...
a
b
c
d
e
f
Question 3: It's 2AM and you are all alone
in the facility. You want to print a 500 page
UNCLASSIFIED extract of a classified
document that you have just completed from
your classified workstation. You start
printing it, and you know from experience
that it will take at least 30 minutes to finish.
As you wait for the document, you find you
need to use the bathroom, but the bathroom
is located in another area of the building.
What do you do?
A) Since it was UNCLASSIFIED it
automatically gets printed on an
UNCLASSIFIED printer. You can
leave it.
B) You cannot leave regardless of
any physical needs. You must make
certain that nobody without need-to-
know sees it.
C) Treat it as if it were classified
until you visually verify that it is
indeed unclassified by reviewing the
entire contents. Do not go to the
bathroom.
D) No special requirements apply
for unclassified documents.
E) Lock the room, put up a sign
indicating that classified processing
is underway and that you will return
soon, and go to the bathroom.
F) Look at the first few pages and
verify that it has unclassified
contents, and if so, go to the
bathroom.
...
a
b
c
d
e
Question 4: It’s Sunday night and you have
a deadline at 8AM Monday morning on a
multi-billion dollar proposal. You find that
the last critical piece of information you
need is on a system that you don’t have a
user ID for, but that you believe you have
the required need-to-know and clearances to
access. No authorized user can be contacted:
A) Try guessing an authorized user's
user ID and password to get the
information you need and then
report the security violation in the
morning.
B) Use a system boot disk to gain
access to the hardware, reset an
administrator’s password to allow
access, access the system, get the
document, and report it to the
systems administrator first thing in
the morning.
C) Remove the classified hard disk
from the system, connect it to
another system, mount it as a
secondary disk, get your file, return
the original disk to its original
system, and tell the systems
administrator first thing in the
morning.
D) Do A, B, or C above, but don’t
report the violation.
E) Do your best without the critical
piece of information – even though
you will almost certainly lose the
huge contract.
...
a
b
c
d
e
f
Question 5: It’s 10AM on a regular working
Tuesday, and you notice a wire of some sort
that appears to go between a classified
system and an unclassified system:
A) Immediately disconnect the wire,
then contact the ISSO or someone
else responsible for security and
identify the situation.
B) Immediately contact the ISSO or
someone else responsible for
security and identify the situation
but don’t disconnect anything
without their instructions.
C) Find someone who knows about
computer networking and ask them
to check it out. If they say it could
not be used to communicate
between the systems, just ignore it
and go about your work.
D) Bring it up with your supervisor
at your earliest convenience.
E) Call the computer support group
and identify the issue to them.
Follow their instructions from then
on.
F) Write a memo describing the
situation and forward it to your
supervisor, the ISSO, and others you
think are appropriate decision-
makers.
...
a
b
c
d
e
f
Question 6: You want to use a Palm III
personal organizer to keep track of your
busy daily schedule – both at home and at
work:
A) You simply cannot do it. If you
have an organizer from work and it
was purchased from monies
resulting from government work, it
is illegal to use it for any personal
purposes. If you own your own
organizer, you cannot bring it into
work because the Palm III has a
serial port and could be used to
connect to classified systems.
B) You can do it by buying your
own organizer and getting
permission to use it at work. But
you may not bring it into classified
areas.
C) You are allowed to use an
organizer provided to you by your
company, even if the government
paid for it, for personal purposes as
long as those purposes do not use
large amounts of resources.
D) You can buy your own
organizer, use it at work, and bring
it anywhere you like, but it is
susceptible to search at any time to
verify that it has no classified
information in it.
E) None of the above.
...
a
b
c
d
e
f
Question 7:You get a floppy disk from a
vendor with a mission critical application on
it. Before you may use it, you must:
A) Scan it for viruses using any
available virus checking program
before using the disk.
B) Scan it for known viruses using
an authorized virus checking
program before placing the disk in a
system.
C) Place the disk in your system and
scan it with the virus checker you
use on a day-to-day basis.
D) Scan it for viruses ONLY if it is
a boot disk – otherwise, no virus
check is required.
E) None of the above.
F) A, B, or C above are all
acceptable.
...
a
b
c
d
e
Question 8:The newspapers keep talking
about hackers as a serious national security
threat:
A) Hackers are a serious threat to
classified systems and that is why
we have security training.
B) Hackers are only one of many
threats to classified system security,
and many of the other threats are far
more serious.
C) The threats to national security
are overstated in the media and in
our organization to make sure that
we get funds to support the people
who like to work in this area.
D) Hackers can get into every
system there is, and it’s all we can
do to track down a few of them here
and there.
E) Hackers are not really a threat to
classified system security, but other
more serious actors such as spies,
terrorist groups, and malicious
insiders are a serious threat and that
is why we need to keep our security
very tight.
...
a
b
c
d
e
f
g
Question 9:You have just been assigned to a
new project that requires a special clearance
and need-to-know that you don’t have right
now. You are anxious to get started on the
work. You should:
A) Contact the ISSO to arrange for
immediate clearance.
B) Contact the project leader or
data owners to get need-to-
know access.
C) Contact the badge office and
submit paperwork for the new
clearance.
D) If you don’t know how to get
access, you are not really
authorized to work on the
project.
E) You would not have been
assigned to a project unless you
already had all the clearances
and need-to-know before hand.
F) B and C above.
G) Information on how to get
clearances is classified and
could not be described in an
unclassified training session
such as this one.
...
a
b
c
d
e
Question 10: All of the PCs we have come
with modems and Internet services built in
for our use. In using these features, we must
A) Encrypt all data with a company
authorized encryption program
B) Check all incoming files with a
virus checker before using them
C) We are not supposed to use
these features because they will
allow the bad guys to break into
our networks – it’s wasteful but
a necessary inconvenience.
D) Only connect to authorized
Internet and internal network
sites.
E) You may only use modems for
connecting to other computers if
you do so through a STU phone
connection using an authorized
key at the proper classification
level.
...
a
b
c
d
e
f
Question 11: A critical unclassified system
required to maintain real-time control of a
remote motorized vehicle is down. In order
to get it back up, we need to make a floppy
boot disk from a CD-ROM. Unfortunately,
the only floppy disks available were used 6
months ago in a classified system. The
nearest floppy disk is several hours away
and the remote vehicle may fail before we
can get an unclassified disk.
A) Use a classified floppy and
report the violation later.
B) Declare the critical system
classified and use the classified
disks. Then scrub the system of
classified data later.
C) Format the classified floppies
with a classified system using
the most thorough reformatting
available. This should make the
disks clean for use in an
unclassified system.
D) Read the contents of the
floppies to determine if there is
any real classified information
on them, and once you find one
that has no classified data,
downgrade if for unclassified
use.
E) Do D then C and then format
the floppies again on an
unclassified system just to make
certain, then use them.
F) Let the remote vehicle crash.
...
a
b
c
d
e
Question 12:As an April Fools joke, and
employee forges an email from the CEO to
all corporate employees indicating that a
special 10% of annual base pay bonus has
been awarded because of superior quality
and performance and that this one-time
bonus will appear in the next paycheck:
A) There is no policy against any
of the things the employee did –
no punishment will be given,
but the policy will be changed.
B) The CEO decides that it would
be very disruptive to not give
the bonus, and redirects the
funds to that purpose, giving the
employee who forged the email
a corporate award for initiative.
C) There is no way to trace such a
forgery to its source, so even
though it violates the policy
against using another users’
identity, the user will get away
with it.
D) While it is widely believed that
this activity would be
untraceable, it is traceable and
the employee will likely be
sanctioned in a timely fashion
for violating the law against
misuse of government owned or
sponsored computers.
E) A joke is a joke – no big deal.
The employee will be warned,
the rest of the corporation will
be told it was a ‘spam’, and new
safeguards will be put in [place
to prevent such things in the
future.
...
a
b
c
d
e
f
Question 13:After a long day at the office,
you are called into an emergency meeting
with the boss just at the time when you have
a large collection of classified information
open in scores of windows on your screen.
A) You can use your screen saver
to secure the system while you
are away.
B) The screen saver is not secure
enough – you are required to
lock your office door as well as
use the screen saver.
C) When you are not using a
classified system it must be
disconnected from networks.
Disconnect it even though this
will terminate your remote
sessions and may cause a
system crash.
D) When you are not using a
classified system it must be
turned off and classified disks
locked away. Turn the system
off, put the disks away, and
start again when you get back.
E) Tell the boss this is an
inconvenient time and indicate
that you will be there when
you have finished this critical
task.
F) Since classified systems are
only allowed in classified
areas, leave the system as it is
and go to the meeting.
...
a
b
c
d
e
f
Question 14: Attackers from over the
Internet can and have:
A) sent email that makes computers
crash and lose vital data
B) set up a Web page that causes a
computer to send company
confidential information out
over the Internet
C) corrupt a program downloaded
from the Internet to gain access
to company computers
D) silently use a computer’s
modem to dial a phone number
that charges by the minute for
its use
E) broken into company computers
using browsers on PCs to
bypass firewalls and other
security measures
F) all of the above.
...
a
b
c
d
e
f
Question 15: If you think your computer has
been broken into, the first thing you should
do is:
A) Turn off the computer
B) Call the corporate help desk
C) Call the ISSO
D) Backup your files
E) Disconnect your computer from
the network
F) Report it to your supervisor
...
a
b
c
d
e
f
g
h
Question 16: Which of the following
services are safe to use from your computer:
A) The Web
B) Telnet
C) File transfer protocol (Ftp)
D) Internet telephone software
E) Gopher
F) Email
G) None of these
H) All of these
...
a
b
c
d
Question 17: The punishment for bypassing
security controls can include:
A) Disciplinary action up to and
including dismissal
B) Personal financial liability for
any losses resulting from the
bypass
C) Jail time if the action results in
an act of corporate espionage or
financial theft
D) All of the above