DOD Cyber Awareness 2022 Knowledge Check / Navy eLearning (NEL)

Document Content and Description Below

DOD Cyber Awareness 2022 Knowledge Check Questions and Answers 1. How many potential insider threat indicators does a person who is married with two children, vacations at the beach every ye... ar, is pleasant to work with, but sometimes has poor work quality display? - 0 indicators 2. What is the best response if you find classified government data on the internet? - Note any identifying information, such as the website's URL, and report the situation to your security POC. 3. After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. You know this project is classified. What should be your response? - Attempt to change the subject to something non-work related, but neither confirm nor deny the article's authenticity. 4. What is a proper response if spillage occurs? - Immediately notify your security POC. 5. What should you do if a reporter asks you about potentially classified information on the web? - Ask for information about the website, including the URL. 6. A user writes down details from a report stored on a classified system marked as Secret and uses those details to draft an unclassified briefing on an unclassified system without authorization. What is the best choice to describe what has occurred? - Spillage because classified data was moved to a lower classification level system without authorization. 7. How many potential insider threat indicators does a coworker who often makes others uneasy by being persistent in trying to obtain information about classified projects to which he has no access, is boisterous about his wife putting them in credit card debt, and often complains about anxiety and exhaustion display? - 3 or more indicators 8. Which of the following can an unauthorized disclosure of information classified as Confidential reasonably be expected to cause? - Damage to national security 9. Which classification level is given to information that could reasonably be expected to cause serious damage to national security? - Secret 10. When classified data is not in use, how can you protect it? - Store classified data appropriately in a GSA-approved vault/container when not in use. 11. Which is a good practice to protect classified information? - Ensure proper labeling by appropriately marking all classified material and, when required, sensitive material. 12. Which of the following is a good practice to aid in preventing spillage? - Be aware of classification markings and all handling caveats. 13. What is required for an individual to access classified data? - Appropriate clearance; signed and approved non-disclosure agreement; and need-to-know. 14. What type of activity or behavior should be reported as a potential insider threat? - Coworker making consistent statements indicative of hostility or anger toward the United States and its policies. 15. Which of the following practices reduces the chance of becoming a target by adversaries seeking insider information? - Don't talk about work outside your workspace unless it is a specifically designated public meeting environment and is controlled by the event planners. 16. Which scenario might indicate a reportable insider threat security incident? - A coworker is observed using a personal electronic device in an area where their use is prohibited. 17. Why might "insiders" be able to cause damage to their organizations more easily than others? - Insiders are given a level of trust and have authorized access to Government information systems. 18. Which of the following is a best practice to protect information about you and your organization on social networking sites and applications? - Use only personal contact information when establishing personal social networking accounts, never use Government contact information. 19. What should you do if an individual asks you to let her follow you into your controlled space, stating that she left her security badge at her desk? - Don't allow her access into secure areas and report suspicious activity. 20. Which represents a security best practice when using social networking? - Understanding and using available privacy settings. 21. Which is NOT a sufficient way to protect your identity? - Use a common password for all your system and application logons. 22. Under which circumstances may you be subject to criminal, disciplinary, and/or administrative action due to online misconduct? - Any time you participate in or condone misconduct, whether offline or online. 23. As someone who works with classified information, what should you do if you are contacted by a foreign national seeking information on a research project? - Inform your security POC of all non-professional or non-routine contacts with foreign nations, including, but not limited to, joining each other's social media sites. 24. Which of the following is true about unclassified data? - When unclassified data is aggregated, its classification level may rise. 25. What are some potential insider threat indicators? - Difficult life circumstances such as substance abuse; divided loyalty or allegiance to the U.S.; or extreme, persistent interpersonal difficulties. 26. What information posted publicly on your personal social networking profile represents a security risk? - Your place of birth 27. What is an individual's Personally Identifiable Information (PII) or Protected Health Information (PHI) considered? - Sensitive information. 28. Under what circumstances could unclassified information be considered a threat to national security? - If aggregated, the information could become classified. 29. What type of unclassified material should always be marked with a special handling caveat? - For Official Use Only (FOUO) 30. Which is true for protecting classified data? - Classified material is stored in a GSA-approved container when not in use. 31. Which of the following is true of protecting classified data? - Classified material must be appropriately marked. 32. Which of the following should be reported as a potential security incident (in accordance with your Agency's insider threat policy)? - A coworker brings a personal electronic device into a prohibited area. 33. How many potential insider threat indicators does a person who is playful and charming, consistently win performance awards, but is occasionally aggressive in trying to access sensitive information? - 1 Indicator 34. Which of the following terms refers to harm inflicted on national security through authorized access to information or information systems? - Insider Threat 35. What is the best example of Personally Identifiable Information (PII)? - Date and place of birth 36. What is the best example of Protected Health Information (PHI)? - Your health insurance explanation of benefits (EOB) 37. When is the best time to post details of your vacation activities on your social networking website? - When your vacation is over, and you have returned home 38. What does Personally Identifiable Information (PII) include? - Social Security Number; date and place of birth; mother's maiden name 39. What must you ensure if you work involves the use of different types of smart card security tokens? - Avoid a potential security violation by using the appropriate token for each system. 40. What must you ensure before transmitting Personally Identifiable Information (PII) or Protected Health Information (PHI) via e-mail? - Transmissions must be between Government e-mail accounts and must be encrypted and digitally signed when possible. 41. What must you do when e-mailing Personally Identifiable Information (PII) or Protected Health Information (PHI)? - Encrypt the e-mail and use your Government e-mail account. 42. What is a good practice for physical security? - Challenge people without proper badges. 43. Is it acceptable to take a short break while a coworker monitors your computer while logged on with your CAC? - No. Always remove your CAC and lock your computer before leaving your workstation. 44. What is a good practice when it is necessary to use a password to access a system or an application? - Avoid using the same password between systems or applications. 45. What is the best description of two-factor authentication? - Something you possess, like a CAC, and something you know, like a PIN or password. 46. What certificates are contained on the DoD Public Key Infrastructure (PKI) implemented by the Common Access Card (CAC)/Personal Identity Verification (PIV) card? - Identification, encryption, and digital signature 47. What are the requirements to be granted access to SCI material? - The proper security clearance and indoctrination into the SCI program. 48. What threat do insiders with authorized access to information or information Systems pose?? - They may wittingly or unwittingly use their authorized access to perform actions that result in the loss or degradation of resources or capabilities. 49. What organization issues the directives concerning the dissemination of information regarding intelligence sources, methods, or activities? - Department of Defense. ***************************************CONTINUED****************************** [Show More]

Last updated: 1 year ago

Preview 1 out of 12 pages