What should the participants in this conversation involving SCI do differently? (Sensitive Information) Which of the following is NOT an example of sensitive information? Who designates whether information is classified and its classification level? urpnUTGD. Based on the description that follows, how many potential insider threat indicator(s) are displayed? Exposure to malware. What should you do? Which method would be the BEST way to send this information? What should the employee do differently? It does not require markings or distribution controls. **Identity management What is the best way to protect your Common Access Card (CAC)? Validate friend requests through another source through another source before confirming them. all non-redacted elements of the final terms and conditions, all non-redacted elements of the contract schedules. When checking in at the airline counter for a business trip, you are asked if you would like to check your laptop bag. When using a public device with a card reader, only use your DoD CAC to access unclassified information, is only allowed if the organization permits it. Damage Which of the following is NOT a potential consequence of using removable media unsafely in a Sensitive Compartmented Information Facility (SCIF)? Hostility or anger toward the United States and its policies. Which may be a security issue with compressed Uniform Resource Locators (URLs)? Which Cyber Protection Condition (CPCON) establishes a protection priority focus on critical functions only? Refer the reporter to your organizations public affairs office. What should you do? (Malicious Code) Which are examples of portable electronic devices (PEDs)? a colleague enjoys playing videos games, regularly uses social media, and frequently forgets to secure her smartphone elsewhere before entering areas where it is prohibited. Building 5 Remove security badge as you enter a restaurant or retail establishment. Understanding and using the available privacy settings. You should confirm that a site that wants to store a cookie uses an encrypted link. We also use cookies set by other sites to help us deliver content from their services. Ensure there are no identifiable landmarks visible in any photos taken in a work setting that you post. Information improperly moved from a higher protection level to a lower protection level. Which of the following demonstrates proper protection of mobile devices? Appropriate clearance, a signed and approved non-disclosure agreement, and need-to-know, Insiders are given a level of trust and have authorized access to Government information systems. b. Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed. Malicious Code (Prevalence): Which of the following is an example of malicious code? Maybe. NOT permitted uses of government-furnished equip (GFE) -viewing or downloading pornography -conducting a private gambling online -using unauthorized software -illegal downloading copyrighted materials -making unauthorized configuration changes When is it okay to charge a personal mobile device using government-furnished equipment (GFE) **Social Engineering Which may be a security issue with compressed Uniform Resource Locators (URLs)? Upon connecting your Government- issued laptop to a public wireless connection, what should you immediately do? Ask probing questions of potential network contacts to ascertain their true identity c. Avoid talking about work outside of the workplace or with people without need-to-know. Report the crime to local law enforcement. Which of the following represents a good physical security practice? Then select Submit. Added to "Our Standard Contracts" section: Themed Competitions have specific terms and conditions which you can find alongside the relevant competition document. a. Avoid talking about work outside of the workplace or with people without a need-to-know. b. Not correct. It is permissible to release unclassified information to the public prior to being cleared. !qB I
}h\;3. 6ggq~|:s]kZ]G
QXW+"?REz0@z:Zg3>xCi3/Jr[/e,jVIW~7"{?Q3 The job cost sheet for Job 413 shows that $12,000 in direct materials has been used on the job and that$8,000 in direct labor cost has been incurred. %
Which of the following is NOT a potential insider threat? This HHS Policy supersedes the CMS ARS 3.0 CM-2 Enhancement 7 Configure Systems or Components for High Risk Areas control. Individuals are prohibited from using government furnished equipment (e.g., copier, fax machine) to make more than a few copies of material (e.g., copying a book, making numerous copies of a resume, or sending/receiving a lengthy document via fax machines), as well as any use of such machines that conflicts with the actual need to use the government furnished equipment for official business . Under what circumstances is it acceptable to check personal email on Government-furnished equipment (GFE)? *Malicious Code Which of the following is NOT a way that malicious code spreads? If you receive a phone call from a stranger asking for information about your invoice payment process, you should: Crucial information about a user or organization can be gained through. John submits CUI to his organizations security office to transmit it on his behalf. Only paper documents that are in open storage need to be marked. **Use of GFE What is a critical consideration on using cloud-based file sharing and storage applications on your Government-furnished equipment (GFE)? Illegal downloading copyrighted materials. Only connect with the Government VPN. Unit variable cost is$21 (includes direct materials, direct labor, variable factory overhead, and variable selling expense). This bag contains your government-issued laptop. **Social Networking Which of the following information is a security risk when posted publicly on your social networking profile? In providing Government Property to a Contractor the Contracting Officer must also make sure that a Contractor is not given an unfair competitive advantage over another Contractor who may not have Government Property. correct. Use only your personal contact information when establishing your account. CUI may be stored only on authorized systems or approved devices. not correct
PDF Removable Media and Mobile Devices - Cyber *Spillage What should you do if a reporter asks you about potentially classified information on the web? Incident Use a digital signature when sending attachments or hyperlinks. Family and relationships - Friends Only What is the danger of using public Wi-Fi connetions? Memory sticks, flash drives, or external hard drives. What does Personally Identifiable information (PII) include? **Social Networking What should you do if you receive a game application request that includes permission to access your friends, profile information, cookies, and sites visited? Which of the following is true of portable electronic devices (PEDs) in a Sensitive Compartmented Information Facility (SCIF)? . When operationally necessary, owned by your organization, and approved by the appropriate authority. It may expose the connected device to malware. What level of damage to national security can you reasonably expect Top Secret information to cause if disclosed? **Classified Data Which of the following must you do before using and unclassified laptop and peripherals in a collateral environment? b. The following practices help prevent viruses and the downloading of malicious code except. **Social Engineering Which of the following is a practice that helps to prevent the download of viruses and other malicious code when checking your email? Personal information is inadvertently posted at a website. Which of the following personally-owned computer peripherals is permitted for use with Government-furnished equipment? Media containing Privacy Act information, PII, and PHI is not required to be labeled. Annual DoD Cyber Awareness Challenge Training, Military Requirements for Petty Officers Thir, EPRC Operator Course JKO (8 hour) Pretest Ans, Elliot Aronson, Robin M. Akert, Samuel R. Sommers, Timothy D. Wilson, Operations Management: Sustainability and Supply Chain Management, Anderson's Business Law and the Legal Environment, Comprehensive Volume, David Twomey, Marianne Jennings, Stephanie Greene, John David Jackson, Patricia Meglich, Robert Mathis, Sean Valentine, Chapter 22: Signal Transduction Mechanisms: I, Business Continuation and Succession Planning. If youre requesting interim payments you must comply with the following: Government Furnished Assets (GFA) could be equipment, information or resources that are government-owned and loaned (on a free-of-charge basis) to a contractor to assist in the completion of the contract. Press release data. Which of the following is true about telework? The contractors inability or unwillingness to supply its own resources is not a sufficient reason for the furnishing or acquisition of property. In your proposal to us, you must describe the deliverables from your project; in other words, what will be produced and delivered as a result of the project. What level of damage can the unauthorized disclosure of information classified as confidential reasonably be expected to cause? **Insider Threat What is an insider threat? Do not access website links in e-mail messages. Badges must be visible and displayed above the waist at all times when in the facility. endobj
You must possess security clearance eligibility to telework. What type of data must be handled and stored properly based on classification markings and handling caveats? General Services Administration (GSA) approval. Which of the following is an example of two-factor authentication? **Travel Which of the following is true of traveling overseas with a mobile phone? Which is NOT a method of protecting classified data? 1 0 obj
Be aware of classification markings and all handling caveats. At all times when in the facility c. At any time during the workday, including when leaving the facility. a. It refers to property used by a contractor during a DoD government contract. The popup asks if you want to run an application. What should you do? not correct. Only when badging in b. Do not use any personally owned/non-organizational removable media on your organizations systems. Your comments are due on Monday. Neither confirm or deny the information is classified. **Insider Threat Which of the following should be reported as a potential security incident (in accordance with you Agencys insider threat policy)? What certificates are contained on the Common Access Card (CAC)? correct. Hes on the clock after all! b. difficult life circumstances such as substance abuse, divided loyalty or allegiance to the U.S., and extreme, persistent interpersonal difficulties. CUI must be handled using safeguarding or dissemination controls. Government Furnished Equipment (GFE) ( FAR Part 45) is equipment that is owned by the government and delivered to or made available to a contractor. Adversaries exploit social networking sites to disseminate fake news. Which of the following statements is NOT true about protecting your virtual identity? No to all: Viewing or downloading pornography, gambling online, conducting a private money-making venture, using unauthorized software, Illegally downloading copyrighted material, making unauthorized configuration changes. (Malicious Code) What are some examples of malicious code? What actions should you take prior to leaving the work environment and going to lunch? **Removable Media in a SCIF What must users ensure when using removable media such as compact disk (CD)? Create separate user accounts with strong individual passwords. Which Cyber Protection Condition (CPCON) establishes a protection priority focus on critical functions only? %PDF-1.7
DOD CYBER AWARENESS Flashcards | Quizlet You find information that you know to be classified on the Internet. Find out about the Energy Bills Support Scheme, Armed forces and Ministry of Defence reform, Defence and Security Accelerator (DASA) Open Call for Innovation, Defence and Security Accelerator: ethical, legal and regulatory guidance, Technology concept and/or application formulated, Analytical and experimental critical function and/or characteristic proof of concept, Technology basic validation in a laboratory environment, Technology basic validation in a relevant environment, Technology model or prototype demonstration in a relevant environment, Technology prototype demonstration in an operational environment, Actual technology completed and qualified through test and demonstration, Actual technology qualified through successful mission operations, projects or manpower that is currently receiving funding or has already been funded from elsewhere in government, concepts which are not novel or innovative. What can be used to track Marias web browsing habits? Understanding and using the available privacy settings. Store it in a shielded sleeve to avoid chip cloning. Ask them to verify their name and office number.
Government Furnished Property Compliance Checklist Which of the following is true of protecting classified data? !vk\I* 2ziCB&9pFX[SdW'9$v
0P0 E 572 /P)FP#?:6A,$yB$jut42>]|5Q:|%C}F|::r=5GrI!y+fO)MJ)a*'os}OzAPTTHHfu A colleague enjoys playing video games online, regularly use social media, and frequently forgets to secure her smartphone elsewhere before entering areas where it is prohibited. Which of the following is a best practice for using removable media? Classified information that should be unclassified and is downgraded. For your proposal to be accepted for assessment, you must tick a box to confirm your organisations unqualified acceptance of DASA terms and conditions for the respective competition. Select all security issues. Porton Down Insiders are given a level of trust and have authorized access to Government information systems. HHS published the HHS Memorandum: the Use of Government Furnished Equipment during Foreign Travel. ! (A type of phishing targeted at senior officials) Which is still your FAT A$$ MOTHER! answered by admic (1.0m points) selected by voice. Which of the following represents an ethical use of your Government-furnished equipment (GFE)? In your opinion, will there be individual differences? Access requires a formal need-to-know determination issued by the Director of National Intelligence.? Then select Save. Classified material must be appropriately marked. Never allow sensitive data on non-Government-issued mobile devices. **Website Use How should you respond to the theft of your identity? (Malicious Code) Which of the following is true of Internet hoaxes? Added link to Current Themed Competitions in the Our Standard Contracts section. Which of the following actions can help tp protect your identity? We will make sure all proposals which are downloaded by us from our online submission service are appropriately classified and get a digital watermark. What is best practice while traveling with mobile computing devices? It is fair to assume that everyone in the SCIF is properly cleared. **Insider Threat Which of the following should be reported as a potential security incident? Nothing. Reviewing and configuring the available security features, including encryption. Incident If authorized, what can be done on a work computer? It may be compromised as soon as you exit the plane. Photos and videos you are in - Friends Only, Controlled Unclassified Information: (Incident) Which of the following is NOT an example of CUI? The Governments official GFE policy is stated in Federal Acquisition Regulation (FAR) section 45.102 Policy which states: As part of its responsibility for acquisition planning (FAR Part 7, Acquisition Planning), the requiring activity (project or program manager or purchase request generator) decides whether or not to furnish property to Contractors. Never allow sensitive data on non-Government-issued mobile devices. How can malicious code cause damage? The Defence and Security Accelerator. You believe that you are a victim of identity theft. Select the appropriate setting for each item. requirements to access classified information. On a system of a higher classification level, such as the Secret Internet Protocol Router Network (SIPRNet), On a NIPRNet system while using it for a PKI-required task, What guidance is available for marking Sensitive Compartmented Information (SCI)?A. Maybe Call your security point of contact immediately. \text{Capital Stock}&\text{Credit}&&\\ correct. What is required for an individual to access classified data? Hk0
Q*Xo(6f/U@cvwrR5dsGw'Wd^4yL)$v6 BZpFC4ir'JvJ%(#
Wi/C5*SR-xErYAFh
Jr4` '3Pp9iSVH,=#}g()fD-g-xV`p96~cm
LI
o )^7;y^ Her badge is not visible to you. Follow instructions given only by verified personnel. a. Label all files, removable media, and subject headers. Aggregating it does not affect its sensitivyty level. When may you be subject to criminal, disciplinary, and/or administrative action due to online harassment, bullying, stalking, hazing, discrimination, or retaliation? correct. You have accepted additional cookies. Explain why. Follow procedures for transferring data to and from outside agency and non-government networks. What should you do? Malicious code can mask itself as a harmless e-mail attachment, downloadable file, or website. What should the participants in this conversation involving SCI do differently? Avoid inserting removable media with unknown content into your computer. Further guidance included in "What DASA does not fund" section. Expires: 09/30/2023. Make note of any identifying information and the website URL and report it to your security office. \text{Revenue}&&&\text{Credit}\\ not correct. All https sites are legitimate and there is no risk to entering your personal info online. (Malicious Code) What is a common indicator of a phishing attempt? We thoroughly check each answer to a question to provide you with the most correct answers. The last payment, entitled satisfactory completion of all work under the contract, shall be at least 20% of the total quoted firm price. Making unauthorized configuration changes. Three or more. Which Cyber Protection Condition (CPCON) establishes a protection priority focus on critical functions only? We use a number of safeguards to protect the information you provide to us in your proposals, whilst allowing proper scrutiny of your submissions by our expert assessors, facilitating effective collaboration, and achieving appropriate transparency of how public money is being spent. **Social Networking When may you be subject to criminal, disciplinary, and/or administrative action due to online misconduct? When classified data is not in use, how can you protect it? Which Of The Following Is Not A Correct Way To Protect CUI. Select Yes or No for each item. How can you avoid downloading malicious code? Digitally signed e-mails are more secure. Refer the vendor to the appropriate personnel. Total fixed cost equals $78,000 (includes fixed factory overhead and fixed selling and administrative expense). Use the classified network for all work, including unclassified work. Use the classified network for all work, including unclassified work. $l*#p^B{HA<>C^9OdND_ `
Nothing. Laptop with CAC left inserted Which of the following is true of traveling overseas with a mobile phone. Telework is only authorized for unclassified and confidential information. Correct. For any item to be covered by Medicare, it must 1) be eligible for a defined Medicare benefit category, 2) be reasonable and necessary for the diagnosis or treatment of illness or injury or to improve the functioning of a malformed body member, and 3) meet all other applicable Medicare statutory and regulatory requirements. c. Both of these, Use of GFE (Incident): Permitted Uses of Government-Furnished Equipment (GFE). Following instructions from verified personnel. Lock your device screen when not in use and require a password to reactivate. Press release data c. Financial information. Monitor credit card statements for unauthorized purchases, Thumb drives, memory sticks, and flash drives are examples of. **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? **Social Engineering Which is a best practice that can prevent viruses and other malicious code from being downloaded when checking your e-mail? Which of the following is NOT an example of sensitive information? Classification markings and handling caveats. information generated under previous private venture funding.
Cyber Awareness Flashcards by Jedi Master | Brainscape 1082 0 obj
<>/Filter/FlateDecode/ID[<6D11769074A68B4F9710B6CBF53B0C2B>]/Index[1068 34]/Info 1067 0 R/Length 76/Prev 82724/Root 1069 0 R/Size 1102/Type/XRef/W[1 2 1]>>stream
Correct. What threat do insiders with authorized access to information or information systems pose? Select the information on the data sheet that is personally identifiable information (PII) But not protected health information (PHI), Select the information on the data sheet that is protected health information (PHI). Spillage occurs when information is spilled from a higher classification or protection level to a lower classification or protection level. A federal government website managed and paid for by the U.S. Centers for Medicare & Medicaid Services.
You may also provide to us a Limited Rights Version where we agree it is useful to include background information relevant to the evaluation/understanding of the deliverables. Malicious code can do the following except? Evidence Exception. *Sensitive Compartmented Information When is it appropriate to have your security badge visible? If your organization allows it. No, you should only allow mobile code to run from your organization or your organizations trusted sites. Which is a best practice for protecting Controlled Unclassified Information (CUI)? All to Friends Only. This HHS Policy supersedes the CMS ARS 3.0 CM-2 Enhancement 7 Configure Systems or Components for High Risk Areas control. Individuals must avoid referencing derivatively classified reports classified higher than the recipient.??? *Sensitive Information Under what circumstances could classified information be considered a threat to national security? How can you protect yourself from social engineering? Follow policy for using personally-owned computer peripherals with government furnished equipment (GFE): Permitted Monitors, with the following conditions: Connected via Visual Graphic Array (VGA), Digital Video Interface (DVI), High Definition Multimedia Interface (HDMI), or DisplayPort No other devices connected to the monitor Classified material must be appropriately marked. While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. Best wishes
**Mobile Devices What should you do when going through an airport security checkpoint with a Government-issued mobile device? You have reached the office door to exit your controlled area. Always check to make sure you are using the correct network for the level of data. Sensitive Compartmented Information (Incident #2): What should the owner of this printed SCI do differently? Linda encrypts all of the sensitive data on her government-issued mobile devices. What kind of information could reasonably be expected to cause serious damage to national security in the event of unauthorized disclosure? We wont pre-fund any expenditure, so interim payment claims mustnt include costs not yet incurred. Insider threat: (Alexs statement) In addition to avoiding the temptation of greed to betray his country, what should Alex do differently? 31 terms. To help with this, prices in your proposal must be supported by a full cost breakdown. *Sensitive Information Under which circumstances is it permitted to share an unclassified draft document with a non-DoD professional discussion group? On a computer displaying a notification to update the antivirus softwareB. Which of the following is true of Protected Health Information (PHI)? You must have your organization's permission to telework. Being cognizant of classification markings and labeling practices are good strategies to avoid inadvertent spillage. How Do I Answer The CISSP Exam Questions? Classified material must be appropriately marked b. Which piece of information is safest to include on your social media profile? 0
Classified material must be appropriately marked. Classified DVD distribution should be controlled just like any other classified media. Which of the following is a good practice for telework? Spillage because classified data was moved to a lower classification level system without authorization. **Classified Data Which of the following is true of telework? How are Trojan horses, worms, and malicious scripts spread? The information contained in this Website is for informational purposes only and is not intended as a form of direction or advice and should not be relied upon as a complete definitive statement in relation to any specific issue. Which of the following best describes a way to safely transmit Controlled Unclassified Information (CUI)? The website requires a credit card for registration. Firewall disabled. What should Sara do when using publicly available Internet, such as hotel Wi-Fi? You are misusing a Government vehicle when you use it for your personal benefit as opposed to using it for the benefit of the Government. You must provide details to us of any related public announcement for review prior to release. laptops, fitness bands, tablets, smartphones, electric readers, and Bluetooth devices. what should you do? hbbd``b`
$gE@eHLD tk%bUHT 9L,,F|` &1/
Proactively identify potential threats and formulate holistic mitigation responses. Connect to the Government Virtual Private Network (VPN). A coworker has asked if you want to download a programmers game to play at work. Verified answer. Note That The Integers Should Be Type Cast To Doubles. Store classified data appropriately in a GSA-approved vault/container. Search for instructions on how to preview where the link actually leads. Government-owned PEDs when expressly authorized by your agency. (Spillage) After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. Which of the following is a security best practice when using social networking sites? Which of the following statements is true of cookies? Which of the following is an example of Protected Health Information (PHI)? There are many travel tips for mobile computing. ( Attachments contained in a digitally signed email from someone known. Retrieve classified documents promptly from printers. A Common Access Card and Personal Identification Number. Which of the following information is a security risk when posted publicly on your social networking profile? *Insider Threat Which of the following is a reportable insider threat activity? Select all sections of the profile that contain an issue. You receive an unexpected email from a friend: I think youll like this: https://tinyurl.com/2fcbvy. What action should you take? You are working at your unclassified system and receive an email from a coworker containing a classified attachment. A person who does not have the required clearance or assess caveats comes into possession of SCI in any manner. A coworker has left an unknown CD on your desk. a colleague removes sensitive information without seeking authorization in order to perform authorized telework.