What are the steps of the information security program lifecycle?
Classification, dissemination, downgrading, declassification, and destruction
Classification, safeguarding, dissemination, declassification, and destruction
Classification, marking, dissemination, downgrading, and destruction
Which volumes of DoDM 5200.01 provide guidance and direction on classification management, marking, protection, and handling requirements for classified information? Select all that apply.
Volume 1
Volume 2
Volume 3
Volume 4
All of the above
Unauthorized disclosure of _____________ information could reasonably be expected to cause serious damage to our national security.
Top Secret
Secret
Confidential
Unauthorized disclosure of _____________ information could reasonably be expected to cause exceptionally grave damage to our national security.
Unauthorized disclosure of _____________ information could reasonably be expected to cause damage to our national security.
What is the basic formula for granting access to classified information for individuals? Select all that apply.
Verify the individual’s eligibility determination
Determine the individual’s need-to-know
Acknowledge that the SF-312 has been executed
_____ is defined as the incorporating, paraphrasing, restating, or generating in new form any information that is already classified.
Original Classification
Derivative Classification
_____ is defined as an INITIAL determination that information requires, in the interest of national security, protection against unauthorized disclosure.
A derivative classifier may overrule an original classification determination if it is in the interest of national security.
True
False
When marking a classified document, the classifier must always start with which section?
The banner
The portions/paragraphs within the document
The classification authority block
If the banner marking is TOP SECRET, it is possible that some portion markings in that document can be U for Unclassified.
What information will you find in the Classification Authority Block on the front page of any classified document? Select all that apply.
Classified By
Post At
Derived From
Downgrade To (if applicable)
Declassify On
Who issues security classification guides?
Derivative classifiers
Original classification authorities
Security managers
What information does a security classification guide provide a derivative classifier? Select all that apply.
Classification level for each element of information to be protected
Reason for classification
Duration of classification and any applicable downgrading instructions
Special control notices
OCA contact information
You may store classified information in your locked desk drawer while you go to lunch as long as you cover it with the appropriate classified cover sheet.
If your office is preparing to undergo renovations for the next few months and you will not be able to store classified information according to the requirements as specified in DoDM 5200.01, Volume 3, which of the following should you request?
Waiver
Exception
Security Incident
When can Top Secret information be sent via the United States Postal Service (USPS)?
When Defense Courier Operations (DCO) is not available
When the information needs to be signed for
Never
While manuscripts, articles, theses, conference papers, briefings, brochures, and books must be sent to the Defense Office of Prepublication and Security Review (DOPSR) for review and approval before publishing, reports to Congress do not require prepublication review.
Your manager hands you a Top Secret document but you are only eligible for Secret access. If you think this is a security incident, what type of security incident do you think it is?
Infraction
Violation
Spillage
This is not a security incident because it was handed to you by your manager.
Your co-worker, Bob, did not place an SF-704, Secret classified document cover sheet, on a classified document while it was out of the security container. However, Bob did maintain positive control of the document until he returned to the security container. If you think this was a security incident, what type of security incident do you think it was?
This is not a security incident because Bob maintained positive control of the document.
The declassification system where the public can ask for classified information to be reviewed for declassification and public release
Scheduled Declassification
Automatic Declassification
Mandatory Declassification Review
Systematic Declassification
The declassification system where information exempted from automatic declassification is reviewed
The declassification system where an OCA sets a date or event for declassification
The declassification system where information is declassified when it is 25 years old
Where would you find approved destruction equipment?
Best Buy
GSA Catalog
NSA EPL
Amazon
The only type of acceptable document shredding is with a crosscut shredder.
The DoD workforce plays a vital role in ensuring the effectiveness of the DoD Information Security Program.
The unauthorized disclosure of Secret information could reasonably be expected to cause ____________________ to our national security.
Exceptionally grave damage
Serious damage
Damage
The unauthorized disclosure of Confidential information could reasonably be expected to cause ____________________ to our national security.
If a derivative classifier believes information to be improperly classified, they can _____________ the classification decision.
Challenge
Override
Ignore
Derivative classifiers are the individuals who generate or create new material based on existing classification guidance.
Why must all documents containing classified information be marked using a sequential process?
To mitigate confusion
To prevent marking errors
To prevent potential unauthorized disclosure
The classification authority block identifies the authority, the source, and the duration of classification determination.
Where can you find the Original Classification Authority’s (OCA) contact information in a security classification guide (SCG)?
On the cover of the SCG
On the last page of classification instructions of the SCG
The contact information for the OCA is not contained in the SCG
Where do the reasons for classifying certain items, elements or categories of information originally come from?
Executive Order 13526
Original Classification Authorities
Security Classification Guide (SCG)
What is required to access classified information? Select all that apply.
Need-to-know
Eligibility
Signed SF-312, Nondisclosure Agreement
Which of the following is an example of information technology that is authorized for storing classified information?
On a computer connected to the Non-classified Internet Protocol Router Network (NIPRNET)
On a computer connected to the Secure Internet Protocol Router Network (SIPRNET)
On a personal computer of an authorized individual
Which of the following are applicable when using a phone for classified conversations? Select all that apply.
Only use Secure Terminal Equipment (STE) phones
Be aware of your surroundings and who might be able to hear your end of the conversation
Know how to use your Secure Terminal Equipment (STE)
Which form is used to record the securing of vaults, rooms, and containers used for storing classified material?
SF-701 Activity Security Checklist
SF-702 Security Container Check Sheet
SF-700 Security Container Information
What type of security incident has occurred if an individual neglects to complete the SF702 after securing the container?
Security Infraction
Security Violation
Materials and work products submitted by Government, industry, and DoD civilians, contractors, and military members are subject to review by the Defense Office of Prepublication and Security Review (DOPSR) for public and controlled release.
If an individual fails to secure the Sensitive Compartmented Information Facility (SCIF) at the end of the day and, subsequently, unescorted cleaning personnel access the SCIF and see classified information, what type of security incident is this?
When information, in the interest of national security, no longer requires protection at any level, it should be:
Declassified.
Classified.
Unclassified.
Who has responsibility for the overall policy direction of the Information Security Program?
Director of the Information Security Oversight Office (ISOO)
Heads of Defense Agencies
Under Secretary of Defense for Intelligence (USD(I))
Heads of DoD Components
What type of declassification process is the review of classified information that has been exempted from automatic declassification?
The unauthorized disclosure of this type of information could reasonably be expected to cause serious damage to our national security.
Whose guidelines should you follow for the destruction of storage media such as thumb drives, zip drives, and computers?
National Security Agency
Local information systems personnel
The unauthorized disclosure of this type of information could reasonably be expected to cause exceptionally grave damage to our national security.
What is the process of making the initial decision that information could reasonably be expected to cause identifiable damage to national security called?
Compilation
Original classification
Derivative classification
All _____________ GSA-approved security containers must conform to Federal Specification FF-L-2740.
Handles on
Doors on
Locks for
In which order must documents containing classified information be marked?
Portion markings, banner markings, classification authority block
Banner markings, portion markings, classification authority block
Portion markings, classification authority block, banner markings
The name of the recipient of classified information must be included on which part(s) of the packaging?
Outer wrapped package
Inner wrapped package
On both the inner and outer wrapped packages
When are “Downgrade To” instructions listed in the classification authority block on documents containing classified information?
Always
As applicable
Requests for waivers and exceptions must identify the specific provision or provisions of the _________________for which the waiver or exception is sought.
DoD Information Security Manual
Security Classification Guide
Who references information from security classification guides (SCG) in order to classify information?
Both derivative classifiers and Original Classification Authorities
Access control measures detect and deter deliberate attempts to gain unauthorized access to classified information.
Spillage always requires an investigation to determine the extent of the compromise of classified information.
What type of security incident has occurred when classified data is introduced on an information system not approved for that level of information?
Security category
Who can be an Original Classification Authority (OCA)?
An individual authorized in writing, either by the President, the Vice President, or by agency heads or other officials designated by the President
All cleared personnel
nyone who works for the DoD
What type of declassification process is the set date or event, determined by the Original Classification Authority (OCA), which will occur within 25 years from the date of original classification?
The purpose of the DoD information security program is to _________________________. Select all that apply.
Demonstrate a commitment to transparency in Government
Classify as much government information as possible
Protect national security information
_________________ occurs in some circumstances when information that is individually unclassified, or classified at a lower level, may be classified, or classified at a higher level, only if the combined information reveals an additional association or relationship.
Contained in
Revealed by
What information is listed in the classification authority block on a document containing classified information? Select all that apply.
Which source the information in the document was derived from
Classification level to downgrade to at a certain point in time (as applicable)
Who created the classified document
Current classification level of the document
Date on which to declassify the document
Declassification is the authorized change in the status of information from classified to unclassified.
What are the authorized places for storing classified information? Select all that apply.
In a GSA-approved security container
In information technology systems authorized for classified information
In an authorized individual’s locked desk drawer
In an authorized individual’s head or hands
What do derivative classifiers use to identify specific items or elements of information to be protected?
Security Classification Guides (SCG)
A waiver is a permanent approved exclusion or deviation from information security standards.
Who issues security classification guides (SCG) for systems, plans, programs, projects, or missions?
What type of declassification process is a way for members of the public to request the review of specific classified information?
When not directly in an authorized individual’s possession, classified documents must be stored in a GSA-approved security container.
Who maintains listings of evaluated destruction products that have been tested and meet performance requirements for destroying classified information?
Department of Defense
The communication or physical transfer of classified information to an unauthorized recipient is ______________________?
Unauthorized Disclosure
None of the above
Who provides implementation guidance for the Information Security Program within the DoD?
What is the basic formula for granting access to classified information for individuals?
Determine the individuals need-to-know
If your office is preparing to undergo renovations for the next few months and you will not be able to store classified information according to the requirements as specified in DODM 5200.01, Volume 3, which of the following should you request?
Your co-worker, Hassel, did not place a SF-704 Secret classified document coversheet on a classified document while it was out of the security container. However, Bob did maintain positive control of the document until he returned to the security container. If you think this was a security incident, what type of security incident do you think it was?
This is not a security incident because Hassel maintained positive control of the document.
The only type of acceptable document shredding is with a cross-cut shredder.
Classification levels may be abbreviated (i.e., TS, S, C) in the banner of classified documents.
Joe Biden hands you a Top Secret document, but you are only eligible for Secret Access. If you think this is a security incident, what type of security incident do you think it is?
This is not a security incident, he is the president.
When classified information is in an authorized individual’s hands, why should the individual use a classified document cover sheet? Select all that apply.
To alert holders to the presence of classified information
To prevent inadvertent viewing of classified information by unauthorized personnel
To record the removal of classified information from a GSA-approved security container
What is the first step an Original Classification Authority (OCA) must take when originally classifying information?
Determine if the unauthorized disclosure of information could result in damage to our national security.
Determine if the information falls in an authorized classification category and not on the prohibited list in Executive Order 13526.
Determine if the information is official government information.
Which level of classified information may be transported via USPS mail? Select all that apply.
If Travis inserts a thumb drive containing classified information on a computer in the office that is not part of the classified information system, what type of security incident is this?
Cleared U.S. military, civilian employees, or contractors may hand carry which type of classified information?
The unauthorized disclosure of Top Secret information could reasonably be expected to cause ____________________ to our national security.
