Classified Data Security Guidelines
68 Questions
100 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

How should you respond when a vendor conducting a pilot program contacts you for organizational data to use in a prototype?

Refer the vendor to the appropriate personnel.

How can you protect classified data when it is not in use?

Store classified data appropriately in a GSA-approved vault/container.

What is the basis for handling and storage of classified data?

Classification markings and handling caveats.

Before using an unclassified laptop and peripherals in a collateral classified environment, what must you do?

<p>Ensure that any cameras, microphones, and Wi-Fi embedded in the laptop are physically disabled.</p> Signup and view all the answers

What level of damage to national security can you reasonably expect Top Secret information to cause if disclosed?

<p>Exceptionally grave damage.</p> Signup and view all the answers

What must you have to telework?

<p>Your organization's permission.</p> Signup and view all the answers

What is true about protecting classified data?

<p>Classified material must be appropriately marked.</p> Signup and view all the answers

What is a reportable insider threat activity?

<p>Attempting to access sensitive information without need-to-know.</p> Signup and view all the answers

Which scenario might indicate a reportable insider threat?

<p>A colleague removes sensitive information without seeking authorization in order to perform authorized telework.</p> Signup and view all the answers

Which of the following is a potential insider threat indicator? (Select all that apply)

<p>Difficult life circumstances, such as the death of a spouse.</p> Signup and view all the answers

What is the safest piece of information to include on your social media profile?

<p>Your favorite movie.</p> Signup and view all the answers

What is true of many apps and smart devices?

<p>Many apps and smart devices collect and share your personal information and contribute to your online identity.</p> Signup and view all the answers

How can you protect your organization on social networking sites?

<p>Ensure there are no identifiable landmarks visible in any photos taken in a work setting that you post.</p> Signup and view all the answers

What is a best practice for protecting Controlled Unclassified Information (CUI)?

<p>Store it in a locked desk drawer after working hours.</p> Signup and view all the answers

How should Controlled Unclassified Information (CUI) be transmitted safely?

<p>Paul verifies that the information is CUI, includes a CUI marking in the subject header, and digitally signs an e-mail containing CUI.</p> Signup and view all the answers

Which designation includes Personally Identifiable Information (PII) and Protected Health Information (PHI)?

<p>Controlled Unclassified Information (CUI).</p> Signup and view all the answers

Which of the following is NOT an example of CUI?

<p>Press release data.</p> Signup and view all the answers

Which of the following is NOT a correct way to protect CUI?

<p>CUI may be stored on any password-protected system.</p> Signup and view all the answers

What best describes good physical security?

<p>Lionel stops an individual in his secure area who is not wearing a badge.</p> Signup and view all the answers

What is an example of two-factor authentication?

<p>A Common Access Card and Personal Identification Number.</p> Signup and view all the answers

What is the best way to protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card?

<p>Store it in a shielded sleeve.</p> Signup and view all the answers

What must authorized personnel do before permitting another individual to enter a Sensitive Compartmented Information Facility (SCIF)?

<p>Confirm the individual's need-to-know and access.</p> Signup and view all the answers

What is true of Sensitive Compartmented Information (SCI)?

<p>Access requires Top Secret clearance and indoctrination into the SCI program.</p> Signup and view all the answers

Which of the following is NOT a potential consequence of using removable media unsafely in a SCIF?

<p>Damage to the removable media.</p> Signup and view all the answers

What portable electronic devices (PEDs) are permitted in a SCIF?

<p>Only expressly authorized government-owned PEDs.</p> Signup and view all the answers

What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF?

<p>All of these.</p> Signup and view all the answers

Which of the following is NOT a type of malicious code?

<p>Executables.</p> Signup and view all the answers

What action can help to protect your identity?

<p>Shred personal documents.</p> Signup and view all the answers

What is an appropriate use of government e-mail?

<p>Use a digital signature when sending attachments or hyperlinks.</p> Signup and view all the answers

What type of social engineering targets particular groups of people?

<p>Spear phishing.</p> Signup and view all the answers

How can you protect yourself from social engineering?

<p>Verify the identity of all individuals.</p> Signup and view all the answers

What is true of traveling overseas with a mobile phone?

<p>A personally owned device approved under Bring Your Own Approved Device (BYOAD) policy must be unenrolled while out of the country.</p> Signup and view all the answers

What should Sara do when using publicly available Internet, such as hotel Wi-Fi?

<p>Only connect with Government VPN.</p> Signup and view all the answers

What is the danger of using public Wi-Fi connections?

<p>Both of these.</p> Signup and view all the answers

Which personally-owned computer peripheral is permitted for use with Government-furnished equipment?

<p>A headset with a microphone through a Universal Serial Bus (USB) port.</p> Signup and view all the answers

How can you protect data on your mobile computing and portable electronic devices (PEDs)?

<p>Enable automatic screen locking after a period of inactivity.</p> Signup and view all the answers

Which of the following is an example of removable media?

<p>USB drive.</p> Signup and view all the answers

What is true of Internet of Things (IoT) devices?

<p>They can become an attack vector to other devices on your home network.</p> Signup and view all the answers

When is it appropriate to have your security badge visible?

<p>At all times when in the facility.</p> Signup and view all the answers

What should the owner of printed SCI do differently?

<p>Retrieve classified documents promptly from printers.</p> Signup and view all the answers

What should the participants in a conversation involving SCI do differently?

<p>Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed.</p> Signup and view all the answers

Which demonstrates proper protection of mobile devices?

<p>Linda encrypts all of the sensitive data on her government-issued mobile devices.</p> Signup and view all the answers

Which of the following does NOT constitute spillage?

<p>Classified information that should be unclassified and is downgraded.</p> Signup and view all the answers

Which of the following is NOT an appropriate way to protect against inadvertent spillage?

<p>Use the classified network for all work, including unclassified work.</p> Signup and view all the answers

What should you NOT do if you find classified information on the internet?

<p>Download the information.</p> Signup and view all the answers

Who designates whether information is classified and its classification level?

<p>Original classification authority.</p> Signup and view all the answers

Which of the following is a good practice to protect classified information?

<p>Don't assume open storage in a secure facility is authorized.</p> Signup and view all the answers

How many insider threat indicators does Alex demonstrate?

<p>Three or more.</p> Signup and view all the answers

What should Alex's colleagues do?

<p>Report the suspicious behavior in accordance with their organization's threat policy.</p> Signup and view all the answers

Which of the following is true?

<p>Digitally signed e-mails are more secure.</p> Signup and view all the answers

Which of the following best describes the conditions under which mobile devices and applications can track your location?

<p>It is often the default but can be prevented by disabling the location function.</p> Signup and view all the answers

When is it okay to charge a personal mobile device using government-furnished equipment (GFE)?

<p>This is never okay.</p> Signup and view all the answers

What security risk does a public Wi-Fi connection pose?

<p>It may prohibit the use of a virtual private network (VPN).</p> Signup and view all the answers

Which of the following represents an ethical use of your Government-furnished equipment (GFE)?

<p>Checking personal e-mail when allowed by your organization.</p> Signup and view all the answers

When may you be subject to criminal, disciplinary, and/or administrative action due to online harassment, bullying, stalking, hazing, discrimination, or retaliation?

<p>If you participate in or condone it at any time.</p> Signup and view all the answers

How can you protect yourself on social networking sites?

<p>Validate friend requests through another source before confirming them.</p> Signup and view all the answers

Which piece of information is safest to include on your social media profile?

<p>Photos of your pet.</p> Signup and view all the answers

Which of the following is true of removable media and portable electronic devices (PEDs)?

<p>They have similar features, and the same rules and protections apply to both.</p> Signup and view all the answers

What is a security best practice for protecting Personally Identifiable Information (PII)?

<p>Only use Government-approved equipment to process PII.</p> Signup and view all the answers

What is true of Controlled Unclassified Information (CUI)?

<p>CUI must be handled using safeguarding or dissemination controls.</p> Signup and view all the answers

Which Cyber Protection Condition (CPCON) establishes a protection priority focus on critical functions only?

<p>CPCON 1.</p> Signup and view all the answers

What is true of the Common Access Card (CAC) or Personal Identity Verification (PIV) card?

<p>You should remove and take your CAC/PIV card whenever you leave your workstation.</p> Signup and view all the answers

Which of the following is an example of a strong password?

<p>%2ZN=Ugq</p> Signup and view all the answers

A compromise of Sensitive Compartmented Information (SCI) occurs when a person who does not have the required clearance or access caveats comes into possession of SCI ________.

<p>in any manner.</p> Signup and view all the answers

What is a good practice to protect classified information?

<p>Don't assume open storage in a secure facility is authorized.</p> Signup and view all the answers

Based on the description that follows, how many potential insider threat indicators(s) are displayed? A colleague saves money for an overseas vacation every year, is a single father, and occasionally consumes alcohol.

<p>2 indicators.</p> Signup and view all the answers

Which of the following statements is true?

<p>Adversaries exploit social networking sites to disseminate fake news.</p> Signup and view all the answers

Which of the following is true about URLs?

<p>May be used to mask malicious intent.</p> Signup and view all the answers

Study Notes

Organizational Data and Vendors

  • Refer vendors conducting pilot programs for prototypes to the appropriate personnel for data requests.

Classified Data Protection

  • Store classified data in a GSA-approved vault or container when not in use to ensure its security.
  • Handling and storage of classified data is governed by specific classification markings and handling caveats.

Classified Equipment Usage

  • Disable cameras, microphones, and Wi-Fi on unclassified laptops before using them in classified environments to prevent security breaches.

National Security Impact

  • Disclosure of Top Secret information can cause exceptionally grave damage to national security.

Teleworking Protocols

  • Obtain organizational permission before engaging in telework to ensure compliance with policies.

Marking Classified Material

  • Properly mark all classified materials to maintain security and compliance with regulations.

Insider Threat Indicators

  • Accessing sensitive information without proper need-to-know is a reportable insider threat activity.
  • Observing unusual interest in classified information or personal difficulties may indicate potential insider threats.

Social Media and Personal Information

  • Safest information to include on social media profiles is non-identifiable content, such as favorite movies.
  • Apps and devices collect personal information, impacting online identity.

Controlled Unclassified Information (CUI) Management

  • Store Controlled Unclassified Information in locked drawers after hours to protect sensitive data.
  • Transmit CUI securely by verifying its classification and properly marking communications.

Physical Security Practices

  • Good physical security is demonstrated by actively stopping unbadged individuals in secure areas.

Authentication Methods

  • Utilizing two-factor authentication can enhance security, such as requiring a Common Access Card and Personal Identification Number.

Sensitive Compartmented Information (SCI) Protocol

  • Access to SCI requires Top Secret clearance and indoctrination; confirm need-to-know before entry.

Removable Media Safety

  • Removable media should be used cautiously within Sensitive Compartmented Information Facilities; non-compliance can lead to serious security incidents.

Identity Protection

  • Protect personal identity by shredding sensitive documents and verifying identities before sharing information.

E-mail Security

  • Digitally signed emails are considered more secure, ensuring communication integrity.

Public Wi-Fi Security

  • Using public Wi-Fi poses risks; only connect through a Government VPN to secure sensitive information on personal devices.

Government-Furnished Equipment (GFE) Usage

  • It is not permissible to charge personal mobile devices using GFE; this maintains equipment integrity.

Document Handling

  • Promptly retrieve classified documents from printers to minimize unauthorized access.

Proper Mobile Device Protection

  • Encrypt sensitive data on mobile devices to ensure compliance with security standards.

Spillage Protocol

  • Spillage does not include classified information that is downgraded correctly; preventing inadvertent spillage involves adhering to transfer procedures.

Ethical Online Behavior

  • Participants in discussions involving sensitive content should assess security clearances to avoid unauthorized dealings.

Online Security and Reputation

  • Adversaries may exploit social media for malicious purposes, emphasizing the importance of maintaining a secure digital presence.

Effective URL Use

  • URLs can be manipulated to disguise harmful intentions, necessitating caution when clicking on links.

Insider Threat Awareness

  • Recognizing and reporting suspicious behaviors within organizations is crucial for maintaining security integrity.

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

Quiz Team

Description

This quiz covers essential guidelines for handling classified data, including storage, equipment usage, and teleworking protocols. Understand the importance of compliance with security measures to protect national security and prevent insider threats.

More Like This

22 cfr 125
104 questions

22 cfr 125

AdorableBronze avatar
AdorableBronze
Unauthorized Disclosure Overview
33 questions
Use Quizgecko on...
Browser
Browser