(Spillage) What should you do if a reporter asks you about potentially classified information on the web? - answerRefer the reporter to your organization's public affairs office. (Spillage) Which of the following is a good practice to aid in preventing spillage? - answerBe aware of classification markings and all handling caveats. (Spillage) After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. You know this project is classified. What should be your response? - answerAttempt to change the subject to something non-work related, but neither confirm nor deny the article's authenticity. (Spillage) What should you do when you are working on an unclassified system and receive an email with a classified attachment? - answerCall your security point of contact immediately. (Spillage) What is required for an individual to access classified data? - answerAppropriate clearance; signed and approved non-disclosure agreement; and need-to-know. (Spillage) When classified data is not in use, how can you protect it? - answerStore classified data appropriately in a GSA-approved vault/container. (Insider Threat) A colleague vacations at the beach every year, is married and a father of four, his work quality is sometimes poor, and he is pleasant to work with. How many potential insider threat indicators does this employee display? - answer0 indicators (Insider Threat) Based on the description that follows, how many potential insider threat indicator(s) are displayed? A colleague is playful and charming, consistently wins performance awards, and is occasionally aggressive in trying to access classified information. - answer1 indicators (Spillage) What type of activity or behavior should be reported as a potential insider threat? - answerCoworker making consistent statements indicative of hostility or anger toward the United States and its policies. (Spillage) What advantages do "insider threats" have over others that allows them to cause damage to their organizations more easily? - answerInsiders are given a level of trust and have authorized access to Government information systems. (Spillage) Which of the following is a best practice to protect information about you and your organization on social networking sites and applications? - answerUse only personal contact information when establishing personal social networking accounts, never use Government contact information. (Spillage) When is the safest time to post details of your vacation activities on your social networking website? - answerWhen your vacation is over, after you have returned home (social networking) When is the safest time to post details of your vacation activities on your social networking profile? - answerAfter you have returned home following the vacation (Spillage) What level of damage can the unauthorized disclosure of information classified as confidential reasonably be expected to cause? - answerDamage to national security (Spillage) Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization? - answerSecret (Spillage) Which of the following practices may reduce your appeal as a target for adversaries seeking to exploit your insider status? - answerRemove your security badge after leaving your controlled area or office building. (Sensitive Information) What type of unclassified material should always be marked with a special handling caveat? - answerFor Official Use Only (FOUO) (Sensitive Information) Which of the following is NOT an example of sensitive information? - answerPress release data (Sensitive Information) Which of the following is true about unclassified data? - answerWhen unclassified data is aggregated, its classification level may rise. (Sensitive Information) Which of the following represents a good physical security practice? - answerUse your own security badge, key code, or Common Access Card (CAC)/Personal Identity Verification (PIV) card. (Sensitive Information) What certificates are contained on the Common Access Card (CAC)? - answerIdentification, encryption, and digital signature (Sensitive Information) What should you do if a commercial entity, such as a hotel reception desk, asks to make a photocopy of your Common Access Card (CAC) for proof of Federal Government employment? - answerDo not allow your CAC to be photocopied. (Sensitive Compartmented Information) What describes how Sensitive Compartmented Information is marked? - answerApproved Security Classification Guide (SCG) (Sensitive Compartmented Information) Which of the following best describes the compromise of Sensitive Compartmented Information (SCI)? - answerA person who does not have the required clearance or assess caveats comes into possession of SCI in any manner. (Sensitive Compartmented Information) What portable electronic devices (PEDs) are allow in a Secure Compartmented Information Facility (SCIF)? - answerGovernment-owned PEDs, if expressly authorized by your agency.