Question: *SpillageWhich of the following may help to prevent spillage?

Answer: Label all files, removable media, and subject headers with appropriate classification markings.

Question: *SpillageWhich of the following actions is appropriate after finding classified information on the internet?

Answer: Note any identifying information and the website's Uniform Resource Locator (URL)

Question: *Classified DataWhich of the following individuals can access classified data?

Answer: Darryl is managing a project that requires access to classified information. He has the appropriate clearance and a signed, approved, non-disclosure agreement.

Question: *Insider ThreatWhich type of behavior should you report as a potential insider threat?

Answer: Hostility and anger toward the United States and its policies

Question: *Insider ThreatWhich of the following practices may reduce your appeal as a target for adversaries seeking to exploit your insider status?

Answer: Remove your security badge after leaving your controlled area or office building

Question: *Social NetworkingYour cousin posted a link to an article with an incendiary headline on social media. What action should you take?

Answer: Research the source of the article to evaluate its credibility and reliability

Question: *Social NetworkingWhich of the following is a security best practice when using social networking sites?

Answer: Use only your personal contact information when establishing your account

Question: *Controlled Unclassified InformationSelect the information on the data sheet that is personally identifiable information (PII) but not protected health information (PHI)

Answer: Jane JonesSocial Security Number: 123-45-6789

Question: *Controlled Unclassified InformationSelect the information on the data sheet that is protected health information (PHI)

Answer: Interview: Dr. Nora BakerDr. Baker was Ms. Jones's psychiatrist for three months. Dr. Baker reports that the sessions addressed Ms. Jones's depression, which poses no national security risk

Question: *Physical SecurityWhich Cyber Protection Condition (CPCON) establishes a protection priority focus on critical and essential functions only?

Answer: CPCON 2

Question: *Identity ManagementWhat certificates does the Common Access Card (CAC) or Personal Identity Verification (PIV) card contain?

Answer: Identification, encryption, digital signature

Question: *Identity ManagementWhat is the best way to protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card?

Answer: Maintain possession of it at all times

Question: *Sensitive Compartmented InformationWhen faxing Sensitive Compartmented Information (SCI), what actions should you take?

Answer: Mark SCI documents, appropriately and use an approved SCI fax machine

Question: *Sensitive Compartmented InformationWhen is it appropriate to have your security badge visible within a Sensitive Compartmented Information Facility (SCIF)?

Answer: At all times while in the facility

Question: *Removable Media in a SCIFWhat action should you take when using removable media in a Sensitive Compartmented Information Facility (SCIF)?

Answer: Identify and disclose it with local Configuration/Change Management Control and Property Management authorities

Question: *Malicious CodeAfter visiting a website on your Government device, a popup appears on your screen. The popup asks if you want to run an application. Is this safe?

Answer: No, you should only allow mobile code to run from your organization or your organization's trusted sites

Question: *Malicious CodeWhich of the following statements is true of cookies?

Answer: You should only accept cookies from reputable, trusted websites

Question: *Website UseWhat action should you take with an e-mail from a friend containing a compressed Uniform Resource Locator (URL)?

Answer: Investigate the link's actual destination using the preview feature

Question: *Website UseHow can you protect yourself from internet hoaxes?

Answer: Use online sites to confirm or expose potential hoaxes

Question: *Social EngineeringWhat is a common indicator of a phishing attempt?

Answer: A threat of dire consequences

Question: *TravelWhat security risk does a public Wi-Fi connection pose?

Answer: It may expose the connected device to malware

Question: *Use of GFEWhich of the following represents an ethical use of your Government-furnished equipment (GFE)?

Answer: E-mailing your co-workers to let them know you are taking a sick day

Question: *Mobile DevicesWhat can help to protect the data on your personal mobile device?

Answer: Secure it to the same level as Government-issued systems

Question: *Mobile DevicesWhich of the following is an example of removable media?

Answer: Flash drive

Question: *Home Computer SecurityWhich of the following statements is true of using Internet of Things (IoT) devices in your home?

Answer: An unsecured IoT device can become an attack vector to any other device on your home network, including your Government laptop