How Do I Answer The CISSP Exam Questions? Physical security of mobile phones carried overseas is not a major issue. Proprietary dataB. Classified information that should be unclassified and is downgraded.C. What are some potential insider threat indicators? Only allow mobile code to run from your organization or your organizations trusted sites. 24 terms. You are leaving the building where you work. This is always okayB. Personal information is inadvertently posted at a website. Store classified data in a locked desk drawer when not in use Maybe Which of the following is true of Unclassified information? Access requires a formal need-to-know determination issued by the Director of National Intelligence.? What is a security best practice to employ on your home computer? The email has an attachment whose name contains the word secret. Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed. Carrying his Social Security Card with him, DoD employees are prohibited from using a DoD CAC in card-reader-enabled public device, Assigned a classification level by a supervisor. (Malicious Code) A coworker has asked if you want to download a programmers game to play at work. Maria is at home shopping for shoes on Amazon.com. Your password and the second commonly includes a text with a code sent to your phone. Store it in a locked desk drawer after working hours. Darryl is managing a project that requires access to classified information. Hold the conversation over email or instant messenger to avoid being overheard.C. Secure personal mobile devices to the same level as Government-issued systems. Sanitized information gathered from personnel records. What is a way to prevent the download of viruses and other malicious code when checking your e-mail? Skip the coffee break and remain at his workstation. If all questions are answered correctly, users will skip to the end of the incident. What portable electronic devices (PEDs) are permitted in a SCIF? How many potential insiders threat indicators does this employee display? Contact the IRS using their publicly available, official contact information. Hes on the clock after all.C. . CPCON 2 (High: Critical and Essential Functions) NOTE: Always remove your CAC and lock your computer before leaving your workstation. Research the source to evaluate its credibility and reliability. Nothing. Which scenario might indicate a reportable insider threat? Classified Information can only be accessed by individuals with. Which of the following best describes a way to safely transmit Controlled Unclassified Information (CUI)? Brianaochoa92. No. U.S. ARMY INSTALLATION MANAGEMENT COMMAND "We Are . A colleague abruptly becomes hostile and unpleasant after previously enjoying positive working relationships with peers, purchases an unusually expensive car, and has unexplained absences from work. Which of the following is true of transmitting Sensitive Compartmented Information (SCI)? This is never okay.. Share sensitive information only on official, secure websites. NOTE: Malicious code can mask itself as a harmless email attachment, downloadable file, or website. Which of the following may help to prevent spillage? How many potential insider threat indicators does this employee display? How many potential insider threat indicators does this employee display? (Malicious Code) What is a common indicator of a phishing attempt? You may use unauthorized software as long as your computers antivirus software is up-to-date. (Sensitive Information) What must the dissemination of information regarding intelligence sources, methods, or activities follow? College Physics Raymond A. Serway, Chris Vuille. Neither confirm or deny the information is classified. How are Trojan horses, worms, and malicious scripts spread? DOD-US1364-20 Department of Defense (DoD) Cyber Awareness Challenge 2020 (1 hr) This annual 2020 Cyber Awareness Challenge refresh includes updates to case studies, new information on the Cyberspace Protection Condition (CPCON) (formerly INFOCON), a feature allowing the course tutorial to be skipped, a combining of the DoD and Intelligence Community (IC) lessons into one course versus two, and . (Spillage) What level of damage can the unauthorized disclosure of information classified as confidential reasonably be expected to cause? Which of the following definitions is true about disclosure of confidential information? Set up a situation to establish concrete proof that Alex is taking classified information. Which of the following does not constitute spillage. Individuals must avoid referencing derivatively classified reports classified higher than the recipient.??? **Social Engineering How can you protect yourself from internet hoaxes? **Website Use How should you respond to the theft of your identity? Not correct edodge7. **Insider Threat What is an insider threat? Which of the following is not considered a potential insider threat indicator? What should you do? Which of the following is true of Security Classification Guides? Which designation marks information that does not have potential to damage national security? Maybe. Use the classified network for all work, including unclassified work.C. Correct. Hostility or anger toward the United States and its policies. What should you do if someone forgets their access badge (physical access)? Download the information.C. What should the owner of this printed SCI do differently? What should you consider when using a wireless keyboard with your home computer? The Cyber Awareness Challenge, which is also known as the Army Cyber Awareness Training, the cyber awareness challenge or the DOD cyber challenge, is an annual computer security training that was created to increase cyber awareness among Department of Defense (DoD) employees. Ive tried all the answers and it still tells me off. Under which circumstances may you be subject to criminal, disciplinary, and/or administrative action due to online misconduct? Which of the following should be reported as a potential security incident? FREQUENCY: Annual TIME TO COMPLETE: 1.5 hours What is Sensitive Compartment Information (SCI) program? **Insider Threat What advantages do insider threats have over others that allows them to cause damage to their organizations more easily? On a NIPRNet system while using it for a PKI-required task, Something you possess, like a CAC, and something you know, like a PIN or password. All of these. Alternatively, try a different browser. They can become an attack vector to other devices on your home network. A colleague is playful and charming, consistently wins performance awards, and is occasionally aggressive in trying to access classified information. ~All documents should be appropriately marked, regardless of format, sensitivity, or classification. *Controlled Unclassified Information Which of the following is NOT an example of CUI? CPCON 5 (Very Low: All Functions). Which of the following is true of sharing information in a Sensitive Compartmented Information Facility (SCIF)? attempt to change the subject to something non-work related, but neither confirm nor deny the article's authenticity. When using a public device with a card reader, only use your DoD CAC to access unclassified information, is only allowed if the organization permits it. **Travel What security risk does a public Wi-Fi connection pose? NOTE: CUI includes, but is not limited to, Controlled Technical Information (CUI), Personally Identifiable Information (PII), Protected Health Information (PHI), financial information, personal or payroll information, proprietary data, and operational information. Only paper documents that are in open storage need to be marked. Which of the following is true of Protected Health Information (PHI)? When may you be subject to criminal, disciplinary, and/or administrative action due to online harassment, bullying, stalking, hazing, discrimination, or retaliation? Senior government personnel, military or civilian. Is it permitted to share an unclassified draft document with a non-DoD professional discussion group? No, you should only allow mobile code to run from your organization or your organizations trusted sites. Assuming open storage is always authorized in a secure facility. **Travel Which of the following is true of traveling overseas with a mobile phone? What should you do to protect yourself while on social networks? Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed. *Spillage Which of the following is a good practice to prevent spillage? (Spillage) Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization? what should you do? Jun 30, 2021. Note the websites URL and report the situation to your security point of contact. **Removable Media in a SCIF What must users ensure when using removable media such as compact disk (CD)? Request the users full name and phone number. A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. Dont allow other access or to piggyback into secure areas. Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed. **Insider Threat Which scenario might indicate a reportable insider threat? Which of the following is NOT a correct way to protect CUI? National Centers of Academic Excellence in Cybersecurity (NCAE-C), Public Key Infrastructure/Enabling (PKI/PKE). Exposure to malwareC. (removable media) If an incident occurs involving removable media in a Sensitive Compartmented Information Facility (SCIF), what action should you take? Others may be able to view your screen. It does not require markings or distribution controls. *Spillage What should you do if you suspect spillage has occurred? Which of the following is NOT a security best practice when saving cookies to a hard drive? Immediately notify your security point of contact. NOTE: Malicious code can cause damage by corrupting files, erasing your hard drive, and/or allowing hackers access. You know this project is classified. Leaked classified or controlled information is still classified/controlled even if it has already been compromised. 32 2002. It is releasable to the public without clearance. Adversaries exploit social networking sites to disseminate fake news. What is a best practice for protecting controlled unclassified information (CUI)? Refer the reporter to your organizations public affairs office. It also says I cannot print out the certificate. Thank you for your support and commitment to Cybersecurity Awareness Month and helping all everyone stay safe and secure online. BuhayNiKamatayan. The DoD Cyber Exchange is sponsored by Use a single, complex password for your system and application logons. Erasing your hard driveC. Please DO NOT email in regards to Iatraining.us.army.mil, JKO, or skillport. When is it okay to charge a personal mobile device using government-furnished equipment (GFE)? What are the requirements to be granted access to sensitive compartmented information (SCI)? adversaries mc. February 8, 2022. Which is NOT a method of protecting classified data? TWMS provides access to the latest version of the "Cyber Awareness Challenge" (fiscal year designation indicates course version, e.g., FY2021 "Cyber Awareness Challenge"). If you participate in or condone it at any time. You must possess security clearance eligibility to telework. Home Training Toolkits. DOD Cyber Awareness Challenge 2019 (DOD-IAA-V16.0) 35 terms. You receive an unexpected email from a friend: I think youll like this: https://tinyurl.com/2fcbvy. What action should you take? (Malicious Code) What is a good practice to protect data on your home wireless systems? what should you do? What is a possible indication of a malicious code attack in progress? What should Sara do when publicly available Internet, such as hotel Wi-Fi? Alan uses password protection as required on his government-issued smartphone but prefers the ease of no password on his personal smartphone. How do you respond? Information improperly moved from a higher protection level to a lower protection level. What action should you take? Under what circumstances is it acceptable to check personal email on Government-furnished equipment (GFE)? NOTE: Dont allow others access or piggyback into secure areas. In addition to offering an overview of cybersecurity best practices, the challenge also provides awareness of potential and common cyber threats. What should you do? Note the websites URL and report the situation to your security point of contact. (Malicious Code) What are some examples of removable media? (Spillage) What should you do if a reporter asks you about potentially classified information on the web? If classified information were released, which classification level would result in Exceptionally grave damage to national security? Store classified data appropriately in a GSA-approved vault/container. Store it in a locked desk drawer after working hours. As long as the document is cleared for public release, you may share it outside of DoD. Decline So That You Maintain Physical Control of Your Government-Issued Laptop. *Spillage What should you do if a reporter asks you about potentially classified information on the web? 2021 SANS Holiday Hack Challenge & KringleCon. A user writes down details from a report stored on a classified system marked as secret and uses those details to draft an unclassified briefing on an unclassified system without authorization. *Spillage What is a proper response if spillage occurs? Ensure there are no identifiable landmarks visible in any photos taken in a work setting that you post. *Sensitive Compartmented Information When should documents be marked within a Sensitive Compartmented Information Facility (SCIF). (Malicious Code) What are some examples of malicious code? (Spillage) Which of the following is a good practice to aid in preventing spillage? Correct. Maintain possession of your laptop and other government-furnished equipment (GFE) at all times. He has the appropriate clearance and a signed, approved, non-disclosure agreement. 32 cfr 2002 controlled unclassified information. (social networking) When may you be subjected to criminal, disciplinary, and/or administrative action due to online misconduct? Use public for free Wi-Fi only with the Government VPN. What should you do after you have ended a call from a reporter asking you to confirm potentially classified information found on the web? Classified material must be appropriately marked. . NOTE: Top Secret information could be expected to cause exceptionally grave damage to national security if disclosed. Report the crime to local law enforcement. When teleworking, you should always use authorized and software. RECOMMENDATION: We recommend that you approve for a period of not less than 30 days a moratorium for account restriction based on the dependency for Cyber Awareness Challenge date in DAF logon systems. Which is a rule for removable media, other portable electronic devices (PEDs), and mobile computing devices to protect Government systems? How many potential insiders threat indicators does this employee display? How many potential insiders threat indicators does this employee display? Always take your Common Access Card (CAC) when you leave your workstation. Data about you collected from all sites, apps, and devices that you use can be aggregated to form a profile of you. NoneB. Your favorite movie. What are some examples of removable media? Training requirements by group. correct. Lock your device screen when not in use and require a password to reactivate. [Incident]: When is it okay to charge a personal mobile device using government-furnished equipment (GFE)?A. ~All documents should be appropriately marked, regardless of format, sensitivity, or classification. not correct **Insider Threat How many potential insider threat indicators does a coworker who often makes others uneasy by being persistent in trying to obtain information about classified projects to which he has no access, is boisterous about his wife putting them in credit card debt, and often complains about anxiety and exhaustion display? While it may seem safer, you should NOT use a classified network for unclassified work. Not correct Which of the following is a security best practice when using social networking sites? Always check to make sure you are using the correct network for the level of data. Only when badging inB. Which of the following is NOT one? A trusted friend in your social network posts a link to vaccine information on a website unknown to you. PII includes, but is not limited to, social security numbers, date and places of birth, mothers maiden names, biometric records, and PHI. Which of the following is true of Internet of Things (IoT) devices? An investment in knowledge pays the best interest.. When checking in at the airline counter for a business trip, you are asked if you would like to check your laptop bag. *Sensitive Compartmented Information What is Sensitive Compartmented Information (SCI)? Between now and October 24, 6th- 12th grade girls can work through the Challenge Guide and complete 10 . Which of the following is NOT an example of sensitive information? Never write down the PIN for your CAC. How can you protect your organization on social networking sites? When your vacation is over, and you have returned home. (Malicious Code) Which of the following is NOT a way that malicious code spreads? **Website Use While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. Unclassified documents do not need to be marked as a SCIF. Issues with Cyber Awareness Challenge. (Malicious Code) Upon connecting your Government-issued laptop to a public wireless connection, what should you immediately do? (social networking) When is the safest time to post details of your vacation activities on your social networking profile? Secure it to the same level as Government-issued systems. All https sites are legitimate and there is no risk to entering your personal info online. A system reminder to install security updates.B. The purpose of the Cyber Awareness Challenge is to influence behavior, focusing on actions that authorized users can engage to mitigate threats and vulnerabilities to DoD Information Systems. Correct. What action is recommended when somebody calls you to inquire about your work environment or specific account information? The person looked familiar, and anyone can forget their badge from time to time.B. Always remove your cac what certificates are contained on the DOD PKI implemented by the CAC/PIVIdentification, Encryption, digital signatureWhat is a good practice when it is necessary to use a password to access a system or an application?Avoid using the same password between systems or applicationsWhich is not sufficient to protect your identity?use a common password for all your system and application logons.Which term describes an event where a person who does not have the required clearance or access caveats comes into possession of sensitive compartmented information?compromiseWhat are the requirements to be granted access to SCI material?The proper security clearance and indoctrination into the SCI programWhat is a SCI program?a program that segregates various information.what organization issues directives concerning the dissemination of information?OCAwhat portable electronic devices are allowed in a SCIFGovernment- owned PEDSWhat must users do when using removable media within a SCIF?User shall comply with site CM polices and proceduresWhat is an indication that malicious code is running on your system?File corruptionWhat can malicious code do?It can cause damage by corrupting filesWhich is true of cookies?Text fileWhat is a valid response when identity theft occurs?Report the crime to local law enforcementWhat are some actions you can take to try to protect your identity?Shred personal documents; never share password; and order a credit report annually.What is whaling?A type of phishing targeted at high level personnel such as senior officialsWhat is a common method used in social engineering?Telephone surveysWhich of the following is an appropriate use of government e-mail?Digitally signing e-mails that contain attachment or hyperlinks.What is a protection against internet hoaxes?Use online sites to confirm or expose potential hoaxes.Which may be a security issue with compressed URLs?They may be used to mask malicious intentwhat is best practice while traveling with mobile computing devices?Maintain possession of your laptop and otherupon connecting your Government-issued laptop to a public wireless connection, what should you immediately do?Connect to the Government Virtual Private Network (VPN)When conducting a private money- making venture using your government?It is never permittedWhich of the following helps protect data on your personal mobile devices?Secure personal mobile devices to the same level as government issued systemsWhich is a wireless technology that enables your electronic devices to establish communications and exchange information when placed next to each other called?NFCWhat are some examples of removable media?Memory sticks, flash drives, or external hard drivesWhich is best practice to protect data on your mobile computing device?lock your device when not in use and require a password to reactivateWhat is a good practice to protect data on your home wireless systems?Ensure that the wireless security features are properly configuredWhat is a possible indication of a malicious code attack in progress?A pop-up window that flashes and warns that your computer is infected with a virus.