(Sensitive Information) Which of the following represents a good physical security practice? Paul verifies that the information is CUI, includes a CUI marking in the subject header, and digitally signs an e-mail containing CUI. Which is NOT a way to protect removable media? (Identity Management) Which of the following is an example of two-factor authentication? You are reviewing your employees annual self evaluation. Attempt to change the subject to something non-work related, but neither confirm nor deny the article's authenticity. As a security best practice, what should you do before exiting? (Mobile Devices) When can you use removable media on a Government system? Which of the following is NOT a correct way to protect sensitive information? Classification markings and handling caveats. Ensure that any cameras, microphones, and Wi-Fi embedded in the laptop are physically disabled.- Correct. Data about you collected from all sites, apps, and devices that you use can be aggregated to form a profile of you. What level of damage can the unauthorized disclosure of information classified as confidential reasonably be expected to cause? **Social Engineering How can you protect yourself from internet hoaxes? Note any identifying information, such as the websites URL, and report the situation to your security POC. In addition to avoiding the temptation of greed to betray his country, what should Alex do differently? f. Get an answer. What is the best course of action? Search by Location. Remove and take it with you whenever you leave your workstation. A colleague is playful and charming, consistently wins performance awards, and is occasionally aggressive in trying to access classified information. If you participate in or condone it at any time. internet. Set hasDigit to true if the 3-character passCode contains a digit, Critical, Essential, and Support Functions. Ask the individual to see an identification badge. (Malicious Code) A coworker has asked if you want to download a programmers game to play at work. DOD Cyber Awareness 2021 (DOD-IAA-V18.0) Know, RT202: Ch. **Home Computer Security What should you consider when using a wireless keyboard with your home computer? In which situation below are you permitted to use your PKI token? correct. For programmatic questions regarding Controlled Unclassified Information (CUI), including any challenges to CUI marked by EPA, pleasecontact EPA's CUI Program Office. Look for a digital signature on the email. Malicious code can do damage by corrupting files, erasing your hard drive, and/or allowing hackers access. cyber-awareness. *Sensitive Compartmented Information What should the participants in this conversation involving SCI do differently? A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complain about the credit card bills that his wife runs up. correct. What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF. Law Enforcement Sensitive (LES),and others. Use online sites to confirm or expose potential hoaxes, Follow instructions given only by verified personnel, Investigate the links actual destination using the preview feature, Determine if the software or service is authorized. What is a rule for removable media, other portable electronic devices (PEDs), and mobile computing devices to protect Government systems? Which of these is true of unclassified data?-It must be released to the public immediately.-Its classification level may rise when aggregated. Teams. Alex demonstrates a lot of potential insider threat indicators. asked in Internet by voice (265k points) Question : Which of the following is true about unclassified data? Which of the following is not considered an example of data hiding? Follow procedures for transferring data to and from outside agency and non-Government networks. **Social Networking What should you do if you receive a game application request that includes permission to access your friends, profile information, cookies, and sites visited? (Physical Security) which Cyberspace Protection Condition (CPCON) establishes a protection priority focus on critical and essential functions only? **Identity Management Your DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approved for access to the NIPRNet. A A smartphone that transmits credit card payment information when held in proximity to a credit card reader. Which of the following individuals can access classified data? Which of the following is NOT a security best practice when saving cookies to a hard drive? Correct. CUI may be stored only on authorized systems or approved devices. **Social Engineering Which of the following is a practice that helps to prevent the download of viruses and other malicious code when checking your email? Enable automatic screen locking after a period of inactivity. Position your monitor so that it is not facing others or easily observed by others when in use Correct. How can you protect data on your mobile computing and portable electronic devices (PEDs)? Sensitive information may be stored on any password-protected system. **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? A colleague is playful and charming, consistently wins performance awards, and is occasionally aggressive in trying to access classified information. What should you do if someone asks to use your government issued mobile device (phone/laptop..etc)? Changes to various data systems that store and sometimes share sensitive information outside EPA. **Insider Threat What function do Insider Threat Programs aim to fulfill? What action should you take? Paul verifies that the information is CUI, includes a CUI marking in the subject header and digitally signs an e-mail containing CUI. 8. **Classified Data Which classification level is given to information that could reasonably be expected to cause serious damage to national security? A vendor conducting a pilot program with your organization contacts you for organizational data to use in a prototype. It is created or received by a healthcare provider, health plan, or employer. Her badge is not visible to you. *Spillage Which of the following actions is appropriate after finding classified information on the Internet? Social Security Number; date and place of birth; mothers maiden name. **Classified Data What is required for an individual to access classified data? (Correct) -It does not affect the safety of Government missions. Which of the following is NOT a requirement for telework? You are leaving the building where you work. When vacation is over, after you have returned home. When is the best time to post details of your vacation activities on your social networking website? **Social Networking Which of the following information is a security risk when posted publicly on your social networking profile? Annual DoD Cyber Awareness Challenge Training, DOD Cyber Awareness Challenge 2019: Knowledge, DOD Cyber Awareness Challenge 2019 (DOD-IAA-V, Operations Management: Sustainability and Supply Chain Management, Elliot Aronson, Robin M. Akert, Samuel R. Sommers, Timothy D. Wilson, Anderson's Business Law and the Legal Environment, Comprehensive Volume, David Twomey, Marianne Jennings, Stephanie Greene. How many potential insider threat indicators does this employee display? Which of the following is NOT considered a potential insider threat indicator? Which of the following demonstrates proper protection of mobile devices? Which of the following is NOT a good way to protect your identity? What should you do to protect yourself while on social networks? (Spillage) What type of activity or behavior should be reported as a potential insider threat? Which of the following is NOT a correct way to protect CUI? correct. An official website of the United States government. Ensure there are no identifiable landmarks visible in any photos taken in a work setting that you post. A colleague has won 10 high-performance awards, can be playful and charming, is not currently in a relationship, and occasionally aggressive in trying to access sensitive information. Since the URL does not start with https, do not provide you credit card information. What should be your response? The email states your account has been compromised and you are invited to click on the link in order to reset your password. what should be your response be? correct. Classified DVD distribution should be controlled just like any other classified media. No. What is the best choice to describe what has occurred? Correct. (Malicious Code) Which of the following is NOT a way that malicious code spreads? **Insider Threat What type of activity or behavior should be reported as a potential insider threat? Only friends should see all biographical data such as where Alex lives and works. Which is NOT a method of protecting classified data? **Home Computer Security Which of the following is a best practice for securing your home computer? Note any identifying information and the websites Uniform Resource Locator (URL). This is information that, if released to the public, carries no injury to personal, industry, or government interests. (Insider Threat) Based on the description that follows, how many potential insider threat indicator(s) are displayed? Where. *Spillage Which of the following is a good practice to prevent spillage? Under what circumstances is it acceptable to check personal email on Government-furnished equipment (GFE)? Which of the following represents an ethical use of your Government-furnished equipment (GFE)? How do you think antihistamines might work? Executive Order 13526 Classified National Security Information, PersonallyIdentifiable Information (PII), Sensitive Personally Identifiable Information (SPII), Proprietary Business Information (PBI) or currently known within EPA as Confidential Business Information (CBI), Unclassified Controlled Technical Information (UCTI). Make note of any identifying information and the website URL and report it to your security office. Telework is only authorized for unclassified and confidential information. Photos of your pet Correct. All https sites are legitimate and there is no risk to entering your personal info online. You are logged on to your unclassified computer and just received an encrypted email from a co-worker. The date of full implementation of the CUI Program will be announced by the EPAs CUI Senior Agency Official (CUI SAO) and updated here on EPAs public web page. CUI may be stored on any password-protected system. Only allow mobile code to run from your organization or your organizations trusted sites. EPA anticipates beginning CUI practices (designating, marking, safeguarding, disseminating, destroying, and decontrolling) starting in FY2023. Infographic - Text version Infographic [PDF - 594 KB] Report a problem or mistake on this page Date modified: 2020-12-14 Which of the following is true about unclassified data? What should you do? A pop-up window that flashes and warns that your computer is infected with a virus. Which of the following must you do before using an unclassified laptop and peripherals in a collateral classified environment? Approved Security Classification Guide (SCG). When operationally necessary, owned by your organization, and approved by the appropriate authority. What can you do to protect yourself against phishing? Discrete data involves whole numbers (integers - like 1, 356, or 9) that can't be divided based on the nature of what they are. *Sensitive Information What is the best example of Personally Identifiable Information (PII)? **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? Never allow sensitive data on non-Government-issued mobile devices. I may decide not to consent to these terms, but, if I do not consent to all of these terms, then I agree not to proceed with creating an account or moving forward with filling out the application, and I understand that I will not be . Correct. Spillage occurs when information is spilled from a higher classification or protection level to a lower classification or protection level. Maybe ~A coworker brings a personal electronic device into a prohibited area. (Spillage) Which of the following practices may reduce your appeal as a target for adversaries seeking to exploit your insider status? The proper security clearance and indoctrination into the SCI program. Correct. **Social Engineering What is TRUE of a phishing attack? -It must be released to the public immediately. We recommend Norton Security or McAfee Total Protection. What level of damage can the unauthorized disclosure of information classified as Top Secret reasonably be expected to cause? (Spillage) Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization? After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. 5. **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? Updated 8/5/2020 8:06:16 PM. Classified material must be appropriately marked. Media containing Privacy Act information, PII, and PHI is not required to be labeled. What should you do after you have ended a call from a reporter asking you to confirm potentially classified information found on the web? Correct. Question 1: The business impact analysis (BIA) identifies the resources for which a business continuity plan (BCP) is necessary. Your cousin posted a link to an article with an incendiary headline on social media. **Physical Security What is a good practice for physical security? Not correct What information most likely presents a security risk on your personal social networking profile? **Social Networking Which of the following statements is true? Decline to let the person in and redirect her to security. Spillage because classified data was moved to a lower classification level system without authorization. Based on the description that follows, how many potential insider threat indicator(s) are displayed? This lets the service person know when the tank is "full." What is a security best practice to employ on your home computer? Is this safe? They may wittingly or unwittingly use their authorized access to perform actions that result in the loss or degradation of resources or capabilities. Do not access website links, buttons, or graphics in e-mail. **Travel What security risk does a public Wi-Fi connection pose? (removable media) If an incident occurs involving removable media in a Sensitive Compartmented Information Facility (SCIF), what action should you take? Thiswill enabletimely and consistent informationsharing andincreasetransparency throughout the Federal government and with non-Federal stakeholders. Which of the following is NOT a DoD special requirement for tokens? The email has an attachment whose name contains the word secret. Only documents that are classified Secret, Top Secret, or SCI require marking. Contact the IRS using their publicly available, official contact information. Carrying his Social Security Card with him, DoD employees are prohibited from using a DoD CAC in card-reader-enabled public device, Assigned a classification level by a supervisor. #1) Open WEKA and select "Explorer" under 'Applications'. Based on the description that follows, how many potential insider threat indicator(s) are displayed? Why might "insiders" be able to cause damage to their organizations more easily than others? Unusual interest in classified information. Ans: True Question 2: The Government Information Security Reform Act (Security Reform Act) of 2000 focuses on management View the full answer **Insider Threat What do insiders with authorized access to information or information systems pose? Verify the identity of all individuals.??? THIS IS THE BEST ANSWER . which of the following is true about unclassified data. Sanitized information gathered from personnel records. Unclassified is a security classification assigned to official information that does not warrant the assignment of Confidential, Secret, or Top Secret markings but which is not publicly-releasable without authorization. What actions should you take prior to leaving the work environment and going to lunch? (Spillage) Which of the following is a best practice to protect information about you and your organization on social networking sites and applications?