c. Allowing hackers access. Avoid talking about work outside of the workplace or with people without need-to-know. This HHS Policy supersedes the CMS ARS 3.0 CM-2 Enhancement 7 Configure Systems or Components for High Risk Areas control. Call your security point of contact immediately. When may you be subject to criminal, disciplinary, and/or administrative action due to online harassment, bullying, stalking, hazing, discrimination, or retaliation? Sensitive information may be stored on any password-protected system. Use the classified network for all work, including unclassified work. b. Transmit classified information via fax machine only Not correct Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed. It is permissible to release unclassified information to the public prior to being cleared. Memory sticks, flash drives, or external hard drives. Which of the following attacks target high ranking officials and executives? What must authorized personnel do before permitting another individual to enter a Sensitive Compartmented Information Facility (SCIF)? View email in plain text and dont view email in Preview Pane. (Spillage) What should you do if a reporter asks you about potentially classified information on the web? Confirm the individuals need-to-know and access. Report the suspicious behavior in accordance with their organizations insider threat policy. (Spillage) What advantages do insider threats have over others that allows them to cause damage to their organizations more easily? Which of the following best describes wireless technology? Select the information on the data sheet that is personally identifiable information (PII). Which of the following is a clue to recognizing a phishing email? For your proposal to be accepted for assessment, you must tick a box to confirm your organisations unqualified acceptance of DASA terms and conditions for the respective competition. Which of the following personally-owned computer peripherals is permitted for use with Government-furnished equipment? Always check to make sure you are using the correct network for the level of data. Which of the following statements is NOT true about protecting your virtual identity? Understanding and using the available privacy settings. You can apply for funding via a themed competition or the Open Call for Innovation. Use a single, complex password for your system and application logons. Linda encrypts all of the sensitive data on her government-issued mobile devices. Security Classification Guides. Delete email from senders you do not know. Which of the following is NOT a security best practice when saving cookies to a hard drive? You have reached the office door to exit your controlled area. Which of the following should you do immediately? Digitally signed e-mails are more secure. Maybe Wed like to set additional cookies to understand how you use GOV.UK, remember your settings and improve government services. A colleague is playful and charming, consistently wins performance awards, and is occasionally aggressive in trying to access classified information. **Mobile Devices Which is a rule for removable media, other portable electronic devices (PEDs), and mobile computing devices to protect Government systems? Alex demonstrates a lot of potential insider threat indicators. Which is NOT a method of protecting classified data? **Insider Threat What function do Insider Threat Programs aim to fulfill? \end{array} Note any identifying information, such as the websites URL, and report the situation to your security POC. (Insider Threat) Based on the description that follows, how many potential insider threat indicator(s) are displayed? (Sensitive Information) What type of unclassified material should always be marked with a special handling caveat? A coworker is observed using a personal electronic device in an area where their use is prohibited. Which of the following is an example of two-factor authentication? It is fair to assume that everyone in the SCIF is properly cleared. (GFE) When can you check personal e-mail on your Government-furnished equipment (GFE)? It may expose the connected device to malware. Store classified data in a locked desk drawer when not in use Maybe Select Yes or No for each item. Which of the following may be helpful to prevent inadvertent spillage? \text{Retained Earnings}&&&\text{Credit}\\ Maintain visual or physical control of the device. This may be a malicious code attack. (Spillage) What is required for an individual to access classified data? (Spillage) Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization? (Malicious Code) Which email attachments are generally SAFE to open? Youll need to register and then activate your account before you can browse the toolkit. Which Cyber Protection Condition (CPCON) establishes a protection priority focus on critical functions only? You must have your organization's permission to telework. Someone who uses authorized access, wittingly or unwittingly, to harm national security through unauthorized disclosure or other actions that may cause the loss or degradation of resources or capabilities. Each interim payment must be related to verifiable achievement. Army OPSEC level 1 (Newcomers & Refresher) 29 terms. Correct. correct. You can propose an interim payment plan, which must be supported by a detailed expenditure profile showing projected monthly expenditure figures. Spillage occurs when information is spilled from a higher classification or protection level to a lower classification or protection level. On a computer displaying a notification to update the antivirus softwareB. Serious damage c. Exceptionally grave damage. You must have your organizations permission to telework c. You may use unauthorized software as long as your computers antivirus software is up to date. Which of the following is not considered a potential insider threat indicator? Mobile Devices (Incident): When is it okay to charge a personal mobile device using government-furnished equipment (GFE)? Which of the following information is a security risk when posted publicly on your social networking profile? Which of the following is true of transmitting Sensitive Compartmented Information (SCI)? How can you protect your organization on social networking sites? Monitor credit card statements for unauthorized purchases, Thumb drives, memory sticks, and flash drives are examples of. <>/Metadata 317 0 R/ViewerPreferences 318 0 R>> Insiders are given a level of trust and have authorized access to Government information systems. A compromise of Sensitive Compartmented Information (SCI) occurs when a person who does not have the required clearance or access caveats comes into possession of SCI_________.??? **Mobile Devices What can help to protect the data on your personal mobile device? A colleague is playful and charming, consistently wins performance awards, and is occasionally aggressive in trying to access classified information. Only use a government-issued thumb drive to transfer files between systems. requirements to access classified information. Looking for https in the URL. Before long she has also purchased shoes from several other websites. (Spillage) What level of damage can the unauthorized disclosure of information classified as confidential reasonably be expected to cause? *Sensitive Compartmented Information What is a Sensitive Compartmented Information (SCI) program? GFA is not provided lightly and only where there are substantial and pressing reasons (e.g. You must have your organization's permission to telework. Government Furnished Resources (GFR) is personnel, most commonly Service Personnel on long-term loan or secondment. Before we can award a contract, we need each proposed research worker to complete a Form 388 that we will use to perform due diligence and obtain necessary clearances. Purpose: This instruction memorandum (IM) provides . endstream endobj 1075 0 obj <>stream Immediately notify your security point of contact. Use a common password for all your system and application logons. Validate friend requests through another source before confirming them. Follow procedures for transferring data to and from outside agency and non-government networks. Store classified data appropriately in a GSA-approved vault/container. On Jan. 30, 2023, President Joe Biden announced that the COVID-19 public health emergency (PHE) will end May 11, 2023. 2 0 obj (Malicious Code) Which of the following is true of Internet hoaxes? (Spillage) What type of activity or behavior should be reported as a potential insider threat? *Sensitive Compartmented Information When is it appropriate to have your security badge visible? . Which of the following represents an ethical use of your Government-furnished equipment (GFE)? What is the best course of action? (Identity Management) What certificates are contained on the Common Access Card (CAC)? c. Nothing. Classified information that should be unclassified and is downgraded. Ask for information about the website, including the URL. Which is a risk associated with removable media? Salisbury You must supply a completed Form 388 and CV for any new research workers. The MOD commercial toolkit is accessible on the MOD internet site and contains details on MOD contract conditions. What is the basis for handling and storage of classified data? Enable automatic screen locking after a period of inactivity. **Social Networking Which of the following information is a security risk when posted publicly on your social networking profile? endobj (Sensitive Information) What guidance is available from marking Sensitive Information information (SCI)? How Do I Answer The CISSP Exam Questions? Which of the following is NOT an example of CUI? We reserve the right to exclude a supplier whos been convicted of any of the offences or misconduct listed in the statement relating to good standing that will be sent to you if youre successful under a DASA competition. 1082 0 obj <>/Filter/FlateDecode/ID[<6D11769074A68B4F9710B6CBF53B0C2B>]/Index[1068 34]/Info 1067 0 R/Length 76/Prev 82724/Root 1069 0 R/Size 1102/Type/XRef/W[1 2 1]>>stream \text{Income statement accounts:}&&&\\ (removable media) If an incident occurs involving removable media in a Sensitive Compartmented Information Facility (SCIF), what action should you take? Since the URL does not start with https, do not provide you credit card information. You must provide us with a Full Rights Version of all deliverables, ensuring that it is coherent on its own. Using unauthorized software - No A trusted friend in your social network posts a link to vaccine information on a website unknown to you. Firewall disabled. You may use your personal computer as long as it is in a secure area in your home b. Incident Ctrl+F (Cmd+F) will help you a lot when searching through such a large set of questions. Malicious code can mask itself as a harmless e-mail attachment, downloadable file, or website. Which may be a security issue with compressed Uniform Resource Locators (URLs)? What should Sara do when publicly available Internet, such as hotel Wi-Fi? You believe that you are a victim of identity theft. Adversaries exploit social networking sites to disseminate fake news. NOT permitted uses of government-furnished equip (GFE) for: Viewing or downloading p*rn*graphy. Research the source of the article to evaluate its credibility and reliability. Secure .gov websites use HTTPSA Don't assume open storage in a secure facility is authorized. All to Friends Only. Is it okay to run it? Sanitized information gathered from personnel records. Classified Information can only be accessed by individuals with. Cyber Awareness Challenge 2022 Knowledge Check, DoD Mandatory Controlled Unclassified Informa, Headlight 4 Unit 4 p. 222,3 theme 3,story, Cyber Awareness Challenge 2023 (Incomplete). What are the requirements to be granted access to sensitive compartmented information (SCI)? *Controlled Unclassified Information Which is a best practice for protecting Controlled Unclassified Information (CUI)? Note That The Integers Should Be Type Cast To Doubles. c. Remove his CAC and lock his workstation. Turn on automatic downloading b. What level of damage to national security can you reasonably expect Top Secret information to cause if disclosed? Use TinyURLs preview feature to investigate where the link leads. What level of damage to national security could reasonably be expected if unauthorized disclosure of Top Secret information occurred? Phishing can be an email with a hyperlink as bait. Government-owned PEDs when expressly authorized by your agency. Storage devices (e.g., USB memory sticks, hard drives, etc.) Full Rights Versions only contain Foreground Information information generated under the work that we contract with you. Only use Government-approved equipment to process PII. (Malicious Code) What are some examples of malicious code? See the table below for guidance. A colleague abruptly becomes hostile and unpleasant after previously enjoying positive working relationships with peers, purchases an unusually expensive new car, and has unexplained absences from work. Find out about the Energy Bills Support Scheme, Armed forces and Ministry of Defence reform, Defence and Security Accelerator (DASA) Open Call for Innovation, Defence and Security Accelerator: ethical, legal and regulatory guidance, Technology concept and/or application formulated, Analytical and experimental critical function and/or characteristic proof of concept, Technology basic validation in a laboratory environment, Technology basic validation in a relevant environment, Technology model or prototype demonstration in a relevant environment, Technology prototype demonstration in an operational environment, Actual technology completed and qualified through test and demonstration, Actual technology qualified through successful mission operations, projects or manpower that is currently receiving funding or has already been funded from elsewhere in government, concepts which are not novel or innovative. *Sensitive Compartmented Information What must the dissemination of information regarding intelligence sources, methods, or activities follow? Which of the following is true of Protected Health Information (PHI)? **Insider Threat What type of activity or behavior should be reported as a potential insider threat? It displays a label showing maximum classification, date of creation, point of contact, and Change Management 9CM) Control Number. Spear Phishing attacks commonly attempt to impersonate email from trusted entities. Which scenario might indicate a reportable insider threat? How should you secure your home wireless network for teleworking? (Malicious Code) While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. Keep an eye on his behavior to see if it escalates c. Set up a situation to establish concrete proof that Alex is taking classified information. **Social Engineering Which of the following is a way to protect against social engineering? **Social Networking When is the safest time to post details of your vacation activities on your social networking website? *Social Networking Which of the following is true of Security Classification Guides? Ec-YBjAzR-~Q`0`=bA_NwMqD!sH{R- h+ Q ,?RK No. Proactively identify potential threats and formulate holistic mitigation responses. Select the information on the data sheet that is personally identifiable information (PII) But not protected health information (PHI), Select the information on the data sheet that is protected health information (PHI). Classified data: (Scene) Which of the following is true about telework? Taking classified documents from your workspace. The container prevents malware, intruders, system resources or other applications from interacting with the . Permitted Uses of Government-Furnished Equipment (GFE). Software that installs itself without the user's knowledge. Which of the following is true of protecting classified data? Connect to the Government Virtual Private Network (VPN). Proprietary data b. Nonstandard Government property contract clauses (reference 41 U.S.C. What should the owner of this printed SCI do differently? You should submit your priced proposal using a staged approach, detailing deliverables and prices for work that can be done before and after getting ethical approval. a. *Spillage After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. **Social Networking What should you do if you receive a game application request that includes permission to access your friends, profile information, cookies, and sites visited? In addition to the guidance on this page you must refer to the relevant competition document for the competition specific terms and conditions, including the specific contract. 4 0 obj As well as the technical aspects, value for money will also be taken into consideration during the assessment of your proposal. Not the websites URL. Correct, Someone who uses authorized access, wittingly or unwittingly, to harm national security through unauthorized disclosure or other actions that may cause the loss or degradation of resources or capabilities. Paul verifies that the information is CUI, includes a CUI marking in the subject header and digitally signs an e-mail containing CUI. Which is an untrue statement about unclassified data? (Answer) CPCON 2 (High: Critical and Essential Functions) CPCON 1 (Very High: Critical Functions) CPCON 3 (Medium: Critical, Essential, and Support Functions) CPCON 4 (Low: All Functions) CPCON 5 (Very Low: All Functions). a. A colleague removes sensitive information without seeking authorization in order to perform authorized telework. Skip the coffee break and remain at his workstation. Malicious Code (Spread): How can you avoid downloading malicious code: a. _I`vm `V k\Up k[t]I*+oDa,~v0j:g5wVoLQ:@n-62.Sm-"z.Z~-C-K8Yt_@}aVa{]ppwB6#fR4,r\+ l-sZO15 PII includes, but is not limited to, social security numbers, date and places of birth, mothers maiden names, biometric records, and PHI. All https sites are legitimate and there is no risk to entering your personal info online. endobj When checking in at the airline counter for a business trip, you are asked if you would like to check your laptop bag. (Sensitive Compartmented Information) What portable electronic devices (PEDs) are allow in a Secure Compartmented Information Facility (SCIF)? It includes a threat of dire circumstances. Then select Save. (Permitted Uses of Government-Furnished Equipment GFE)), Viewing or downloading pornography - No Reviewing and configuring the available security features, including encryption. In addition to avoiding the temptation of greed to betray his country, what should Alex do differently? Which of the following is NOT a typical result from running malicious code? The following table summarizes the rules of debit and credit. Ensure proper labeling by appropriately marking all classified material and, when required, sensitive material. Press release data c. Financial information. Making unauthorized configuration changes - No. Correct. Darryl is managing a project that requires access to classified information. endstream endobj 1073 0 obj <>stream Which of the following is NOT a good way to protect your identity? Its a condition of the contract that, as certain work must be justified ethically as well as scientifically, we reserve the right to terminate the work with immediate effect if you dont gain the relevant approval. Store it in a GSA approved vault or container. Even within a secure facility, dont assume open storage is permitted. 1 0 obj Which of the following is true of protecting classified data? This information will only be used for the purposes for which it is provided to us. As long as the document is cleared for public release, you may share it outside of DoD. Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed. The Government relies on and requires its contractors to provide effective and efficient stewardship of the . b. Which of the following is NOT an example of sensitive information? Software that installs itself without the users knowledge c. A firewall that monitors and controls network traffic. Controlled Unclassified Information: (Incident) Which of the following is NOT a correct way to protect CUI? Note the websites URL and report the situation to your security point of contact. IRS employees are permitted to utilize secure Public Wi-Fi access (e.g., hospital, Internet caf, coffee shop, public library). A pop-up window that flashes and warns that your computer is infected with a virus. Security updates are ready to install. Adversaries exploit social networking sites to disseminate fake news. Which designation includes Personally Identifiable Information (PII) and Protected Health Information (PHI)? What should be done to sensitive data on laptops and other mobile computing devices? CUI must be handled using safeguarding or dissemination controls. How many potential insider threat indicators is Bob displaying? Correct GU,}+ Correct. elsieteel. What should you do after you have ended a call from a reporter asking you to confirm potentially classified information found on the web? What certificates are contained on the DoD Public Key Infrastructure (PKI) implemented by the Common Access Card (CAC)/Personal Identity Verification (PIV) card? Removable Media in a SCIF (Evidence): What portable electronic devices (PEDs) are permitted in a SCIF? Mark SCI documents appropriately and use an approved SCI fax machine. Which of the following is NOT a home security best practice? All https sites are legitimate. Social Networking: Select all sections of the profile that contain an issue. Which of the following is a good practice for telework? A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complains about the credit card bills that his wife runs up. To: All Oregon/Washington Bureau of Land Management Employees. Which of the following statements is true? Using NIPRNet tokens on systems of higher classification level. Your cousin posted a link to an article with an incendiary headline on social media. *Malicious Code Which of the following is NOT a way that malicious code spreads? Which of the following is true of Controlled Unclassified Information (CUI)? Refer the reporter to your organizations public affairs office. \text{Stockholders' Equity:}&&&\\ Government furnished or purchased equipment or services provided to employees as the result of approved reasonable accommodation requests. Where any deliverable is subject to third party intellectual property rights (IPR) you must also describe this in your proposal. tell your colleague that it needs to be secured in a cabinet or container. Only when badging in b. Browse over 1 million classes created by top students, professors, publishers, and experts. If aggregated, the information could become classified. 7bqM8>EM3:N2/YX-4}Y>9> The general policy is to have the contractor furnish the equipment needed. Instruction Memorandum No. **Classified Data Which of the following must you do before using and unclassified laptop and peripherals in a collateral environment? Individuals are prohibited from using government furnished equipment (e.g., copier, fax machine) to make more than a few copies of material (e.g., copying a book, making numerous copies of a resume, or sending/receiving a lengthy document via fax machines), as well as any use of such machines that conflicts with the actual need to use the government furnished equipment for official business . correct. Name and profile picture - Any What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF? Which piece of information is safest to include on your social media profile? Read more about MOD ethical approval and other regulations which may affect your work. Edited/new version of DASA Short form contract uploaded to documents, Update to text from 'All competitions will use the new' to 'Many competitions, especially Phase 1 earlier TRL competitions, will use the new', Please note we have updated our short form contract template. Family and relationships - Friends Only For proposals that we fund, in accordance with the Governments Transparency Agenda, we are required to publish information in respect of Contract documents, comprising: In addition to the above, for proposals that we fund we will publish on DASA website your organisation name and type; DASA reference (ACCxxxxxx) and project title; and contract value. The proper security clearance and indoctrination into the SCI program. Cyber Awareness Challenge Knowledge Check 2023 Answers, Cyber Awareness Challenge 2022 Knowledge Check Answers.
Share this post