Reportable Insider Threat
62 community-sourced questions and answers. Free — no login.
Which of the following is true of protecting classified data? (CLASSIFIED DATA)
Classified material must be appropriately marked.
A vendor conducting a pilot program with your organization contacts you for organizational data to use in a prototype. How should you respond? (CLASSIFIED DATA)
Refer the vendor to the appropriate personnel.
When classified data is not in use, how can you protect it? (CLASSIFIED DATA)
Store classified data appropriately in a GSA-approved vault/container.
What is the basis for handling and storage of classified data? (CLASSIFIED DATA)
Classification markings and handling caveats.
Which of the following is a good practice to protect classified information? (CLASSIFIED DATA)
Don't assume open storage in a secure facility is permitted.
Which of the following must you do before using an unclassified laptop and peripherals in a collateral classified environment? (CLASSIFIED DATA)
Ensure that any cameras, microphones, and Wi-Fi embedded in the laptop are physically disabled.
What level of damage to national security can you reasonably expect Top secret information to cause if disclosed? (CLASSIFIED DATA)
Exceptionally grave damage.
How should you secure your home wireless network for teleworking? (HOME COMPUTER SECURITY)
Implement Wi-Fi Protected Access 2 (WPA2) Personal encryption at a minimum.
Which of the following is true about telework? (HOME COMPUTER SECURITY)
You must have your organization's permission to telework.
Which of the following is a reportable insider threat activity? (INSIDER THREAT)
Attempting to access sensitive information without need-to-know.
Which scenario might indicate a reportable insider threat? (INSIDER THREAT)
A colleague removes sensitive information without seeking authorization in order to perform authorized telework.
Which of the following is a potential insider threat indicator? (INSIDER THREAT)
1) Unusual interest in classified information. 2) Difficult life circumstances, such as death of spouse.
Based on the description that follows, how many potential insider threat indicator(s) are displayed? A colleague saves money for an overseas vacation every year, is a single father, and occasionally consumes alcohol. (INSIDER THREAT)
0 indicators.
Which piece of information is safest to include on your social media profile? (SOCIAL NETWORKING)
Your favorite movie.
Which of the following statements is true? (SOCIAL NETWORKING)
1) Many apps and smart devices collect and share your personal information and contribute to your online identity. 2) Adversaries exploit social networking sites to disseminate fake news.
How can you protect your organization on social networking sites? (SOCIAL NETWORKING)
Ensure there are no identifiable landmarks visible in any photos taken in a work setting that you post.
Which designation marks information that does not have potential to damage national security? (CONTROLLED UNCLASSIFIED INFORMATION)
Unclassified.
Which of the following is true of Unclassified information? (CONTROLLED UNCLASSIFIED INFORMATION)
It is releasable to the public without clearance.??
Which is a best practice for protecting Controlled Unclassified Information (CUI)? (CONTROLLED UNCLASSIFIED INFORMATION)
Store it in a locked desk drawer after working hours.
Which of the following best describes a way to safely transmit Controlled Unclassified Information (CUI)? (CONTROLLED UNCLASSIFIED INFORMATION)
Paul verifies that the information is CUI, includes a CUI marking in the subject header, and digitally signs an e-mail containing CUI.
Which designation includes Personally Identifiable Information (PII) and Protected Health Information (PHI)? (CONTROLLED UNCLASSIFIED INFORMATION)
Controlled Unclassified Information (CUI).
Which of the following is NOT an example of CUI? (CONTROLLED UNCLASSIFIED INFORMATION)
Press release data.
Which of the following is NOT a correct way to protect CUI? (CONTROLLED UNCLASSIFIED INFORMATION)
CUI may be stored on any password-protected system.
Which of the following best describes good physical security? (PHYSICAL SECURITY)
Lionel stops an individual in his secure area who is not wearing a badge.
Which of the following is a best practice for physical security? (PHYSICAL SECURITY)
Report suspicious activity.
Which of the following is an example of two-factor authentication? (IDENTITY MANAGEMENT)
A Common Access Card and Personal Identification Number.
What is the best way to protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card? (IDENTITY MANAGEMENT)
Store it in a shielded sleeve.
Which of the following is true of using a DoD Public Key Infrastructure (PKI) token? (IDENTITY MANAGEMENT)
It should only be in a system while actively using it for a PKI-required task.
What must authorized personnel do before permitting another individual to enter a Sensitive Compartmented Information Facility (SCIF)? (SENSITIVE COMPARTMENTED INFORMATION)
Confirm the individual's need-to-know and access.
Which of the following is true of Sensitive Compartmented Information (SCI)? (SENSITIVE COMPARTMENTED INFORMATION)
Access requires Top Secret clearance and indoctrination into the SCI program.
Which of the following is NOT a potential consequence of using removable media unsafely in a Sensitive Compartmented Information Facility (SCIF)? (SENSITIVE COMPARTMENTED INFORMATION)
Damage to the removable media.
Which of the following is true of transmitting Sensitive Compartmented Information (SCI)? (SENSITIVE COMPARTMENTED INFORMATION)
You many only transport SCI if you have been courier-briefed for SCI.
A compromise of Sensitive Compartmented Information (SCI) occurs when a person who does not have the required clearance or access caveats comes into possession of SCI _________. (SENSITIVE COMPARTMENTED INFORMATION)
In any manner.
What portable electronic devices (PEDs) are permitted in a SCIF? (REMOVABLE MEDIA IN A SCIF)
Only expressly authorized government-owned PEDs.
How should you label removable media used in a Sensitive Compartmented Information Facility (SCIF)? (REMOVABLE MEDIA IN A SCIF)
With the maximum classification, date of creation, point of contact, and Change Management (CM) Control Number.
What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF? (REMOVABLE MEDIA IN A SCIF)
All of these.
Which of the following is NOT a type of malicious code? (MALICIOUS CODE)
Executables.
Which of the following is a way to prevent the spread of malicious code? (MALICIOUS CODE)
Scan all external files before uploading to your computer.
Which of the following actions can help to protect your identity? (WEBSITE USE)
Shred personal documents.
Which is an appropriate use of government e-mail? (SOCIAL ENGINEERING)
Use a digital signature when sending attachments or hyperlinks.
What type of social engineering targets particular groups of people? (SOCIAL ENGINEERING)
Spear phishing.
What type of social engineering targets senior officials? (SOCIAL ENGINEERING)
Whaling.
How can you protect yourself from social engineering? (SOCIAL ENGINEERING)
Verify the identity of all individuals.
Which of the following is true? (SOCIAL ENGINEERING)
Digitally signed e-mails are more secure.
Which of the following is true of traveling overseas with a mobile phone? (TRAVEL)
A personally owned device approved under Bring Your Own Approved Device (BYOAD) policy must be unenrolled while out of the country.
Which of the following is a concern when using your Government-issued laptop in public? (TRAVEL)
The physical security of the device.
What should Sara do when using publicly available Internet, such as hotel Wi-Fi? (TRAVEL)
Only connect with Government VPN.
What is the danger of using public Wi-Fi connections? (TRAVEL)
Both of these.
Which of the following personally-owned computer peripherals is permitted for use with Government-furnished equipment? (USE OF GFE)
A headset with a microphone through a Universal Serial Bus (USB) port.
How can you protect data on your mobile computing and portable electronic devices (PEDs)? (MOBILE DEVICES)
Enable automatic screen locking after a period of inactivity.
Which of the following is NOT a risk associated with near field communication (NFC)? (MOBILE DEVICES)
Additional data charges.
Which of the following best describes the conditions under which mobile devices and applications can track your location? (MOBILE DEVICES)
It may occur at any time without your knowledge or consent.
Which of the following is an example of removable media? (MOBILE DEVICES)
External hard drive.
Which of the following is true of Internet of Things (IoT) devices?
They can become an attack vector to other devices on your home network.
When is it appropriate to have your security badge visible?
At all times when in the facility.
What should the owner of this printed SCI do differently?
Retrieve classified documents promptly from printers.
What should the participants in this conversation involving SCI do differently?
Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed.
Which of the following demonstrates proper protection of mobile devices?
Linda encrypts all of the sensitive data on her government-issued mobile devices.
Which of the following does NOT constitute spillage? (SPILLAGE)
Classified information that should be unclassified and is downgraded.
Which of the following is NOT an appropriate way to protect against inadvertent spillage? (SPILLAGE)
Use the classified network for all work, including unclassified work.
Which of the following may help to prevent spillage? (SPILLAGE)
Follow procedures for transferring data to and from outside agency and non-government networks.
Which of the following should you NOT do if you find classified information on the internet?
Download the information.
Looking for a different version?
CBTs get updated every year. Search for the exact version you're taking (e.g. "cyber awareness 2025").
Search all study materials