Annual DoD Cyber Awareness Challenge Training, DOD Cyber Awareness Challenge 2019: Knowledge, DOD Cyber Awareness Challenge 2019 (DOD-IAA-V, Operations Management: Sustainability and Supply Chain Management, Elliot Aronson, Robin M. Akert, Samuel R. Sommers, Timothy D. Wilson, Anderson's Business Law and the Legal Environment, Comprehensive Volume, David Twomey, Marianne Jennings, Stephanie Greene. Why might "insiders" be able to cause damage to their organizations more easily than others? What describes how Sensitive Compartmented Information is marked? You find information that you know to be classified on the Internet. What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF. Exceptionally grave damage. It may be compromised as soon as you exit the plane. **Classified Data Which of the following is a good practice to protect classified information? Which of the following is NOT sensitive information? It is permissible to release unclassified information to the public prior to being cleared. Ensure proper labeling by appropriately marking all classified material and, when required, sensitive material. Remove your security badge, common access card (CAC), or personal identity verification (PIV) card. Which of the following is NOT an appropriate way to protect against inadvertent spillage? Based on the description that follows, how many potential insider threat indicator (s) are displayed? tell your colleague that it needs to be secured in a cabinet or container. Follow procedures for transferring data to and from outside agency and non-Government networks. 1.1.2 Classified Data. You must have permission from your organization. Discrete data involves whole numbers (integers - like 1, 356, or 9) that can't be divided based on the nature of what they are. Which of the following is not Controlled Unclassified Information (CUI)? classified-document. What function do Insider Threat Programs aim to fulfill? Note any identifying information, such as the website's URL, and report the situation to your security POC. Darryl is managing a project that requires access to classified information. Understanding and using the available privacy settings. (Insider Threat) A colleague vacations at the beach every year, is married and a father of four, his work quality is sometimes poor, and he is pleasant to work with. You should only accept cookies from reputable, trusted websites. Which of the following is an example of a strong password? How can you protect yourself from social engineering? Assuming open storage is always authorized in a secure facility. **Social Networking Which of the following best describes the sources that contribute to your online identity? Which of the following is an example of Protected Health Information (PHI)? *Malicious Code After visiting a website on your Government device, a popup appears on your screen. What information most likely presents a security risk on your personal social networking profile? By Quizzma Team / Technology. What should be done if you find classified Government Data/Information Not Cleared for Public Release on the Internet? Spillage occurs when information is spilled from a higher classification or protection level to a lower classification or protection level. The following table lists the number of drivers in the United States, the number of fatal accidents, and the number of total accidents in each age group in 2002. They broadly describe the overall classification of a program or system. A smartphone that transmits credit card payment information when held in proximity to a credit card reader. Sensitive information may be stored on any password-protected system. The Registry is updated as agencies continue to submit governing authorities that authorize the protection and safeguarding of sensitive information. After you have returned home following the vacation. Report the crime to local law enforcement. **Insider Threat What type of activity or behavior should be reported as a potential insider threat? A user writes down details from a report stored on a classified system marked as Secret and uses those details to draft an unclassified briefing on an unclassified system without authorization. When your vacation is over, and you have returned home. You receive an inquiry from a reporter about potentially classified information on the internet. Controlled Unclassified Information (CUI) is information that requires safeguarding or dissemination controls consistent with applicable laws, regulations, and Government-wide policies, but is not classified under Executive Order 13526 "Classified National Security Informat What are examples of CUI? Use only personal contact information when establishing your personal account. NARAissuespolicy directives and publishesan annualreportto the President of the United Stateson the status of agency CUI Program implementation in accordance with Executive Order 13556, Controlled Unclassified Information. Malicious code can do the following except? What is NOT Personally Identifiable Information (PII)? It does not require markings or distribution controls. The date of full implementation of the CUI Program will be announced by the EPAs CUI Senior Agency Official (CUI SAO) and updated here on EPAs public web page. Your password and a code you receive via text message. d. giving a spanking or a scolding. Unusual interest in classified information. *Malicious Code Which of the following is NOT a way that malicious code spreads? 1.To provide opportunities for individuals and businesses to open checking accounts __________, To write rules and guidelines for financial institutions under its supervision __________, To be the lender of last resort for financial institutions __________, To conduct the nations monetary policy with the goals of maintaining full employment and price stability __________, 5. **Classified Data Which of the following is true of protecting classified data? Individuals must avoid referencing derivatively classified reports classified higher than the recipient.??? Which of the following statements is NOT true about protecting your virtual identity? **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? -TRUE The use of webmail is -is only allowed if the organization permits it Using webmail may bypass built in security features. (Spillage) What type of activity or behavior should be reported as a potential insider threat? Which of the following is a best practice for physical security? Report the suspicious behavior in accordance with their organizations insider threat policy. Correct. Confirm the individuals need-to-know and access. All https sites are legitimate. I may decide not to consent to these terms, but, if I do not consent to all of these terms, then I agree not to proceed with creating an account or moving forward with filling out the application, and I understand that I will not be . Mobile devices and applications can track your location without your knowledge or consent. Identification, encryption, and digital signature. Course Introduction Introduction . There is no way to know where the link actually leads. **Mobile Devices What can help to protect the data on your personal mobile device? What should you do if someone forgets their access badge (physical access)? EPA anticipates beginning CUI practices (designating, marking, safeguarding, disseminating, destroying, and decontrolling) starting in FY2023. **Identity management Which is NOT a sufficient way to protect your identity? correct. **Classified Data How should you protect a printed classified document when it is not in use? What can help to protect the data on your personal mobile device. Ive tried all the answers and it still tells me off. Validate friend requests through another source before confirming them. (Spillage) Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization? What certificates are contained on the Common Access Card (CAC)? A colleague is playful and charming, consistently wins performance awards, and is occasionally aggressive in trying to access classified information. What should you do if a reporter asks you about potentially classified information on the web? (2) War planning documents which contain worldwide -- (a) Planning data and assumptions, (b) Wartime planning factors for the use of nuclear weapons, (c) Intelligence estimates of enemy capabilities, (d) Force composition and development, and Under what circumstances could unclassified information be considered a threat to national security? (Sensitive Information) What certificates are contained on the Common Access Card (CAC)? The challenges goal is simple: To change user behavior to reduce the risks and vulnerabilities DoD Information Systems face. Which of the following is NOT a correct way to protect sensitive information? What should you do? SSN, date and place of birth, mothers maiden name, biometric records, PHI, passport number, Subset of PII, health information that identifies the individual, relates to physical or mental health of an individual, provision of health care to an individual, or payment of healthcare for individual. Which of the following is a best practice to protect information about you and your organization on social networking sites and applications? **Insider Threat Which scenario might indicate a reportable insider threat? What should you do? What Are Some Examples Of Malicious Code Cyber Awareness? Spear Phishing attacks commonly attempt to impersonate email from trusted entities. c. ignoring a tantrum Your password and the second commonly includes a text with a code sent to your phone. You are working at your unclassified system and receive an email from a coworker containing a classified attachment. Appropriate clearance, a signed and approved non-disclosure agreement, and need-to-know, Insiders are given a level of trust and have authorized access to Government information systems. (Correct)-It does not affect the safety of Government missions.-It never requires classification markings. Which of the following should be reported as a potential security incident? Exceptionally grave damage to national security. When gases are sold they are usually compressed to high pressures. (Spillage) When classified data is not in use, how can you protect it? Share sensitive information only on official, secure websites. What should you do? Select the information on the data sheet that is personally identifiable information (PII) But not protected health information (PHI), Select the information on the data sheet that is protected health information (PHI). How many potential insider threat indicators does this employee display? PII includes, but is not limited to, social security numbers, date and places of birth, mothers maiden names, biometric records, and PHI. A colleague saves money for an overseas vacation every year, is a . Do not access website links in e-mail messages. However, agency personnel and contractors should first consult their agency's CUI implementing policies and program management for guidance. Search the Registry: Categories, Markings and Controls: Category list CUI markings -It must be released to the public immediately. Which is a risk associated with removable media? The EPAs Controlled Unclassified Information (CUI) Program issued its Interim CUI Policy in December 2020. UNCLASSIFIED is a designation to mark information that does not have potential to damage national security. You know that this project is classified. Which of the following is a best practice for handling cookies? Download the information. Classified material must be appropriately marked. **Social Networking When is the safest time to post details of your vacation activities on your social networking profile? What should be your response? What should the owner of this printed SCI do differently? Always use DoD PKI tokens within their designated classification level. Ans: True Question 2: The Government Information Security Reform Act (Security Reform Act) of 2000 focuses on management View the full answer **Website Use How should you respond to the theft of your identity? Avoid using non-Bluetooth-paired or unencrypted wireless computer peripherals. Unknown data is categorized by the system; an analyst then reviews the results Note the websites URL and report the situation to your security point of contact. When is it okay to charge a personal mobile device using government-furnished equipment (GFE)? They can be part of a distributed denial-of-service (DDoS) attack. (Sensitive Information) Which of the following is NOT an example of sensitive information? Which of the following individuals can access classified data? CUI is government created or owned information that requires safeguarding or dissemination controls consistent with applicable laws, regulations and government wide policies. Which of the following is NOT considered sensitive information? Which of the following best describes the sources that contribute to your online identity. A 3%3\%3% penalty is charged for payment after 303030 days. -Classified information that should be unclassified and is downgraded. Which of the following is NOT a typical result from running malicious code?