%PDF-1.7 Then select Submit. **Social Engineering What is TRUE of a phishing attack? *Spillage A user writes down details marked as Secret from a report stored on a classified system and uses those details to draft a briefing on an unclassified system without authorization. Reviewing and configuring the available security features, including encryption. Transmit classified information via fax machine only Not correct c. Classified information that is intentionally moved to a lower protection level without authorization. *Sensitive Compartmented Information Which of the following best describes the compromise of Sensitive Compartmented Information (SCI)? Birthday - Friends Only website belongs to an official government organization in the United States. What function do Insider Threat Programs aim to fulfill? Which of the following is true of Security Classification Guides? Confirm the individual's need-to-know and access. a colleague removes sensitive information without seeking authorization in order to perform authorized telework. Immediately notify your security point of contact. After you have returned home following the vacation. cyber-awareness email government organisation permission equipment 1 answer Under what circumstances is it acceptable to use your Government-furnished computer to check person e-mail asked in Internet by voice (263k points) internet internet-quiz cyber cyber-awareness government computer email personal policy 1 answer In return, the funding Authority obtains a set of rights to use the delivered technical information and associated intellectual property for specified purposes. Social Security Number, date and place of birth, mothers maiden name. (Spillage) What type of activity or behavior should be reported as a potential insider threat? Government furnished or purchased equipment or services provided to employees as the result of approved reasonable accommodation requests. In your opinion, will there be individual differences? HDMI or DisplayPort may be used if VGA and DVI are unavailable. What type of social engineering targets senior officials? Spillage: Which of the following is a good practice to prevent spillage? What can you do to protect yourself against phishing? How many potential insiders threat indicators does this employee display? Which is a best practice that can prevent viruses and other malicious code from being downloaded when checking your e-mail? CPCON 3 (Medium: Critical, Essential, and Support Functions) Incident #1 Which of the following is true of Internet of Things (IoT) devices? Which of the following is true of transmitting Sensitive Compartmented Information (SCI)? Added link to Current Themed Competitions in the Our Standard Contracts section. Wed like to set additional cookies to understand how you use GOV.UK, remember your settings and improve government services. Which of the following is NOT a security best practice when saving cookies to a hard drive? Government-owned PEDs, if expressly authorized by your agency. It may be compromised as soon as you exit the plane. Which of the following is NOT an appropriate way to protect against inadvertent spillage? Only expressly authorized government-owned PEDs. DOD Cyber Awareness 2021 Knowledge Check. endstream endobj startxref Classified material must be appropriately marked. Paul verifies that the information is CUI, includes a CUI marking in the subject header, and digitally signs an e-mail containing CUI. Not correct. A Coworker has asked if you want to download a programmers game to play at work. They can become an attack vector to other devices on your home network. Note any identifying information, such as the websites URL, and report the situation to your security POC. A colleague vacations at the beach every year, is married and a father of four, sometimes has poor work quality, and works well with his team. Information improperly moved from a higher protection level to a lower protection level. .gov Never allow sensitive data on non-Government-issued mobile devices. IRS employees are permitted to utilize secure Public Wi-Fi access (e.g., hospital, Internet caf, coffee shop, public library). What should be done if you find classified Government Data/Information Not Cleared for Public Release on the Internet? A coworker uses a personal electronic device in a secure area where their use is prohibited. In addition to offering an overview of cybersecurity best practices, the challenge also provides awareness of potential and common cyber threats. A trusted friend in your social network posts a link to vaccine information on a website unknown to you. HHS published the HHS Memorandum: the Use of Government Furnished Equipment during Foreign Travel. not correct A type of phishing targeted at high-level personnel such as senior officials. correct. Software that installs itself without the users knowledge. Which Cyber Protection Condition (CPCON) establishes a protection priority focus on critical functions only? The physical security of the device. Government Furnished Equipment (GFE) ( FAR Part 45) is equipment that is owned by the government and delivered to or made available to a contractor. You know this project is classified. ! (A type of phishing targeted at senior officials) Which is still your FAT A$$ MOTHER! Physical security of mobile phones carried overseas is not a major issue. Unclassified documents do not need to be marked as a SCIF. a. Note that all bought-in items will become our property and will be registered as government-furnished assets (GFA). correct. what should you do? Using webmail may bypass built in security features. endstream endobj 1075 0 obj <>stream It does not require markings or distribution controls. Building 5 Immediately notify your security point of contact. What should you do to protect yourself while on social networks? Only when there is no other charger available. Who is responsible for information/data security? Which of the following must you do before using an unclassified laptop and peripherals in a collateral classified environment? Social Security Number; date and place of birth; mothers maiden name. What should be your response? Right-click the link and select the option to preview??? Is this safe? Laptop (Take CAC out), PIN note (Never write your PIN. Understanding and using the available privacy settings. c. Nothing. The Government Contracting Officer will ultimately determine whether or not Government Property should be provided to a Contractor based on the FAR 45. What should be done to protect against insider threats? Which designation includes Personally Identifiable Information (PII) and Protected Health Information (PHI)? You must appoint a person whos responsible for all communications with us. (Sensitive Compartmented Information) What portable electronic devices (PEDs) are allow in a Secure Compartmented Information Facility (SCIF)? In competitions using the ISC and DEFCON 705 you must also state in your proposal if the deliverables are what we call Full Rights or Limited Rights versions. Correct. A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complains about the credit card bills that his wife runs up. After you have returned home following the vacation. (Spillage) Which of the following is a best practice to protect information about you and your organization on social networking sites and applications? Total fixed cost equals $78,000 (includes fixed factory overhead and fixed selling and administrative expense). \text{Capital Stock}&\text{Credit}&&\\ (Malicious Code) What are some examples of malicious code? All PEDs, including personal devices b. Connect to the Government Virtual Private Network (VPN). Insider threat: (Marks statement): What should Alexs colleagues do? How many potential insider threat indicators does this employee display? Paul verifies that the information is CUI, includes a CUI marking in the subject header and digitally signs an e-mail containing CUI. This HHS Policy supersedes the CMS ARS 3.0 CM-2 Enhancement 7 Configure Systems or Components for High Risk Areas control. Which of the following should be reported as a potential security incident? What should Sara do when publicly available Internet, such as hotel Wi-Fi? Ensure there are no identifiable landmarks visible in any photos taken in a work setting that you post. remain prohibited. Never allow sensitive data on non-Government-issued mobile devices. They can be part of a distributed denial-of-service (DDoS) attack. In providing such information you consent to such disclosure. Decline to let the person in and redirect her to security c. Let the person in but escort her back t her workstation and verify her badge. Sensitive Compartmented Information GuidesB. Correct 1) Unusual interest in classified information. Who designates whether information is classified and its classification level? Lock your device screen when not in use and require a password to reactivate. Which of the following is NOT a criterion used to grant an individual access to classified data? A type of phishing targeted at senior officials. tell your colleague that it needs to be secured in a cabinet or container. Conducting a private g*mbling online. [1]. Use the classified network for all work, including unclassified work. Which of the following is a good practice for telework? Of the following, which is NOT an intelligence community mandate for passwords? a. a. You can propose an interim payment plan, which must be supported by a detailed expenditure profile showing projected monthly expenditure figures. Only allow mobile code to run from your organization or your organizations trusted sites. You are reviewing your employees annual self evaluation. *Spillage You find information that you know to be classified on the Internet. <> CUI may be stored on any password-protected system. Select all security issues. Classified data: (Scene) Which of the following is true about telework? *Spillage Which of the following may help prevent inadvertent spillage? John submits CUI to his organizations security office to transmit it on his behalf. Government Furnished Assets (GFA) could be equipment, information or resources that are government-owned and loaned (on a free-of-charge basis) to a contractor to . **Travel Which of the following is true of traveling overseas with a mobile phone? In which situation below are you permitted to use your PKI token?A. Correct. Check in location via GPS: Off. endobj Which is an untrue statement about unclassified data? The website requires a credit card for registration. **Insider Threat How many potential insider threat indicators does a coworker who often makes others uneasy by being persistent in trying to obtain information about classified projects to which he has no access, is boisterous about his wife putting them in credit card debt, and often complains about anxiety and exhaustion display? On a computer displaying a notification to update the antivirus softwareB. Purpose: This instruction memorandum (IM) provides . What should the participants in this conversation involving SCI do differently? correct. means youve safely connected to the .gov website. a. Sally stored her government-furnished laptop in her checked luggage using a TSA approved luggage lock. The CAC/PIV is a controlled item and contains certificates for: An individual who has attempted to access sensitive information without need-to-know and has made unusual requests for sensitive information is displaying indicators of what? Decline to let the person in and redirect her to security. Classified material must be appropriately marked. *Sensitive Compartmented Information When faxing Sensitive Compartmented Information (SCI), what actions should you take? UNCLASSIFIED is a designation to mark information that does not have potential to damage national security. Which of the following does NOT constitute spillage? Edited/new version of DASA Short form contract uploaded to documents, Update to text from 'All competitions will use the new' to 'Many competitions, especially Phase 1 earlier TRL competitions, will use the new', Please note we have updated our short form contract template. Select the information on the data sheet that is personally identifiable information (PII) but not protected health information (PHI). Verified answer. Each interim payment must be related to verifiable achievement. A headset with a microphone through a Universal Serial Bus (USB) port. Implement Wi-Fi Protected Access 2 (WPA2) Personal encryption at a minimum. *Spillage What should you do if a reporter asks you about potentially classified information on the web? Only use Government-approved equipment to process PII. A system reminder to install security updates b. When is it appropriate to have your security badge visible? When is the best time to post details of your vacation activities on your social networking website? Which scenario might indicate a reportable insider threat? Correct. Verify the identity of all individuals.??? When teleworking, you should always use authorized and software. Which of the following is true of protecting classified data? Which of the following is a reportable insider threat activity? Which of the following is true of Protected Health Information (PHI)? Physical Security: (Incident #1): What should the employee do differently? What action should you take with a compressed Uniform Resource Locator (URL) on a website known to you? **Identity management Which of the following is an example of two-factor authentication? *Sensitive Compartmented Information What should the owner of this printed SCI do differently? When is it appropriate to have your security badge visible? Hes on the clock after all! Which of the following is true of removable media and portable electronic devices (PEDs)? What information posted publicly on your personal social networking profile represents a security risk? It is releasable to the public without clearance. Removable Media in a SCIF (Incident): What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF? What information most likely presents a security risk on your personal social networking profile? b. (Mobile Devices) When can you use removable media on a Government system? not correct. Research the source to evaluate its credibility and reliability. Which of the following is NOT sensitive information? Which of the following practices may reduce your appeal as a target for adversaries seeking to exploit your insider status? A total of 200 units were produced in Job 413. What is the danger of using public Wi-Fi connections? CUI must be handled using safeguarding or dissemination controls. Spillage: Which of the following is NOT an appropriate way to protect against inadvertent spillage? How should you securely transport company information on a removable media? What should the employee do differently? All https sites are legitimate and there is no risk to entering your personal info online. A personally owned device approved under Bring Your Own Approved Device (BYOAD) policy must be unenrolled while out of the country. Call your security point of contact immediately. Based on the description that follows how many potential insider threat indicators are displayed? 0, 1, 2, or 3+. **Insider Threat A colleague vacations at the beach every year, is married and a father of four, his work quality is sometimes poor, and he is pleasant to work with. Which of the following is NOT an example of sensitive information? not correct. **Social Networking Which of the following statements is true? GO1 Store classified data appropriately in a GSA-approved vault/container. Retrieve classified documents promptly from printers. Alex demonstrates a lot of potential insider threat indicators. Neither confirm or deny the information is classified. In your proposal to us, you must describe the deliverables from your project; in other words, what will be produced and delivered as a result of the project. Ensure proper labeling by appropriately marking all classified material and, when required, sensitive material. If authorized, what can be done on a work computer? Youll need to register and then activate your account before you can browse the toolkit. For Government-owned devices, use approved and authorized applications only. This is always okay. Three or more. (controlled unclassified information) Which of the following is NOT correct way to protect CUI? Social Networking: Select all sections of the profile that contain an issue. What level of damage to national security can you reasonably expect Top Secret information to cause if disclosed? Correct. Report the crime to local law enforcement. Classified Information can only be accessed by individuals with. Serious damage c. Exceptionally grave damage. The website requires a credit card for registration. hb```F3,oFRe@]Xp6)(ndfaP 1Hs30ka`tj l> We thoroughly check each answer to a question to provide you with the most correct answers. Memory sticks, flash drives, or external hard drives. Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed. (Answer) CPCON 2 (High: Critical and Essential Functions) CPCON 1 (Very High: Critical Functions) CPCON 3 (Medium: Critical, Essential, and Support Functions) CPCON 4 (Low: All Functions) CPCON 5 (Very Low: All Functions). Report the crime to local law enforcement. *Sensitive Compartmented Information What should the participants in this conversation involving SCI do differently? Army OPSEC level 1 (Newcomers & Refresher) 29 terms. What should you do? Full Rights Versions only contain Foreground Information information generated under the work that we contract with you. General Services Administration (GSA) approval. Keep an eye on his behavior to see if it escalates c. Set up a situation to establish concrete proof that Alex is taking classified information. **Insider Threat How many potential insider threat indicators does a person who is playful and charming, consistently wins performance awards, but is occasionally aggressive in trying to access sensitive information display? GFA is not provided lightly and only where there are substantial and pressing reasons (e.g. Which of the following is true of the Common Access Card (CAC) or Personal Identity Verification (PIV) card? The determination of GFE is usually made by the government Program Manager (PM) and Contracting Officer. Which is it appropriate to have your security badge visible within a Sensitive Compartmented Information Facility (SCIF). Cyber Awareness Challenge Knowledge Check 2023 Answers, Cyber Awareness Challenge 2022 Knowledge Check Answers. Make note of any identifying information and the website URL and report it to your security office. Your DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approves for access to the NIPRNET. Press release data. Report the suspicious behavior in accordance with their organizations insider threat policy b. 870 Summit Park Avenue Auburn Hills, MI 48057. Avoid using non-Bluetooth-paired or unencrypted wireless computer peripherals. This email is fake. Use the classified network for all work, including unclassified work. Decline to let the person in and redirect her to security. What should the participants in this conversation involving SCI do differently? Original Classification AuthorityC. 1068 0 obj <> endobj P2P (Peer-to-Peer) software can do the following except: Allow attackers physical access to network assets. The guidance below will help you to understand who can apply for funding, the sort of projects the Defence and Security Accelerator (DASA) funds, and the terms and conditions of DASA contracts. Which of the following is a security best practice for protecting Personally Identifiable Information (PII)? Retrieve classified documents promptly from printers. Which of the following attacks target high ranking officials and executives? Refer the reporter to your organizations public affairs office. Phishing can be an email with a hyperlink as bait. answered by admic (1.0m points) selected by voice. Which of the following is a proper way to secure your CAC/PIV? Porton Down Ensure there are no identifiable landmarks visible in any photos taken in a work setting that you post. Be aware of classification markings and all handling caveats. **Home Computer Security Which of the following is a best practice for securing your home computer? Use the classified network for all work, including unclassified work. How can you protect yourself on social networking sites? *Sensitive Compartmented Information When should documents be marked within a Sensitive Compartmented Information Facility (SCIF). Lionel stops an individual in his secure area who is not wearing a badge. They have similar features, and the same rules and protections apply to both. (Physical Security) which Cyberspace Protection Condition (CPCON) establishes a protection priority focus on critical and essential functions only? Not correct. Making unauthorized configuration changes. correct. No more than 6 interim payments are to be proposed. Which of the following should be done to keep your home computer secure? - Updated ISC Schedule, Innovation Standard Contract Limit of Liability change - new version attached. Ensure that any cameras, microphones, and Wi-Fi embedded in the laptop are physically disabled. What can help to protect the data on your personal mobile device. What portable electronic devices (PEDs) are permitted in a SCIF? For your proposal to be accepted for assessment, you must tick a box to confirm your organisations unqualified acceptance of DASA terms and conditions for the respective competition. You receive a call on your work phone and youre asked to participate in a phone survey.

Are Conte Crayons Lightfast, Does Karmi Find Out That Hiro Is Captain Cutie, Articles P