permitted uses of government furnished equipment
Correct. **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? Correct. Call your security point of contact immediately. In return, the funding Authority obtains a set of rights to use the delivered technical information and associated intellectual property for specified purposes. See the table below for guidance. How many insider threat indicators does Alex demonstrate? *Sensitive Information What type of unclassified material should always be marked with a special handling caveat? *Sensitive Compartmented Information When should documents be marked within a Sensitive Compartmented Information Facility (SCIF). You should remove and take your CAC/PIV card whenever you leave your workstation. Lionel stops an individual in his secure area who is not wearing a badge. What should Sara do when using publicly available Internet, such as hotel Wi-Fi? A trusted friend in your social network posts a link to vaccine information on a website unknown to you. Then select Save. Then select Submit. Which of the following is true of telework? Not correct Which of the following best describes a way to safely transmit Controlled Unclassified Information (CUI)? Avoid talking about work outside of the workplace or with people without need-to-know. Its a condition of the contract that, as certain work must be justified ethically as well as scientifically, we reserve the right to terminate the work with immediate effect if you dont gain the relevant approval. Compute The Average Kids Per Family. What level of damage to national security can you reasonably expect Top Secret information to cause if disclosed? a. After being diagnosed with pyrophobia, the client states, "I believe this started at the age of 7 when I was trapped in a house fire." If your organization allows it. Report the suspicious behavior in accordance with their organizations insider threat policy. Here you can find answers to the DoD Cyber Awareness Challenge. After you have returned home following the vacation. Which scenario might indicate a reportable insider threat? They can be part of a distributed denial-of-service (DDoS) attack. Which of the following is an example of Protected Health Information (PHI)? Dont include personal or financial information like your National Insurance number or credit card details. Attempting to access sensitive information without need-to-know. What can be used to track Marias web browsing habits? Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed. (Travel) Which of the following is a concern when using your Government-issued laptop in public? Store it in a GSA approved vault or container. What should you do to protect classified data? Submission Service reopen dates published. _I`vm `V k\Up k[t]I*+oDa,~v0j:g5wVoLQ:@n-62.Sm-"z.Z~-C-K8Yt_@}aVa{]ppwB6#fR4,r\+ l-sZO15 You find information that you know to be classified on the Internet. Which of the following is a best practice to protect information about you and your organization on social networking sites and applications? What is the total manufacturing cost assigned to Job 413? Throughout the life of any contract you must notify us in writing if you intend to change or add additional research workers. Which of the following personally-owned computer peripherals is permitted for use with Government-furnished equipment? IncreasDecreaseNormalBalanceBalancesheetaccounts:AssetDebitLiabilityDebitStockholdersEquity:CapitalStockCreditRetainedEarningsCreditDividendsCreditCreditIncomestatementaccounts:RevenueCreditExpense(l)CreditDebit\begin{array}{lcc} Illegally downloading copyrighted material - No Dont worry we wont send you spam or share your email address with anyone. The Contractor shall use Standard Form 1428 for Inventory Disposal. Only when there is no other charger available. Exit. Which of the following is NOT a potential insider threat? You check your bank statement and see several debits you did not authorize. (Malicious Code) A coworker has asked if you want to download a programmers game to play at work. Do not forward, read further, or manipulate the file; Do not give out computer or network information, Do not follow instructions from unverified personnel. Which of the following is a proper way to secure your CAC/PIV? It is created or received by a healthcare provider, health plan, or employer. News stories, speeches, letters and notices, Reports, analysis and official statistics, Data, Freedom of Information releases and corporate reports. Avoid inserting removable media with unknown content into your computer. What should the employee do differently? Limited Rights Versions contain both Foreground Information and Background Information, the latter being information not generated under the work we contract with you e.g. (Sensitive Information) What should you do if a commercial entity, such as a hotel reception desk, asks to make a photocopy of your Common Access Card (CAC) for proof of Federal Government employment? Intellectual Property in the ISC is in most cases managed according to the MOD standard intellectual property contract condition for fully funded research contracts DEFCON 705. Which of the following is true of Security Classification Guides? (Malicious Code) Which email attachments are generally SAFE to open? Use the classified network for all work, including unclassified work. **Social Networking Which of the following statements is true? Sensitive information may be stored on any password-protected system. Government-owned PEDs when expressly authorized by your agency. Which of the following is an example of a strong password? Malicious Code (Prevalence): Which of the following is an example of malicious code? You must have permission from your organization. NOT permitted uses of government-furnished equip (GFE) for: Viewing or downloading p*rn*graphy. Note the websites URL and report the situation to your security point of contact. The email provides a website and a toll-free number where you can make payment. A coworker brings a personal electronic device into prohibited areas. You know this project is classified. lock Mobile Devices (Incident): Which of the following demonstrates proper protection of mobile devices? Adversaries exploit social networking sites to disseminate fake news Correct. DASA reserves the right to disclose on a confidential basis any information it receives from you during the procurement process to any third party engaged by DASA for the specific purpose of evaluating or assisting DASA in the evaluation of your proposal. Status, photos, and posts - Friends Only GFE is normally specified in a Request for Proposal (RFP) or contract. Only use Government-furnished or Government-approved equipment to process CUI, including PII. **Insider Threat What is an insider threat? CPCON 1 (Very High: Critical Functions) It is often the default but can be prevented by disabling the location function. Search for instructions on how to preview where the link actually leads. a. A coworker has asked if you want to download a programmers game to play at work. The container prevents malware, intruders, system resources or other applications from interacting with the . the act of publicly documenting and sharing information is called. Which of the following demonstrates proper protection of mobile devices? You can propose an interim payment plan, which must be supported by a detailed expenditure profile showing projected monthly expenditure figures. Which of the following demonstrates proper protection of mobile devices? How many potential insider threat indicators does this employee display? Since the URL does not start with https, do not provide you credit card information. Removable Media in a SCIF (Evidence): What portable electronic devices (PEDs) are permitted in a SCIF? Follow procedures for transferring data to and from outside agency and non-government networks. NOT permitted uses of government-furnished equip (GFE) -viewing or downloading pornography -conducting a private gambling online -using unauthorized software -illegal downloading copyrighted materials -making unauthorized configuration changes When is it okay to charge a personal mobile device using government-furnished equipment (GFE) (Spillage) When is the safest time to post details of your vacation activities on your social networking website? Remove security badge as you enter a restaurant or retail establishment. The DoD requires use of two-factor authentication for access. The following practices help prevent viruses and the downloading of malicious code except. Verified answer. Which designation marks information that does not have potential to damage national security? What should be your response? Taking classified documents from your workspace. **Social Engineering Which is a best practice that can prevent viruses and other malicious code from being downloaded when checking your e-mail? Controlled unclassified information. Which of the following statements is true? Decline to let the person in and redirect her to security c. Let the person in but escort her back t her workstation and verify her badge. 1304). Incident #2 Which of the following is true of downloading apps? You are reviewing your employees annual self evaluation. Exposure to malware. Building 5 When is it okay to charge a personal mobile device using government-furnished equipment (GFE)? Sanitized information gathered from personnel records. **Social Networking What should you do if you receive a game application request that includes permission to access your friends, profile information, cookies, and sires visited? Which of the following is true of protecting classified data? What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF? Correct. th Xe>_ **Identity Management Which of the following is the nest description of two-factor authentication? **Classified Data When classified data is not in use, how can you protect it? What is a way to prevent the download of viruses and other malicious code when checking your e-mail? **Social Engineering Which of the following is a way to protect against social engineering? Which of the following statements is TRUE about the use of DoD Public Key Infrastructure (PKI) tokens? Dont allow other access or to piggyback into secure areas. Which of the following may help to prevent spillage? Security updates are ready to install. Classified material must be appropriately marked b. What level of damage to national security can you reasonably expect Top secret information to cause if disclosed? Best wishes Well use the email address that you used to create your account and the telephone number in your profile to contact you. Use only personal contact information when establishing personal social networking accounts, never use Government contact information. What is a security best practice to employ on your home computer? All government-owned PEDs c. Only expressly authorized government-owned PEDs. What information most likely presents a security risk on your personal social networking profile? *Sensitive Information Which of the following is the best example of Personally Identifiable Information (PII)? Never allow sensitive data on non-Government-issued mobile devices. What is considered ethical use of the Government email system? The contractors inability or unwillingness to supply its own resources is not a sufficient reason for the furnishing or acquisition of property. Controlled Unclassified Information: (Victim) Select the information on the data sheet that is protected health information (PHI). What actions should you take prior to leaving the work environment and going to lunch? Use the classified network for all work, including unclassified work. If you participate in or condone it at any time. How can you protect yourself on social networking sites? A colleague asks to leave a report containing protected health information (PHI) on his desk overnight so he can continue working on it the next day. **Classified Data How should you protect a printed classified document when it is not in use? Which of the following is an example of two-factor authentication? *Spillage What should you do when you are working on an unclassified system and receive an email with a classified attachment? Which piece of information is safest to include on your social media profile? Correct. Use of GFE (Incident): Permitted Uses of Government-Furnished Equipment (GFE) A No to all: Viewing or downloading pornography, gambling online, conducting a private money-making venture, using unauthorized software, Illegally downloading copyrighted material, making unauthorized configuration changes. It is releasable to the public without clearance. Others may be able to view your screen. These are tangible items that the Contractor must manage and account for. If classified information were released, which classification level would result in Exceptionally grave damage to national security? When considering Government contracts, there are two approaches that are used for providing the equipment necessary to execute the contract. (Malicious Code) While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. Birthday - Friends Only Which of the following is an example of malicious code? \text{Asset}&&&\text{Debit}\\ You can email your employees information to yourself so you can work on it this weekend and go home now. Report the crime to local law enforcement. It will take only 2 minutes to fill in. requirements to access classified information. Physical Security: (Incident #2): What should the employee do differently? You must have your organizations permission to telework. Government Furnished Equipment (GFE) (FAR Part 45) is equipment that is owned by the government and delivered to or made available to a contractor. be wary of suspicious e-mails that use your name and/or appear to come from inside your organization. Instruction Memorandum No. . Reasons for this decision can be related to standardization, economy, production, or other circumstances. Hes on the clock after all! Which of the following information is a security risk when posted publicly on your social networking profile? Memory sticks, flash drives, or external hard drives. Only use Government-furnished or Government-approved equipment to process PII. business math. Select the information on the data sheet that is personally identifiable information (PII). DASA will examine the legal status of organisations prior to placement of any contract. Using NIPRNet tokens on systems of higher classification level. CPCON 4 (Low: All Functions) Which is an appropriate use of government e-mail? Disclaimer: AcqNotes is not an official Department of Defense (DoD), Air Force, Navy, or Army website. **Insider Threat What type of activity or behavior should be reported as a potential insider threat? Which of the following is not considered a potential insider threat indicator? How should you secure your home wireless network for teleworking? Government Furnished Equipment (GFE) is the generic term for materiel loaned to a contractor. Which of the following makes Alexs personal information vulnerable to attacks by identity thieves? What certificates are contained on the Common Access Card (CAC)? Spillage: Which of the following does NOT constitute spillage?a. How can you protect your information when using wireless technology? Which of the following may help to prevent inadvertent spillage? Individuals must avoid referencing derivatively classified reports classified higher than the recipient.??? Victim what should you do? Did you earn a Cyber Security Awareness Challenge 2018 Certificate of Completion? c. Do not access website links in e-mail messages. \hline Which of the following is an example of a strong password? *Malicious Code After visiting a website on your Government device, a popup appears on your screen. We thoroughly check each answer to a question to provide you with the most correct answers. E-mailing your co-workers to let them know you are taking a sick day. Which of the following is a security best practice when using social networking sites? Which of the following is NOT true concerning a computer labeled SECRET? Which of the following is NOT a correct way to protect sensitive information? Which of the following is NOT a requirement for telework? Under the terms of DEFCON 705 any intellectual property generated under the contract belongs to the contractor. Digitally signed e-mails are more secure. What should you do? Lionel stops an individual in his secure area who is not wearing a badge. HTMk0(XlB[[CxBIQv ,h{K{:2I!ILaTh}|?~54C&F. Controlled Unclassified Information: (Incident) Which of the following is NOT a correct way to protect CUI? ) A man you do not know is trying to look at your Government-issued phone and has asked to use it. Use of Government Furnished Equipment (GFE) During Foreign Travel. Which Cyber Protection Condition (CPCON) establishes a protection priority focus on critical functions only? <> Use TinyURLs preview feature to investigate where the link leads. An official website of the United States government How should you respond? Position your monitor so that it is not facing others or easily observed by others when in use Correct. You receive an email from a company you have an account with. c. This is never okay. Retrieve classified documents promptly from printers. CUI may be stored only on authorized systems or approved devices. or How should you securely transport company information on a removable media? Use personally-owned wired headsets and microphones only in designated areas, New interest in learning a foreign language. What security device is used in email to verify the identity of sender? 0 ~All documents should be appropriately marked, regardless of format, sensitivity, or classification. Let us know if this was helpful. Maybe. Making unauthorized configuration changes. Select the information on the data sheet that is personally identifiable information (PII) but not protected health information (PHI). They can become an attack vector to other devices on your home network. Verify the identity of all individuals.??? information generated under previous private venture funding. (Spillage) What is required for an individual to access classified data? %PDF-1.7 Remove your security badge after leaving your controlled area or office building. (Malicious Code) What are some examples of removable media? Only expressly authorized government-owned PEDs. 7500 Security Boulevard, Baltimore, MD 21244, Use of Government Furnished Equipment (GFE) During Foreign Travel, An official website of the United States government, Back to Information Security and Privacy Library. Contact the IRS using their publicly available, official contact information. Consider the various information sources listed previously in developing your answer. How should you protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card? - Updated Terms and conditions. 3 0 obj Photos and videos you are in - Friends Only only connect government-owned PEDs to the same level classification information system when authorized. c. Classified information that is intentionally moved to a lower protection level without authorization. If authorized, what can be done on a work computer? Use the classified network for all work, including unclassified work. Which of the following is NOT sensitive information? The job cost sheet for Job 413 shows that $12,000 in direct materials has been used on the job and that$8,000 in direct labor cost has been incurred. For Government-owned devices, use approved and authorized applications only. What are the requirements to be granted access to sensitive compartmented information (SCI)? What action should you take? Insider threat: (Ellens statement) How many insider threat indicators does Alex demonstrate? A colleague is playful and charming, consistently wins performance awards, and is occasionally aggressive in trying to access classified information. How are Trojan horses, worms, and malicious scripts spread? When is it appropriate to have your security badge visible? *Sensitive Information Which of the following is an example of Protected Health Information (PHI)? Ensure there are no identifiable landmarks visible in any photos taken in a work setting that you post. a colleague removes sensitive information without seeking authorization in order to perform authorized telework. The ISC is a short set of terms and conditions that have been created specifically for the provision of innovative requirements. Top Secret information could be expected to cause exceptionally grave damage to national security of disclosed. Which may be a security issue with compressed urls? Name and profile picture - Any Read more about MOD ethical approval and other regulations which may affect your work. After clicking on a link on a website, a box pops up and asks if you want to run an application. What should be done to protect against insider threats? How many insider threat indicators does Alex demonstrate? Army OPSEC level 1 (Newcomers & Refresher) 29 terms. You must provide details to us of any related public announcement for review prior to release. It may be compromised as soon as you exit the plane. GFAE: Government-Furnished Aeronautical Equipment. CUI must be handled using safeguarding or dissemination controls. 1082 0 obj <>/Filter/FlateDecode/ID[<6D11769074A68B4F9710B6CBF53B0C2B>]/Index[1068 34]/Info 1067 0 R/Length 76/Prev 82724/Root 1069 0 R/Size 1102/Type/XRef/W[1 2 1]>>stream Someone who uses authorized access, wittingly or unwittingly, to harm national security through unauthorized disclosure or other actions that may cause the loss or degradation of resources or capabilities. Use only personal contact information when establishing your personal account. endstream endobj 1072 0 obj <>stream Nothing. \text{Stockholders' Equity:}&&&\\ Security Classification Guides (SCGs).??? Remove and take it with you whenever you leave your workstation. How many potential insiders threat indicators does this employee display? This is always okay. What is the best way to protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card? Based on the description that follows how many potential insider threat indicators are displayed? In your proposal to us, you must describe the deliverables from your project; in other words, what will be produced and delivered as a result of the project. Understanding and using the available privacy settings. Only expressly authorized government-owned PEDs. not correct The watermark names the person who will assess the proposal, along with the date and time it was downloaded. Keep an eye on his behavior to see if it escalates c. Set up a situation to establish concrete proof that Alex is taking classified information. The guidance below will help you to understand who can apply for funding, the sort of projects the Defence and Security Accelerator (DASA) funds, and the terms and conditions of DASA contracts. Information should be secured in a cabinet or container while not in use. We will make payment in accordance with the terms of the relevant contract. We reserve the right to exclude a supplier whos been convicted of any of the offences or misconduct listed in the statement relating to good standing that will be sent to you if youre successful under a DASA competition. A vendor conducting a pilot program with your organization contacts you for organizational data to use in a prototype. (Malicious Code) Which of the following is true of Internet hoaxes? (Mobile Devices) When can you use removable media on a Government system? Which of the following is true of Unclassified information? (Answer) CPCON 2 (High: Critical and Essential Functions) CPCON 1 (Very High: Critical Functions) CPCON 3 (Medium: Critical, Essential, and Support Functions) CPCON 4 (Low: All Functions) CPCON 5 (Very Low: All Functions).
