CYBER AWARENESS CHALLENGE
TEST Q&A
*Spillage
What should you do if you suspect spillage has occurred? - ANSWER -Immediately
notify your security point of contact
*Spillage
Which of the following is a good practice to prevent spillage? - ANSWER -Be aware of
classification markings and all handling caveats.
*Spillage
Which of the following actions is appropriate after finding classified information on the
Internet? - ANSWER -Note any identifying information and the website's Uniform
Resource Locator (URL)
*Spillage
Which of the following may help to prevent spillage?
-Verify that any government equipment used for processing classified information has
valid anti-virus software before connecting it to the internet
-Follow procedures for transferring data to and from outside agency and non-
Government networks
-Purge the memory of any device removed from a classified network before connecting
it to an unclassified network
-Process all data at the highest classification or protection level available, including
unclassified data - ANSWER -~Verify that any government equipment used for
processing classified information has valid anti-virus software before connecting it to the
internet (wrong)
~Follow procedures for transferring data to and from outside agency and non-
Government networks
*Spillage
You find information that you know to be classified on the Internet. What should you do?
- ANSWER -~Note the website's URL and report the situation to your security point of
contact
*Spillage
You Receive an inquiry from a reporter about government information not cleared for
public release. How should you respond?
-Ignore the inquiry
-Refer to reporter to your organization's public affairs office
-Gather as much information as possible about the reporter's source
,-Tell the reporter that the information must not be publicly shared - ANSWER -Refer to
reporter to your organization's public affairs office
*Spillage
A vendor conducting a pilot program with your organization contacts you for
organizational data to use in a prototype. How should you respond?
-Provide the requested data using an encrypted channels
-Direct the vendor to publicly available data
-Refer the vendor to the appropriate personnel
-Ask the vendor to sign a confidentiality agreement before providing data - ANSWER -
Direct the vendor to publicly available data
After reading an online story about a new security project being developed on the
military installation where you work, your neighbor asks you to comment about the
article. You know that this project is classified. How should you respond? - ANSWER -
Attempt to change the subject to something non-work related, but neither confirm nor
deny the article's authenticity
*Spillage
Which of the following may help to prevent spillage? - ANSWER -Label all files,
removable media, and subject headers with appropriate classification markings.
*Spillage
A user writes down details marked as Secret from a report stored on a classified system
and uses those details to draft a briefing on an unclassified system without
authorization. What is the best choice to describe what has occurred? - ANSWER -
Spillage because classified data was moved to a lower classification level system
without authorization.
*Spillage
What should you do when you are working on an unclassified system and receive an
email with a classified attachment? - ANSWER -Call your security point of contact
immediately
*Spillage
What should you do if a reporter asks you about potentially classified information on the
web? - ANSWER -Ask for information about the website, including the URL.
*Spillage
.What should you do if a reporter asks you about potentially classified information on the
web? - ANSWER -Refer the reporter to your organization's public affairs office.
**Classified Data
When classified data is not in use, how can you protect it? - ANSWER -Store classified
data appropriately in a GSA-approved vault/container.
, **Classified Data
What is required for an individual to access classified data? - ANSWER -Appropriate
clearance, a signed and approved non-disclosure agreement, and need-to-know
**Classified Data
Which classification level is given to information that could reasonably be expected to
cause serious damage to national security? - ANSWER -Secret
**Classified Data
Which of the following is a good practice to protect classified information? - ANSWER -
Ensure proper labeling by appropriately marking all classified material and, when
required, sensitive material
**Classified Data
Which of the following is true of protecting classified data? - ANSWER -Classified
material must be appropriately marked.
**Classified Data
What level of damage can the unauthorized disclosure of information classified as
Confidential reasonably be expected to cause? - ANSWER -Damage to national
security
**Classified Data
Which of the following is true about telework? - ANSWER -You must have your
organization's permission to telework
**Classified Data
Which type of information could reasonably be expected to cause serious damage to
national security if disclosed without authorization? - ANSWER -Secret
**Classified Data
How should you protect a printed classified document when it is not in use? - ANSWER
-Store it in a General Services Administration (GSA)-approved vault or container
**Classified Data
Who designates whether information is classified and its classification level? - ANSWER
-~National Security Agency (NSA) (Wrong)
**Classified Data
Which of the following is a good practice for telework? - ANSWER -Use a Virtual Private
Network (VPN) to obscure your true geographic location
**Classified Data
What is the basis for handling and storage of classified data?
-Organizational policy
-Security Classification Guides (SCGs)
TEST Q&A
*Spillage
What should you do if you suspect spillage has occurred? - ANSWER -Immediately
notify your security point of contact
*Spillage
Which of the following is a good practice to prevent spillage? - ANSWER -Be aware of
classification markings and all handling caveats.
*Spillage
Which of the following actions is appropriate after finding classified information on the
Internet? - ANSWER -Note any identifying information and the website's Uniform
Resource Locator (URL)
*Spillage
Which of the following may help to prevent spillage?
-Verify that any government equipment used for processing classified information has
valid anti-virus software before connecting it to the internet
-Follow procedures for transferring data to and from outside agency and non-
Government networks
-Purge the memory of any device removed from a classified network before connecting
it to an unclassified network
-Process all data at the highest classification or protection level available, including
unclassified data - ANSWER -~Verify that any government equipment used for
processing classified information has valid anti-virus software before connecting it to the
internet (wrong)
~Follow procedures for transferring data to and from outside agency and non-
Government networks
*Spillage
You find information that you know to be classified on the Internet. What should you do?
- ANSWER -~Note the website's URL and report the situation to your security point of
contact
*Spillage
You Receive an inquiry from a reporter about government information not cleared for
public release. How should you respond?
-Ignore the inquiry
-Refer to reporter to your organization's public affairs office
-Gather as much information as possible about the reporter's source
,-Tell the reporter that the information must not be publicly shared - ANSWER -Refer to
reporter to your organization's public affairs office
*Spillage
A vendor conducting a pilot program with your organization contacts you for
organizational data to use in a prototype. How should you respond?
-Provide the requested data using an encrypted channels
-Direct the vendor to publicly available data
-Refer the vendor to the appropriate personnel
-Ask the vendor to sign a confidentiality agreement before providing data - ANSWER -
Direct the vendor to publicly available data
After reading an online story about a new security project being developed on the
military installation where you work, your neighbor asks you to comment about the
article. You know that this project is classified. How should you respond? - ANSWER -
Attempt to change the subject to something non-work related, but neither confirm nor
deny the article's authenticity
*Spillage
Which of the following may help to prevent spillage? - ANSWER -Label all files,
removable media, and subject headers with appropriate classification markings.
*Spillage
A user writes down details marked as Secret from a report stored on a classified system
and uses those details to draft a briefing on an unclassified system without
authorization. What is the best choice to describe what has occurred? - ANSWER -
Spillage because classified data was moved to a lower classification level system
without authorization.
*Spillage
What should you do when you are working on an unclassified system and receive an
email with a classified attachment? - ANSWER -Call your security point of contact
immediately
*Spillage
What should you do if a reporter asks you about potentially classified information on the
web? - ANSWER -Ask for information about the website, including the URL.
*Spillage
.What should you do if a reporter asks you about potentially classified information on the
web? - ANSWER -Refer the reporter to your organization's public affairs office.
**Classified Data
When classified data is not in use, how can you protect it? - ANSWER -Store classified
data appropriately in a GSA-approved vault/container.
, **Classified Data
What is required for an individual to access classified data? - ANSWER -Appropriate
clearance, a signed and approved non-disclosure agreement, and need-to-know
**Classified Data
Which classification level is given to information that could reasonably be expected to
cause serious damage to national security? - ANSWER -Secret
**Classified Data
Which of the following is a good practice to protect classified information? - ANSWER -
Ensure proper labeling by appropriately marking all classified material and, when
required, sensitive material
**Classified Data
Which of the following is true of protecting classified data? - ANSWER -Classified
material must be appropriately marked.
**Classified Data
What level of damage can the unauthorized disclosure of information classified as
Confidential reasonably be expected to cause? - ANSWER -Damage to national
security
**Classified Data
Which of the following is true about telework? - ANSWER -You must have your
organization's permission to telework
**Classified Data
Which type of information could reasonably be expected to cause serious damage to
national security if disclosed without authorization? - ANSWER -Secret
**Classified Data
How should you protect a printed classified document when it is not in use? - ANSWER
-Store it in a General Services Administration (GSA)-approved vault or container
**Classified Data
Who designates whether information is classified and its classification level? - ANSWER
-~National Security Agency (NSA) (Wrong)
**Classified Data
Which of the following is a good practice for telework? - ANSWER -Use a Virtual Private
Network (VPN) to obscure your true geographic location
**Classified Data
What is the basis for handling and storage of classified data?
-Organizational policy
-Security Classification Guides (SCGs)
