permitted uses of government furnished equipment permitted uses of government furnished equipment

More information on DEFCON 705 can be found here. **Social Networking As someone who works with classified information, what should you do if you are contacted by a foreign national seeking information on a research project? What level of damage to national security can you reasonably expect Top secret information to cause if disclosed? What action should you take? Decline to let the person in and redirect her to security. Use only personal contact information when establishing your personal account. All government-owned PEDs c. Only expressly authorized government-owned PEDs. **Insider Threat What function do Insider Threat Programs aim to fulfill? **Website Use Which of the following statements is true of cookies? sole traders) and Public Sector Research Establishments (PSREs). How many insider threat indicators does Alex demonstrate? Which of the following is an example of a strong password? Check in location via GPS: Off. In competitions using the ISC and DEFCON 705 you must also state in your proposal if the deliverables are what we call Full Rights or Limited Rights versions. It may prohibit the use of a virtual private network (VPN). Which of the following is an example of malicious code? Use your legitimate antivirus software to perform a virus scan instead. what should be your response be? What portable electronic devices (PEDs) are permitted in a SCIF? (Malicious Code) Upon connecting your Government-issued laptop to a public wireless connection, what should you immediately do? They may wittingly or unwittingly use their authorized access to perform actions that result in the loss or degradation of resources or capabilities. **Home Computer Security How can you protect your information when using wireless technology? Use the government email system so you can encrypt the information and open the email on your government issued laptop. We will make sure all proposals which are downloaded by us from our online submission service are appropriately classified and get a digital watermark. Which is a way to protect against phishing attacks? Understanding and using the available privacy settings. b. Be aware of classification markings and all handling caveats. What should you do after you have ended a call from a reporter asking you to confirm potentially classified info found on the web? Avoid talking about work outside of the workplace or with people without a need-to-know, Report the suspicious behavior in accordance with their organization's insider threat policy. not correct **Insider Threat Which of the following should be reported as a potential security incident (in accordance with you Agencys insider threat policy)? Attempting to access sensitive information without need-to-know, Avoid talking about work outside of the workplace or with people without a need-to-know, Report the suspicious behavior in accordance with their organizations insider threat policy. Which of the following information is a security risk when posted publicly on your social networking profile? c. This is never okay. **Classified Data Which of the following must you do before using and unclassified laptop and peripherals in a collateral environment? We thoroughly check each answer to a question to provide you with the most correct answers. Employees who require equipment as a reasonable accommodation must contact their reasonable accommodation coordinator in the Office of Human Resources Management or their supervisor for assistance. Only use Government-approved equipment to process PII. **Insider Threat A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. Use personally-owned wired headsets and microphones only in designated areas, New interest in learning a foreign language. General Services Administration (GSA) approval. Incident c. Analyze the other workstations in the SCIF for viruses or malicious code. Ask probing questions of potential network contacts to ascertain their true identity c. Avoid talking about work outside of the workplace or with people without need-to-know. b. %PDF-1.7 % Only allow mobile code to run from your organization or your organizations trusted sites. Which of the following should you NOT do if you find classified information on the internet? Which of the following is an example of malicious code? *Spillage A user writes down details marked as Secret from a report stored on a classified system and uses those details to draft a briefing on an unclassified system without authorization. Government Furnished Equipment (GFE) is the generic term for materiel loaned to a contractor. Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed. What should you do? What is the best way to protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card? When your vacation is over, and you have returned home. Which of the following is NOT an appropriate way to protect against inadvertent spillage? English is the official language for all communication between bidders, DASA and in all parts of DASA proposals. Proactively identify potential threats and formulate holistic mitigation responses. This HHS Policy supersedes the CMS ARS 3.0 CM-2 Enhancement 7 Configure Systems or Components for High Risk Areas control. Select all security issues. Youll need to register and then activate your account before you can browse the toolkit. Paul verifies that the information is CUI, includes a CUI marking in the subject header, and digitally signs an e-mail containing CUI. How many potential insider threat indicators does this employee display? Which of the following is NOT a correct way to protect sensitive information? **Social Engineering What action should you take with an e-mail from a friend containing a compressed Uniform Resource Locator (URL)? A medium secure password has at least 15 characters and one of the following. Family and relationships - Friends Only You receive an unexpected email from a friend: I think youll like this: https://tinyurl.com/2fcbvy. What action should you take? Classified material must be appropriately marked. Cyber Awareness Challenge 2022 Knowledge Check, DoD Mandatory Controlled Unclassified Informa, Headlight 4 Unit 4 p. 222,3 theme 3,story, Cyber Awareness Challenge 2023 (Incomplete). Don't assume open storage in a secure facility is authorized. - correct Which of the following best describes a way to safely transmit Controlled Unclassified Information (CUI)? You must provide us with a Full Rights Version of all deliverables, ensuring that it is coherent on its own. How should you protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card? Do not use any personally owned/non-organizational removable media on your organizations systems. Read more about MOD ethical approval and other regulations which may affect your work. **Removable Media in a SCIF What must users ensure when using removable media such as compact disk (CD)? $l*#p^B{HA<>C^9OdND_ ` **Removable Media in a SCIF What action should you take when using removable media in a Sensitive Compartmented Information Facility (SCIF)? Delete email from senders you do not know. Classified Information can only be accessed by individuals with. All PEDs, including personal devices b. Which of the following is NOT a DoD special requirement for tokens? (Home computer) Which of the following is best practice for securing your home computer? **Classified Data When classified data is not in use, how can you protect it? What should you do? A colleague often makes others uneasy with her persistent efforts to obtain information about classified project where she has no need-to-know, is vocal about her husband overspending on credit cards, and complains about anxiety and exhaustion. (Malicious Code) A coworker has asked if you want to download a programmers game to play at work. After being diagnosed with pyrophobia, the client states, "I believe this started at the age of 7 when I was trapped in a house fire." Hold the conversation over e-mail or instant messenger to avoid being overheard. What must authorized personnel do before permitting another individual to enter a Sensitive Compartmented Information Facility (SCIF)? Decisions to provide GFE must be identified and a comparison made of the cost difference between using GFE or CFE. How should you securely transport company information on a removable media? On a computer at the public library to check your DOD email.D. Refer the reporter to your organizations public affairs office. What is the unit product cost for Job 413? When using a fax machine to send sensitive information, the sender should do which of the following? This information will only be used for the purposes for which it is provided to us. 'Change of use' can occur within the same Use Class or from one Use Class to another. Sensitive information may be stored on any password-protected system. A program that segregates various type of classified information into distinct compartments for added protection and dissemination for distribution control. You have rejected additional cookies. c. Alan uses password protection as required on his government-issued smartphone but prefers the ease of no password on his personal smartphone. elsieteel. c. Report it to security. Note that all bought-in items will become our property and will be registered as government-furnished assets (GFA). View email in plain text and dont view email in Preview Pane. All prices quoted for DASA proposals are firm (non-variable) and must be exclusive of VAT. Refer the reporter to your organizations public affairs office. Which of the following is NOT a requirement for telework? Use the classified network for all work, including unclassified work. sensitive but unclassified. Create separate user accounts with strong individual passwords. Based on the description that follows, how many potential insider threat indicator(s) are displayed? This email is fake. GFE is normally specified in a Request for Proposal (RFP) or contract. The website requires a credit card for registration. Position your monitor so that it is not facing others or easily observed by others when in use Correct. Which of the following makes Alexs personal information vulnerable to attacks by identity thieves? Someone who uses authorized access, wittingly or unwittingly, to harm national security through unauthorized disclosure or other actions that may cause the loss or degradation of resources or capabilities. Neither confirm or deny the information is classified. What kind of information could reasonably be expected to cause serious damage to national security in the event of unauthorized disclosure? How can you protect yourself on social networking sites? Which of the following is NOT a type of malicious code? In which situation below are you permitted to use your PKI token?A. You are leaving the building where you work. Always take your CAC when you leave your workstation. Which of the following is NOT a typical result from running malicious code? Malicious code can do damage by corrupting files, erasing your hard drive, and/or allowing hackers access. Which of the following is true about telework? Phishing can be an email with a hyperlink as bait. Which of the following is true of using DoD Public key Infrastructure (PKI) token? The long-run aggregate supply curve (LRAS) curve is ______ with a real output level that _____, a) Upward sloping; varies positively with the price level Your favorite movie. Looking for https in the URL. hbbd``b` $gE@eHLD tk%bUHT 9L,,F|` &1/ **Classified Data Which of the following can an unauthorized disclosure of information classified as Confidential reasonably be expected to cause? Always check to make sure you are using the correct network for the level of data. **Social Engineering Which may be a security issue with compressed Uniform Resource Locators (URLs)? Your DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approves for access to the NIPRNET. Which of the following statements is true? Which of the following is a potential insider threat indicator? **Classified Data Which of the following is true of telework? Which of the following may help to prevent inadvertent spillage? Which of the following is NOT a best practice to protect data on your mobile computing device? For Government-owned devices, use approved and authorized applications only. Which of the following is a security best practice for protecting Personally Identifiable Information (PII)? Even within a secure facility, dont assume open storage is permitted. In providing such information you consent to such disclosure. It is created or received by a healthcare provider, health plan, or employer. Mark SCI documents appropriately and use an approved SCI fax machine. (Spillage) When classified data is not in use, how can you protect it? correct. Which of the following best describes good physical security? c. Both of these, Use of GFE (Incident): Permitted Uses of Government-Furnished Equipment (GFE). On a system of a higher classification level, such as the Secret Internet Protocol Router Network (SIPRNet), On a NIPRNet system while using it for a PKI-required task, What guidance is available for marking Sensitive Compartmented Information (SCI)?A. b. Which of the following best describes a way to safely transmit Controlled Unclassified Information (CUI)? See PGI 245.103-72, Government- furnished property (GFP) attachments to solicitations and awards. endstream endobj 1076 0 obj <>stream Sensitive Compartmented Information GuidesB. ?Access requires Top Secret clearance and indoctrination into SCI program.??? You must have permission from your organization. Describe the major components of the strategic management process. <>/Metadata 317 0 R/ViewerPreferences 318 0 R>> Which is an untrue statement about unclassified data? Linda encrypts all of the sensitive data on her government issued mobile devices. d. All of these. Which of the following demonstrates proper protection of mobile devices? The website requires a credit card for registration. *Sensitive Compartmented Information What should the participants in this conversation involving SCI do differently? It will take only 2 minutes to fill in. Which of the following definitions is true about disclosure of confidential information? Which is a best practice that can prevent viruses and other malicious code from being downloaded when checking your e-mail? **Insider Threat Which of the following should be reported as a potential security incident? Under the PHE, the federal government implemented a range of modifications and waivers impacting Medicare, Medicaid and private insurance requirements, as well as numerous other programs, to provide relief to healthcare . A trusted friend in your social network posts a link to vaccine information on a website unknown to you. **Removable Media in a SCIF What portable electronic devices (PEDs) are allowed in a Sensitive Compartmented Information Facility (SCIF)? You should remove and take your CAC/PIV card whenever you leave your workstation. GFE consists of: b. Alex demonstrates a lot of potential insider threat indicators. Use only your personal contact information when establishing your account. Insider threat: (Ellens statement) How many insider threat indicators does Alex demonstrate? Unless stated otherwise below or in the relevant competition document, all information you provide to us as part of your proposal, that is not already available to us from other sources, will be handled in confidence. all non-redacted elements of your proposal where these are incorporated into the final contract schedules or the terms and conditions. ) Secure personal mobile devices to the same level as Government-issued systems. a. How can you protect data on your mobile computing and portable electronic devices (PEDs)? !qB I }h\;3. 6ggq~|:s]kZ]G QXW+"?REz0@z:Zg3>xCi3/Jr[/e,jVIW~7"{?Q3 How can you avoid downloading malicious code? Not correct **Social Networking Which piece if information is safest to include on your social media profile? A vendor conducting a pilot program with your organization contacts you for organizational data to use in a prototype. Retrieve classified documents promptly from printers. Physical Security: (Incident #2): What should the employee do differently? (Malicious Code) Which of the following is NOT a way that malicious code spreads? Incident Controlled Unclassified Information (CUI). They can become an attack vector to other devices on your home network. On a computer displaying a notification to update the antivirus softwareB. Sticky note with Pin number. b. Remove your security badge after leaving your controlled area or office building. Therefore, if there is a demonstrable need that can only be met via GFA, this should be detailed in your proposal. Which of the following is true of the Common Access Card (CAC) or Personal Identity Verification (PIV) card? Who designates whether information is classified and its classification level? x[s~8Rr^/CZl6U)%q3~@v:=dM This is always okay. What should be your response? (removable media) If an incident occurs involving removable media in a Sensitive Compartmented Information Facility (SCIF), what action should you take? Correct. When considering Government contracts, there are two approaches that are used for providing the equipment necessary to execute the contract. Individuals must avoid referencing derivatively classified reports classified higher than the recipient.??? *Spillage What should you do when you are working on an unclassified system and receive an email with a classified attachment? You can decide how often to receive updates. (Identity Management) What certificates are contained on the Common Access Card (CAC)? ~All documents should be appropriately marked, regardless of format, sensitivity, or classification. HHS published the HHS Memorandum: the Use of Government Furnished Equipment during Foreign Travel. Which designation includes Personally Identifiable Information (PII) and Protected Health Information (PHI)? Select the appropriate setting for each item. If you participate in or condone it at any time. They broadly describe the overall classification of a program or system. 0 ALways mark classified information appropriately and retrieve classified documents promptly from the printer. (Malicious Code) Which are examples of portable electronic devices (PEDs)? *Malicious Code Which of the following is NOT a way that malicious code spreads? Validate all friend requests through another source before confirming them. Find out about the Energy Bills Support Scheme, Armed forces and Ministry of Defence reform, Defence and Security Accelerator (DASA) Open Call for Innovation, Defence and Security Accelerator: ethical, legal and regulatory guidance, Technology concept and/or application formulated, Analytical and experimental critical function and/or characteristic proof of concept, Technology basic validation in a laboratory environment, Technology basic validation in a relevant environment, Technology model or prototype demonstration in a relevant environment, Technology prototype demonstration in an operational environment, Actual technology completed and qualified through test and demonstration, Actual technology qualified through successful mission operations, projects or manpower that is currently receiving funding or has already been funded from elsewhere in government, concepts which are not novel or innovative. Unusual interest in classified information. DASA uses the Innovation Standard Contract DASA Open Call Terms and Conditions July 2022 (PDF, 381 KB, 23 pages) (ISC). The Contractor shall use Standard Form 1428 for Inventory Disposal. Avoid inserting removable media with unknown content into your computer. Controlled Unclassified Information: (Victim) Select the information on the data sheet that is protected health information (PHI). **Identity management Which is NOT a sufficient way to protect your identity? Scan external files from only unverifiable sources before uploading to computer. Spillage because classified data was moved to a lower classification level system without authorization. Which of the following is a potential insider threat indicator? Not correct When is it okay to charge a personal mobile device using government-furnished equipment (GFE)? Only paper documents that are in open storage need to be marked. Malicious Code (Prevalence): Which of the following is an example of malicious code? To: All Oregon/Washington Bureau of Land Management Employees. Attempting to access sensitive information without need-to-know. Unclassified information cleared for public release. Unit variable cost is$21 (includes direct materials, direct labor, variable factory overhead, and variable selling expense). Correct. The email provides a website and a toll-free number where you can make payment. What is the danger of using public Wi-Fi connections? From: State Director, Oregon/Washington. The billing and coding information in this article is dependent on the coverage indications, limitations and/or medical necessity described in the associated LCD L35490 Category III Codes with the exception of the following CPT codes: 2021 CPT/HCPCS Annual code update: 0295T, 0296T, 0297T, and 0298T deleted. What should you do if a reporter asks you about potentially classified information on the web? In most cases there are no nationality restrictions, however DASA individual competition documents will detail any necessary restrictions. Which of the following statements is true? Carrying his Social Security Card with him, DoD employees are prohibited from using a DoD CAC in card-reader-enabled public device, Assigned a classification level by a supervisor. Removable Media in a SCIF (Incident): What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF? Of the following, which is NOT an intelligence community mandate for passwords? On Jan. 30, 2023, President Joe Biden announced that the COVID-19 public health emergency (PHE) will end May 11, 2023. GO1 (Spillage) What type of activity or behavior should be reported as a potential insider threat? Someone calls from an unknown number and says they are from IT and need some information about your computer. a. Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed. What must authorized personnel do before permitting another individual to enter a Sensitive Compartmented Information Facility (SCIF)? You can change your cookie settings at any time. Software that installs itself without the users knowledge. The popup asks if you want to run an application. The container prevents malware, intruders, system resources or other applications from interacting with the . You find information that you know to be classified on the Internet. Opening the link would allow the sender to steal Isabels information. (Malicious Code) What is a good practice to protect data on your home wireless systems? The MOD commercial toolkit is accessible on the MOD internet site and contains details on MOD contract conditions. Personally-owned external monitors may be connected to DoD-issued computers in telework environments via VGA or DVI, but not via USB. *Controlled Unclassified Information Which of the following best describes a way to safely transmit Controlled Unclassified Information (CUI)? Any information, products, services or hyperlinks contained within this website does not constitute any type of endorsement by the DoD, Air Force, Navy or Army. *Spillage .What should you do if a reporter asks you about potentially classified information on the web? When submitting your proposal, you must provide a resourcing plan that identifies, where possible, the nationalities of those proposed research workers that you intend working on this phase. a colleague enjoys playing videos games, regularly uses social media, and frequently forgets to secure her smartphone elsewhere before entering areas where it is prohibited. *Spillage What is a proper response if spillage occurs? For Government-owned devices, use approved and authorized applications only. They can become an attack vector to other devices on your home network. Digitally signed e-mails are more secure. What is the best course of action? How can you protect your information when using wireless technology? What action should you take? Avoid using non-Bluetooth-paired or unencrypted wireless computer peripherals. Note That The Integers Should Be Type Cast To Doubles. Spillage: Which of the following should you NOT do if you find classified information on the internet? What should you do after you have ended a call from a reporter asking you to confirm potentially classified information found on the web? What should you do? **Social Networking Which of the following best describes the sources that contribute to your online identity? Sanitized information gathered from personnel records. c. Do not access website links in e-mail messages. correct. Many apps and smart devices collect and share your personal information and contribute to your online identity. Mobile Devices (Incident): Which of the following demonstrates proper protection of mobile devices? What type of data must be handled and stored properly based on classification markings and handling caveats? They may wittingly or unwittingly use their authorized access to perform actions that result in the loss or degradation of resources or capabilities. Which of the following should you do immediately? **Travel What is a best practice while traveling with mobile computing devices? Call your security point of contact immediately. Note any identifying information and the websites Uniform Resource Locator (URL). Contact the IRS using their publicly available, official contact information. a. It refers to property used by a contractor during a DoD government contract. It does not require markings or distribution controls. On a NIPRNet system while using it for a PKI-required task, Something you possess, like a CAC, and something you know, like a PIN or password. Calculate the margin of safety in terms of sales revenue. Before long she has also purchased shoes from several other websites. *Spillage Which of the following may help to prevent spillage? Typically, a model is developed for analyzing both CFE and GFE when considering the use of GFE. A colleague removes sensitive information without seeking authorization in order to perform authorized telework. What function do Insider Threat Programs aim to fulfill? What should be your response? Building 5 (social networking) Which of the following is a security best practice when using social networking sites? DOD CYBER AWARENESS. The property provided to contractors for repair or overhaul is not subject to the requirements of the paragraph of bullet #2 above in this section. Under the terms of DEFCON 705 any intellectual property generated under the contract belongs to the contractor. Do not access website links, buttons, or graphics in e-mail. Which of the following is an example of removable media? Updated DASA Terms and Conditions - including new contract and intellectual property guidance. For any item to be covered by Medicare, it must 1) be eligible for a defined Medicare benefit category, 2) be reasonable and necessary for the diagnosis or treatment of illness or injury or to improve the functioning of a malformed body member, and 3) meet all other applicable Medicare statutory and regulatory requirements. Which of the following statements is NOT true about protecting your virtual identity? Which of the following is an example of Protected Health Information (PHI)? Three or more. b. You should submit your priced proposal using a staged approach, detailing deliverables and prices for work that can be done before and after getting ethical approval.