I Hate CBT's

View Original

What Should The Owner Of A Printed Sci Do

bd calling

A vendor conducting a pilot program with your organization contacts you for organizational data to use in a prototype. How should you respond?

Refer the vendor to the appropriate personnel.

When classified data is not in use, how can you protect it?

Store classified data appropriately in a GSA-approved vault/container.

What is the basis for handling and storage of classified data?

Classification markings and handling caveats.

Which of the following must you do before using an unclassified laptop and peripherals in a collateral classified environment?

Ensure that any cameras, microphones, and Wi-Fi embedded in the laptop are physically disabled.

What level of damage to national security can you reasonably expect Top secret information to cause if disclosed?

Exceptionally grave damage.

Which of the following is true about telework?

You must have your organization's permission to telework.

Which of the following is true of protecting classified data?

Classified material must be appropriately marked.

Which of the following is a reportable insider threat activity?

Attempting to access sensitive information without need-to-know.

Which scenario might indicate a reportable insider threat?

a colleague removes sensitive information without seeking authorization in order to perform authorized telework.

Which of the following is a potential insider threat indicator?

1) Unusual interest in classified information. 2) Difficult life circumstances, such as death of spouse.

Which piece of information is safest to include on your social media profile?

Your favorite movie.

Which of the following statements is true?

Many apps and smart devices collect and share your personal information and contribute to your online identity.

How can you protect your organization on social networking sites?

Ensure there are no identifiable landmarks visible in any photos taken in a work setting that you post.

Which is a best practice for protecting Controlled Unclassified Information (CUI)?

Store it in a locked desk drawer after working hours.

Which of the following best describes a way to safely transmit Controlled Unclassified Information (CUI)?

Paul verifies that the information is CUI, includes a CUI marking in the subject header, and digitally signs an e-mail containing CUI.

Which designation includes Personally Identifiable Information (PII) and Protected Health Information (PHI)?

Controlled Unclassified Information (CUI)

Which of the following is NOT an example of CUI?

Press release data.

Which of the following is NOT a correct way to protect CUI?

CUI may be stored on any password-protected system.

Which of the following best describes good physical security?

Lionel stops an individual in his secure area who is not wearing a badge.

Which of the following is an example of two-factor authentication?

A Common Access Card and Personal Identification Number.

What is the best way to protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card?

Store it in a shielded sleeve.

What must authorized personnel do before permitting another individual to enter a Sensitive Compartmented Information Facility (SCIF)?

Confirm the individual's need-to-know and access.

Which of the following is true of Sensitive Compartmented Information (SCI)?

Access requires Top Secret clearance and indoctrination into the SCI program.

Which of the following is NOT a potential consequence of using removable media unsafely in a Sensitive Compartmented Information Facility (SCIF)?

Damage to the removable media.

What portable electronic devices (PEDs) are permitted in a SCIF?

Only expressly authorized government-owned PEDs.

What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF?

All of these.

Which of the following is NOT a type of malicious code?

Executables.

Which of the following actions can help tp protect your identity?

Shred personal documents.

Which is an appropriate use of government e-mail?

Use a digital signature when sending attachments or hyperlinks.

What type of social engineering targets particular groups of people?

Spear phishing.

How can you protect yourself from social engineering?

Verify the identity of all individuals.

Which of the following is true of traveling overseas with a mobile phone?

A personally owned device approved under Bring Your Own Approved Device (BYOAD) policy must be unenrolled while out of the country.

What should Sara do when using publicly available Internet, such as hotel Wi-Fi?

Only connect with Government VPN.

What is the danger of using public Wi-Fi connections?

Both of these.

Which of the following personally-owned computer peripherals is permitted for use with Government-furnished equipment?

A headset with a microphone through a Universal Serial Bus (USB) port.

How can you protect data on your mobile computing and portable electronic devices (PEDs)?

Enable automatic screen locking after a period of inactivity.

Which of the following is an example of removable media?

External hard drive.

Which of the following is true of Internet of Things (IoT) devices?

They can become an attack vector to other devices on your home network.

When is it appropriate to have your security badge visible?

At all times when in the facility.

What should the owner of this printed SCI do differently?

Retrieve classified documents promptly from printers.

What should the participants in this conversation involving SCI do differently?

Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed.

Which of the following demonstrates proper protection of mobile devices?

Linda encrypts all of the sensitive data on her government-issued mobile devices.

Which of the following does NOT constitute spillage?

Classified information that should be unclassified and is downgraded.

Which of the following is NOT an appropriate way to protect against inadvertent spillage?

Use the classified network for all work, including unclassified work.

Which of the following should you NOT do if you find classified information on the internet?

Download the information.

Who designates whether information is classified and its classification level?

...

Which of the following is a good practice to protect classified information?

...

Which of the following may help to prevent spillage?

Follow procedures for transferring data to and from outside agency and non-government networks.

Who designates whether information is classified and its classification level?

Original classification authority.

In addition to avoiding the temptation of greed to betray his country, what should Alex do differently?

Avoid talking about work outside of the workplace or with people without a need-to-know.

How many insider threat indicators does Alex demonstrate?

Three or more.

What should Alex's colleagues do?

Report the suspicious behave in accordance with their organization's threat policy.

Which of the following is true?

Digitally signed e-mails are more secure.

Which of the following best describes the conditions under which mobile devices and applications can track your location?

It is often the default but can be prevented by disabling the location function.

When is it okay to charge a personal mobile device using government-furnished equipment (GFE)?

This is never okay.

Which of the following demonstrates proper protection of mobile devices?

Linda encrypts all of the sensitive data on her government-issued mobile devices.

What security risk does a public Wi-Fi connection pose?

It may prohibit the use of a virtual private network (VPN).

Which of the following represents an ethical use of your Government-furnished equipment (GFE)?

Checking personal e-mail when allowed by your organization.

When may you be subject to criminal, disciplinary, and/or administrative action due to online harassment, bullying, stalking, hazing, discrimination, or retaliation?

If you participate in or condone it at any time.

How can you protect yourself on social networking sites?

Validate friend requests through another source through another source before confirming them.

Which piece of information is safest to include on your social media profile?

Photos of your pet.

Which of the following is true of removable media and portable electronic devices (PEDs)?

They have similar features, and the same rules and protections apply to both.

Which of the following is a security best practice for protecting Personally Identifiable Information (PII)?

Only use Government-approved equipment to process PII.

Which of the following is true of Controlled Unclassified Information (CUI)?

CUI must be handled using safeguarding or dissemination controls.

Which Cyber Protection Condition (CPCON) establishes a protection priority focus on critical functions only?

CPCON 1.

Which of the following is true of the Common Access Card (CAC) or Personal Identity Verification (PIV) card?

You should remove and take your CAC/PIV card whenever you leave your workstation.

Which of the following is an example of a strong password?

%2ZN=Ugq

A compromise of Sensitive Compartmented Information (SCI) occurs when a person who does not have the required clearance or access caveats comes into possession of SCI________.

in any manner.

Which of the following is a good practice to protest classified information?

Don't assume open storage in a secure facility is authorized.

Based on the description that follows, how many potential insider threat indicators(s) are displayed? A colleague saves money for an overseas vacation every year, is a single father, and occasionally consumes alcohol.

2 indicators.

Which of the following statements is true?

Adversaries exploit social networking sites to disseminate fake news.

Which of the following is true about URLs?

May be used to mask malicious intent.

What does "spillage refer to?

Information improperly moved from a higher protection level to a lower protection level.

Based on the description that follows, haw many potential insider threat indicator(s) are displayed? a colleague enjoys playing videos games, regularly uses social media, and frequently forgets to secure her smartphone elsewhere before entering areas where it is prohibited.

1 indicator

A trusted friend in your social network posts a link to vaccine information on a website unknown to you. What action should you take?

Research the source to evaluate its credibility and reliability.

Which of the following is true of the Common Access Card (CAC)?

It contains certificates for identification, encryption, and digital signature.

Which of the following is true of portable electronic devices (PEDs) in a Sensitive Compartmented Information Facility (SCIF)?

only connect government-owned PEDs to the same level classification information system when authorized.

Which of the following is true of downloading apps?

For Government-owned devices, use approved and authorized applications only.

Which of the following statements is true of cookies?

You should confirm that a site that wants to store a cookie uses an encrypted link.

What action should you take with a compressed Uniform Resource Locator (URL) on a website known to you?

Search for instructions on how to preview where the link actually leads.

Which of the following is a best practice for using removable media?

Avoid inserting removable media with unknown content into your computer.

How should you secure your home wireless network for teleworking?

Implement Wi-Fi Protected Access 2 (WPA2) Personal encryption at a minimum.