words (correct)

Correct amount of postage

A return address that matches the postmark

Evenly distributed and well balanced parcel

Mailing address providing a complete and correct name

________________________________________

20) True or False: Security is a team effort. (Antiterrorism Scenario Training, Page 6) [objective17]

True (correct)

False

________________________________________

21) True or False: Surveillance can be performed through either stationary or mobile means. (Antiterrorism Scenario Training, Page 3) [objective18]

False

True (correct)

________________________________________

22) Electronic audio and video devices are never used by terrorists for surveillance purposes. True or False? (Antiterrorism Scenario Training, Page 4) [objective6]

True

False (correct)

________________________________________

23) True or False: The initial moments of a hostage taking incident can be extremely dangerous. (Antiterrorism Scenario Training, Page 2) [objective27]

True (correct)

False

________________________________________

24) If you identify a possible surveillance attempt you should try to handle the situation yourself. (Antiterrorism Scenario Training, Page 2) [objective5]

False (correct)

True

________________________________________

25) Which one of these does NOT pose a risk to security at a government facility? (Antiterrorism Scenario Training, Page 2) [objective7]

A person found in an inappropriate location of the facility

Inattentive guard personnel

A person expressing boredom with the US mission (correct)

An "escort required" visitor found without an escort

A visitor showing an unusual interest in details of security procedures

________________________________________

26) True or False: Room invasions are not a significant security issue for hotels located within the United States. (Antiterrorism Scenario Training, Page 1) [objective26]

True

False (correct)

________________________________________

27) True or False: In an active shooter incident involving firearms you should immediately lie on the ground. (Antiterrorism Scenario Training, Page 2) [objective21]

True

False (correct)

________________________________________

28) Which one of these is NOT a physical security feature you should check when inspecting your hotel room? (Antiterrorism Scenario Training, Page 4) [objective14]

Operational telephone

Functioning locks on doors and windows

Whether or not the door is solid

Lockbox or safe (correct)

Proximity of room to emergency exits

What organization is tasked with developing hijacking prevention guidelines?

-HQ AFFSA/A3A

When in an aircraft most vulnerable to hijacking?

-In-flight/en route to destination

What is the U.S. policy regarding aircraft jacking?

-To not give in to the demands of hijackers

Which of the following are aircrew member hijacking prevention responsibilities?

-Inspect exterior and interior of aircraft

-prevent unauthorized access to the aircraft

-monitor passenger boarding

MAJCOMS may exempt individuals or groups from passenger screening and bagging inspections due to exercise location or during contingencies.

-True

Mobility aircraft are always considered PL3 assets, regardless of mission and/or cargo.

-False

Who has the final authority as to what type of luggage is loaded onto your aircraft?

-Aircraft Commander

When is the best time to resist a hijacking situation?

-On the ground, aircrew can devote attention to the situation and benefit from direct outside support

Which of the following are actions to consider if you are being hijacked?

-instruct passengers to fasten seat belts to reduce potential passenger heroics

-engage in conversation to calm hijacker

-disable the aircraft if possible

What is considered a last resort action for your aircrew if you are forced to become airborne with hijackers?

-consider depressurizing the aircraft

-intentionally degradation/destruction of aircraft components in order to incapacitate the hijacker, force landing, or limit aircraft range

-exploit any opportunity to disable hijackers by physical force to include using firearms

In what publication can you find ICAO standard intercept signals for each geographical location?

-Flight Information Handbook

If no contact is made with an unfriendly nation before approaching a boundary, transmit the international distress signal “_____” on any of the international distress frequencies.

-MAYDAY

How will an intercepting aircraft signal your aircraft?

-Pilot will rock aircraft wings and flash navigational lights at irregular intervals

If a hijacker tries to force you into a hostile country, which of the following are the best considerations to dissuade the intended action?

-Claim the proposed airfield is unsuitable

-Explain that the aircraft will likely be shot-down upon crossing the border of an unfriendly country

-Offer to land in a neutral country

Night vision devices

The ______ is the night vision standard for Prime BEEF and RED HORSE use.

A: AN/PVS-31C

Night vision devices can be used in _____ or helmet-mounted configuration.

A: a handheld

AN/PVS-31C has an auto-sleep feature that will place the unit in a reduced power consumption state when the unit is ______.

A: Placed in the stowed position on the helmet mount

If toxic phosphor screen material is swallowed, DO NOT induce vomiting, as toxins can spread, causing potential vital organ failure.

A: False

Night vision devices reduce the user’s vision to ___.

A: 20/40

The _____ to the eyepieces to compensate for variations in individual operators’ eyesight.

A: Diopter Attachment fastens

___________ night vision technology is currently what the United States Military uses.

A: Gen 3

The ________ is the night vision standard for Prime BEEF and RED HORSE use.

A: AN/PVS-31C

When using night vision devices, your peripheral vision is significantly reduced from 190 degrees to

A: 40 degrees

Night vision devices use lithium batteries that contain _________, which is very toxic; therefore, DO NOT heat, puncture, attempt to recharge, or otherwise tamper with the battery.

A: Sulfur dioxide gas

If necessary, clean the night vision device’s batter compartments contacts with a cotton swab, and

A: isopropyl alcohol

To allow for quick movement in the field, attachment brackets that connect from the sides of the helmet to the night vision devices are optional through the manufacturer.

A: False

What are the two types of night vision technology?

A: Thermal Imaging and Image Intensification.

What night vision device is displayed below? (google the answer to see if it matches. Only two options)

A: AN/PVS-15C

The AN/PVS-31C comes with an optional 4-cell batter pack, which increases the battery life to approximately

A: 50 hours

___ adjusts the range of motion for each of the individual monocular assemblies.

A: interpupillary stops

What generation of night vision technology was fielded by the Army but was withdrawn because it didn’t meet durability requirements?

A: Generation 4

AN/PVS-31C has an auto-sleep feature that will place the unit in a reduced power consumption state when the unit is ______.

A: Placed in the stowed position on the helmet mount

Night vision devices can be used in _____ or helmet-mounted configuration.

A: a handheld

___ protect the objective lenses from becoming scratched or otherwise damaged.

A: sacrificial windows

There are currently __ types of night vision devices in Civil Engineer unit inventories.

A: two

__ phosphor is the original night vision technology.

A: Green

Be conscious of ___ when using night vision devices, and keep infrared light sources turned off when not needed.

A: leaking light

what unit will gradually have a white glow appear in each eyepiece once the power button/gain control knob is pressed?

A: AN/PVS-31C

What unit uses a single AA lithium battery that will power it for approximately 10 hours?

A: AN/PVS-15C

What night vision device is displayed below? ? (google the answer to see if it matches. Only two options)

A: AN/PVS-31C

What guidance requires air force civil engineers to take the night vision devices course?

A: afi 10-210

Image intensification is based on ____.

A: light amplification

___ phosphor provides users with a more natural black and white landscape.

A: white

____ are sometimes referred to as forward looking infrared (FLIR)

A: Thermal imaging devices

The ___ and T-Bracket are used to attach the binoculars to the helmet.

A: wilcox helmet mount

Your depth perception is greatly increased when using night vision devices.

A: False

____ adjust the range of motion for each of the individual monocular assemblies.

A: interpupillary stops

1) HIPAA allows the use and disclosure of PHI for treatment, payment, and health care operations (TPO) without the patient's consent or authorization.

True (correct)

________________________________________

2) Which of the following statements about the HIPAA Security Rule are true?

Established a national set of standards for the protection of PHI that is created, received, maintained, or transmitted in electronic media by a HIPAA covered entity (CE) or business associate (BA)

Protects electronic PHI (ePHI)

Addresses three types of safeguards - administrative, technical and physical ? that must be in place to secure individuals' ePHI

All of the above (correct)

________________________________________

3) Which of the following are fundamental objectives of information security?

Confidentiality

Integrity

Availability

All of the above (correct)

________________________________________

4) Physical safeguards are:

Administrative actions, and policies and procedures that are used to manage the selection, development, implementation and maintenance of security measures to protect electronic PHI (ePHI). These safeguards also outline how to manage the conduct of the workforce in relation to the protection of ePHI

Physical measures, including policies and procedures that are used to protect electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion (correct)

Information technology and the associated policies and procedures that are used to protect and control access to ePHI

None of the above

________________________________________

5) Technical safeguards are: [Remediation Accessed :N]

Administrative actions, and policies and procedures that are used to manage the selection, development, implementation and maintenance of security measures to protect electronic PHI (ePHI). These safeguards also outline how to manage the conduct of the workforce in relation to the protection of ePHI

Physical measures, including policies and procedures that are used to protect electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion

Information technology and the associated policies and procedures that are used to protect and control access to ePHI (correct)

None of the above

________________________________________

6) Which HHS Office is charged with protecting an individual patient's health information privacy and security through the enforcement of HIPAA?

Office of Medicare Hearings and Appeals (OMHA)

Office for Civil Rights (OCR) (correct)

Office of the National Coordinator for Health Information Technology (ONC)

None of the above

________________________________________

7) What of the following are categories for punishing violations of federal health care laws?

Criminal penalties

Civil money penalties

Sanctions

All of the above (correct)

________________________________________

8) If an individual believes that a DoD covered entity (CE) is not complying with HIPAA, he or she may file a complaint with the:

DHA Privacy Office

HHS Secretary

MTF HIPAA Privacy Officer

All of the above (correct)

________________________________________

9) A covered entity (CE) must have an established complaint process.

True (correct)

False

________________________________________

10) Which of the following statements about the Privacy Act are true?

Balances the privacy rights of individuals with the Government's need to collect and maintain information

Regulates how federal agencies solicit and collect personally identifiable information (PII)

Sets forth requirements for the maintenance, use, and disclosure of PII

All of the above (correct)

________________________________________

11) Which of the following are examples of personally identifiable information (PII)?

Social Security number

Home address

Telephone

All of the above (correct)

________________________________________

12) Under the Privacy Act, individuals have the right to request amendments of their records contained in a system of records.

False

True (correct)

________________________________________

13) A Privacy Impact Assessment (PIA) is an analysis of how information is handled:

To ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy

To determine the risks and effects of collecting, maintaining and disseminating information in identifiable form in an electronic information system

To examine and evaluate protections and alternative processes for handling information to mitigate potential privacy risks

All of the above (correct)

________________________________________

14) A breach as defined by the DoD is broader than a HIPAA breach (or breach defined by HHS).

False

True (correct)

________________________________________

15) Which of the following are common causes of breaches?

Theft and intentional unauthorized access to PHI and personally identifiable information (PII)

Human error (e.g. misdirected communication containing PHI or PII)

Lost or stolen electronic media devices or paper records containing PHI or PII

All of the above (correct)

________________________________________

16) Which of the following would be considered PHI?

An individual's first and last name and the medical diagnosis in a physician's progress report (correct)

Individually identifiable health information (IIHI) in employment records held by a covered entity (CE) in its role as an employer

Results of an eye exam taken at the DMV as part of a driving test

IIHI of persons deceased more than 50 years

________________________________________

17) Under HIPAA, a covered entity (CE) is defined as:

A health plan

A health care clearinghouse

A health care provider engaged in standard electronic transactions covered by HIPAA

All of the above (correct)

________________________________________

18) Which of the following are breach prevention best practices?

Access only the minimum amount of PHI/personally identifiable information (PII) necessary

Logoff or lock your workstation when it is unattended

Promptly retrieve documents containing PHI/PHI from the printer

All of this above (correct)

________________________________________

19) The minimum necessary standard:

Limits uses, disclosures, and requests for PHI to the minimum necessary amount of PHI needed to carry out the intended purposes of the use or disclosure

Does not apply to exchanges between providers treating a patient

Does not apply to uses or disclosures made to the individual or pursuant to the individual's authorization

All of the above (correct)

Question 1.

Which is a guideline to improve cross-cultural communication?

Ascertain the value of involving the family in treatment

Question 2.

Which is a guideline in using interpreters?

Seek the client's consent before using an interpreter

Question 3.

The first step in setting up a diversity management program is to:

Develop a customized business case for diversity

Question 4.

The principal standard for culturally and linguistically appropriate standards (CLAS) is:

Provide effective, equitable, understandable, and respectful quality care and services that are responsive to diverse cultural health beliefs and practices, preferred languages, health literacy, and other communication needs

Question 5.

Cultural and linguistic competence is defined as:

A set of congruent behaviors, attitudes, and policies that come together in a system, agency, or among professionals that enables effective work in cross-cultural situations

Question 6.

As compared to mainstream American culture, patients from Asian countries:

Have a group orientation (versus an individual orientation)

Question 7.

What is most characteristic of the baby-boomer generation?

Valuing teamwork

Question 8.

True or False: Self-awareness is a key skill in managing diversity.

True

Question 9.

What is the first step in developing a cultural proficiency strategy for your organization?

Conduct a diversity and cultural assessment

Question 10.

True or False: Holding all managers accountable for diversity in their areas of responsibility is a key diversity management practice.

False

Question 11.

Which of the following is a strategy used to improve one's own cultural sensitivity?

Imagining yourself in a different culture and assessing your possible reactions

Question 12.

True or False: Benefits of traditional medicine is an area of dissonance between providers and patients.

False

1) True or False. Reportable information includes but is not limited to: Any serious threat posed that presents a risk to life or limb, or has the potential to degrade or destroy a critical intelligence or operational capability. Questionable allegiance to the United States, through words or actions, to include involvement in, support of, training to commit, or advocacy of any act of sabotage, treason, or sedition. (True)

2) Consider this quote from the Joint Chiefs of Staff message to the Joint Force. "We witnessed actions inside the Capitol building that were inconsistent with the rule of law." True or False. These actions were inconsistent with the rights of freedom of speech and assembly because the rights of freedom of speech and assembly do not give anyone the right to resort to violence, and destruction of property. (True)

3) True or False. DoDI 1325.06 applies to all components of the Department of Defense, including by agreement the U.S. Coast Guard, but is not applicable to DoD civilian employees, or employees of DoD contractors. (True)

4) In response to extremist behavior a commander may take which of the following Adverse Administrative Actions? (Select all that apply) (Involuntary separation; Loss of security clearance; Denial of re-enlistment; Reassignment)

5) It is DoD policy ensure that Service members are treated with dignity and respect and are afforded equal opportunity in an environment free from prohibited discrimination. Enforcement of this policy is vitally important to ________and is essential to the military's ________. (unit cohesion and morale; ability to accomplish its mission)

6) Which of the following activities are prohibited in DoDI 1235.06 when conducted in support of organizations that advocate supremacist, extremist, or criminal gang doctrine, ideology, or causes? (Select all that apply) (M01_L02_030) (Fundraising; Rallying; Distributing material (including social media posts); Recruiting)

7) True or False. The core principles embodied in the oaths of all Service members and DoD civilians should guide the actions of Department of Defense personnel at all times. (True)

1) SCI material can be processed on SIPRNET if the content is SECRET//SCI. False (correct)

2) Controlled unclassified information (CUI) requires banner lines and a CUI designation indicator. Portion marks are optional. True (correct)

3) Which of the following are required markings on all classified documents? (F) All of the above (correct)

4) The full receiving and return address, including names, along with the highest classification level and dissemination markings are required to be on the outer layer of classified documents double wrapped for mailing. False (correct)

5) When transporting SCI within the building (outside the SCIF), the material shall be placed in a locked brief case or locked pouch made of canvas or other heavy-duty material and must have an integral key-operated lock. True (correct)

6) Specific material must be used for derivative classification decisions. Which of the following are authorized sources? Select all that apply. Properly marked source documents (correct); Contract Security Classification Specifications (correct); Security classification guides (correct).

7) A security incident in which classified data is introduced to an information system with a lower level of classification, or to a system not accredited to process data of that restrictive category is an example of which type of security incident? (C) Data spill (correct)

8) You may be subject to loss or denial of classified access, suspension without pay, termination of employment, discharge from military service, and criminal prosecution if you knowingly, willfully, or negligently disclose classified information or CUI to unauthorized persons. True (correct)

9) Aggregating unclassified information together will never make the information classified. False (correct)

10) You do not have to report unofficial foreign travel to the Security Office. False (correct)

11) If you hold a top secret clearance, you are required to report to the security office when you have a foreign roommate over 30 calendar days, a co-habitant, and when you get married. True (correct)

12) Wireless Wearable Fitness Devices are authorized within SCIFs. False (correct)

13) Which of the following is not considered controlled unclassified information? (A) For Official Use Only (correct)

14) After securing your space at the end of the day, you should try to badge back in to ensure it is locked. True (correct)

15) Classified information is official government information that has been determined to require protection against unauthorized disclosure in the interest of National Security. Which of the following are levels of classified information? Select all that apply. Top Secret (correct); Confidential (correct); Secret (correct)

16) Only insider threat indicators observed during working hours in the workplace are reportable. What happens in someone's off time is his or her business. False (correct)

17) How can you report potential insider threats to the JS InTP? Select all that apply. JS Portal (correct); In-Person (correct); Email (correct); Phone (correct)