When linked to a specific individual, which of the following is NOT an example of Personally Identifiable Information (PII)?
Automobile make and model
Which of the following uses of removable media is appropriate?
Encrypting data stored on removable media
Which of the following is NOT a best practice for protecting data on a mobile device?
Disable automatic screen locking after a period of inactivity
Which of the following is an authoritative source for derivative classification?
Security Classification Guide
How can an adversary use information available in public records to target you?
Combine it with information from other data sources to learn how best to bait you with a scam
You receive an email with a link to schedule a time to update software on your government furnished laptop. Your IT department has not scheduled software updates like this in the past and has not announced this software update. The e-mail is not digitally signed. What action should you take?
Report the e-mail to your security POC or help desk.
Which of the following is NOT a best practice for teleworking in an environment where Internet of Things (IoT) devices are present?
Remove any voice-enabled device
Which type of data could resonably be expected to cause serious damage to national security?
Top Secret
Which of these is NOT a potential indicator that your device may be under a malicious code attack?
A notification for a system update that has been publicized.
Which best describes an insider threat? Someone who uses_________ access, __________, to harm national security through unauthorized disclosure, data, modification, espionage, terrorism, or kinetic actions.
unauthorized: detected or undetected
Which of the following is an allowed use of government furnished equipment (GFE)?
Checking personal e-mail if your organization allows it
How can you mitigate the potential risk associated with a compressed URL (e.g., TinyURL, goo.gl)?
Use the preview function to see where the link actually leads
How should government owned removable media be stored?
In a GSA-approved container according to the appropriate security classification
Annabeth becomes aware that a conversation with a co-worker that involved Sensitive Compartmented Information SCI) may have been overheard by someone who does not have the required clearance. What actions should Annabeth take?
Contact her security POC with detailed information about the incident.
How can you protect your home computer?
Turn on the password feature
You receive a phone call offering you a $50 gift card if you participate in a survey. Which course of action should you take?
Decline to participate in the survey. This may be a social engineering attempt.
Carl receives an e-mail about a potential health risk caused by a common ingredient in processed food. Which of the following actions should Carl NOT take with the e-mail?
Forward it
Which of the following is a risk associated with removable media?
All of these
Which of the following is an appropriate use of government e-mail?
Using a digital signature when sending attachments
Sylvia commutes to work via public transportation. She often uses this time to get a head start on work by making phone calls or responding to e-mails on her government approved mobile device. Does this pose a security concern?
Yes. Eavesdroppers may be listening to Sylvia's phone calls, and shoulder surfers may be looking at her screen.
Which of the following is true of transmitting or transporting SCI?
Printed SCI must be retrieved promptly from the printer
What conditions are necessary to be granted access to Sensitive Compartmented Information (SCI)?
Top Secret clearance and indoctrination into the SCI program
Terry sees a post on her social media feed that says there is smoke billowing from the Pentagon. The post includes a video that shows smoke billowing from a building that is not readily identifiable as the Pentagon. Terry is not familiar with the source of the post. Which of the following describes what Terry has likely seen?
This is probably a post designed to attract Terr's attention to click on a link and steal her information
Which of the following statements about PHI is false?
It is created or received by a healthcare provider, health plan, or employer of a business associate of these.
Which of the following is NOT a best practice for protecting your home wireless network for telework?
Use your router's pre-set SSID and password
Beth taps her phone at a payment terminal to pay for a purchase. Does this pose a security risk?
Yes, there is a risk that the signal could be intercepted and altered
How can you prevent viruses and malicious code?
Scan all external files before uploading to your computer
Which of the following is an example of behavior that you should report?
Taking sensitive information home for telework without authorization
You receive a text message from a package shipper notifying you that your package delivery is delayed due to needing updated delivery instructions from you.
Delete the message
Which of the following is an appropriate use of a DoD PKI token?
Do not use a token approved for NIPR on SIPR
Which of the following is a best practice when browsing the internet?
Only accept cookies from reputable, trusted websites
Where are you permitted to use classified data?
Only in areas with security appropriate to the classification level
Which of following is permitted within a Sensitive Compartmented Information Facility (SCIF)?
An authorized Government-owned Portable Electronic Device (PED)
Which of the following contributes to your online identity?
All of these
How can you protect your home computer?
Regularly back up your files
Turn on the password feature
Which of the following statements is true of DoD Unclassified data?
It may require access and distribution controls
Which of the following is NOT a way that malicious code can spread?
Running a virus scan
Which of the following is a best practice to protect your identity?
Order a credit report annually
What is the goal of an Insider Threat Program?
Deter, detect, and mitigate
Which of the following uses of removable media is allowed?
Government owned removable media that is approved as operationally necessary
Which of the following is permitted when using an unclassified laptop within a collateral classified space?
A government-issued WIRED headset with microphone
When is the safest time to post on social media about your vacation plans?
After the trip
Which of the following is NOT an appropriate use of your Common Access Card (CAC)?
Using it as photo identification with a commercial entity
On your home computer, how can you best establish passwords when creating separate user accounts?
Have each user create their own, strong password
Tom is working on a report that contains employees’ names, home addresses, and salary. Which of the following is Tom prohibited from doing with the report
Using his home computer to print the report while teleworking
Which of the following is a best practice for using government e-mail?
Do not send mass e-mails
Which of the following is a best practice for physical security?
Use your own security badge or key code for facility access
