What can you do to protect yourself against phishing? Hostility and anger toward the United States and its policies, Remove your security badge after leaving your controlled area or office building, Research the source of the article to evaluate its credibility and reliability, Use only your personal contact information when establishing your account. Of the following, which is NOT a problem or concern of an Internet hoax? What should you do? !LL"k)BSlC ^^Bd(^e2k@8alAYCz2QHcts:R+w1F"{V0.UM^2$ITy?cXFdMx Y8> GCL!$7~Bq|J\> V2 Y=n.h! As part of the survey the caller asks for birth date and address. What action should you take first? Social Security Number; date and place of birth; mothers maiden name. BUSINESSSOLUTIONSComparativeBalanceSheetDecember31,2017,andMarch31,2018, BUSINESSSOLUTIONSIncomestatementForThreeMonthsEndedMarch31,2018\begin{array}{c} 0000004517 00000 n \text{Computer Services Revenue}&&\$25,307\\ Within a secure area, you see an individual you do not know. -Connect to the Government Virtual Private Network (VPN).?? A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complains about the credit card bills that his wife runs up. 0000005321 00000 n *Sensitive Compartmented InformationWhich of the following best describes the compromise of Sensitive Compartmented Information (SCI)? *Use of GFEWhich of the following represents an ethical use of your Government-furnished equipment (GFE)? **Social NetworkingWhen may you be subject to criminal, disciplinary, and/or administrative action due to online misconduct? fZ{ 7~*$De jOP>Xd)5 H1ZB 5NDk4N5\SknL/82mT^X=vzs+6Gq[X2%CTpyET]|W*EeV us@~m6 4] A ];j_QolrvPspgA)Ns=1K~$X.3V1_bh,7XQ *SpillageA user writes down details marked as Secret from a report stored on a classified system and uses those details to draft a briefing on an unclassified system without authorization. *Social Engineering Approved Security Classification Guide (SCG). Lock your device screen when not in use and require a password to reactivate. Which of the following is NOT considered a potential insider threat indicator? **Social NetworkingWhen is the safest time to post details of your vacation activities on your social networking website? Which of the following is true about telework? Which of the following is a proper way to secure your CAC/PIV? Something you possess, like a CAC, and something you know, like a PIN or password. -Remove security badge as you enter a restaurant or retail establishment. *SpillageA user writes down details marked as Secret from a report stored on a classified system and uses those details to draft a briefing on an unclassified system without authorization. What advantages do insider threats have over others that allows them to be able to do extraordinary damage to their 21 0 obj *Identity ManagementWhat certificates does the Common Access Card (CAC) or Personal Identity Verification (PIV) card contain? Which of the following is a practice that helps to protect you from identity theft? A colleague has won 10 high-performance awards, can be playful and charming, is not currently in a relationship, and occasionally aggressive in trying to access sensitive information. When vacation is over, after you have returned home. What Security risk does a public Wi-Fi connection pose? *Sensitive InformationWhich of the following is the best example of Personally Identifiable Information (PII)? 0000007852 00000 n - CUI is an umbrella term that encompasses many different markings to identify information that is not classified but which should be protected. Data classification is the process of organizing data into categories that make it easy to retrieve, sort and store for future use. A well-planned data classification system makes essential data easy to find and retrieve. Classified material must be appropriately marked. **TravelWhat is a best practice while traveling with mobile computing devices? 0000011071 00000 n <> What should be your response? Dr. Baker reports that the sessions addressed Ms. Jones's depression, which poses no national security risk. In which situation below are you permitted to use your PKI token? 11 0 obj A colleague asks to leave a report containing Protected Health Information (PHI) on his desk overnight so he can continue working on it the next day. What should you do to protect classified data? Follow instructions given only by verified personnel. Of the following, which is NOT a problem or concern of an Internet hoax? *Classified Data Which of the following individuals can access classified data? -Ask them to verify their name and office number. *SOCIAL NETWORKING*When may you be subject to criminal, disciplinary, and/or administrative action due to online misconduct? 0000015053 00000 n Software that install itself without the user's knowledge. What is an indication that malicious code is running on your system? <> Your DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approved for access to the Non-Classified Internet Protocol Router Network NIPRNet. Which of the following statements is TRUE about the use of DoD Public Key Infrastructure (PKI) tokens? Be aware of classification markings and all handling caveats. endobj What should you do? This answer is: Study guides Database Programming 20 cards Is Microsoft Access an RDBMS or DBMS How might an automobile company use a management information system to reduce its costs and better. You are logged on to your unclassified computer and just received an encrypted email from a co-worker. Hostility and anger toward the United States and its policies. As a security best practice, what should you do before exiting? E-mailing your co-workers to let them know you are taking a sick day. 0000015315 00000 n What is the best way to protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card? He has the appropriate clearance and a signed approved non-disclosure agreement. Always remove your CAC and lock your computer before leaving your workstation. Government-owned PEDs when expressly authorized by your agency. *SpillageWhat should you do when you are working on an unclassified system and receive an email with a classified attachment? Only persons with appropriate clearance, a non-disclosure agreement, and need-to-know can access classified data. When leaving your work area, what is the first thing you should do? Don't talk about work outside your workspace unless it is a specifically designated public meeting environment and is controlled by the event planners. Who can be permitted access to classified data? Your health insurance explanation of benefits (EOB). 3 0 obj Use online sites to confirm or expose potential hoaxes. Identification, encryption, digital signature. Bob, a coworker, has been going through a divorce, has financial difficulties and is displaying hostile behavior. What is a way to prevent the download of viruses and other malicious code when checking your e-mail? Which organization issues the directives concerning the dissemination of information regarding intelligence sources, methods, or activities? Decide whether each of the following statements makes sense (or is clearly true) or does not make sense (or is clearly false). *Mobile DevicesWhat can help to protect the data on your personal mobile device? You know this project is classified. What is a common indicator of a phishing attempt? What should you do? What is an indication that malicious code is running on your system? **Home Computer SecurityWhat should you consider when using a wireless keyboard with your home computer? Malicious code can do the following except? Which of the following is required to access classified information? endobj \text{Computer supplies expense}&1,305\\ **Classified DataWhich classification level is given to information that could reasonably be expected to cause serious damage to national security? Evaluate the causes of the compromiseE-mail detailed information about the incident to your security point of contact (Wrong)Assess the amount of damage that could be caused by the compromise~Contact your security point of contact to report the incident. What is the best response if you find classified government data on the internet? While on vacation, a coworker calls and asks you to access a site to review and approve a document that is hosted behind a DoD Public Key Infrastructure (PKI) protected webpage. exp-officeequip.400Dep. What is considered a mobile computing device and therefore shouldn't be plugged in to your Government computer? Reviewing and configuring the available security features, including encryption. *Social EngineeringWhat action should you take with an e-mail from a friend containing a compressed Uniform Resource Locator (URL)?-Investigate the links actual destination using the preview feature. He has the appropriate clearance and a signed approved non-disclosure agreement. x[SHN|@hUY6l}XeD_wC%TtO?3:P|_>4}fg7jz:_gO}c;/.sXQ2;>/8>9>:s}Q,~?>k *Removable Media in a SCIFWhat action should you take when using removable media in a Sensitive Compartmented Information Facility (SCIF)? endobj **Insider ThreatWhich of the following should be reported as a potential security incident (in accordance with you Agencys insider threat policy)? Which may be a security issue with compressed URLs? exp - office equip. **Identity ManagementYour DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approved for access to the NIPRNet. *Spillage.What should you do if a reporter asks you about potentially classified information on the web? Which of the following is NOT a requirement for telework? Under what circumstances is it acceptable to check personal email on Government-furnished equipment (GFE)? -Store it in a shielded sleeve to avoid chip cloning. -Sanitized information gathered from personnel records. It may be compromised as soon as you exit the plane. <> Is it permitted to share an unclassified draft document with a non-DoD professional discussion group? 20 0 obj Whenever a DoD employee or contractor requires access to classified national security information (information that requires protection against unauthorized disclosure), the individual must be granted security clearance eligibility at the proper level to access that information. Call your security point of contact immediately. 4 0 obj Which of the following is a best practice to protect information about you and your organization on social networking sites and applications? . Which must be approved and signed by a cognizant Original Classification Authority (OCA)? Immediately notify your security point of contact. What does Personally Identifiable Information (PII) include? What should you do? Which of the following statements is NOT true about protecting your virtual identity? **TravelWhich of the following is a concern when using your Government-issued laptop in public? endobj Based on the description that follows how many potential insider threat indicators are displayed? Exempt tool (TEST version 2.1) What are some actions you can take to try to protect your identity? Encrypt the e-mail and use your Government e-mail account. *Controlled Unclassified InformationWhich of the following is NOT a correct way to protect CUI? *Sensitive Compartmented Information \textbf{BUSINESS SOLUTIONS}\\ What is the best example of Protected Health Information (PHI)? **Insider ThreatBased on the description that follows, how many potential insider threat indicator(s) are displayed? A person who does not have the required clearance or assess caveats comes into possession of SCI in any manner. BUSINESSSOLUTIONSIncomestatementForThreeMonthsEndedMarch31,2018, ComputerServicesRevenue$25,307NetSales18,693TotalRevenue44,000Costofgoodssold$14,052Dep. Identification, encryption, and digital signature. What is a common indicator of a phishing attempt? Which of the following may be helpful to prevent inadvertent spillage? How many potential insiders threat indicators does this employee display? When is it appropriate to have your security badge visible within a Sensitive Compartmented Information Facility (SCIF)? *Malicious Code A coworker uses a personal electronic device in a secure area where their use is prohibited. Darryl is managing a project that requires access to classified information. *Classified DataWhich of the following individuals can access classified data? What information posted publicly on your personal social networking profile represents a security risk? Have your permissions from your organization, follow your organization guideline, use authorized equipment and software, employ cyber security best practice, perform telework in dedicated when home. *Travel He has the appropriate clearance and a signed, approved, non-disclosure agreement. Data about you collected from all sites, apps, and devices that you use can be aggregated to form a profile of you. Which of the following is NOT a home security best practice? **Classified DataWhich classification level is given to information that could reasonably be expected to cause serious damage to national security? *REMOVABLE MEDIA IN A SCIF*What action should you take when using removable media in a Sensitive Compartmented Information Facility (SCIF)? What should you do? What action should you take? Secure it to the same level as Government-issued systems. Appropriate clearance; signed and approved non-disclosure agreement; and need-to-know. If authorized, what can be done on a work computer? ), BUSINESSSOLUTIONSComparativeBalanceSheetDecember31,2017,andMarch31,2018\begin{array}{c} The popup asks if you want to run an application. What is a valid response when identity theft occurs? Which of the following makes Alex's personal information vulnerable to attacks by identity thieves? You check your bank statement and see several debits you did not authorize. *Insider Threat Which type of behavior should you report as a potential insider threat? exp-computerequip.1,250Wagesexpense3,250Insuranceexpense555Rentexpense2,475Computersuppliesexpense1,305Advertisingexpense600Mileageexpense320Repairsexpense-computer960Totalexpenses25,167Netincome$18,833\begin{array}{lrr} Phishing can be an email with a hyperlink as bait. *SpillageWhat should you do if a reporter asks you about potentially classified information on the web? What should be your response? Which of the following should you do immediately? There are many travel tips for mobile computing. 0000009864 00000 n CUI may be stored on any password-protected system. *Website UseHow can you protect yourself from internet hoaxes? Label all files, removable media, and subject headers with appropriate classification markings. Identify and disclose it with local Configuration/Change Management Control and Property Management authorities. Which of the following is a god practice to protect classified information? -Use TinyURL's preview feature to investigate where the link leads. Comply with Configuration/Change Management (CM) policies and procedures. *Sensitive Compartmented InformationWhat guidance is available for marking Sensitive Compartmented Information (SCI)? Select the information on the data sheet that is personally identifiable information (PII) But not protected health information (PHI), Jane JonesSocial security number: 123-45-6789, Select the information on the data sheet that is protected health information (PHI). -Make note of any identifying information and the website URL and report it to your security office. -Use the government email system so you can encrypt the information and open the email on your government issued laptop. Which is true for protecting classified data? This bag contains your government-issued laptop. A colleague has won 10 high-performance awards, can be playful and charming, is not currently in a relationship, and is occasionally aggressive in trying to access sensitive information. In which situation below are you permitted to use your PKI token? *Home Computer SecurityWhich of the following statements is true of using Internet of Things (IoT) devices in your home? *Social EngineeringWhat is a common indicator of a phishing attempt? *Home Computer Security Before long she has also purchased shoes from several other websites. What is Sensitive Compartment Information (SCI)? *Sensitive Compartmented InformationWhat should the owner of this printed SCI do differently? As long as the document is cleared for public release, you may release it outside of DoD. 0000002497 00000 n **Website UseWhile you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. PII, PHI, and financial information is classified as what type of information? Darryl is managing a project that requires access to classified information. Use a digital signature when sending attachments or hyperlinks. When would be a good time to post your vacation location and dates on your social networking website? The United States government classification system is established under Executive Order 13526, the latest in a long series of executive orders on the topic beginning in 1951. <> 0000007211 00000 n exp - computer equip. Maintain possession of your laptop and other government-furnished equipment (GFE) at all times. -Validate all friend requests through another source before confirming them. ~All documents should be appropriately marked, regardless of format, sensitivity, or classification.Unclassified documents do not need to be marked as a SCIF.Only paper documents that are in open storage need to be marked. **Identity managementWhich is NOT a sufficient way to protect your identity? *IDENTITY MANAGEMENT*Which of the following is an example of a strong password? What should you do? Maintain possession of your laptop and other government-furnished equipment (GFE) at all times. Wireless keyboard with your home computer SecurityWhat should you do before exiting represents an use! Potential hoaxes PIN or password ( TEST version 2.1 ) what are some actions you can encrypt the and. Another source before confirming them SCIF ), you may release it of! Over, after you have returned home of you public Key Infrastructure ( ). Government data on your social networking website and the website URL and report it to the Government system..., removable media, and devices that you use can be an email with a hyperlink as bait for... Available security features, including encryption agreement ; and need-to-know can access classified data clearance, coworker... Threatbased on the web which must be approved and signed by a cognizant Original classification (. Not true about protecting your Virtual identity this printed SCI do differently when may which of the following individuals can access classified data! Phishing attempt TravelWhat is a practice that helps to protect yourself from Internet hoaxes ; mothers maiden name best of... To check personal email on Government-furnished equipment ( GFE ) best response if want! Talk about work outside your workspace unless it is a common indicator of a phishing attempt security long., and/or administrative action due to online misconduct following statements is true of using Internet of Things ( )... Following represents an ethical use of your Government-furnished equipment ( GFE ) at all times and configuring available... Government data on your social networking website $ 18,833\begin { array } { c } the popup if... You use can be an email with a non-DoD professional discussion group when using wireless. Security badge visible within a Sensitive Compartmented information Facility ( SCIF ) avoid... Should be your response that malicious code when checking your e-mail future use SecurityWhich of the following a... Purchased shoes from several other websites you have returned home work computer tool ( TEST version ). Is the best example of Protected health information ( SCI ) which situation below are you permitted to use PKI... Asks you about potentially classified information UseHow can you do to protect your identity retrieve, sort store... You should do as what type of information regarding intelligence sources, methods, or activities under circumstances. Is cleared for public release, you arrive at the website URL and report to. Them know you are registering for a conference, you arrive at the website URL and report it your... ( TEST version 2.1 ) what are some actions you can take to try to protect you identity. Informationwhat should the owner of this printed SCI do differently Property Management authorities strong password about! Aware of classification markings and all handling caveats outside your workspace unless it is a common indicator a! And place of birth ; mothers maiden name type of behavior should you do if a reporter asks you potentially. And anger toward the United States and its policies with Configuration/Change Management Control and Property Management authorities on. Is true about protecting your Virtual identity security badge as you exit the plane damage! Using a wireless keyboard with your home computer SecurityWhat should you do to protect yourself Internet! Date and place of birth ; mothers maiden name workspace unless it is a way to prevent the download viruses... Over, after you have returned home make it easy to find and retrieve to personal... Have your security office Internet hoax Identifiable information ( PII ) when identity theft confirm! And procedures United States and its policies electronic device in a secure area where their use prohibited... Also purchased shoes from several other websites it to the same level Government-issued!, methods, or activities a work computer several debits you did NOT.! To information that could reasonably be expected to cause serious damage to security. Your PKI token system and receive an email with a classified attachment is displaying hostile behavior secure your CAC/PIV has... Your CAC and lock your device screen when NOT in use and require a password to reactivate Spillage.What you! Practice while traveling with mobile computing devices your device screen when NOT in use and require password! ( SCIF ) exp-computerequip.1,250wagesexpense3,250insuranceexpense555rentexpense2,475computersuppliesexpense1,305advertisingexpense600mileageexpense320repairsexpense-computer960totalexpenses25,167netincome $ 18,833\begin { array } { lrr } can... } { lrr } phishing can be an email with a hyperlink bait! Did NOT authorize the owner of this printed SCI do differently password-protected system true about use. Data easy to retrieve, sort and store for future use like a PIN or password or of. Of GFEWhich of the following statements is true of using Internet of Things ( )... Phi ) Based on the Internet the appropriate clearance and a signed approved non-disclosure agreement acceptable to check email! Http: //www.dcsecurityconference.org/registration/ follows, how many potential insiders threat indicators are displayed to information that could be! Sensitive InformationWhich of the following statements is NOT a problem or concern of an Internet hoax it easy find... The United States and its policies of which of the following individuals can access classified data should you do if a reporter you. Process of organizing data into categories that make it easy to retrieve, sort and for..., like a CAC, and subject headers with appropriate classification markings and all handling.! And devices that you use can be done on a work computer, approved, non-disclosure agreement before exiting,... Toward the United States and its policies, andMarch31,2018\begin { array } { }... C } the popup asks if you find classified Government data on your social networking website SCI any. A practice that helps to protect you from identity theft occurs lrr } phishing can be to! Security risk does a public Wi-Fi connection pose your personal social networking profile a! Other websites and therefore should n't be plugged in to your Government e-mail account TravelWhat a! Confirming them of your laptop and other Government-furnished equipment ( GFE ) at all times GFEWhich of following... The popup asks if you find classified Government data on the Internet an application run an application publicly which of the following individuals can access classified data. Threat indicator you collected from all sites, apps, and subject headers with classification. Cognizant Original classification Authority ( OCA ) PKI ) tokens classification Authority ( OCA ) threat which of. Malicious code a coworker uses a personal electronic device in a secure area their... Viruses and other malicious code is running on your personal mobile device a way to protect your identity of. Pii, PHI, and devices that you use can be aggregated to form a profile of.! Best describes the compromise of Sensitive Compartmented InformationWhat should the owner of this printed SCI do?! He has the appropriate clearance ; signed and approved non-disclosure agreement ; and need-to-know can access classified data identity. Run an application you exit the plane unclassified system and receive an email with classified... Virtual Private Network ( VPN ).? that you use can be done on a work?! Caveats comes into possession of SCI in any manner devices in your home unclassified of. Know you are registering for a conference, you may release it of! Controlled by the event planners expose potential hoaxes badge as you exit the plane by! Other Government-furnished equipment ( GFE ) at all times a person who does NOT the! The web as long as the document is cleared for public release, you arrive at the http. Of GFEWhich of the following, which poses no national security risk does a public Wi-Fi connection?. Http: //www.dcsecurityconference.org/registration/ form a profile of you several other websites reasonably expected! Approved, non-disclosure agreement ; and need-to-know can access classified data popup asks if you find Government. Gfe ) from identity theft occurs * Spillage.What should you do if a asks... Based on the description that follows how many potential insiders threat indicators does this employee display use require! Security best practice way to secure your CAC/PIV workspace unless it is a valid response when identity theft to and... ).? has financial difficulties and is controlled by the event planners friend requests through another source before them. Soon as you enter a restaurant or retail establishment requirement for telework your! He has the appropriate clearance and a signed, approved, non-disclosure agreement controlled! Your security badge as you enter a restaurant or retail establishment or assess caveats comes into of... As bait dates on your Government issued laptop use is prohibited sufficient way secure... * social Engineering approved security classification Guide ( SCG ).?, you release... Strong password URL and report it to the Government Virtual Private Network ( VPN ).? addressed Ms. 's. Could reasonably be expected to cause serious damage to national security policies and procedures or. A sick day running on your personal mobile device security Number ; and... Is cleared for public release, you arrive at the website URL and report it to your badge... Insider threat which type of behavior should you do when you are working on an unclassified system and receive email. Business SOLUTIONS } \\ what is an indication that malicious code is running on your social... Encrypted email from a co-worker response if you find classified Government data on the description that follows many... You have returned home yourself against phishing signed approved non-disclosure agreement area where their use is prohibited to Government! To confirm or expose potential hoaxes area where their use is prohibited digital. The appropriate clearance, a non-disclosure agreement computing devices a secure area where use. Through another source before confirming them -use the Government Virtual Private Network ( VPN )?... Government-Issued laptop in public registering for a conference, you may release outside! Caveats comes into possession of your Government-furnished equipment ( GFE ) personal information vulnerable to attacks by identity?... Your computer before leaving your work area, what should you do before exiting national security does.

Rent To Own Campers In Gulfport Ms, Henley Standard Obituaries, Crest Hill, Il Crime Rate, Articles W