Cyber Awareness Knowledge Check

1. How many potential insider threat indicators does a person who is married with two children, vacations at the beach every year, is pleasant to work with, but sometimes has poor work quality display? Answer 0 indicators 2. What is the best response if you find classified government data on the internet? Answer Note any identifying information, such as the website's URL, and report the situation to your security POC. 3. After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. You know this project is classified. What should be your response? Answer Attempt to change the subject to something non-work related, but neither confirm nor deny the article's authenticity. 4. What is a proper response if spillage occurs? Answer Immediately notify your security POC. 5. What should you do if a reporter asks you about potentially classified information on the web? Answer Ask for information about the website, including the URL. 6. A user writes down details from a report stored on a classified system marked as Secret and uses those details to draft an unclassified briefing on an unclassified system without authorization. What is the best choice to describe what has occurred? Answer Spillage because classified data was moved to a lower classification level system without authorization. 7. How many potential insider threat indicators does a coworker who often makes others uneasy by being persistent in trying to obtain information about classified projects to which he has no access, is boisterous about his wife putting them in credit card debt, and often complains about anxiety and exhaustion display? Answer 3 or more indicators 8. Which of the following can an unauthorized disclosure of information classified as Confidential reasonably be expected to cause? Answer Damage to national security 9. Which classification level is given to information that could reasonably be expected to cause serious damage to national security? Answer Secret 10. When classified data is not in use, how can you protect it? Answer Store classified data appropriately in a GSA-approved vault/container when not in use. 11. Which is a good practice to protect classified information? Answer Ensure proper labeling by appropriately marking all classified material and, when required, sensitive material. 12. Which of the following is a good practice to aid in preventing spillage? Answer Be aware of classification markings and all handling caveats. 13. What is required for an individual to access classified data? Answer Appropriate clearance; signed and approved non-disclosure agreement; and need-to-know. 14. What type of activity or behavior should be reported as a potential insider threat? Answer Coworker making consistent statements indicative of hostility or anger toward the United States and its policies. 15. Which of the following practices reduces the chance of becoming a target by adversaries seeking insider information? Answer Don't talk about work outside your workspace unless it is a specifically designated public meeting environment and is controlled by the event planners. 16. Which scenario might indicate a reportable insider threat security incident? Answer A coworker is observed using a personal electronic device in an area where their use is prohibited. 17. Why might "insiders" be able to cause damage to their organizations more easily than others? Answer Insiders are given a level of trust and have authorized access to Government information systems. 18. Which of the following is a best practice to protect information about you and your organization on social networking sites and applications? Answer Use only personal contact information when establishing personal social networking accounts, never use Government contact information. 19. What should you do if an individual asks you to let her follow you into your controlled space, stating that she left her security badge at her desk? Answer Don't allow her access into secure areas and report suspicious activity. 20. Which represents a security best practice when using social networking? Answer Understanding and using available privacy settings. 21. Which is NOT a sufficient way to protect your identity? Answer Use a common password for all your system and application logons. 22. Under which circumstances may you be subject to criminal, disciplinary, and/or administrative action due to online misconduct? Answer Any time you participate in or condone misconduct, whether offline or online. 23. As someone who works with classified information, what should you do if you are contacted by a foreign national seeking information on a research project? Answer Inform your security POC of all non-professional or non-routine contacts with foreign nations, including, but not limited to, joining each other's social media sites. 24. Which of the following is true about unclassified data? Answer When unclassified data is aggregated, its classification level may rise. 25. What are some potential insider threat indicators? Answer Difficult life circumstances such as substance abuse; divided loyalty or allegiance to the U.S.; or extreme, persistent interpersonal difficulties. 26. What information posted publicly on your personal social networking profile represents a security risk? Answer Your place of birth 27. What is an individual's Personally Identifiable Information (PII) or Protected Health Information (PHI) considered? Answer Sensitive information. 28. Under what circumstances could unclassified information be considered a threat to national security? Answer If aggregated, the information could become classified. 29. What type of unclassified material should always be marked with a special handling caveat? Answer For Official Use Only (FOUO) 30. Which is true for protecting classified data? Answer Classified material is stored in a GSA-approved container when not in use. 31. Which of the following is true of protecting classified data? Answer Classified material must be appropriately marked. 32. Which of the following should be reported