Which of the following is NOT an appropriate way to protect against inadvertent spillage? For proposals that we fund, in accordance with the Governments Transparency Agenda, we are required to publish information in respect of Contract documents, comprising: In addition to the above, for proposals that we fund we will publish on DASA website your organisation name and type; DASA reference (ACCxxxxxx) and project title; and contract value. Which of the following is a security best practice for protecting Personally Identifiable Information (PII)? Call your security point of contact immediately. You know that this project is classified. - Updated ISC Schedule, Innovation Standard Contract Limit of Liability change - new version attached. We thoroughly check each answer to a question to provide you with the most correct answers. If classified information were released, which classification level would result in Exceptionally grave damage to national security? **Mobile Devices What can help to protect the data on your personal mobile device? Adversaries exploit social networking sites to disseminate fake news Correct. Within a secure area, you see an individual you do not know. *Spillage .What should you do if a reporter asks you about potentially classified information on the web? Insiders are given a level of trust and have authorized access to Government information systems. How can you protect yourself from social engineering? It is your responsibility as an employee to protect and conserve Government-owned or -leased property and vehicles and to use them only for authorized purposes. Any additions will be mutually agreed with you before a contract is awarded. When is the best time to post details of your vacation activities on your social networking website? Memory sticks, flash drives, or external hard drives. Power off any mobile devices when entering a secure area. Well send you a link to a feedback form. Which of these is true of unclassified data? (Malicious Code) What is a good practice to protect data on your home wireless systems? As detailed in the ISC, you must mark your deliverables in accordance with the document marking scheme detailed therein. Classified information that should be unclassified and is downgraded. You should only accept cookies from reputable, trusted websites. Store it in a locked desk drawer after working hours. You receive an inquiry from a reporter about government information not cleared for public release. SP4 0JQ, Urgent DASA enquiries - Telephone +44 (0)1980 950000 option 3 (open 09:00am 12:00pm Monday-Friday), In the section 'What DASA does not fund' the 'Innovation Outline' has been replaced with the 'Contact DASA Form'. How many potential insiders threat indicators does this employee display. a. HDMI or DisplayPort may be used if VGA and DVI are unavailable. A Common Access Card and Personal Identification Number. Which of the following is NOT an example of sensitive information? Instruction Memorandum No. Refer the reporter to your organizations public affairs office. Incident It contains certificates for identification, encryption, and digital signature. a. (Malicious Code) Which email attachments are generally SAFE to open? What is required for an individual to access classified data? *Malicious Code After visiting a website on your Government device, a popup appears on your screen. Which of the following is NOT a security best practice when saving cookies to a hard drive? Transmit classified information via fax machine only Not correct We use a number of safeguards to protect the information you provide to us in your proposals, whilst allowing proper scrutiny of your submissions by our expert assessors, facilitating effective collaboration, and achieving appropriate transparency of how public money is being spent. You must have your organizations permission to telework c. You may use unauthorized software as long as your computers antivirus software is up to date. Which of the following is a good practice to protect classified information? Report the suspicious behavior in accordance with their organizations insider threat policy b. Only documents that are classified Secret, Top Secret, or SCI require marking. GU,}+ A smartphone that transmits credit card payment information when held in proximity to a credit card reader. Which of the following statements is true of cookies? Name and profile picture - Any **Social Engineering What action should you take with an e-mail from a friend containing a compressed Uniform Resource Locator (URL)? In which situation below are you permitted to use your PKI token? Press release data c. Financial information. Classified information that should be unclassified and is downgraded. Use the government email system so you can encrypt the information and open the email on your government issued laptop. Ensure there are no identifiable landmarks visible in any photos taken in a work setting that you post. What action is recommended when somebody calls you to inquire about your work environment or specific account information? A colleague often makes others uneasy with her persistent efforts to obtain information about classified project where she has no need-to-know, is vocal about her husband overspending on credit cards, and complains about anxiety and exhaustion. Making unauthorized configuration changes. Use of GFE (Incident): Permitted Uses of Government-Furnished Equipment (GFE) A No to all: Viewing or downloading pornography, gambling online, conducting a private money-making venture, using unauthorized software, Illegally downloading copyrighted material, making unauthorized configuration changes. Which of the following definitions is true about disclosure of confidential information? c. Nothing. What certificates are contained on the DoD Public Key Infrastructure (PKI) implemented by the Common Access Card (CAC)/Personal Identity Verification (PIV) card? **Social Engineering How can you protect yourself from internet hoaxes? Which scenario might indicate a reportable insider threat? *Classified Data Which of the following is true of protecting classified data? endstream endobj startxref Y"{+lr)v&e]8OMoUBgT+E G +$f}'@$c(QxE'{=Q[M{Qdf7N*1^1zyti#;@_r+~>(.D$!yn@L3pgA0#Dk(-]+utfoZaF0gyz=l%Ec\'"]e:7i/-L(*#Nw%r0I3Km@ P@Ya5 $ .nlPE*k8]xkh0D!_/~CyVIS In setting up your personal social networking service account, what email address should you use? Which of the following is true of Protected Health Information (PHI)? Porton Down Which of the following is true of the Common Access Card (CAC)? What should be your response? You are logged on to your unclassified computer and just received an encrypted email from a co-worker. Someone who uses authorized access, wittingly or unwittingly, to harm national security through unauthorized disclosure or other actions that may cause the loss or degradation of resources or capabilities. Malicious code can do the following except? General Services Administration (GSA) approval. Sensitive information may be stored on any password-protected system. It may be compromised as soon as you exit the plane. Dont allow other access or to piggyback into secure areas. GFAE: Government-Furnished Aeronautical Equipment. Social Security Number, date and place of birth, mothers maiden name. It may prohibit the use of a virtual private network (VPN). Ensure there are no identifiable landmarks visible in any photos taken in a work setting that you post. Which of the following is an example of a strong password? **Removable Media in a SCIF What portable electronic devices (PEDs) are allowed in a Sensitive Compartmented Information Facility (SCIF)? What should the participants in this conversation involving SCI do differently? Which of the following is an example of removable media? Sensitive information may be stored on any password-protected system. Serious damage c. Exceptionally grave damage. Store classified data appropriately in a GSA-approved vault/container. What is the best way to protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card? CUI must be handled using safeguarding or dissemination controls. Home Computer Security (Evidence): Update Status: Install or Remind me later, Home Computer Security (Evidence): Firewall Status: Enable or Keep Disabled, Home Computer Security (Evidence): Virus Alert! sensitive but unclassified. Use personal information to help create strong passwords. Ask for information about the website, including the URL. GFE is normally specified in a Request for Proposal (RFP) or contract. Verified answer. Which of the following is true of downloading apps? Expires: 09/30/2023. Senior government personnel, military or civilian. **Identity Management Your DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approved for access to the NIPRNet. A coworker has asked if you want to download a programmers game to play at work. **Classified Data Which of the following is true of protecting classified data? What actions should you take prior to leaving the work environment and going to lunch? Did you earn a Cyber Security Awareness Challenge 2018 Certificate of Completion? The billing and coding information in this article is dependent on the coverage indications, limitations and/or medical necessity described in the associated LCD L35490 Category III Codes with the exception of the following CPT codes: 2021 CPT/HCPCS Annual code update: 0295T, 0296T, 0297T, and 0298T deleted. Always use DoD PKI tokens within their designated classification level. What should be your response? Which of the following is NOT a criterion used to grant an individual access to classified data? (Sensitive Information) What certificates are contained on the Common Access Card (CAC)? 1) Unusual interest in classified information. All open opportunities are listed on the Apply for Funding page. How do you respond? Security Classification Guides. Photos and videos you are in - Friends Only, Controlled Unclassified Information: (Incident) Which of the following is NOT an example of CUI? (Travel) Which of the following is a concern when using your Government-issued laptop in public? What is a rule for removable media, other portable electronic devices (PEDs), and mobile computing devices to protect Government systems? (Sensitive Compartmented Information) What describes how Sensitive Compartmented Information is marked? Follow procedures for transferring data to and from outside agency and non-Government networks. What is the unit product cost for Job 413? Following instructions from verified personnel. It contains certificates for identification, encryption, and digital signature. Store it in a shielded sleeve to avoid chip cloning. How can you protect yourself from social engineering? &\textbf{Increas}&\textbf{Decrease}&\textbf{Normal Balance}\\ Removable Media in a SCIF (Evidence): What portable electronic devices (PEDs) are permitted in a SCIF? What is the total manufacturing cost assigned to Job 413? Your DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approves for access to the NIPRNET. Ask the individual to see an identification badge. Describe the major components of the strategic management process. We also use cookies set by other sites to help us deliver content from their services. Where you specify in your proposal Limited Rights versions of deliverables, you must also specify whether the relevant Background Information has been previously generated under contract using MOD funding. Malicious Code (Spread): How can you avoid downloading malicious code: a. Which Cyber Protection Condition (CPCON) establishes a protection priority focus on critical functions only? Security updates are ready to install. **Insider Threat Which of the following is NOT considered a potential insider threat indicator? Remove and take it with you whenever you leave your workstation. Insider threat: (Marks statement): What should Alexs colleagues do? CUI may be stored on any password-protected system. Original Classification AuthorityC. Contracting officers shall provide property to contractors only when it is clearly demonstrated: That the overall benefit to the acquisition significantly outweighs the increased cost of administration, including ultimate property disposal; That providing the property does not substantially increase the Governments assumption of risk; and. Using webmail may bypass built in security features. Which of the following should you NOT do if you find classified information on the internet? What information sources do you think students on your campus use when acquiring dress clothes? The website requires a credit card for registration. Individuals must avoid referencing derivatively classified reports classified higher than the recipient.??? *Spillage Which of the following actions is appropriate after finding classified information on the Internet? Is it okay to run it? Confirm the individuals need-to-know and access. The guidance below will help you to understand who can apply for funding, the sort of projects the Defence and Security Accelerator (DASA) funds, and the terms and conditions of DASA contracts. Which of the following is an example of malicious code? How Do I Answer The CISSP Exam Questions? NOT permitted uses of government-furnished equip (GFE) for: Viewing or downloading p*rn*graphy. Balancesheetaccounts:AssetLiabilityStockholdersEquity:CapitalStockRetainedEarningsDividendsIncomestatementaccounts:RevenueExpenseIncreasCreditCredit(l)DecreaseDebitCreditCreditNormalBalanceDebitCreditCreditDebit. Turn on automatic downloading b. b. a. *Spillage Which of the following may help prevent inadvertent spillage? Decline to let the person in and redirect her to security c. Let the person in but escort her back t her workstation and verify her badge. **Mobile Devices Which of the following helps protect data on your personal mobile devices? See the table below for guidance. (controlled unclassified information) Which of the following is NOT correct way to protect CUI? **Social Engineering Which is a best practice that can prevent viruses and other malicious code from being downloaded when checking your e-mail? **Physical Security What is a good practice for physical security? Information should be secured in a cabinet or container while not in use. Note the websites URL and report the situation to your security point of contact. Software that installs itself without the users knowledge. DASA generally does not fund the following unless explicitly stated in the competition document. Subject: Government Furnished Equipment for Telework and Remote Employees. only connect government-owned PEDs to the same level classification information system when authorized. Linda encrypts all of the sensitive data on her government-issued mobile devices. Which of the following is true of the Common Access Card (CAC) or Personal Identity Verification (PIV) card? DASA reserves the right to disclose on a confidential basis any information it receives from you during the procurement process to any third party engaged by DASA for the specific purpose of evaluating or assisting DASA in the evaluation of your proposal. Government furnished or purchased equipment or services provided to employees as the result of approved reasonable accommodation requests. *Spillage What is a proper response if spillage occurs? What certificates are contained on the Common Access Card (CAC)? Based on the description that follows how many potential insider threat indicators are displayed? or Which of the following is NOT a best practice to protect data on your mobile computing device? Which of the following should be reported as a potential security incident (in accordance with your Agencys insider threat policy)? The ISC is a short set of terms and conditions that have been created specifically for the provision of innovative requirements. (Identity Management) What certificates are contained on the Common Access Card (CAC)? They can become an attack vector to other devices on your home network. After a contract has been awarded, all queries should be directed to the named points of contact detailed in the contract documentation. Maintain possession of your laptop and other government-furnished equipment (GFE) at all times. ;A- fKpe'xfX@na=lzt Qh|(j@SYG}~1BY/6:{HqMvD` KNZ/)t\+b*"gO1s not correct What should you do if a reporter asks you about potentially classified information on the web? What level of damage to national security can you reasonably expect Top Secret information to cause if disclosed? **Social Networking Which of the following is a security best practice when using social networking sites? **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? Skip the coffee break and remain at his workstation. Which is an appropriate use of government e-mail? Avoid attending professional conferences. What is the best response if you find classified government data on the internet? A colleague enjoys playing video games online, regularly use social media, and frequently forgets to secure her smartphone elsewhere before entering areas where it is prohibited. *Sensitive Compartmented Information What must the dissemination of information regarding intelligence sources, methods, or activities follow? not correct. Found a mistake? .gov Incident #2 *Sensitive Information What type of unclassified material should always be marked with a special handling caveat? Write your password down on a device that only you access. A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. c. Allowing hackers access. Which is a best practice that can prevent viruses and other malicious code from being downloaded when checking your e-mail? Under what circumstances is it acceptable to check personal email on Government-furnished equipment (GFE)? Checking personal e-mail when allowed by your organization. Only use Government-furnished or Government-approved equipment to process CUI, including PII. Never write down the PIN for your CAC. Correct. \text{Asset}&&&\text{Debit}\\ Select the information on the data sheet that is personally identifiable information (PII). *Spillage You find information that you know to be classified on the Internet. c. Be aware of classified markings and all handling caveats. **Social Networking What should you do if you receive a game application request that includes permission to access your friends, profile information, cookies, and sites visited? Which of the following is a practice that helps to protect you from identity theft? Government furnished property is a bit of an umbrella term. **Classified Data What is required for an individual to access classified data? Government Furnished Equipment (GFE) ( FAR Part 45) is equipment that is owned by the government and delivered to or made available to a contractor. When your vacation is over, and you have returned home. **Classified Data Which of the following is true of telework? A colleague removes sensitive information without seeking authorization in order to perform authorized telework. Controlled unclassified information. After work hours, storing sensitive information in unlocked containers, desks, or cabinets if security is not present. Appropriate clearance; signed and approved non-disclosure agreement; and need-to-know. Do not access website links in e-mail messages. Correct. Incident How can you protect yourself on social networking sites? All government-owned PEDs c. Only expressly authorized government-owned PEDs. Then select Save. Classified Information can only be accessed by individuals with. View email in plain text and dont view email in Preview Pane. Storage devices (e.g., USB memory sticks, hard drives, etc.) Only use Government-approved equipment to process PII. correct. \text{Income statement accounts:}&&&\\ SSN, date and place of birth, mothers maiden name, biometric records, PHI, passport number, Subset of PII, health information that identifies the individual, relates to physical or mental health of an individual, provision of health care to an individual, or payment of healthcare for individual. Validate friend requests through another source before confirming them. wR7 l. Linda encrypts all of the sensitive data on her government-issued mobile devices. The Town and Country Planning (Use Classes) Order 1987 ( as amended) puts uses of land and buildings into various categories known as 'Use Classes' which are detailed below. How can you guard yourself against Identity theft? Would you like to enable the firewall? x[s~8Rr^/CZl6U)%q3~@v:=dM Correct. **Social Networking Which of the following statements is true? When checking in at the airline counter for a business trip Decline so that you maintain physical contact of your Government-issued laptop. What information relates to the physical or mental health of an individual? Which of the following is NOT a correct way to protect CUI? A coworker uses a personal electronic device in a secure area where their use is prohibited. b. An investment in knowledge pays the best interest.. What information posted publicly on your personal social networking profile represents a security risk? !qB I }h\;3. 6ggq~|:s]kZ]G QXW+"?REz0@z:Zg3>xCi3/Jr[/e,jVIW~7"{?Q3 The equipment can be Contractor-Furnished Equipment (CFE) or GFE. Lock your device screen when not in use and require a password to reactivate. Someone calls from an unknown number and says they are from IT and need some information about your computer. Implement Wi-Fi Protected Access 2 (WPA2) Personal encryption at a minimum. Attachments contained in a digitally signed email from someone known. Website Use (Incident): Select all security issues. Which of the following is true of Internet of Things (IoT) devices? The popup asks if you want to run an application. Press release data. a. DASA uses the Innovation Standard Contract DASA Open Call Terms and Conditions July 2022 (PDF, 381 KB, 23 pages) (ISC). Incident Examples are: Patient names, Social Security numbers, Drivers license numbers, insurance details, and birth dates. You receive a call on your work phone and youre asked to participate in a phone survey. information generated under previous private venture funding. Removable Media in a SCIF (Incident): What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF? NB0A 3v(Raz-i*%d^pO0!L'$u(qly/;rg((ob {|Y_1z^oh&d;uE[;W5I_ "j Further guidance included in "What DASA does not fund" section. You can propose an interim payment plan, which must be supported by a detailed expenditure profile showing projected monthly expenditure figures. What should you do? Which of the following is a good practice to prevent spillage? If authorized, what can be done on a work computer? What is the basis for handling and storage of classified data? **Home Computer Security How can you protect your information when using wireless technology? Correct. A headset with a microphone through a Universal Serial Bus (USB) port. https:// They may wittingly or unwittingly use their authorized access to perform actions that result in the loss or degradation of resources or capabilities. Lionel stops an individual in his secure area who is not wearing a badge. How many potential insider threat indicators does this employee display? **Use of GFE What is a critical consideration on using cloud-based file sharing and storage applications on your Government-furnished equipment (GFE)? Spillage: Which of the following does NOT constitute spillage?a. You believe that you are a victim of identity theft. You can apply for funding via a themed competition or the Open Call for Innovation. **Insider Threat What function do Insider Threat Programs aim to fulfill? t { Which of the following is an example of two-factor authentication? What level of damage can the unauthorized disclosure of information classified as confidential reasonably be expected to cause? You must have your organizations permission to telework. What action should you take? A colleague abruptly becomes hostile and unpleasant after previously enjoying positive working relationships with peers, purchases an unusually expensive new car, and has unexplained absences from work. Which of the following practices may reduce your appeal as a target for adversaries seeking to exploit your insider status? What is a best practice to protect data on your mobile computing device? English is the official language for all communication between bidders, DASA and in all parts of DASA proposals. Paul verifies that the information is CUI, includes a CUI marking in the subject header, and digitally signs an e-mail containing CUI. How can you protect data on your mobile computing and portable electronic devices (PEDs)? Which of the following is NOT considered sensitive information? 0 (controlled unclassified information) Which of the following is NOT an example of CUI? _I`vm `V k\Up k[t]I*+oDa,~v0j:g5wVoLQ:@n-62.Sm-"z.Z~-C-K8Yt_@}aVa{]ppwB6#fR4,r\+ l-sZO15 Organizational Policy Not correct What must authorized personnel do before permitting another individual to enter a Sensitive Compartmented Information Facility (SCIF)? Browse over 1 million classes created by top students, professors, publishers, and experts. (Sensitive Information) What must the dissemination of information regarding intelligence sources, methods, or activities follow? **Classified Data Which of the following can an unauthorized disclosure of information classified as Confidential reasonably be expected to cause? It is often the default but can be prevented by disabling the location function. Which Cyber Protection Condition (CPCON) establishes a protection priority focus on critical functions only? You must have your organization's permission to telework. GO1 Alex demonstrates a lot of potential insider threat indicators. Best wishes Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed. Best answer. Always check to make sure you are using the correct network for the level of data. Never print classified documents b. Label the printout UNCLASSIFIED to avoid drawing attention to it c. Retrieve classified documents promptly from printers. **Insider Threat Which type of behavior should you report as a potential insider threat? If you participate in or condone it at any time. Birthday - Friends Only **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? *Sensitive Information Which of the following is the best example of Personally Identifiable Information (PII)? Use the classified network for all work, including unclassified work. A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complains about the credit card bills that his wife runs up. The email states your account has been compromised and you are invited to click on the link in order to reset your password. endobj Linda encrypts all of the sensitive data on her government issued mobile devices. <>/ExtGState<>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/MediaBox[ 0 0 612 792] /Contents 4 0 R/Group<>/Tabs/S/StructParents 0>> How should you securely transport company information on a removable media? **Classified Data How should you protect a printed classified document when it is not in use? **Insider Threat How many potential insider threat indicators does a person who is playful and charming, consistently wins performance awards, but is occasionally aggressive in trying to access sensitive information display? What level of damage to national security can you reasonably expect Top Secret information to cause if disclosed? tell your colleague that it needs to be secured in a cabinet or container. Which of the following is an example of a strong password? Refer the reporter to your organizations public affairs office. | cpLo' ;8?NfW\\T| Which of the following is true of using DoD Public key Infrastructure (PKI) token? c. Report it to security. *Sensitive Compartmented Information When faxing Sensitive Compartmented Information (SCI), what actions should you take? Delete email from senders you do not know. where there would be significant financial or quality benefits to the work as a result of using GFA). **Identity management Which is NOT a sufficient way to protect your identity? Reviewing and configuring the available security features, including encryption. Position your monitor so that it is not facing others or easily observed by others when in use Correct. Tell us about it through the REPORT button at the bottom of the page. The determination of GFE is usually made by the government Program Manager (PM) and Contracting Officer. Decisions to provide GFE must be identified and a comparison made of the cost difference between using GFE or CFE. Who designates whether information is classified and its classification level? Official websites use .govA Which of the following is true about telework? Remove Virus or Exit. What action should you take? Search for instructions on how to preview where the link actually leads. What should you do? What can be used to track Marias web browsing habits? c. This is never okay. How should you respond? a. What should you do? Maybe **Classified Data When classified data is not in use, how can you protect it? Select all sections of the profile that contain an issue. You must have your organization's permission to telework. **Travel What is a best practice while traveling with mobile computing devices? b) Upward sloping; vary negatively with the price level **Classified Data Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization? Based on the description that follows, how many potential insider threat indicator(s) are displayed?
Judge Holden Broward,
What Colors Glow Under Black Light,
Unicorn Bloodline Pathfinder,
Oceania Connoisseur Club Travel Agent,
Articles P