DOD Cyber Awareness 2022 Knowledge Check Exam with complete solution

Document Content and Description Below

How many potential insider threat indicators does a person who is married with two children, vacations at the beach every year, is pleasant to work with, but sometimes has poor work quality display? -... ANSWER 0 indicators What is the best response if you find classified government data on the internet? - ANSWER Note any identifying information, such as the website's URL, and report the situation to your security POC. After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. You know this project is classified. What should be your response? - ANSWER Attempt to change the subject to something non-work related, but neither confirm nor deny the article's authenticity. What is a proper response if spillage occurs? - ANSWER Immediately notify your security POC. What should you do if a reporter asks you about potentially classified information on the web? - ANSWER Ask for information about the website, including the URL. A user writes down details from a report stored on a classified system marked as Secret and uses those details to draft an unclassified briefing on an unclassified system without authorization. What is the best choice to describe what has occurred? - ANSWER Spillage because classified data was moved to a lower classification level system without authorization. How many potential insider threat indicators does a coworker who often makes others uneasy by being persistent in trying to obtain information about classified projects to which he has no access, is boisterous about his wife putting them in credit card debt, and often complains about anxiety and exhaustion display? - ANSWER 3 or more indicators Which of the following can an unauthorized disclosure of information classified as Confidential reasonably be expected to cause? - ANSWER Damage to national security Which classification level is given to information that could reasonably be expected to cause serious damage to national security? - ANSWER Secret When classified data is not in use, how can you protect it? - ANSWER Store classified data appropriately in a GSA-approved vault/container when not in use. Which is a good practice to protect classified information? - ANSWER Ensure proper labeling by appropriately marking all classified material and, when required, sensitive material. Which of the following is a good practice to aid in preventing spillage? - ANSWER Be aware of classification markings and all handling caveats. What is required for an individual to access classified data? - ANSWER Appropriate clearance; signed and approved non-disclosure agreement; and need-to-know. What type of activity or behavior should be reported as a potential insider threat? - ANSWER Coworker making consistent statements indicative of hostility or anger toward the United States and its policies. Which of the following practices reduces the chance of becoming a target by adversaries seeking insider information? - ANSWER Don't talk about work outside your workspace unless it is a specifically designated public meeting environment and is controlled by the event planners. Which scenario might indicate a reportable insider threat security incident? - ANSWER A coworker is observed using a personal electronic device in an area where their use is prohibited. Why might "insiders" be able to cause damage to their organizations more easily than others? - ANSWER Insiders are given a level of trust and have authorized access to Government information systems. Which of the following is a best practice to protect information about you and your organization on social networking sites and applications? - ANSWER Use only personal contact information when establishing personal social networking accounts, never use Government contact information. What should you do if an individual asks you to let her follow you into your controlled space, stating that she left her security badge at her desk? - ANSWER Don't allow her access into secure areas and report suspicious activity. Which represents a security best practice when using social networking? - ANSWER Understanding and using available privacy settings. Which is NOT a sufficient way to protect your identity? - ANSWER Use a common password for all your system and application logons. Under which circumstances may you be subject to criminal, disciplinary, and/or administrative action due to online misconduct? - ANSWER Any time you participate in or condone misconduct, whether offline or online. As someone who works with classified information, what should you do if you are contacted by a foreign national seeking information on a research project? - ANSWER Inform your security POC of all non-professional or non-routine contacts with foreign nations, including, but not limited to, joining each other's social media sites. Which of the following is true about unclassified data? - ANSWER When unclassified data is aggregated, its classification level may rise. What are some potential insider threat indicators? - ANSWER Difficult life circumstances such as substance abuse; divided loyalty or allegiance to the U.S.; or extreme, persistent interpersonal difficulties. What information posted publicly on your personal social networking profile represents a security risk? - ANSWER Your place of birth What is an individual's Personally Identifiable Information (PII) or Protected Health Information (PHI) considered? - ANSWER Sensitive information. Under what circumstances could unclassified information be considered a threat to national security? - ANSWER If aggregated, the information could become classified. What type of unclassified material should always be marked with a special handling caveat? - ANSWER For Official Use Only (FOUO) Which is true for protecting classified data? - ANSWER Classified material is stored in a GSA-approved container when not in use. Which of the following is true of protecting classified data? - ANSWER Classified material must be appropriately marked. Which of the following should be reported as a potential security incident (in accordance with your Agency's insider threat policy)? - ANSWER A coworker brings a personal electronic device into a prohibited area. How many potential insider threat indicators does a person who is playful and charming, consistently win performance awards, but is occasionally aggressive in trying to access sensitive information? - ANSWER 1 Indicator Which of the following terms refers to harm inflicted on national security through authorized access to information or information systems? - ANSWER Insider Threat What is the best example of Personally Identifiable Information (PII)? - ANSWER Date and place of birth What is the best example of Protected Health Information (PHI)? - ANSWER Your health insurance explanation of benefits (EOB) When is the best time to post details of your vacation activities on your social networking website? - ANSWER When your vacation is over, and you have returned home What does Personally Identifiable Information (PII) include? - ANSWER Social Security Number; date and place of birth; mother's maiden name What must you ensure if you work involves the use of different types of smart card security tokens? - ANSWER Avoid a potential security violation by using the appropriate token for each system. What must you ensure before transmitting Personally Identifiable Information (PII) or Protected Health Information (PHI) via e-mail? - ANSWER Transmissions must be between Government e-mail accounts and must be encrypted and digitally signed when possible. What must you do when e-mailing Personally Identifiable Information (PII) or Protected Health Information (PHI)? - ANSWER Encrypt the e-mail and use your Government e-mail account. What is a good practice for physical security? - ANSWER Challenge people without proper badges. Is it acceptable to take a short break while a coworker monitors your computer while logged on with your CAC? - ANSWER No. Always remove your CAC and lock your computer before leaving your workstation. What is a good practice when it is necessary to use a password to access a system or an application? - ANSWER Avoid using the same password between systems or applications. What is the best description of two-factor authentication? - ANSWER Something you possess, like a CAC, and something you know, like a PIN or password. What certificates are contained on the DoD Public Key Infrastructure (PKI) implemented by the Common Access Card (CAC)/Personal Identity Verification (PIV) card? - ANSWER Identification, encryption, and digital signature What are the requirements to be granted access to SCI material? - ANSWER The proper security clearance and indoctrination into the SCI program. What threat do insiders with authorized access to information or information Systems pose?? - ANSWER They may wittingly or unwittingly use their authorized access to perform actions that result in the loss or degradation of resources or capabilities. [Show More]

Last updated: 1 year ago

Preview 1 out of 11 pages