What is a critical consideration on using cloud-based file sharing and storage applications on your government-furnished equipment (gfe)

What do you do if a spillage occurs?

Immediately notify your security point of contact.

What should you do if a reporter asks you about potentially classified information on the web?

Neither confirm nor deny the information is classified.

Which of the following is NOT true concerning a computer labeled SECRET?

May be used on an unclassified network.

Who can be permitted access to classified data?

Only persons with appropriate clearance, a non-disclosure agreement, and need-to-know.

Which of the following is NOT considered a potential insider threat indicator?

New interest in learning a foreign language.

Which of the following is NOT considered a potential insider threat indicator?

Treated mental health issues.

A colleague has won 10 high-performance awards, can be playful and charming, is not currently in a relationship, and is occasionally aggressive in trying to access sensitive information. How many potential insider threat indicators does this employee display?

…

What information most likely presents a security risk on your personal social networking profile?

Personal email address

What action should you take if you receive a friend request on your social networking website from someone in Germany you met casually at a conference last year?

Decline the request

Which of the following is an example of Protected Health Information (PHI)?

Explanation of benefits from a health insurance company.

Which of the following is the best example of Personally Identifiable Information (PPI)?

Date of Birth

Which of the following is NOT an example of sensitive information?

Press release date

Which of the following represents a good physical security practice?

Use your own security badge, key code, or Common Access Card (CAC)/Personal Identity Verification (PIV) card.

Which of the following statements is TRUE about the use of DoD Public Key Infrastructure (PKI) tokens?

Always use DoD PKI tokens within their designated classification level.

Which of the following is NOT a good way to protect your identity?

Use a single, complex password for your system and application logons.

After clicking on a link on a website, a box pops up and asks if you want to run an application. Is it okay to run it?

No. Only allow mobile code to run from organization or your organization’s trusted sites.

While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. The website requires a credit card for registration. What should you do?

Since the URL does not start with "https," do not provide your credit card information.

You receive a call from someone from the help desk who needs your assistance with a problem on your computer. How should you respond?

Immediately end the phone call.

You receive an unexpected email from a friend: "I think you’ll like this: https://tinyurl.com/2fcbvy." What action should you take?

…

Which of the following is true of Internet hoaxes?

…

Which of the following is NOT true of traveling overseas with a mobile phone?

Physical security of mobile phones carried overseas is not a major issue.

What is a critical consideration on using cloud-based file sharing and storage applications on your Government-furnished equipment (GFE)?

Determine if the software or service is authorized.

A coworker wants to send you a sensitive document to review while you are at lunch and you only have your personal tablet. What should you do?

Never allow sensitive data on non-Government-issued mobile devices.

When checking in at the airline counter for a business trip, you are asked if you would like to check your laptop bag. This bag contains your Government-issued laptop. What should you do?

Decline so that you maintain physical control of your Government-issued laptop.

How can you protect your information when using wireless technology?

Avoid using non-Bluetooth-paired or unencrypted wireless computer peripherals.

Which of the following does NOT constitute spillage?

Classified information that should be unclassified and downgraded.

Which of the following is NOT an appropriate way to protect against inadvertent spillage?

Use the classified network for all work, including unclassified work.

Which of the following should you NOT do if you find classified information on the internet?

Download the information.

Which of the following is NOT a requirement for telework?

…

What should you do when you are working on an unclassified system and receive an email with a classified attachment?

Call your security point of contact immediately to alert them.

Which of the following is true of protecting classified data?

Classified material must be appropriately marked.

Which level of damage to national security can you reasonably expect Top Secret information to cause if disclosed?

Exceptionally Grave Damage

Which of the following is true about telework?

You must have your organization’s permission to telework.

A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complain about the credit card bills that his wife runs up. How many potential insiders threat indicators does this employee display.

…

Which of the following should be reported as a potential security incident (in accordance with your Agency’s insider threat policy)?

A coworker brings a personal electronic device into prohibited areas.

In addition to avoiding the temptation of greed to betray his country, what should Alex do differently?

Avoid talking about work outside of the workplace or with people without a need-to-know.

How many insider threat indicators does Alex demonstrate?

Three or more

What should Alex’s colleagues do?

Report the suspicious behavior in accordance with their organization’s insider threat policy.