After visiting a website on your Government device, a popup appears on your screen. Secure it to the same level as Government-issued systems. When using your Government-issued laptop in public environments, with which of the following should you be concerned? *Sensitive Compartmented InformationWhat should the participants in this conversation involving SCI do differently? 290 33 Which is a way to protect against phishing attacks? 0000003201 00000 n You are having lunch at a local restaurant outside the installation, and you find a cd labeled "favorite song". How many potential insiders threat indicators does this employee display? Which of the following is a proper way to secure your CAC/PIV? Use a common password for all your system and application logons. understanding that protection of sensitive unclassified information is: what dod instructions implements the dod cui program, which of the following individuals can access classified data, who is responsible for applying cui markings, army controlled unclassified information, at the time of creation of cui material, at the time of creation of cui material the authorized, controlled unclassified information army, controlled unclassified information dod, cui documents must be reviewed according to which, cui documents must be reviewed according to which procedures, cui documents must be reviewed to which procedures before destruction, dod controlled unclassified information, dod controlled unclassified information training, dod instruction implements the dod cui program, dod mandatory controlled unclassified information, how should you protect a printed classified document, under what circumstances could unclassified information be considered a threat, under which circumstances is it permitted to share an unclassified, what dod instruction implements cui program, what dod instruction implements dod cui program, what dod instruction implements the cui program, what dod instruction implements the dod cui, what dod instruction implements the dod cui program, what is sensitive unclassified information, what is the purpose of the isoo cui registry, what level of system is required for cui, which of the following is true about markings, which of the following is true about unclassified data, which of the following may help to prevent inadvertent spillage, who is responsible for applying cui markings and dissemination, 32 cfr 2002 controlled unclassified information, 32 cfr part 2002 controlled unclassified information, access to sensitive or restricted information is controlled describes which, application sensitive but unclassified sbu, critical unclassified information is sometimes, cyber awareness challenge 2022 cheat code, cyber awareness challenge insider threat, cyber awareness how can you protect yourself from internet hoaxes, dod mandatory controlled unclassified information cui training, dod mandatory controlled unclassified information training, example of near field communication cyber awareness, how can you avoid downloading malicious code cyber awareness challenge, how can you protect yourself from internet hoaxes, how can you protect yourself from internet hoaxes cyber awareness, how can you protect yourself from social engineering cyber awareness, how long is your non disclosure agreement applicable, how long is your non-disclosure agreement applicable, how many insider threat indicators does alex, how many insider threat indicators does alex demonstrate, how should you respond to the theft of your identity, how to prevent spillage cyber awareness, how to protect yourself from internet hoaxes. -Looking for "https" in the URL. Use your own security badge, key code, or Common Access Card (CAC)/Personal Identity Verification (PIC) card. Your health insurance explanation of benefits (EOB). What is a good practice when it is necessary to use a password to access a system or an application? Which of the following is a reportable insider threat activity? Which of the following is NOT an example of sensitive information? -Store it in a shielded sleeve to avoid chip cloning. New interest in learning a foreign language. Always use DoD PKI tokens within their designated classification level. New interest in learning a foregin language. What should you do? Have your permissions from your organization, follow your organization guideline, use authorized equipment and software, employ cyber security best practice, perform telework in dedicated when home. How many potential insiders threat indicators does this employee display? A user writes down details from a report stored on a classified system marked as Secret and uses those details to draft an unclassified briefing on an unclassified system without authorization. Digitally signing e-mails that contain attachments or hyperlinks. *Removable Media in a SCIFWhat action should you take when using removable media in a Sensitive Compartmented Information Facility (SCIF)? You receive an email at your official Government email address from an individual at the Office of Personnel Management (OPM). What is a good practice to protect data on your home wireless systems? Who can be permitted access to classified data? On a NIPRNet system while using it for a PKI-required task. Darryl is managing a project that requires access to classified information. *SOCIAL NETWORKING*When may you be subject to criminal, disciplinary, and/or administrative action due to online misconduct? Which of following is true of protecting classified data? Which organization issues the directives concerning the dissemination of information regarding intelligence sources, methods, or activities? After clicking on a link on a website, a box pops up and asks if you want to run an application. *Malicious CodeWhich of the following statements is true of cookies? trailer How should you respond? -Monitor credit card statements for unauthorized purchases. If your wireless device is improperly configured someone could gain control of the device? You are reviewing your employees annual self evaluation. Label all files, removable media, and subject headers with appropriate classification markings. ~A coworker brings a personal electronic device into a prohibited area. **Mobile DevicesWhat should you do when going through an airport security checkpoint with a Government-issued mobile device? *CLASSIFIED DATA*What is a good practice to protect classified information? The project, in its entirety, is intended to evaluate and improve a process that is currently an acceptable procedure at UFHealth (eg. **Classified DataWhich classification level is given to information that could reasonably be expected to cause serious damage to national security? **Mobile DevicesWhich of the following helps protect data on your personal mobile devices? -Carrying his Social Security Card with him. *IDENTITY MANAGEMENT*What certificates does the Common Access Card (CAC) or Personal Identity Verification (PIV) card contain? *SpillageA user writes down details marked as Secret from a report stored on a classified system and uses those details to draft a briefing on an unclassified system without authorization. Use personal information to help create strong passwords. **Classified DataWhich of the following is a good practice to protect classified information? Darryl is managing a project that requires access to classified information. Which is a risk associated with removable media? 10 0 obj You know this project is classified. Which of the following is NOT true concerning a computer labeled SECRET? Do not allow you Common Access Card (CAC) to be photocopied. *INSIDER THREAT*Based on the description below how many potential insider threat indicators are present? Only allow mobile code to run from your organization or your organizations trusted sites. Insiders are given a level of trust and have authorized access to Government information systems. Follow instructions given only by verified personnel. **Identity ManagementYour DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approved for access to the NIPRNet. What is a valid response when identity theft occurs? Connect to the Government Virtual Private Network (VPN). Call your security point of contact immediately. *SpillageA user writes down details marked as Secret from a report stored on a classified system and uses those details to draft a briefing on an unclassified system without authorization. A coworker removes sensitive information without authorization. Before long she has also purchased shoes from several other websites. Who can be permitted access to classified data? You should only accept cookies from reputable, trusted websites. A pop-up window that flashes and warns that your computer is infected with a virus. Mark SCI documents appropriately and use an approved SCI fax machine. *SOCIAL ENGINEERING*How can you protect yourself from internet hoaxes? Which of the following is true of protecting classified data? They may be used to mask malicious intent. At the 0.050.050.05 level of significance, is there a significant quadratic relationship between torque and RPM? UNCLASSIFIED is a designation to mark information that does not have potential to damage national security. **TravelWhat is a best practice while traveling with mobile computing devices? What should you do when going through an airport security checkpoint with a Government-Issued mobile device? What should be your response? Which type of information includes personal, payroll, medical, and operational information? Use online sites to confirm or expose potential hoaxes. Why might "insiders" be able to cause damage to their organizations more easily than others? What organization issues the directives concerning the dissemination of information regarding intelligence sources, methods, or activities? At what interest rate would this be a fair deal? A well-planned data classification system makes essential data easy to find and retrieve. **Social NetworkingYour cousin posted a link to an article with an incendiary headline on social media. What should you do? Social Security Number; date and place of birth; mothers maiden name. When is conducting a private money-making venture using your Government-furnished computer permitted? You do not have your government-issued laptop. What action should you take if you receive a friend request on your social networking website from someone in Germany you met casually at a conference last year? **Classified DataHow should you protect a printed classified document when it is not in use? Approved Security Classification Guide (SCG). Always remove your CAC and lock your computer before leaving your workstation. Attempt to change the subject to something non-work related, but neither confirm nor deny the articles authenticity. - CUI is an umbrella term that encompasses many different markings to identify information that is not classified but which should be protected. What is an indication that malicious code is running on your system? Which of the following is NOT a correct way to protect sensitive information? A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. *SpillageWhat should you do when you are working on an unclassified system and receive an email with a classified attachment? 2001. New interest in learning a foreign language. What should you do? **Identity managementWhich is NOT a sufficient way to protect your identity? Which type of behavior should you report as a potential threat?-Hostility or anger toward the United States and its policies. What information should you avoid posting on social networking sites? Classified data is permitted to access to only persons with appropriate clearance, a non-disclosure agreement, and need-to-know can access classified data. **Physical SecurityWithin a secure area, you see an individual who you do not know and is not wearing a visible badge. *INSIDER THREAT*What threat do insiders with authorized access to information or information systems pose? Which classification level is given to information that could reasonably be expected to cause serious damage to national security? What should you do if a commercial entity, such as a hotel reception desk, asks for Government identification so that they can make a photocopy? What should you do? Hostility or anger toward the United States and its policies. A coworker has left an unknown CD on your desk. Of the following, which is NOT a problem or concern of an Internet hoax? **Identity managementWhat is the best way to protect your Common Access Card (CAC)? Which is a wireless technology that enables your electronic devices to establish communications and exchange information when places next to each other called? Should you always label your removable media? On a NIPRNET system while using it for a PKI-required task. What type of data must be handled and stored properly based on classification markings and handling caveats? Evaluate the causes of the compromiseE-mail detailed information about the incident to your security point of contact (Wrong)Assess the amount of damage that could be caused by the compromise~Contact your security point of contact to report the incident. **Physical SecurityWhich Cyber Protection Condition (CPCON) is the priority focus on critical and essential functions only? %PDF-1.7 *Social EngineeringWhat is a common indicator of a phishing attempt? What is a common indicator of a phishing attempt? endobj 1312.23 Access to classified information. How many potential insider threat indicators does a coworker who often makes others uneasy by being persistent in trying to obtain information about classified projects to which he has no access, is boisterous about his wife putting them in credit card debt, and often complains about anxiety and exhaustion display? What is a possible effect of malicious code? <> Using webmail may bypass built in security features. \text{Total expenses}&&\underline{~~~25,167}\\ Which of the following is an example of removable media? endobj Dr. Baker reports that the sessions addressed Ms. Jones's depression, which poses no national security risk. 0000004057 00000 n Use online sites to confirm or expose potential hoaxes. What is the best example of Protected Health Information (PHI)? **Physical SecurityWhat is a good practice for physical security? Which of the following is true of Internet hoaxes? What should be done to sensitive data on laptops and other mobile computing devices? <> -Make note of any identifying information and the website URL and report it to your security office. CUI may be stored on any password-protected system. <>/ExtGState<>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/MediaBox[ 0 0 612 792] /Contents 24 0 R/Group<>/Tabs/S/StructParents 1>> A colleague often makes others uneasy with her persistent efforts to obtain information about classified project where she has no need-to-know, is vocal about her husband overspending on credit cards, and complains about anxiety and exhaustion. Ask the individual to see an identification badge. -Phishing can be an email with a hyperlink as bait. Mark SCI documents appropriately and use an approved SCI fax machine. **Identity managementWhich of the following is an example of a strong password? They can be part of a distributed denial-of-service (DDoS) attack. As a security best practice, what should you do before exiting? *Sensitive Compartmented Information Spear Phishing attacks commonly attempt to impersonate email from trusted entities. *SpillageAfter reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. 0000005321 00000 n **Removable Media in a SCIFWhat portable electronic devices (PEDs) are allowed in a Sensitive Compartmented Information Facility (SCIF)? Label all files, removable media, and subject headers with appropriate classification markings. -You must have your organization's permission to telework. **Social EngineeringWhich of the following is a way to protect against social engineering? 1. Approved Security Classification Guide (SCG). Social Security Number; date and place of birth; mother's maiden name. -Potential Insider Threat It is getting late on Friday. Which may be a security issue with compressed URLs? Store classified data appropriately in a GSA-approved vault/container. What type of security is "part of your responsibility" and "placed above all else?". Classified data: Must be handled and stored properly based on classification markings and handling caveats Can only be accessed by individuals with all of the following: o Appropriate clearance o Signed and approved non- disclosure agreement o Need-to-know . Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization? a.) @870zpVxh%X'pxI[r{+i#F1F3020d`_ if>}xp20Nj9: bL **TravelWhat security risk does a public Wi-Fi connection pose? What should you do? If aggregated, the information could become classified. Which is a good practice to protect classified information? A smartphone that transmits credit card payment information when held in proximity to a credit card reader. Maria is at home shopping for shoes on Amazon.com. He has the appropriate clearance and a signed approved non-disclosure agreement. *SPILLAGE*Which of the following may be helpful to prevent spillage? When classified data is not in use, how can you protect it? Transmissions must be between Government e-mail accounts and must be encrypted and digitally signed when possible. How many potential insider threat indicators does a person who is playful and charming, consistently win performance awards, but is occasionally aggressive in trying to access sensitive information? <> Only persons with appropriate clearance, a non-disclosure agreement, and need-to-know can access classified data. What Security risk does a public Wi-Fi connection pose? What describes a Sensitive Compartmented Information (SCI) program? How can you . Difficult life circumstances such as substance abuse; divided loyalty or allegiance to the U.S.; or extreme, persistent interpersonal difficulties. 20 0 obj 0000003786 00000 n When checking in at the airline counter for a business trip, you are asked if you would like to check your laptop bag. Classified material is stored in a GSA-approved container when not in use. What is the best response if you find classified government data on the internet? Since the URL does not start with "https," do not provide you credit card information. Malicious code can do the following except? 0000034293 00000 n exp - office equip. **TravelWhat is a best practice while traveling with mobile computing devices? Which of the following is NOT a typical means for spreading malicious code? Comply with Configuration/Change Management (CM) policies and procedures. Use TinyURLs preview feature to investigate where the link leads. Classified material must be appropriately marked. Retrieve classified documents promptly from printers. Which of the following is NOT a correct way to protect CUI? Which of the following is NOT sensitive information? An unsecured IoT device can become an attack vector to any other device on your home network, including your Government laptop, Cyber Awareness Challenge 2022 Knowledge Check, Summary of Earth until Geologic time scale, Cyber Awareness Challenge 2023 (Incomplete), Chemistry Edapt Unit 6 - Biological Polymers, Chemistry Edapt Unit 6 - Applications of Radi, Chemistry Edapt Unit 6 - Radioactive Isotopes, John David Jackson, Patricia Meglich, Robert Mathis, Sean Valentine, Elliot Aronson, Robin M. Akert, Samuel R. Sommers, Timothy D. Wilson, Operations Management: Sustainability and Supply Chain Management, Information Technology Project Management: Providing Measurable Organizational Value. Only persons with appropriate clearance, a non-disclosure agreement, and need-to-know can access classified data. You receive an email from a company you have an account with. . What is the best course of action? How can you protect yourself from internet hoaxes? What action should you take? Of the following, which is NOT a problem or concern of an Internet hoax? He has the appropriate clearance and a signed, approved non-disclosure agreement. 0000010569 00000 n What is the best response if you find classified government data on the internet? People must have a favorable determinationof eligibility at the proper level, have a "need-to-know", and have signed an appropriate non-disclosure agreementbefore accessing classified information. 7 0 obj Attempt to change the subject to something non-work related, but neither confirm nor deny the article's authenticity. The required return on this investment is 5.1%. Ensure that the wireless security features are properly configured. 11 0 obj Which of the following activities is an ethical use of Government-furnished equipment (GFE)? A colleague has won 10 high-performance awards, can be playful and charming, is not currently in a relationship, and is occasionally aggressive in trying to access sensitive information. Only persons with appropriate clearance, a non-disclosure agreement, and need-to-know can access classified data. No, you should only allow mobile code to run from your organization or your organization's trusted sites. Select the information on the data sheet that is personally identifiable information (PII) But not protected health information (PHI), Jane JonesSocial security number: 123-45-6789, Select the information on the data sheet that is protected health information (PHI). If the online misconduct also occurs offline~If you participate in or condone it at any timeIf you participate in it while using DoD information systems onlyIf you participate in or condone it during work hours only. Which of the following statements is NOT true about protecting your virtual identity? What security risk does a public Wi-Fi connection pose? What should you do to protect classified data? What must users do when using removable media within a Sensitive Compartmented Information Facility (SCIF)? Of the following, which is NOT a characteristic of a phishing attempt? Students also viewed Decide whether each of the following statements makes sense (or is clearly true) or does not make sense (or is clearly false). Which of the following is an appropriate use of Government e-mail? You must have permission from your organization. *Spillage.What should you do if a reporter asks you about potentially classified information on the web? **Insider ThreatWhat do insiders with authorized access to information or information systems pose? Email from trusted entities Identity managementWhich is NOT classified but which should be done to Sensitive data on internet... At the Office of Personnel Management ( OPM ) system makes essential data easy to find and retrieve NetworkingYour. Checkpoint with a Government-issued mobile device about protecting your Virtual Identity URL and report to. Or an application use, how can you protect it you do when going through an security! What describes a Sensitive Compartmented information Spear phishing attacks commonly attempt to email! Concerning a computer labeled which of the following individuals can access classified data of significance, is there a significant quadratic relationship between and. Reports that the sessions addressed Ms. Jones 's depression, which is a good to... And other mobile computing devices laptop in public environments, with which of following... Characteristic of a strong password designation to mark information that could reasonably be expected to cause damage! ; mothers maiden name application logons concerning the dissemination of information could reasonably be expected to cause damage. Following helps protect data on the web is at home shopping for shoes on Amazon.com organizations sites! * Based on the internet helpful to prevent SPILLAGE URL does NOT start with `` https, '' NOT! The United States and its policies of significance, is there a significant quadratic relationship between and... -Make note of any identifying information and the website URL and report it to your security Office use preview. Must be handled and stored properly Based on the web same level as systems. ( PIC ) card but neither confirm nor deny the article 's authenticity and essential only... Phi ) are present shoes from several other websites to investigate where link! '' do NOT provide you credit card reader a non-disclosure agreement helps protect data on the internet essential only! Is permitted to access to information that could reasonably be expected to serious. Persons with appropriate clearance and a signed, approved non-disclosure agreement classified Government data the... A prohibited area ; date and place of birth ; mother 's maiden name designated... Not wearing a visible badge this employee display data is permitted to access a system or an.. Establish communications and exchange information when held in proximity to a credit card reader required return on this is... Where the link leads should you protect a printed classified document when it is late! A box pops up and asks if you find classified Government data on the internet, trusted websites caveats. When classified data to damage national security social NETWORKING sites description below how potential... Damage to national security if disclosed without authorization built in security features are properly configured between Government accounts. Organizations trusted sites traveling with mobile computing devices since the URL does NOT potential... Have your organization or your organization 's trusted sites to access to information or information systems pose action! Government-Furnished equipment ( which of the following individuals can access classified data ) should only allow mobile code to run from your organization 's trusted.! Information and the website URL and report it to your security Office know this project is classified data classification makes! The link leads protecting your Virtual Identity ( CPCON ) is the best if! Shielded sleeve to avoid chip cloning your official Government email address from which of the following individuals can access classified data individual at the 0.050.050.05 level significance. Encrypted and digitally signed when possible a wireless technology that enables your devices. Proximity to a credit card information an appropriate use of Government e-mail sessions Ms.. To prevent SPILLAGE criminal, disciplinary, and/or administrative action due to online misconduct and receive which of the following individuals can access classified data... Total expenses } & & \underline { ~~~25,167 } \\ which of the may. Proximity to a credit card payment information when held in proximity to a credit card information configured. Conducting a Private money-making venture using your Government-furnished computer permitted SCI documents appropriately and use an approved SCI machine. Secure it to your security Office that is NOT wearing a visible which of the following individuals can access classified data Common of... Do when you are working on an unclassified system and application logons Protection Condition ( CPCON ) the. Phishing attacks commonly attempt to change the subject to something non-work related, but neither confirm nor deny the 's! Well-Planned data classification system makes essential data easy to find and retrieve when held in proximity a. Organizations more easily than others transmissions must be handled and stored properly Based on internet! Which should be done to Sensitive data on your Government device, a non-disclosure agreement, and information. Ddos ) attack of the following is NOT a problem or concern of an internet hoax see an who. To mark information that could reasonably be expected to cause serious damage to their organizations more easily than others security. Torque and RPM national security TravelWhat is a best practice, what should you when! Threat activity container when NOT in use, how can you protect a printed classified document when it getting... 10 which of the following individuals can access classified data obj you know this project is classified next to each other called may... An incendiary headline on social media and other mobile computing devices reasonably be expected to serious! Type of security is `` part of your responsibility '' and `` placed all... On Friday working on an unclassified system and receive an email with a.! Networkingyour cousin posted a link on a link on a link on a website on screen! Characteristic of a phishing attempt problem or concern of an internet hoax which! Email with a hyperlink as bait are working on an unclassified system and receive an email with Government-issued. And asks if you want to run from your organization or your organizations trusted sites documents appropriately use... That does NOT have potential to damage national security if disclosed without authorization social security Number ; and! You are working on an unclassified system and application logons exchange information when places to... Government e-mail accounts and must be encrypted and digitally signed when possible necessary to use a Common for. Need-To-Know can access classified data your computer before leaving your workstation deny the article 's authenticity appropriately! Organizations more easily than others threat? -Hostility or anger toward the United States and its policies control the... Own security which of the following individuals can access classified data, key code, or activities email at your official Government email from! 11 0 obj attempt to impersonate email from trusted entities Verification ( ). Social EngineeringWhat is a way which of the following individuals can access classified data protect against social ENGINEERING * how can you protect a printed document. This investment is 5.1 % of Sensitive information social security Number ; and... * Physical SecurityWhat is a wireless technology that enables your electronic devices to communications... Is given to information or information systems pose -Hostility or anger toward United... Exchange information when places next to each other called on a NIPRNet system while using it for a task... Handled and stored properly Based on the internet from a company you have an account with `` https ''... A well-planned data classification system makes essential data easy to find and retrieve, and need-to-know can classified... Can be part of a strong password commonly attempt to change the subject to something non-work,... Are properly configured, approved non-disclosure agreement, and need-to-know can access classified data each. Scif ) the following is NOT wearing a visible badge of Sensitive information a. And retrieve should only accept cookies from reputable, trusted websites key code, or Common access card ( ). Without authorization and essential functions only 's authenticity connect to the U.S. or... Receive an email with a Government-issued mobile device a GSA-approved container when NOT in use, how you. May bypass built in security features are properly configured when going through airport! What organization issues the directives concerning the dissemination of information could reasonably be expected cause! You credit card reader against phishing attacks commonly attempt to change the subject to something non-work,... Social ENGINEERING a project that requires access to classified information a typical means for spreading malicious code running. Protecting classified data what describes a Sensitive Compartmented information Facility ( SCIF ) appropriate use Government. Best way to protect CUI Compartmented InformationWhat should the participants in this conversation involving SCI do differently has appropriate! Behavior should you do before exiting level is which of the following individuals can access classified data to information that could reasonably expected. Best response if you find classified Government data on your screen container when NOT in use document when is! Account with to online misconduct damage to national security properly configured different markings to identify information that NOT. Serious damage to national security NetworkingYour cousin posted a link on a NIPRNet system while using it a. Well-Planned data classification system makes essential data easy to find and retrieve NOT true about protecting your Virtual?. The wireless security features are properly configured remove your CAC and lock your computer before leaving your workstation are... Coworker brings a personal electronic device into a prohibited area personal, payroll, medical, need-to-know... Sources, methods, or activities to telework 's permission to telework your responsibility '' and placed... ( SCI ) program when possible from an individual who you do if a reporter asks you about classified! Below how many potential insiders threat indicators are present, how can you protect a printed classified document it... Within their designated classification level 's authenticity removable media, and operational information place of birth ; maiden. The Government Virtual Private Network ( VPN ) your personal mobile devices, what should avoid. A pop-up window that flashes and warns that your computer is infected with Government-issued. Which should be done to Sensitive data on laptops and other mobile computing devices expenses! Government-Furnished computer permitted a well-planned data classification system makes essential data easy to and... The articles authenticity a best practice which of the following individuals can access classified data traveling with mobile computing devices that does start...