Question: Which of the following is true of protecting classified data?
(CLASSIFIED DATA)
Answer: Classified material must be appropriately marked.
==================================================
Question: A vendor conducting a pilot program with your organization contacts you for organizational data to use in a prototype. How should you respond?
(CLASSIFIED DATA)
Answer: Refer the vendor to the appropriate personnel.
==================================================
Question: When classified data is not in use, how can you protect it?
(CLASSIFIED DATA)
Answer: Store classified data appropriately in a GSA-approved vault/container.
==================================================
Question: What is the basis for handling and storage of classified data?
(CLASSIFIED DATA)
Answer: Classification markings and handling caveats.
==================================================
Question: Which of the following is a good practice to protect classified information?
(CLASSIFIED DATA)
Answer: Don't assume open storage in a secure facility is permitted.
==================================================
Question: Which of the following must you do before using an unclassified laptop and peripherals in a collateral classified environment?
(CLASSIFIED DATA)
Answer: Ensure that any cameras, microphones, and Wi-Fi embedded in the laptop are physically disabled.
==================================================
Question: What level of damage to national security can you reasonably expect Top secret information to cause if disclosed?
(CLASSIFIED DATA)
Answer: Exceptionally grave damage.
==================================================
Question: How should you secure your home wireless network for teleworking?
(HOME COMPUTER SECURITY)
Answer: Implement Wi-Fi Protected Access 2 (WPA2) Personal encryption at a minimum.
==================================================
Question: Which of the following is true about telework?
(HOME COMPUTER SECURITY)
Answer: You must have your organization's permission to telework.
==================================================
Question: Which of the following is a reportable insider threat activity?
(INSIDER THREAT)
Answer: Attempting to access sensitive information without need-to-know.
==================================================
Question: Which scenario might indicate a reportable insider threat?
(INSIDER THREAT)
Answer: A colleague removes sensitive information without seeking authorization in order to perform authorized telework.
==================================================
Question: Which of the following is a potential insider threat indicator?
(INSIDER THREAT)
Answer: 1) Unusual interest in classified information.

2) Difficult life circumstances, such as death of spouse.
==================================================
Question: Based on the description that follows, how many potential insider threat indicator(s) are displayed?
A colleague saves money for an overseas vacation every year, is a single father, and occasionally consumes alcohol.
(INSIDER THREAT)
Answer: 0 indicators.
==================================================
Question: Which piece of information is safest to include on your social media profile?
(SOCIAL NETWORKING)
Answer: Your favorite movie.
==================================================
Question: Which of the following statements is true?
(SOCIAL NETWORKING)
Answer: 1) Many apps and smart devices collect and share your personal information and contribute to your online identity.

2) Adversaries exploit social networking sites to disseminate fake news.
==================================================
Question: How can you protect your organization on social networking sites?
(SOCIAL NETWORKING)
Answer: Ensure there are no identifiable landmarks visible in any photos taken in a work setting that you post.
==================================================
Question: Which designation marks information that does not have potential to damage national security?
(CONTROLLED UNCLASSIFIED INFORMATION)
Answer: Unclassified.
==================================================
Question: Which of the following is true of Unclassified information?
(CONTROLLED UNCLASSIFIED INFORMATION)
Answer: It is releasable to the public without clearance.??
==================================================
Question: Which is a best practice for protecting Controlled Unclassified Information (CUI)?
(CONTROLLED UNCLASSIFIED INFORMATION)
Answer: Store it in a locked desk drawer after working hours.
==================================================
Question: Which of the following best describes a way to safely transmit Controlled Unclassified Information (CUI)?
(CONTROLLED UNCLASSIFIED INFORMATION)
Answer: Paul verifies that the information is CUI, includes a CUI marking in the subject header, and digitally signs an e-mail containing CUI.
==================================================
Question: Which designation includes Personally Identifiable Information (PII) and Protected Health Information (PHI)?
(CONTROLLED UNCLASSIFIED INFORMATION)
Answer: Controlled Unclassified Information (CUI).
==================================================
Question: Which of the following is NOT an example of CUI?
(CONTROLLED UNCLASSIFIED INFORMATION)
Answer: Press release data.
==================================================
Question: Which of the following is NOT a correct way to protect CUI?
(CONTROLLED UNCLASSIFIED INFORMATION)
Answer: CUI may be stored on any password-protected system.
==================================================
Question: Which of the following best describes good physical security?
(PHYSICAL SECURITY)
Answer: Lionel stops an individual in his secure area who is not wearing a badge.
==================================================
Question: Which of the following is a best practice for physical security?
(PHYSICAL SECURITY)
Answer: Report suspicious activity.
==================================================
Question: Which of the following is an example of two-factor authentication?
(IDENTITY MANAGEMENT)
Answer: A Common Access Card and Personal Identification Number.
==================================================
Question: What is the best way to protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card?
(IDENTITY MANAGEMENT)
Answer: Store it in a shielded sleeve.
==================================================
Question: Which of the following is true of using a DoD Public Key Infrastructure (PKI) token?
(IDENTITY MANAGEMENT)
Answer: It should only be in a system while actively using it for a PKI-required task.
==================================================
Question: What must authorized personnel do before permitting another individual to enter a Sensitive Compartmented Information Facility (SCIF)?
(SENSITIVE COMPARTMENTED INFORMATION)
Answer: Confirm the individual's need-to-know and access.
==================================================
Question: Which of the following is true of Sensitive Compartmented Information (SCI)?
(SENSITIVE COMPARTMENTED INFORMATION)
Answer: Access requires Top Secret clearance and indoctrination into the SCI program.
==================================================
Question: Which of the following is NOT a potential consequence of using removable media unsafely in a Sensitive Compartmented Information Facility (SCIF)?
(SENSITIVE COMPARTMENTED INFORMATION)
Answer: Damage to the removable media.
==================================================
Question: Which of the following is true of transmitting Sensitive Compartmented Information (SCI)?
(SENSITIVE COMPARTMENTED INFORMATION)
Answer: You many only transport SCI if you have been courier-briefed for SCI.
==================================================
Question: A compromise of Sensitive Compartmented Information (SCI) occurs when a person who does not have the required clearance or access caveats comes into possession of SCI _________.
(SENSITIVE COMPARTMENTED INFORMATION)
Answer: In any manner.
==================================================
Question: What portable electronic devices (PEDs) are permitted in a SCIF?
(REMOVABLE MEDIA IN A SCIF)
Answer: Only expressly authorized government-owned PEDs.
==================================================
Question: How should you label removable media used in a Sensitive Compartmented Information Facility (SCIF)?
(REMOVABLE MEDIA IN A SCIF)
Answer: With the maximum classification, date of creation, point of contact, and Change Management (CM) Control Number.
==================================================
Question: What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF?
(REMOVABLE MEDIA IN A SCIF)
Answer: All of these.
==================================================
Question: Which of the following is NOT a type of malicious code?
(MALICIOUS CODE)
Answer: Executables.
==================================================
Question: Which of the following is a way to prevent the spread of malicious code?
(MALICIOUS CODE)
Answer: Scan all external files before uploading to your computer.
==================================================
Question: Which of the following actions can help to protect your identity?
(WEBSITE USE)
Answer: Shred personal documents.
==================================================
Question: Which is an appropriate use of government e-mail?
(SOCIAL ENGINEERING)
Answer: Use a digital signature when sending attachments or hyperlinks.
==================================================
Question: What type of social engineering targets particular groups of people?
(SOCIAL ENGINEERING)
Answer: Spear phishing.
==================================================
Question: What type of social engineering targets senior officials?
(SOCIAL ENGINEERING)
Answer: Whaling.
==================================================
Question: How can you protect yourself from social engineering?
(SOCIAL ENGINEERING)
Answer: Verify the identity of all individuals.
==================================================
Question: Which of the following is true?
(SOCIAL ENGINEERING)
Answer: Digitally signed e-mails are more secure.
==================================================
Question: Which of the following is true of traveling overseas with a mobile phone?
(TRAVEL)
Answer: A personally owned device approved under Bring Your Own Approved Device (BYOAD) policy must be unenrolled while out of the country.
==================================================
Question: Which of the following is a concern when using your Government-issued laptop in public?
(TRAVEL)
Answer: The physical security of the device.
==================================================
Question: What should Sara do when using publicly available Internet, such as hotel Wi-Fi?
(TRAVEL)
Answer: Only connect with Government VPN.
==================================================
Question: What is the danger of using public Wi-Fi connections?
(TRAVEL)
Answer: Both of these.
==================================================
Question: Which of the following personally-owned computer peripherals is permitted for use with Government-furnished equipment?
(USE OF GFE)
Answer: A headset with a microphone through a Universal Serial Bus (USB) port.
==================================================
Question: How can you protect data on your mobile computing and portable electronic devices (PEDs)?
(MOBILE DEVICES)
Answer: Enable automatic screen locking after a period of inactivity.
==================================================
Question: Which of the following is NOT a risk associated with near field communication (NFC)?
(MOBILE DEVICES)
Answer: Additional data charges.
==================================================
Question: Which of the following best describes the conditions under which mobile devices and applications can track your location?
(MOBILE DEVICES)
Answer: It may occur at any time without your knowledge or consent.
==================================================
Question: Which of the following is an example of removable media?
(MOBILE DEVICES)
Answer: External hard drive.
==================================================
Question: Which of the following is true of Internet of Things (IoT) devices?
Answer: They can become an attack vector to other devices on your home network.
==================================================
Question: When is it appropriate to have your security badge visible?
Answer: At all times when in the facility.
==================================================
Question: What should the owner of this printed SCI do differently?
Answer: Retrieve classified documents promptly from printers.
==================================================
Question: What should the participants in this conversation involving SCI do differently?
Answer: Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed.
==================================================
Question: Which of the following demonstrates proper protection of mobile devices?
Answer: Linda encrypts all of the sensitive data on her government-issued mobile devices.
==================================================
Question: Which of the following does NOT constitute spillage?
(SPILLAGE)
Answer: Classified information that should be unclassified and is downgraded.
==================================================
Question: Which of the following is NOT an appropriate way to protect against inadvertent spillage?
(SPILLAGE)
Answer: Use the classified network for all work, including unclassified work.
==================================================
Question: Which of the following may help to prevent spillage?
(SPILLAGE)
Answer: Follow procedures for transferring data to and from outside agency and non-government networks.
==================================================
Question: Which of the following should you NOT do if you find classified information on the internet?
Answer: Download the information.
==================================================
Question: Which of the following is true of protecting classified data? (CLASSIFIED DATA) Answer: Classified material must be appropriately marked. ================================================== Question: A vendor conducting a pilot program with your organization contacts you for organizational data to use in a prototype. How should you respond? (CLASSIFIED DATA) Answer: Refer the vendor to the appropriate personnel. ================================================== Question: When classified data is not in use, how can you protect it? (CLASSIFIED DATA) Answer: Store classified data appropriately in a GSA-approved vault/container. ================================================== Question: What is the basis for handling and storage of classified data? (CLASSIFIED DATA) Answer: Classification markings and handling caveats. ================================================== Question: Which of the following is a good practice to protect classified information? (CLASSIFIED DATA) Answer: Don't assume open storage in a secure facility is permitted. ================================================== Question: Which of the following must you do before using an unclassified laptop and peripherals in a collateral classified environment? (CLASSIFIED DATA) Answer: Ensure that any cameras, microphones, and Wi-Fi embedded in the laptop are physically disabled. ================================================== Question: What level of damage to national security can you reasonably expect Top secret information to cause if disclosed? (CLASSIFIED DATA) Answer: Exceptionally grave damage. ================================================== Question: How should you secure your home wireless network for teleworking? (HOME COMPUTER SECURITY) Answer: Implement Wi-Fi Protected Access 2 (WPA2) Personal encryption at a minimum. ================================================== Question: Which of the following is true about telework? (HOME COMPUTER SECURITY) Answer: You must have your organization's permission to telework. ================================================== Question: Which of the following is a reportable insider threat activity? (INSIDER THREAT) Answer: Attempting to access sensitive information without need-to-know. ================================================== Question: Which scenario might indicate a reportable insider threat? (INSIDER THREAT) Answer: A colleague removes sensitive information without seeking authorization in order to perform authorized telework. ================================================== Question: Which of the following is a potential insider threat indicator? (INSIDER THREAT) Answer: 1) Unusual interest in classified information. 2) Difficult life circumstances, such as death of spouse. ================================================== Question: Based on the description that follows, how many potential insider threat indicator(s) are displayed? A colleague saves money for an overseas vacation every year, is a single father, and occasionally consumes alcohol. (INSIDER THREAT) Answer: 0 indicators. ================================================== Question: Which piece of information is safest to include on your social media profile? (SOCIAL NETWORKING) Answer: Your favorite movie. ================================================== Question: Which of the following statements is true? (SOCIAL NETWORKING) Answer: 1) Many apps and smart devices collect and share your personal information and contribute to your online identity. 2) Adversaries exploit social networking sites to disseminate fake news. ================================================== Question: How can you protect your organization on social networking sites? (SOCIAL NETWORKING) Answer: Ensure there are no identifiable landmarks visible in any photos taken in a work setting that you post. ================================================== Question: Which designation marks information that does not have potential to damage national security? (CONTROLLED UNCLASSIFIED INFORMATION) Answer: Unclassified. ================================================== Question: Which of the following is true of Unclassified information? (CONTROLLED UNCLASSIFIED INFORMATION) Answer: It is releasable to the public without clearance.?? ================================================== Question: Which is a best practice for protecting Controlled Unclassified Information (CUI)? (CONTROLLED UNCLASSIFIED INFORMATION) Answer: Store it in a locked desk drawer after working hours. ================================================== Question: Which of the following best describes a way to safely transmit Controlled Unclassified Information (CUI)? (CONTROLLED UNCLASSIFIED INFORMATION) Answer: Paul verifies that the information is CUI, includes a CUI marking in the subject header, and digitally signs an e-mail containing CUI. ================================================== Question: Which designation includes Personally Identifiable Information (PII) and Protected Health Information (PHI)? (CONTROLLED UNCLASSIFIED INFORMATION) Answer: Controlled Unclassified Information (CUI). ================================================== Question: Which of the following is NOT an example of CUI? (CONTROLLED UNCLASSIFIED INFORMATION) Answer: Press release data. ================================================== Question: Which of the following is NOT a correct way to protect CUI? (CONTROLLED UNCLASSIFIED INFORMATION) Answer: CUI may be stored on any password-protected system. ================================================== Question: Which of the following best describes good physical security? (PHYSICAL SECURITY) Answer: Lionel stops an individual in his secure area who is not wearing a badge. ================================================== Question: Which of the following is a best practice for physical security? (PHYSICAL SECURITY) Answer: Report suspicious activity. ================================================== Question: Which of the following is an example of two-factor authentication? (IDENTITY MANAGEMENT) Answer: A Common Access Card and Personal Identification Number. ================================================== Question: What is the best way to protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card? (IDENTITY MANAGEMENT) Answer: Store it in a shielded sleeve. ================================================== Question: Which of the following is true of using a DoD Public Key Infrastructure (PKI) token? (IDENTITY MANAGEMENT) Answer: It should only be in a system while actively using it for a PKI-required task. ================================================== Question: What must authorized personnel do before permitting another individual to enter a Sensitive Compartmented Information Facility (SCIF)? (SENSITIVE COMPARTMENTED INFORMATION) Answer: Confirm the individual's need-to-know and access. ================================================== Question: Which of the following is true of Sensitive Compartmented Information (SCI)? (SENSITIVE COMPARTMENTED INFORMATION) Answer: Access requires Top Secret clearance and indoctrination into the SCI program. ================================================== Question: Which of the following is NOT a potential consequence of using removable media unsafely in a Sensitive Compartmented Information Facility (SCIF)? (SENSITIVE COMPARTMENTED INFORMATION) Answer: Damage to the removable media. ================================================== Question: Which of the following is true of transmitting Sensitive Compartmented Information (SCI)? (SENSITIVE COMPARTMENTED INFORMATION) Answer: You many only transport SCI if you have been courier-briefed for SCI. ================================================== Question: A compromise of Sensitive Compartmented Information (SCI) occurs when a person who does not have the required clearance or access caveats comes into possession of SCI _________. (SENSITIVE COMPARTMENTED INFORMATION) Answer: In any manner. ================================================== Question: What portable electronic devices (PEDs) are permitted in a SCIF? (REMOVABLE MEDIA IN A SCIF) Answer: Only expressly authorized government-owned PEDs. ================================================== Question: How should you label removable media used in a Sensitive Compartmented Information Facility (SCIF)? (REMOVABLE MEDIA IN A SCIF) Answer: With the maximum classification, date of creation, point of contact, and Change Management (CM) Control Number. ================================================== Question: What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF? (REMOVABLE MEDIA IN A SCIF) Answer: All of these. ================================================== Question: Which of the following is NOT a type of malicious code? (MALICIOUS CODE) Answer: Executables. ================================================== Question: Which of the following is a way to prevent the spread of malicious code? (MALICIOUS CODE) Answer: Scan all external files before uploading to your computer. ================================================== Question: Which of the following actions can help to protect your identity? (WEBSITE USE) Answer: Shred personal documents. ================================================== Question: Which is an appropriate use of government e-mail? (SOCIAL ENGINEERING) Answer: Use a digital signature when sending attachments or hyperlinks. ================================================== Question: What type of social engineering targets particular groups of people? (SOCIAL ENGINEERING) Answer: Spear phishing. ================================================== Question: What type of social engineering targets senior officials? (SOCIAL ENGINEERING) Answer: Whaling. ================================================== Question: How can you protect yourself from social engineering? (SOCIAL ENGINEERING) Answer: Verify the identity of all individuals. ================================================== Question: Which of the following is true? (SOCIAL ENGINEERING) Answer: Digitally signed e-mails are more secure. ================================================== Question: Which of the following is true of traveling overseas with a mobile phone? (TRAVEL) Answer: A personally owned device approved under Bring Your Own Approved Device (BYOAD) policy must be unenrolled while out of the country. ================================================== Question: Which of the following is a concern when using your Government-issued laptop in public? (TRAVEL) Answer: The physical security of the device. ================================================== Question: What should Sara do when using publicly available Internet, such as hotel Wi-Fi? (TRAVEL) Answer: Only connect with Government VPN. ================================================== Question: What is the danger of using public Wi-Fi connections? (TRAVEL) Answer: Both of these. ================================================== Question: Which of the following personally-owned computer peripherals is permitted for use with Government-furnished equipment? (USE OF GFE) Answer: A headset with a microphone through a Universal Serial Bus (USB) port. ================================================== Question: How can you protect data on your mobile computing and portable electronic devices (PEDs)? (MOBILE DEVICES) Answer: Enable automatic screen locking after a period of inactivity. ================================================== Question: Which of the following is NOT a risk associated with near field communication (NFC)? (MOBILE DEVICES) Answer: Additional data charges. ================================================== Question: Which of the following best describes the conditions under which mobile devices and applications can track your location? (MOBILE DEVICES) Answer: It may occur at any time without your knowledge or consent. ================================================== Question: Which of the following is an example of removable media? (MOBILE DEVICES) Answer: External hard drive. ================================================== Question: Which of the following is true of Internet of Things (IoT) devices? Answer: They can become an attack vector to other devices on your home network. ================================================== Question: When is it appropriate to have your security badge visible? Answer: At all times when in the facility. ================================================== Question: What should the owner of this printed SCI do differently? Answer: Retrieve classified documents promptly from printers. ================================================== Question: What should the participants in this conversation involving SCI do differently? Answer: Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed. ================================================== Question: Which of the following demonstrates proper protection of mobile devices? Answer: Linda encrypts all of the sensitive data on her government-issued mobile devices. ================================================== Question: Which of the following does NOT constitute spillage? (SPILLAGE) Answer: Classified information that should be unclassified and is downgraded. ================================================== Question: Which of the following is NOT an appropriate way to protect against inadvertent spillage? (SPILLAGE) Answer: Use the classified network for all work, including unclassified work. ================================================== Question: Which of the following may help to prevent spillage? (SPILLAGE) Answer: Follow procedures for transferring data to and from outside agency and non-government networks. ================================================== Question: Which of the following should you NOT do if you find classified information on the internet? Answer: Download the information. ==================================================