What should be your response? You have reached the office door to exit your controlled area. (Spillage) Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization? Correct. What action should you take? **Insider Threat Which scenario might indicate a reportable insider threat? As a security best practice, what should you do before exiting? Which of the following is NOT a correct way to protect CUI? Note any identifying information and the websites Uniform Resource Locator (URL). not correct. How Do I Answer The CISSP Exam Questions? UNCLASSIFIED - CLASSIFICATION MARKINGS FOR TRAINING PURPOSES ONLY Marking in the Electronic Environment Short Student Guide Center for Development of Security Excellence Page 4 UNCLASSIFIED - CLASSIFICATION MARKINGS FOR TRAINING PURPOSES ONLY IM and Chat Instant messages and chats are brief, text-based message exchanges and conversations. Classified material must be appropriately marked. See the discussed example before. Permitted Uses of Government-Furnished Equipment (GFE). **Classified Data Which of the following is true of protecting classified data? Neither confirm or deny the information is classified. b. correct. What level of damage to national security can you reasonably expect Top Secret information to cause if disclosed? Download the information. CUI is not classified information. What does Personally Identifiable Information (PII) include? Software that installs itself without the users knowledge. A. Since the URL does not start with https, do not provide you credit card information. Classified DVD distribution should be controlled just like any other classified media. Original classification authority Correct. What type of activity or behavior should be reported as a potential insider threat? Connect and share knowledge within a single location that is structured and easy to search. what should be your response be? correct. (Sensitive Information) Which of the following represents a good physical security practice? Which of the following is a practice that helps to protect you from identity theft? a. Historically, each agency developed its own practices for sensitive unclassified information, resulting in a patchwork of systems across the Executive branch, in which similar information might be defined or labeled differently, or where dissimilar information might share a definition and/or label. Is this safe? (Answer) CPCON 2 (High: Critical and Essential Functions) CPCON 1 (Very High: Critical Functions) CPCON 3 (Medium: Critical, Essential, and Support Functions) CPCON 4 (Low: All Functions) CPCON 5 (Very Low: All Functions). Directives issued by the Director of National Intelligence. What should you do? Read the latest news from the Controlled Unclassified Information (CUI) program. Of the following, which is NOT an intelligence community mandate for passwords? In unsupervised machine learning, clustering is the most common process used to identify and group similar entities or items together. When using a public device with a card reader, only use your DoD CAC to access unclassified information, is only allowed if the organization permits it. What kind of information could reasonably be expected to cause serious damage to national security in the event of unauthorized disclosure? **Insider Threat What is an insider threat? Note any identifying information and the websites URL. To determine premiums for automobile insurance, companies must have an understanding of the variables that affect whether a driver will have an accident. The annual Cyber Awareness Challenge is a course that helps authorized users learn how to best avoid and reduce threats and vulnerabilities in an organizations system. Which of the following is a clue to recognizing a phishing email? Aggregating it does not affect its sensitivyty level. Classified information that should be unclassified and is downgraded. (Sensitive Compartmented Information) What describes how Sensitive Compartmented Information is marked? (Spillage) After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. What should be your response? What action should you take first? Digitally signed e-mails are more secure. c. What similarities and differences are there between plant and animal cells? DOD Cyber Awareness Challenge 2019 - Subjecto.com Adversaries exploit social networking sites to disseminate fake news Correct. The CUIProgramisan unprecedented initiative to standardize practices across more than 100 separate departments and agencies, as well asstate, local,tribal and, private sector entities; academia; and industry. When your vacation is over, after you have returned home. Which is a risk associated with removable media? Which of the following can an unauthorized disclosure of information classified as Confidential reasonably be expected to cause? If you participate in or condone it at any time. 4. Executive Order 13556, Controlled Unclassified Information, requires the Executive Branch to establish an open and uniform program for managing [unclassified] information that requires safeguarding or dissemination controls pursuant to and consistent with laws, regulations, and Government-wide policies. The National Archives and Records Administration (NARA) was named the Executive Agent (EA) responsible for overseeing the CUI Program. All to Friends Only. *Spillage What should you do if you suspect spillage has occurred? When expanded it provides a list of search options that will switch the search inputs to match the current selection. **Social Networking Which of the following information is a security risk when posted publicly on your social networking profile? What should you do if someone asks to use your government issued mobile device (phone/laptop..etc)? What action should you take? Cyber Awareness 2022. Back up your data: This will help you recover your data if it's lost or corrupted. Which of the following is true about telework? Working With Sensitive Information - Canada.ca **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? (Spillage) Which of the following practices may reduce your appeal as a target for adversaries seeking to exploit your insider status? In addition to avoiding the temptation of greed to betray his country, what should Alex do differently? "Unclassified" or a lack of security marking denotes non-sensitive information. Which of the following statements is NOT true about protecting your virtual identity? Ask them to verify their name and office number. What Exactly is CUI? (and How to Manage It) - Security Boulevard NARA has the authority and responsibility to manage the CUI Program across the Federal government. Changes to various data systems that store and sometimes share sensitive information outside EPA. Dont allow other access or to piggyback into secure areas. What level of damage to national security could reasonably be expected if unauthorized disclosure of Top Secret information occurred? Ask the individual to see an identification badge. It is created or received by a healthcare provider, health plan, or employer. What is a valid response when identity theft occurs? When classified data is not in use, how can you protect it? Physical security of mobile phones carried overseas is not a major issue. Malicious code can include viruses, worms, and macros. (Malicious Code) Which of the following is NOT a way that malicious code spreads? The answer has been confirmed to be correct. asked in Internet by voice (265k points) Question : Which of the following is true about unclassified data? Attempting to access sensitive information without need-to-know. Your password and a code you receive via text message. It contains certificates for identification, encryption, and digital signature. A coworker has left an unknown CD on your desk. Have your permissions from your organization, follow your organization guideline, use authorized equipment and software, employ cyber security best practice, perform telework in dedicated when home. Which of the following is a practice that helps to prevent the download of viruses and other malicious code when checking your email? (Malicious Code) What is a common indicator of a phishing attempt? Which of the following definitions is true about disclosure of confidential information? *Insider Threat Which of the following is a potential insider threat indicator? Social Security Number, date and place of birth, mothers maiden name. A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complains about the credit card bills that his wife runs up. An official website of the United States government. cyber. Which of the following represents a good physical security practice? Refer the vendor to the appropriate personnel. correct. *Spillage Which of the following is a good practice to aid in preventing spillage? Ensure that any cameras, microphones, and Wi-Fi embedded in the laptop are physically disabled.- Correct. **Identity management What is the best way to protect your Common Access Card (CAC)? It does not require markings or distribution controls. Don't talk about work outside your workspace unless it is a specifically designated public meeting environment and is controlled by the event planners. DoD Cyber Awareness 2019 - Subjecto.com Which of the following is true of the Common Access Card (CAC)? What describes how Sensitive Compartmented Information is marked? The EPAs Controlled Unclassified Information (CUI) Program issued its Interim CUI Policy in December 2020. 1.1 Standard Challenge Answers. Delete email from senders you do not know. Which of the following is true of protecting classified data What should you do? Retrieve classified documents promptly from printers. Linda encrypts all of the sensitive data on her government-issued mobile devices. Linda encrypts all of the sensitive data on her government-issued mobile devices. Unknown data is categorized by the system; an analyst then reviews the results internet-quiz. Figure 1. Which designation includes Personally Identifiable Information (PII) and Protected Health Information (PHI)? What is the best choice to describe what has occurred? What should be your response? which of the following is true about unclassified data *Sensitive Information Which of the following is the best example of Personally Identifiable Information (PII)? Prudence faxes CUI using an Unclassified cover sheet via a Secret fax machine. Click the card to flip Flashcards Learn Test Match Created by Jamie_Lancaster Terms in this set (24) However, agency personnel and contractors should first consult their agency's CUI implementing policies and program management for guidance. Phishing can be an email with a hyperlink as bait. Examples are: Patient names, Social Security numbers, Drivers license numbers, insurance details, and birth dates. The Chinese Spy Balloon Showdown The discovery of a Chinese surveillance balloon floating over the United States has added to the rising tensions between the two superpowers. For example, when you buy propane for your barbecue, your tank is placed on a scale while it is filled under high pressure (Figure 7). This lets the service person know when the tank is "full." We thoroughly check each answer to a question to provide you with the most correct answers. Reviewing and configuring the available security features, including encryption. Ensure proper labeling by appropriately marking all classified material. classified-document. *Spillage What should you do if a reporter asks you about potentially classified information on the web? A colleague asks to leave a report containing protected health information (PHI) on his desk overnight so he can continue working on it the next day. A vendor conducting a pilot program with your organization contacts you for organizational data to use in a prototype. **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? Paul verifies that the information is CUI, includes a CUI marking in the subject header, and digitally signs an e-mail containing CUI. Which of the following is NOT Government computer misuse? What structures visible in the stained preparation were invisible in the unstained preparation? **Classified Data Which of the following can an unauthorized disclosure of information classified as Confidential reasonably be expected to cause? At EPA, the CUI Program is housed in the Libraries and Accessibility Division (LAD) within the Office of Mission Supports (OMS), Office of Enterprise Information Programs (OEIP). **Social Networking What should you do if you receive a game application request that includes permission to access your friends, profile information, cookies, and sires visited? Which of the following demonstrates proper protection of mobile devices? What should you do? How many potential insiders threat indicators does this employee display? *Spillage .What should you do if a reporter asks you about potentially classified information on the web? *Sensitive Information Under what circumstances could classified information be considered a threat to national security? What should be done to protect against insider threats? Controlled Unclassified Information (CUI) is information that requires safeguarding or dissemination controls consistent with applicable laws, regulations, and Government-wide policies, but is not classified under Executive Order 13526 "Classified National Security Informat What are examples of CUI? (Correct) -It does not affect the safety of Government missions. asked in Internet by voice (265k points) internet. Linda encrypts all of the sensitive data on her government issued mobile devices. The CUI Registry is the Government-wide online repository for Federal-level guidance regarding CUI policy and practice. All data transfers via the internet are not 100% secure and there might be some security vulnerabilities. -Its classification level may rise when aggregated. A What should you do if someone forgets their access badge (physical access)? In the following situations, determine if the duty describes would be one of the Fed is responsible or is not responsible to enforce. Which of the following is a best practice for physical security? What Is True About Unclassified Information Monitor credit card statements for unauthorized purchases, Thumb drives, memory sticks, and flash drives are examples of. (Malicious Code) Which are examples of portable electronic devices (PEDs)? Which of the following best describes wireless technology? Your DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approves for access to the NIPRNET. You know that this project is classified. Which may be a security issue with compressed urls? Which of these are true of unclassified data? - Answers Which of the following is true about telework? Ans: True Question 2: The Government Information Security Reform Act (Security Reform Act) of 2000 focuses on management View the full answer Which of the following is an example of punishment by application? Senior government personnel, military or civilian. What type of social engineering targets particular individuals, groups of people, or organizations? Use the classified network for all work, including unclassified work. Which of the following is NOT an appropriate way to protect against inadvertent spillage? Which of the following may help to prevent spillage? When using a fax machine to send sensitive information, the sender should do which of the following? Which of the following includes Personally Identifiable Information (PII) and Protected Health Information (PHI)? What would you do if you receive a game application request on your government computer that includes permission to access your friends, profile information, cookies, and sites visited? you don't need to do anything special to protect this information Correct. What type of security is part of your responsibility and placed above all else?, If your wireless device is improperly configured someone could gain control of the device? Use your own security badge, key code, or Common Access Card (CAC)/Personal Identity Verification (PIV) card. Only documents that are classified Secret, Top Secret, or SCI require marking. Which is NOT a method of protecting classified data? How many potential insiders threat indicators does this employee display? Which of the following is NOT a correct way to protect sensitive information? It may expose the connected device to malware. Which Of The Following Statements About Adding Social Networks To Hootsuite Is False? Always check to make sure you are using the correct network for the level of data. Create separate user accounts with strong individual passwords. **Classified Data Which of the following must you do before using and unclassified laptop and peripherals in a collateral environment? **Social Engineering Which of the following is a practice that helps to prevent the download of viruses and other malicious code when checking your email? correct. Correct. Who can be permitted access to classified data? February 8, 2022. The CAC/PIV is a controlled item and contains certificates for: An individual who has attempted to access sensitive information without need-to-know and has made unusual requests for sensitive information is displaying indicators of what? A colleague is playful and charming, consistently wins performance awards, and is occasionally aggressive in trying to access classified information. Thats the only way we can improve. After work hours, storing sensitive information in unlocked containers, desks, or cabinets if security is not present. Which of the following is NOT a security best practice when saving cookies to a hard drive? -TRUE What action is recommended when somebody calls you to inquire about your work environment or specific account information? This answer has been confirmed as correct and helpful. You receive an inquiry from a reporter about government information not cleared for public release. Which of the following attacks target high ranking officials and executives? Attempt to change the subject to something non-work related, but neither confirm nor deny the article's authenticity.