Insider Threat Awareness Exam
Consider the following scenarios. Which behaviors must be reported?
*A co-worker is suddenly acting erratically and keeps saying people are following him. (Correct) *A co-worker is seen taking a box marked CONFIDENTIAL to his car. (Correct)
Several employees notice Pal exhibiting potential risk indicators. Who is responsible for reporting the potential threat?
*Human Resources (Correct) *Leadership personnel (Correct) *Security Personnel (Correct) *Coworkers (Correct)
Robb is a DOD employee. He knows he must report potential threats. Which of the following must he report? (Select all that apply)
*Unauthorized disclosure of classified information (Correct) *Foreign contacts (Correct) *Efforts to compromise individuals with national security eligibility. (Correct)
Which of the following scenarios describe a potential insider threat?
-An employee takes a photo at their desk and posts it to social media. Documents marked CONFIDENTIAL are visible in the photo (Correct) -An engineer regularly leaves their security badge in their desk and relies on others to let him in the building. (Correct) -A project manager at a cleared facility accidentally takes home a document marked Controlled Unlassified Information (CUI). (Correct)
Consider the following. What must contractors report?
-Events that impact the status of the facility (Correct) -Events that impact the status of an individual's personnel security clearance (Correct) -Anything that affects the proper safeguarding of classified/proprietary information. (Correct) -Indications that classified/proprietary information has been lost or stolen. (Correct)
Consider the following scenarios. Which are behavioral indicators that must be reported?
Fatima asked her coworkers about overtime. She told them she is in excessive debt and is looking to quickly make extra money. (Correct) Bill disregards security procedures and protocols regularly. He often piggybacks into the building and leaves sensitive materials out in the open. (Correct)
Tim is experiencing a lot of stress. His engagement was called off, and he was denied a promotion at his work. He recently purchased an expensive car. What potential insider threat risk indicators does Tim exhibit? (Select all that apply)
Financial issues: He purchased a sports car. (Correct) Personal issues: His engagement was called off. (Correct) Professional Issues: He didn't get the promotion he wanted. (Correct)
Consider the following scenarios. Which behaviors must be reported?
Frank suddenly started drinking a lot. He often shows up to work intoxicated and falls asleep at this desk. (Correct) Nissrine copies all information she can get her hands on, including classified information. She files it away in a locked storage unit. (Correct)
Kathryn is an avid fanticy football fan and contributes $20 to a pool every week where the winner takes all. She drinks moderately on the weekends. Based on this information, must she be at increased risk of becoming an insider threat?
No, The information provided is not subjective enough to indicate a gamboling or alcohol addiction. (Correct)
Your agency was the target of sabotage. Who is responsible for reporting the potential threat?
Security Personnel (Correct) Employees (Correct) Leadership personnel (Correct) Human Resources (Correct)
Carmen has been drinking a lot. She knows it's becoming a problem but she's having a hard time stopping on her own. What can Carmen do to help reach a positive outcome?
Contact the Employee Assistance Program (EAP) (Correct)
Which of the following scenarios may be indicative of adversarial targeting? (Select all that apply)
During a conference overseas, a researcher's laptop is stolen. (Correct) A scientist at your facility receives an unsolicited request to review a research paper. (Correct) Your company's sales department receives a purchase request from an unknown vendor. (Correct)
Consider the following scenarios. Which may indicate an insider threat vulnerability?
Hema is a DOD engineer. She asks her coworker to grant her access to classified systems though she does not have a need-to-know. (Correct) Shawn works in facilities management for a cleared defense contractor. His coworkers complain that he doesn't think the rules apply to him. He has been written up several tis for violating security procedures and protocols. (Correct)
Victoria believes her facility is being targeted by a potential adversary. What could she have experienced or observed to believe this?
Her facilities cybersecurity tools indicate suspicious network activity. (Correct)
Jorge's facility received a warning that facilities with their capabilities are at higher risk of adversarial targeting. What types of information at Jorge's facility do adversaries target?
Information related to the facility's methodology, capabilities, and limitations. (Correct) Personnel lists and facility locations (Correct) Countries the facility works with (Correct)
Robb is a DOD employee. He was targeted by a foreign collection attempt. To whom should Robb report a potential threat?
Insider Threat Program (Correct)
Theo is a DOD employee. He shared with his co-worker that he recently ended his engagement. He purchased an expensive car and is moving across the country. To whom should his coworker report this behavior?
Insider Threat Program (Correct)
Paul works for a cleared defense contractor and has been granted a Top Secret Security eligibility. His coworkers observe him speaking on his personal cell phone in a Sensitive Compartmented Information Facility (SCIF). To whom should his coworkers report this behavior?
Insider Threat Program Senior Official (ITPSO) or Facility Security Officer (FSO) (Correct)
Pauline works or a cleared defense contractor and has been granted Secret eligibility. Her coworkers observedher using a flash drive without authorization. She also sought classified data without the need-to-know. To whom should her coworkers report this behavior?
Insider Threat Program Senior Official (ITPSO) or Facility Security Officer (FSO) (Correct)
Rafael works for a cleared contractor. He was tarted by a foreign collection attempt. To whom should Rafael report a potential threat?
Insider Threat Program Senior Official (ITPSO) or Facility Security Officer (FSO) (Correct)
Rose is a federal agency employee. She was targeted by a foreign collections attempt. To whom should Rose report a potential threat?
Insider Threat Program, security office, or supervisor (Correct)
Rachel is a Federal employee. She was targeted via social media and asked to provide classified and proprietary information about her work. To whom should she report the contact?
Insider Threat Program, security officer, or supervisor (Correct)
Tanya is a DOD employee. She recently left her husband and moved in with a man she met online. She is arriving at work "Dazed" and showing signs of potential drug abuse. She confided in a coworker that she's having trouble paying off a large gamboling debt. To whom should her coworker report this behavior?
Insider Threat Program. (Correct)
Ross is a federal employee. He was targeted. at a conference and asked to contribute classified and proprietary information to a research project. To whom should he report the contact?
Insider threat program, security officer, or supervisor (Correct)
Which of the following is true about insider threats?
Insider threats can include employees, vendors, volunteers, and anyone with authorized access to U.S. Government resources. (Correct)
Which of the following scenarios are considered a potential insider threat vulnerability? (Select all that apply)
John's disgruntlement with his employer is well known to his coworkers. He regularly displays negligence by ignoring his job responsibilities and not completing his work duties. (Correct) Diane works extra hours to cover her gambling addition. (Correct)
Several employees noticed Paul exhibiting potential risk indicators. Who is responsible for reporting the potential risk?
Leadership personnel (Correct) Security Personnel (Correct) Human Resources (Correct) Coworkers (Correct)
Consider the following scenarios. Which are required to be reported?
Leo was rushed to make a deadline and bypassed security rules to fininsh on time (Correct).
Tony is stressed out about his contract ending and is worried about finding a new job. He is missing meetings and snapping at co-workers. What should Tony's boss do to create a better outcome for Tony and the organization?
Refer him to the Employee Assistance Program (EAP) (Correct)
Julien is a DOD program manager. He recently accepted a friend request from a woman on social media. The messages started out unrelated to Julien's work. The woman's messages quickly shifted when she started complaining about her job and offering details about her work. Over time, Julien and the women started talking more and more about their work. The women is now sending messages asking increasingly direct questions about Julien's work. What should Julien do and why?
Report it, as the woman may be part of a broader effort to gather information about DOD programs. (Correct)
Jack works for a cleared defense contractor. He recently purchased a large, expensive home well outside the price range of his salary. It is a significant upgrade from his previous home, and it is unclear how he was able to make such a large purchase. What should his coworkers do?
Report it. Financial concerns are a potential risk indicator. (Correct)
Samara is a DOD employee. A coworker recently discovered that she stays much later than usual, often working hours later than the rest of her team though her team is not authorized to work additional hours or overtime. What should her coworkers do?
Report it. It is everyone's responsibility to report concerning behavior. (Correct)
Justin is upset that he wasn't assigned the new radar project. He is very interested in the technology. He constantly asks his teammate Claire to share classified, project-related formation with him, though he is not on the project and doesn't have a need-to-know. What should Claire do?
Report it. Seeking classified information without a need-to-know is a reportable behavioral indicator. (Correct)
Farrah hears a co-worker, upset with his boss, sat, "If I had a gun, I would shoot her!" What should Farrah do and why?
Report it. Threatening violence is a reportable behavioral concern. (Correct)
Sun works for a private cleared defense contractor. Her facility recently experienced suspicious network activity... Could the facility be the victim of adversarial targeting? Why or why not?
Yes, adversaries target both public and private organizations (Correct)
A coworker states that she and her husband are facing foreclosure, and she doesn't know what to do. How can to help your coworker reach a better outcome?
Suggest that she contact the Employee Assistance Program (EAP) (Correct)
Which of the following scenarios describes individuals who may pose a potential insider threat, based on the National Insider Threat Task Force (NITTF) definition?
Susan works in sanitation for a cleared defense contractor. She has not been granted national security eligibility. (Correct) Jin is a vendor for the DOD. He has not been granted national security eligibility, but often visits cleared facilities. (Correct) Maria is a project manager for a cleared defense contractor. She has been granted Secret eligibility. (Correct)
Sarah is a scientist at a cleared defense contractor. She received a letter asking her to submit a paper related to research on satellite technology that has both military and civilian uses, Sarah reported the request. Why would she have done so?
This type of request could be an adversaries attempt to collect information. (Correct) She needs to verify that she can submit all requested information. (Correct)
Susan regularly violates her organization's security policies. She has trouble getting along with her coworkers. She has been written up for personnel issues and security violations several times. Based on this information, might she be at increased risk of becoming an insider threat? Why or why not?
Yes, Susan's consistent violations of security policies and her difficulty in maintaining positive relationships with coworkers are predispositions frequently associated with potential risk indicators of insider threat. (Correct)
Patricia's facility conducted Insider Threat training for everyone in the facility. They stressed that everyone in an organization is responsible for security. Is everyone responsible for reporting concerning behavior and potential threats? Why or why not?
Yes, because Insider Threat programs rely on everyone to report concerning behavior to get a fuller picture of potential threats. (Correct)
Marion is a DOD program manager. She has worked in her department longer than anyone else on her team. She believes her seniority exempts her from security procedures and protocols and routinly violates them. Should her team report her? Why or why not?
Yes, disreguard for security procedures and protocols is a reportable behavorial indicator. (Correct)
Following a conference, Jacqueline, a DOD contractor, received repeated emails from another attendee requesting specific information about the technology that Jacqueline presented on. Jacqueline blocked the other attendee's communications. Should she report this? Why or why not?
Yes, she should report this to her Facility Security Officer (FSO) as a potential collection attempt. (Correct)
Mateo purchased a home with the intention of flipping it. The housing market shifted before he was able to sell putting him in significant debt. Based on this information, is Mateo at increased vulnerability of insider threat? Why or why not? (Select a that apply)
Yes, significant debt is a known stressor that may increase insider threat vulnerability. (Correct)
Johan is a janitor at a DOD facility. He does not have national security eligibility determination. When he is working near the building entrances, he often opens the door for everyone entering. Does this pose an insider threat as defined by the NITTF? Why or why not?
Yes, the incident does meet the definition because Johan is using his authorized access and may cause damage by violating security procedures. (Correct)
Julia is an engineer for a cleared defense contractor. She took files home from work and realized she accidently included a file marked SECRET. Does this incident pose an insider threat as defined by the National Insider Threat Task Force (NITTF)? Why or why not?
Yes, the incident meets the definition because Julia has authorized access, and her intention is irrelevant. (Correct)
