DOD INSIDER THREAT AWARENESS NEWLY RELEASED QUESTIONS AND
ACCURATE ANSWERS FOR THE MOST RECENT EXAM VERSION TO
SUPPORT A GUARANTEED PASS OUTCOME
Section 1: Insider Threat Fundamentals (Questions 1-50)
1. What is an insider threat? A) Only malicious employees B) A person with
authorized access who uses that access to harm organizational security C)
External hackers D) Computer viruses ANSWER : B
2. Which category is NOT typically considered an insider threat? A)
Malicious insider B) Negligent insider C) Compromised insider D) External
phishing attack ANSWER : D
3. What percentage of security incidents involve insiders? A) Less than 10%
B) Approximately 25-30% C) Approximately 50-60% D) Over 90% ANSWER
:C
4. Which is a primary motivation for malicious insiders? A) Financial gain
B) Ideology C) Revenge D) All of the above ANSWER : D
5. What does the term "trusted insider" refer to? A) Someone who has
never been investigated B) An individual with authorized access to systems and
information C) Only military personnel D) IT administrators only ANSWER :
B
6. Which law established the National Insider Threat Task Force? A)
Patriot Act B) Executive Order 13587 C) Freedom of Information Act D)
Privacy Act ANSWER : B
7. What year was the National Insider Threat Policy established? A) 2001
B) 2008 C) 2011 D) 2015 ANSWER : C
8. Who is responsible for insider threat detection in an organization? A)
Only security personnel B) Only supervisors C) Everyone in the organization
D) Only IT staff ANSWER : C
,9. What is a negligent insider threat? A) Someone who intentionally steals
data B) Someone who unintentionally causes harm through carelessness C) A
foreign spy D) A terminated employee ANSWER : B
10. Which agency leads the National Insider Threat Task Force? A) FBI B)
CIA C) Office of the Director of National Intelligence (ODNI) D) NSA
ANSWER : C
11. What is the primary goal of an Insider Threat Program? A) To spy on
employees B) To deter, detect, and mitigate insider threats C) To fire employees
D) To monitor personal communications ANSWER : B
12. Which is NOT a common indicator of insider threat? A) Unexplained
affluence B) Disgruntlement C) Regular vacation time D) Unauthorized access
attempts ANSWER : C
13. What does NISPOM stand for? A) National Industrial Security Program
Operating Manual B) National Information Security Protection Manual C)
National Insider Security Program Operations Manual D) National Intelligence
Security Protocol Manual ANSWER : A
14. Which type of information is most valuable to insider threats? A)
Cafeteria menus B) Classified or proprietary information C) Public
announcements D) Employee birthdays ANSWER : B
15. What is social engineering? A) Building construction B) Manipulating
people into divulging confidential information C) Team building exercises D)
Social media marketing ANSWER : B
16. Which is a technical indicator of potential insider threat? A) Taking
lunch breaks B) Excessive downloading of files C) Attending meetings D)
Using approved software ANSWER : B
17. What is data exfiltration? A) Backing up data properly B) Unauthorized
transfer of data from a system C) Deleting old files D) Organizing files
ANSWER : B
18. Who should you report suspicious insider threat activity to? A) No one,
it's not your business B) Social media C) Your security officer or supervisor D)
The suspected individual ANSWER : C
19. What is a compromised insider? A) Someone voluntarily working with
adversaries B) Someone coerced or manipulated by external entities C)
Someone who forgot their password D) A retired employee ANSWER : B
, 20. Which of the following is a behavioral indicator? A) New software
installation B) Frequent international travel C) Sudden mood changes or
aggression D) Using a company computer ANSWER : C
21. What does CUI stand for? A) Controlled Unclassified Information B)
Classified User Information C) Central Unit Intelligence D) Corporate Unified
Information ANSWER : A
22. Which is NOT a step in the insider threat lifecycle? A) Recruitment B)
Exploitation C) Detection D) Public celebration ANSWER : D
23. What is the "need-to-know" principle? A) Everyone should know
everything B) Access is limited to what's necessary for job duties C) Only
managers need to know anything D) Information should be freely shared
ANSWER : B
24. Which is a physical security indicator? A) Working normal hours B)
Attempting to enter restricted areas C) Using the front door D) Wearing an ID
badge ANSWER : B
25. What is the primary purpose of security clearances? A) To make
employees feel special B) To limit access to classified information to
trustworthy individuals C) To increase salaries D) To reduce workforce
ANSWER : B
26. Which factor is NOT typically part of security clearance investigations?
A) Financial history B) Foreign contacts C) Favorite color D) Criminal history
ANSWER : C
27. What is a "red flag" in insider threat context? A) A warning sign of
potential threat activity B) A company banner C) An achievement award D) A
safety hazard ANSWER : A
28. Which of these is an example of unauthorized disclosure? A) Discussing
classified information in an unsecured area B) Reading approved documents in
a SCIF C) Attending a security briefing D) Filing documents properly
ANSWER : A
29. What does SCIF stand for? A) Security Classified Information Facility B)
Sensitive Compartmented Information Facility C) Special Classification
Information Format D) Secure Computer Information File ANSWER : B
30. Which is a financial indicator of insider threat? A) Regular paychecks B)
Living within means C) Unexplained wealth or financial difficulties D) Having
a savings account ANSWER : C
ACCURATE ANSWERS FOR THE MOST RECENT EXAM VERSION TO
SUPPORT A GUARANTEED PASS OUTCOME
Section 1: Insider Threat Fundamentals (Questions 1-50)
1. What is an insider threat? A) Only malicious employees B) A person with
authorized access who uses that access to harm organizational security C)
External hackers D) Computer viruses ANSWER : B
2. Which category is NOT typically considered an insider threat? A)
Malicious insider B) Negligent insider C) Compromised insider D) External
phishing attack ANSWER : D
3. What percentage of security incidents involve insiders? A) Less than 10%
B) Approximately 25-30% C) Approximately 50-60% D) Over 90% ANSWER
:C
4. Which is a primary motivation for malicious insiders? A) Financial gain
B) Ideology C) Revenge D) All of the above ANSWER : D
5. What does the term "trusted insider" refer to? A) Someone who has
never been investigated B) An individual with authorized access to systems and
information C) Only military personnel D) IT administrators only ANSWER :
B
6. Which law established the National Insider Threat Task Force? A)
Patriot Act B) Executive Order 13587 C) Freedom of Information Act D)
Privacy Act ANSWER : B
7. What year was the National Insider Threat Policy established? A) 2001
B) 2008 C) 2011 D) 2015 ANSWER : C
8. Who is responsible for insider threat detection in an organization? A)
Only security personnel B) Only supervisors C) Everyone in the organization
D) Only IT staff ANSWER : C
,9. What is a negligent insider threat? A) Someone who intentionally steals
data B) Someone who unintentionally causes harm through carelessness C) A
foreign spy D) A terminated employee ANSWER : B
10. Which agency leads the National Insider Threat Task Force? A) FBI B)
CIA C) Office of the Director of National Intelligence (ODNI) D) NSA
ANSWER : C
11. What is the primary goal of an Insider Threat Program? A) To spy on
employees B) To deter, detect, and mitigate insider threats C) To fire employees
D) To monitor personal communications ANSWER : B
12. Which is NOT a common indicator of insider threat? A) Unexplained
affluence B) Disgruntlement C) Regular vacation time D) Unauthorized access
attempts ANSWER : C
13. What does NISPOM stand for? A) National Industrial Security Program
Operating Manual B) National Information Security Protection Manual C)
National Insider Security Program Operations Manual D) National Intelligence
Security Protocol Manual ANSWER : A
14. Which type of information is most valuable to insider threats? A)
Cafeteria menus B) Classified or proprietary information C) Public
announcements D) Employee birthdays ANSWER : B
15. What is social engineering? A) Building construction B) Manipulating
people into divulging confidential information C) Team building exercises D)
Social media marketing ANSWER : B
16. Which is a technical indicator of potential insider threat? A) Taking
lunch breaks B) Excessive downloading of files C) Attending meetings D)
Using approved software ANSWER : B
17. What is data exfiltration? A) Backing up data properly B) Unauthorized
transfer of data from a system C) Deleting old files D) Organizing files
ANSWER : B
18. Who should you report suspicious insider threat activity to? A) No one,
it's not your business B) Social media C) Your security officer or supervisor D)
The suspected individual ANSWER : C
19. What is a compromised insider? A) Someone voluntarily working with
adversaries B) Someone coerced or manipulated by external entities C)
Someone who forgot their password D) A retired employee ANSWER : B
, 20. Which of the following is a behavioral indicator? A) New software
installation B) Frequent international travel C) Sudden mood changes or
aggression D) Using a company computer ANSWER : C
21. What does CUI stand for? A) Controlled Unclassified Information B)
Classified User Information C) Central Unit Intelligence D) Corporate Unified
Information ANSWER : A
22. Which is NOT a step in the insider threat lifecycle? A) Recruitment B)
Exploitation C) Detection D) Public celebration ANSWER : D
23. What is the "need-to-know" principle? A) Everyone should know
everything B) Access is limited to what's necessary for job duties C) Only
managers need to know anything D) Information should be freely shared
ANSWER : B
24. Which is a physical security indicator? A) Working normal hours B)
Attempting to enter restricted areas C) Using the front door D) Wearing an ID
badge ANSWER : B
25. What is the primary purpose of security clearances? A) To make
employees feel special B) To limit access to classified information to
trustworthy individuals C) To increase salaries D) To reduce workforce
ANSWER : B
26. Which factor is NOT typically part of security clearance investigations?
A) Financial history B) Foreign contacts C) Favorite color D) Criminal history
ANSWER : C
27. What is a "red flag" in insider threat context? A) A warning sign of
potential threat activity B) A company banner C) An achievement award D) A
safety hazard ANSWER : A
28. Which of these is an example of unauthorized disclosure? A) Discussing
classified information in an unsecured area B) Reading approved documents in
a SCIF C) Attending a security briefing D) Filing documents properly
ANSWER : A
29. What does SCIF stand for? A) Security Classified Information Facility B)
Sensitive Compartmented Information Facility C) Special Classification
Information Format D) Secure Computer Information File ANSWER : B
30. Which is a financial indicator of insider threat? A) Regular paychecks B)
Living within means C) Unexplained wealth or financial difficulties D) Having
a savings account ANSWER : C
