Information Security Best Practices Quiz

Questions and Answers

When linked to a specific individual, which of the following is NOT an example of Personally Identifiable Information (PII)?

Social Security Number

Email address

Automobile make and model (correct)

Phone number

How can you mitigate the potential risk associated with a compressed URL (e.g., TinyURL, goo.gl)?

Use the preview function to see where the link actually leads.

What is the goal of an Insider Threat Program?

Deter, Detect, and Mitigate the risks associated with insider threats.

Mabel needs to share a document with her supervisor. What is appropriate?

Encrypt it and send digitally.

Which of the following is NOT a best practice for protecting data on a mobile device?

Disable automatic screen locking after a period of inactivity

Which of these is NOT a potential indicator that your device may be under a malicious code attack?

A notification for a system update that has been publicized

When is the safest time to post on social media about your vacation plans?

After the trip.

You receive an email with a link to update software on a government laptop. What should you do if the IT department hasn't done this before nor announced it?

Report the email to your security POC or help desk.

After a classified document is leaked online and makes headlines, which of the following is true?

You should still treat it as classified even though it has been compromised.

Where are you permitted to use classified materials?

Only in areas with security appropriate to the classification level.

Which of the following is a risk associated with removable media?

All of these

Which of the following is a best practice for physical security?

Use your own security badge or key code for facility access.

Which of the following is a best practice to protect your identity?

Order a credit report annually.

Which of the following is NOT an appropriate use of your Common Access Card (CAC)?

Using it as photo identification with a commercial entity

How should government-owned removable media be stored?

In GSA approved safe with appropriate classification level.

Which of the following is an allowed use of government-furnished equipment?

Checking personal email if organization allows it.

Which of the following is true of Controlled Unclassified Information?

It must be handled using safeguarding or dissemination controls.

How can you protect your home computer?

Turn on the password feature.

Which of the following is an appropriate use of government email?

Using a digital signature when sending attachments.

Which of the following is true of working within a sensitive compartmented information facility (SCIF)?

A designated individual is responsible for securing the entrance and exit points.

Which of the following is true of spillage?

It can be either inadvertent or intentional.

What is the best course of action if you receive a text message from a package shipper saying delivery is delayed and you are not expecting a package?

Delete the message.

Which of the following personally owned peripherals can you use with government-furnished equipment?

Keyboard and USB hub

Study Notes

Personally Identifiable Information (PII)

• Automobile make and model is NOT considered PII when not linked to an individual.

URL Safety

• Mitigate risks of compressed URLs by using the preview function to view the destination before clicking.

Insider Threat Program

• The primary aim is to Deter, Detect, and Mitigate insider-related risks.

Document Sharing

• For sharing documents, encrypt and send them digitally for security.

Mobile Device Security Practices

• Disabling automatic screen locking after inactivity is NOT a recommended practice.

Malicious Code Indicators

• A publicized system update notification is NOT a credible indicator of a malicious attack.

Social Media Safety

• Safest to post vacation plans on social media after returning from the trip.

Suspicious Emails

• Report unsolicited emails about software updates to your security point of contact or help desk when lacking proper authentication.

Classified Document Handling

• Leaked classified documents should still be treated as classified despite their exposure.

Classified Materials Usage

• Classified materials should only be used in secure areas suitable for their classification level.

Risks of Removable Media

• Risks associated with removable media include various security vulnerabilities.

Physical Security Best Practices

• Always use your own security badge or key code for facility access.

Identity Protection

• Protect identity by ordering a credit report annually.

Common Access Card (CAC) Usage

• Using your CAC as photo identification with commercial entities is NOT appropriate.

Controlled Unclassified Information (CUI)

• CUI must be handled with specific safeguarding or dissemination controls.

Home Computer Protection

• Enable the password feature on your home computer for better security.

Government Email Usage

• When using government email, attach a digital signature for verifying messages.

Sensitive Compartmented Information Facility (SCIF)

• A designated person is responsible for securing entrance and exit points in a SCIF.

Spillage Definition

• Spillage can occur unintentionally or intentionally, indicating security breaches.

Phishing Alert

• If you receive unexpected text about a delayed package, the best action is to delete the message.

Use of Personal Peripherals

• Keyboard and USB hub are acceptable personal peripherals to use with government-furnished equipment.

Description

Test your knowledge on key information security practices such as handling Personally Identifiable Information (PII), recognizing suspicious emails, and securing document sharing. This quiz covers various aspects of mobile device security, insider threats, and social media safety. Improve your understanding to better protect yourself and your organization from potential risks.