(Sensitive Compartmented Information) What portable electronic devices (PEDs) are allow in a Secure Compartmented Information Facility (SCIF)? What should be done if you find classified Government Data/Information Not Cleared for Public Release on the Internet? *Sensitive Compartmented Information What is a Sensitive Compartmented Information (SCI) program? Ive tried all the answers and it still tells me off, part 2. laptops, fitness bands, tablets, smartphones, electric readers, and Bluetooth devices. a. **Insider Threat Which of the following should be reported as a potential security incident? Memory sticks, flash drives, or external hard drives. Where any deliverable is subject to third party intellectual property rights (IPR) you must also describe this in your proposal. It is permissible to release unclassified information to the public prior to being cleared. Notify your security POC b. Analyze the media for viruses or malicious code. This HHS Policy supersedes the CMS ARS 3.0 CM-2 Enhancement 7 Configure Systems or Components for High Risk Areas control. correct. Use a digital signature when sending attachments or hyperlinks. **Travel What security risk does a public Wi-Fi connection pose? Follow procedures for transferring data to and from outside agency and non-Government networks. A coworker is observed using a personal electronic device in an area where their use is prohibited. Ensure that any cameras, microphones, and Wi-Fi embedded in the laptop are physically disabled.- Correct. a. Youll need to register and then activate your account before you can browse the toolkit. (controlled unclassified information) Which of the following is NOT correct way to protect CUI? You must have your organizations permission to telework. How was one of the weaknesses of a free enterprise economy illustrated by the Great Depression? Storage devices (e.g., USB memory sticks, hard drives, etc.) 1) Unusual interest in classified information. When leaving your work area, what is the first thing you should do? Classification markings and handling caveats. CUI may be stored only on authorized systems or approved devices. You must have your organizations permission to telework c. You may use unauthorized software as long as your computers antivirus software is up to date. Which of the following best describes good physical security? Tell us about it through the REPORT button at the bottom of the page. Decisions to provide GFE must be identified and a comparison made of the cost difference between using GFE or CFE. (Malicious Code) What are some examples of malicious code? Using NIPRNet tokens on systems of higher classification level. (Identity Management) Which of the following is an example of two-factor authentication? The interim payment plan must provide clearly defined work stages, deliverables with associated payments and timescales. Only persons with appropriate clearance, a non-disclosure agreement, and need-to-know can access classified data. Government-owned PEDs, if expressly authorized by your agency. (Malicious Code) Upon connecting your Government-issued laptop to a public wireless connection, what should you immediately do? sensitive but unclassified. In your proposal to us, you must describe the deliverables from your project; in other words, what will be produced and delivered as a result of the project. website belongs to an official government organization in the United States. Information should be secured in a cabinet or container while not in use. The general policy is to have the contractor furnish the equipment needed. The CAC/PIV is a controlled item and contains certificates for: An individual who has attempted to access sensitive information without need-to-know and has made unusual requests for sensitive information is displaying indicators of what? You are working at your unclassified system and receive an email from a coworker containing a classified attachment. be wary of suspicious e-mails that use your name and/or appear to come from inside your organization. Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed. Mobile Devices (Incident): When is it okay to charge a personal mobile device using government-furnished equipment (GFE)? Hold the conversation over e-mail or instant messenger to avoid being overheard. See PGI 245.103-72, Government- furnished property (GFP) attachments to solicitations and awards. Correct. What should you do? Which of the following is NOT a best practice to protect data on your mobile computing device? What level of damage to national security could reasonably be expected if unauthorized disclosure of Top Secret information occurred? What information most likely presents a security risk on your personal social networking profile? Typically, a model is developed for analyzing both CFE and GFE when considering the use of GFE. Which is NOT a way to protect removable media? You receive an inquiry from a reporter about government information not cleared for public release. After work hours, storing sensitive information in unlocked containers, desks, or cabinets if security is not present. %PDF-1.7
Be aware of classification markings and all handling caveats. Which of the following best describes a way to safely transmit Controlled Unclassified Information (CUI)? Who is responsible for information/data security? The Governments official GFE policy is stated in Federal Acquisition Regulation (FAR) section 45.102 Policy which states: As part of its responsibility for acquisition planning (FAR Part 7, Acquisition Planning), the requiring activity (project or program manager or purchase request generator) decides whether or not to furnish property to Contractors. Which of the following is NOT a security best practice when saving cookies to a hard drive? Compute The Average Kids Per Family. Which of the following should you NOT do if you find classified information on the internet? Which of the following is NOT an example of sensitive information? A Common Access Card and Personal Identification Number. Security Classification Guides (SCGs).??? Which of the following is a potential insider threat indicator? correct. Which of the following demonstrates proper protection of mobile devices? Which of the following should you do immediately? What should you do? Which of the following is NOT true of traveling overseas with a mobile phone? yQDx^e|z%HmM4}?>rl\0e_qn;]8sg"pml1d0&wG_-o Fs\Y.>^|]HKTs=tF"l_A{h#: 3^P_h}k What is required for an individual to access classified data? When may you be subject to criminal, disciplinary, and/or administrative action due to online harassment, bullying, stalking, hazing, discrimination, or retaliation? Calculate the margin of safety in terms of the number of units. Family and relationships - Friends Only You believe that you are a victim of identity theft. It would be best to contact the institution using verified contact information to confirm. a colleague enjoys playing videos games, regularly uses social media, and frequently forgets to secure her smartphone elsewhere before entering areas where it is prohibited. What should the participants in this conversation involving SCI do differently? What certificates are contained on the Common Access Card (CAC)? 870 Summit Park Avenue Auburn Hills, MI 48057. Adversaries exploit social networking sites to disseminate fake news Correct. In return, the funding Authority obtains a set of rights to use the delivered technical information and associated intellectual property for specified purposes. Use online sites to confirm or expose potential hoaxes, Follow instructions given only by verified personnel, Investigate the links actual destination using the preview feature, Determine if the software or service is authorized. A colleague vacations at the beach every year, is married and a father of four, sometimes has poor work quality, and works well with his team. a. 3 0 obj
Which of the following is true of traveling overseas with a mobile phone? Hostility or anger toward the United States and its policies. GFE is normally specified in a Request for Proposal (RFP) or contract. t {
*Insider Threat Which of the following is a potential insider threat indicator? Which of the following is an example of a strong password? A coworker uses a personal electronic device in a secure area where their use is prohibited. Classified data: (Theory) Which of the following is true of protecting classified data? Note any identifying information and the websites Uniform Resource Locator (URL). Lionel stops an individual in his secure area who is not wearing a badge. In most cases there are no nationality restrictions, however DASA individual competition documents will detail any necessary restrictions. Appropriate confidentiality agreements will be put in place. b. Call your security point of contact immediately. What should you do? What is a security best practice to employ on your home computer? sole traders) and Public Sector Research Establishments (PSREs). Right-click the link and select the option to preview??? Proactively identify potential threats and formulate holistic mitigation responses. While it may seem safer, you should NOT use a classified network for unclassified work. b. Linda encrypts all of the sensitive data on her government issued mobile devices. Mark SCI documents appropriately and use an approved SCI fax machine. the whistleblower protection enhancement act relates to reporting. Only use Government-approved equipment to process PII. You have reached the office door to exit your controlled area. Controlled Unclassified Information: (Victim) Select the information on the data sheet that is personally identifiable information (PII) but not protected health information (PHI). What should you do if someone asks to use your government issued mobile device (phone/laptop..etc)? At all times when in the facility c. At any time during the workday, including when leaving the facility. Assuming open storage is always authorized in a secure facility. HTKo1[05R4I)RJU=,erh"swJ-k{fo^f^``rf@g]8/u W} @;%m[=jo#UzAk/^)-weH+fX*miP\h6x~0%Agmzw@ 8p2=x"?|ON(K\4n#ikux>mKN|7+>e{yd( 3*aH l+m,t~$ =gP}HN)/xO?y^m\.G!$;\tOE :Q
Malicious Code (Prevalence): Which of the following is an example of malicious code? GFAE: Government-Furnished Aeronautical Equipment. **Removable Media in a SCIF What must users ensure when using removable media such as compact disk (CD)? Attempting to access sensitive information without need-to-know. A colleague often makes others uneasy with her persistent efforts to obtain information about classified project where she has no need-to-know, is vocal about her husband overspending on credit cards, and complains about anxiety and exhaustion. Use only personal contact information when establishing your personal account. Have your permissions from your organization, follow your organization guideline, use authorized equipment and software, employ cyber security best practice, perform telework in dedicated when home. All https sites are legitimate. Website Use (Incident): Select all security issues. Using webmail may bypass built in security features. Which of the following is a good practice for telework? Use the classified network for all work, including unclassified work. What can help to protect the data on your personal mobile device. Only when badging in b. How can you protect yourself from social engineering? Use only your personal contact information when establishing your account. **Classified Data Which of the following is true of protecting classified data? Remove and take it with you whenever you leave your workstation. (Sensitive Information) What must the dissemination of information regarding intelligence sources, methods, or activities follow? You are leaving the building where you work. A headset with a microphone through a Universal Serial Bus (USB) port. Depending on the specifics of any proposed change of use, including any building work . (Sensitive Compartmented Information) What describes how Sensitive Compartmented Information is marked? Which Cyber Protection Condition (CPCON) establishes a protection priority focus on critical functions only? Which of the following is not considered a potential insider threat indicator? Well send you a link to a feedback form. Submission Service reopen dates published. What should the employee do differently? Never print classified documents b. Label the printout UNCLASSIFIED to avoid drawing attention to it c. Retrieve classified documents promptly from printers. Not correct Use only personal contact information when establishing personal social networking accounts, never use Government contact information. Nonstandard Government property contract clauses (reference 41 U.S.C. Which of the following is true of Sensitive Compartmented Information (SCI)? Contractors are ordinarily required to furnish all property necessary to perform Government contracts. Report the suspicious behavior in accordance with their organizations insider threat policy b. *Social Networking Verified answer. Birthday - Friends Only Equipment which is Government-provided will be furnished and installed by the Government in space made available by the Contractor and with rough-in made by the Contractor in accord with the information made available or referenced herein or indicated. What should you do? Always check to make sure you are using the correct network for the level of data. (Spillage) Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization? *Sensitive Information What type of unclassified material should always be marked with a special handling caveat? Report the crime to local law enforcement. Use personally-owned wired headsets and microphones only in designated areas, New interest in learning a foreign language. Software that installs itself without the users knowledge. This short and simple contracting method aims to encourage engagement with DASA, whilst having the complexities of some other contracting methods removed. How can you avoid downloading malicious code? &\textbf{Increas}&\textbf{Decrease}&\textbf{Normal Balance}\\ Which of the following best describes the conditions under which mobile devices and applications can track your location? Ensure there are no identifiable landmarks visible in any photos taken in a work setting that you post. In addition to offering an overview of cybersecurity best practices, the challenge also provides awareness of potential and common cyber threats. (Spillage) What advantages do insider threats have over others that allows them to cause damage to their organizations more easily? Which piece of information is safest to include on your social media profile? This bag contains your government-issued laptop. Verified answer. Government-furnished assets. Which of the following is true of protecting classified data? b) Upward sloping; vary negatively with the price level Please note that this process will take as long as necessary and could take up to 6 weeks in some cases for non-UK nationals. 1304). Based on the description that follows how many potential insider threat indicators are displayed? Follow procedures for transferring data to and from outside agency and non-government networks. Which of the following should you NOT do if you find classified information on the internet? How many potential insiders threat indicators does this employee display. Do not download it. *Controlled Unclassified Information Which of the following is NOT an example of CUI? Quizzma is a free online database of educational quizzes and test answers. Correct. At all times while in the facility. A trusted friend in your social network posts a link to vaccine information on a website unknown to you. Validate all friend requests through another source before confirming them. Which of the following is an example of removable media? ~All documents should be appropriately marked, regardless of format, sensitivity, or classification. What type of social engineering targets particular groups of people? Someone who uses authorized access, wittingly or unwittingly, to harm national security through unauthorized disclosure or other actions that may cause the loss or degradation of resources or capabilities. d) Vertical; can be either greater than or less than the natural level of real output. How many insider threat indicators does Alex demonstrate? Only use a government-issued thumb drive to transfer files between systems. They may wittingly or unwittingly use their authorized access to perform actions that result in the loss or degradation of resources or capabilities. Exception. The Town and Country Planning (Use Classes) Order 1987 ( as amended) puts uses of land and buildings into various categories known as 'Use Classes' which are detailed below. Limited Rights Versions of deliverables wont be released by us outside of Government. Personal information is inadvertently posted at a website. Only expressly authorized government-owned PEDs. Store it in a GSA approved vault or container. Illegal downloading copyrighted materials. Delete email from senders you do not know. Many apps and smart devices collect and share your personal information and contribute to your online identity. Never allow sensitive data on non-Government-issued mobile devices. Note That The Integers Should Be Type Cast To Doubles. As a security best practice, what should you do before exiting? You must appoint a person whos responsible for all communications with us. A coworker wants to send you a sensitive document to review while you are at lunch and you only have your personal tablet. DASA generally does not fund the following unless explicitly stated in the competition document. If aggregated, the information could become classified. Personally-owned external monitors may be connected to DoD-issued computers in telework environments via VGA or DVI, but not via USB. Enable automatic screen locking after a period of inactivity. The relevant people will be named in the subsequent contract. Which scenario might indicate a reportable insider threat? It is fair to assume that everyone in the SCIF is properly cleared. In which situation below are you permitted to use your PKI token? A colleague is playful and charming, consistently wins performance awards, and is occasionally aggressive in trying to access classified information. You must provide us with a Full Rights Version of all deliverables, ensuring that it is coherent on its own. In addition to avoiding the temptation of greed to betray his country, what should Alex do differently? Which of the following is a practice that helps to prevent the download of viruses and other malicious code when checking your email? Here you can find answers to the DoD Cyber Awareness Challenge. Which of the following best describes good physical security? He has the appropriate clearance and a signed, approved, non-disclosure agreement. Implement Wi-Fi Protected Access 2 (WPA2) Personal encryption at a minimum. Classified information that should be unclassified and is downgraded. (Insider Threat) Based on the description that follows, how many potential insider threat indicator(s) are displayed? <>
What information posted publicly on your personal social networking profile represents a security risk? You should remove and take your CAC/PIV card whenever you leave your workstation. Classified information that should be unclassified and is downgraded. (Malicious Code) Which of the following is true of Internet hoaxes? Government Furnished Equipment: GFE refers to tooling or equipment thats provided to a contractor for use during the project . News stories, speeches, letters and notices, Reports, analysis and official statistics, Data, Freedom of Information releases and corporate reports. *Sensitive Compartmented Information What should the owner of this printed SCI do differently? **Identity management Which of the following is an example of two-factor authentication? c. Analyze the other workstations in the SCIF for viruses or malicious code. Full Rights Versions only contain Foreground Information information generated under the work that we contract with you. When is it okay to charge a personal mobile device using government-furnished equipment (GFE)? What must authorized personnel do before permitting another individual to enter a Sensitive Compartmented Information Facility (SCIF)? Refer the reporter to your organizations public affairs office. Press release data c. Financial information. Making unauthorized configuration changes. Insider threat: (Alexs statement) In addition to avoiding the temptation of greed to betray his country, what should Alex do differently? What is a rule for removable media, other portable electronic devices (PEDs), and mobile computing devices to protect Government systems? \text{Revenue}&&&\text{Credit}\\ Do not access website links in e-mail messages. What information relates to the physical or mental health of an individual? Transmit classified information via fax machine only Not correct Classified Data: (Incident) What level of damage to national security can you reasonably expect Top Secret information to cause if disclosed? A colleague enjoys playing video games online, regularly use social media, and frequently forgets to secure her smartphone elsewhere before entering areas where it is prohibited. DASA reserves the right to disclose on a confidential basis any information it receives from you during the procurement process to any third party engaged by DASA for the specific purpose of evaluating or assisting DASA in the evaluation of your proposal. Permitted Uses of Government-Furnished Equipment (GFE). endobj
**Website Use While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. Sensitive Compartmented Information (Incident #3): What should the participants in this conversation involving SCI do differently? HUj@}qDk. The email has an attachment whose name contains the word secret. What type of attack might this be? When submitting your proposal, you must provide a resourcing plan that identifies, where possible, the nationalities of those proposed research workers that you intend working on this phase. John submits CUI to his organizations security office to transmit it on his behalf. Which of the following should be done to keep your home computer secure? 1082 0 obj
<>/Filter/FlateDecode/ID[<6D11769074A68B4F9710B6CBF53B0C2B>]/Index[1068 34]/Info 1067 0 R/Length 76/Prev 82724/Root 1069 0 R/Size 1102/Type/XRef/W[1 2 1]>>stream
What does Personally Identifiable Information (PII) include? In addition to avoiding the temptation of greed to betray his country, what should Alex do differently? As part of the survey the caller asks for birth date and address. This is a spear phishing attempt, and it would be best to report it to security. difficult life circumstances such as substance abuse, divided loyalty or allegiance to the U.S., and extreme, persistent interpersonal difficulties. While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. How do you respond? Digitally signed e-mails are more secure. <>/ExtGState<>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/MediaBox[ 0 0 612 792] /Contents 4 0 R/Group<>/Tabs/S/StructParents 0>>
However, the equipment can be furnished by the Government if it is in the best interest of the Government to provide GFE for use by the contractor. To help us improve GOV.UK, wed like to know more about your visit today. (Sensitive Information) Which of the following is true about unclassified data? English is the official language for all communication between bidders, DASA and in all parts of DASA proposals. It contains certificates for identification, encryption, and digital signature. What actions should you take prior to leaving the work environment and going to lunch? Which of the following is a best practice for physical security? Remove your security badge, common access card (CAC), or personal identity verification (PIV) card. endstream
endobj
1073 0 obj
<>stream
You have accepted additional cookies. Immediately notify your security point of contact. Correct. Store classified data appropriately in a GSA-approved vault/container. Do not access website links in e-mail messages. How many potential insider threat indicators is Bob displaying? Unclassified documents do not need to be marked as a SCIF. A headset with a microphone through a Universal Serial Bus (USB) port. Heres how you know. Nothing. Which of the following is NOT a criterion used to grant an individual access to classified data? **Social Networking Which of the following best describes the sources that contribute to your online identity? Which designation marks information that does not have potential to damage national security? Dont include personal or financial information like your National Insurance number or credit card details.
Is Mark Shapiro Married,
What Are Hirschbach Trucks Governed At,
Uwvc Pickup List Of Accepted Items,
Beyond Light Trophy Room,
Cardiology Associates Of Schenectady Patient Portal Login,
Articles P