CHAPTER 4: PROTECTION OF SENSITIVE INFORMATION Flashcards by Robert Harkort

The purpose for employing an access control program includes:

a. To protect persons, materials, or information
b. To slow or speed up the rate of movement to, from, or within an establishment
c. To permit or deny entrance
d. Both a and c
e. All of the above

How well did you know this?

Not at all

Perfectly

Identification and access control systems have the widest application of:

a. Manual identification systems
b. Magnetic readers
c. Biometric-based systems
d. Dielectric readers
e. None of the above

How well did you know this?

Not at all

Perfectly

The performance requirements of any trustworthy system of identification include:

a. Resistance to surreptitious substitution or counterfeiting
b. Reliability
c. Validity
d. Both b and c
e. All of the above

How well did you know this?

Not at all

Perfectly

A general defect of manual identification systems is that:

a. Many are made of plastic
b. Many do not have biometric characteristics on them
c. Once issued, they tend to remain valid indefinitely
d. They lack identifying colors
e. None of the above

How well did you know this?

Not at all

Perfectly

Any formula, pattern, device, or compilation of information that is used in one’s business and that gives you an opportunity to gain an advantage over competitors who do not use it or know about it is:

a. A patent
b. A trade secret
c. A monopoly
d. Copyrighted material
e. None of the above

How well did you know this?

Not at all

Perfectly

What is most likely the main reason for loss of sensitive information?

a. Industrial espionage
b. An employee’s loose lips
c. Inadvertent disclosure
d. Deliberate theft by an outsider
e. Both b and c
f. None of the above

How well did you know this?

Not at all

Perfectly

Which of the following should be part of an effective information security program?

a. Preemployment screening
b. Nondisclosure agreements from employees
c. Employee awareness programs
d. Policy and procedural statements on the recognition, classification, and handling of sensitive information
e. All of the above

How well did you know this?

Not at all

Perfectly

The primary tool of preemployment screening is the:

a. Application form
b. Interview
c. Polygraph
d. Investigator performing the interview

How well did you know this?

Not at all

Perfectly

Which of the following is generally not allowed to be disclosed on an employment questionnaire?

a. Current residence
b. References
c. Prior employment
d. Prior arrests
e. None of the above

How well did you know this?

Not at all

Perfectly

To be within the definition of a trade secret, sensitive information must meet which of the following criteria?

a. Individuals to whom it is disclosed must know that it is secret.
b. It must be identifiable.
c. It must not be already available in public sources.
d. There must be some obvious indication that the owner is attempting to prevent its unauthorized disclosure.
d. a, c, and d.
e. All of the above.

How well did you know this?

Not at all

Perfectly

According to the “restatement of the law of torts,” a trade secret is:

a. All information about a company that the company desires to protect
b. Any formula, pattern, device, or compilation of information that is used in one’s business and that gives that business an opportunity to gain an advantage over competitors who do not know or use it
c. Information about a company that is registered with the US Patent Office
d. Both a and b
e. All of the above

How well did you know this?

Not at all

Perfectly

A trade secret may be:

a. A formula for a chemical compound
b. A process of manufacturing materials
c. A pattern for a machine
d. A list of customers
e. All of the above

How well did you know this?

Not at all

Perfectly

The characteristics of a trade secret as compared with other confidential information are:

a. Those business secrets that have been duly registered pursuant to the requirements of law
b. Continuous or consistent business applications of a secret not known to others, from the use of which some advantage is
gained by the user
c. Those business secrets that are fully protected in accordance with the Federal Privacy Act
d. Both a and c
e. All of the above

How well did you know this?

Not at all

Perfectly

Which of the following is generally not true in regard to trade secrets?

a. The more a business narrowly defines what it regards as a secret, the easier it is to protect that body of information.
b. It is difficult to protect a trade secret that can be found in publicly accessible sources.
c. Secret information does have to be specifically identifiable.
d. Secret information must be effectively protected.
e. None of the above.

How well did you know this?

Not at all

Perfectly

In regard to a trade secret, it may be decided that its disclosure by another was innocent, rather than wrongful, even in the case
where the person making the disclosure really was guilty of malice or wrong intent. This situation may occur when:

a. The trade secret was not registered
b. The trade secret did not involve national defense information
c. The trade secret was not in current use
d. There is absence of evidence that an owner has taken reasonable precautions to protect confidential information
e. All of the above

How well did you know this?

Not at all

Perfectly

Proprietary information is:

a. Private information of a highly sensitive nature
b. Information that must be classified according to executive order of the US government
c. Sensitive information that is classified under federal regulations
d. Anything that an enterprise considers relevant to its status or operations and does not want to disclose publicly
e. None of the above

How well did you know this?

Not at all

Perfectly

The class of person under a duty to safeguard a proprietary secret is known as:

a. Agent
b. Proprietary security employee
c. Fiduciary
d. Business associate
e. None of the above

How well did you know this?

Not at all

Perfectly

It is important for employees to know whether confidential information is a trade secret, or some other confidential material, because:

a. If it is a trade secret, the employee may be prevented from disclosing it by injunction
b. If it is not a trade secret and it is disclosed, the employer must take action after the disclosure and must be able to prove some
actual damage in order to recover
c. If it is not a trade secret, the information, once disclosed, is no longer defendable
d. If it is not a trade secret, the information, once disclosed, cannot be further prevented from disclosure by an injunction
e. All of the above

How well did you know this?

Not at all

Perfectly

Which of the following is not a correct statement as a general rule involving the protection of proprietary information?

a. As a class, employees are the largest group of persons bound to secrecy because of their status or relationship.
b. By operation of common law, employees are presumed to be fiduciaries to the extent that they may not disclose secrets of their employers without authorization.
c. Other than the employees, any other persons to be bound to secrecy must agree to be so bound.
d. Any agreements to be bound must always be in writing and are not implied from acts.

How well did you know this?

Not at all

Perfectly

To effectively involve the law for the protection of sensitive information, the owner of the proprietary information must be able
to show “objective indications of attempts to protect secrecy.” Which of the following has been recognized in the past as such an
indication?

a. Use of warning signs to alert employees to sensitive data and the places where it is stored
b. Separately storing sensitive information in security containers with the appropriate security precautions
c. Special instructions providing a “need-to-know” basis
d. Restrictions to nonemployee access to places containing sensitive information
e. All of the above

How well did you know this?

Not at all

Perfectly

Which of the following should be made part of a proprietary information protection program?

a. Preemployment screening
b. Effective perimeter control system
c. Execution of patent and secrecy agreement
d. Paper and data control
e. Both a and c
f. All of the above

How well did you know this?

Not at all

Perfectly

In designing a proprietary information protection program, the area of greatest vulnerability is:

a. Personnel files
b. Employees
c. Computers
d. Marketing data
e. Perimeter boundaries

How well did you know this?

Not at all

Perfectly

In devising proprietary information procedures, which of the following is considered to be a main area of paper or document
vulnerability?

a. Comprehensive paper controls
b. A technical report system
c. Control and issue of notebooks
d. All of the above
e. None of the above

How well did you know this?

Not at all

Perfectly

When a loss of proprietary information is discovered, which of the following steps should be taken first?

a. Attempt to recover the material
b. Attempt to apprehend the perpetrators
c. Assess economic damage
d. Reevaluate the protection system
e. All of the above

How well did you know this?

Not at all

Perfectly

Which of the following would not be considered in the trade secret category? a. Salary data b. Market surveys c. Personnel matters d. Customer usage evaluations e. All of the above

Litigations concerning former employees involving trade secrets have some problems. Which of the following is considered to be such a problem? a. The cost of litigations is too high, and the owner of the trade secret may lose b. Litigation is a waste of time c. The owner of the trade secret may have to expose the information that is being protected d. Both a and c e. All of the above

A trash cover is: a. A sealed cover on a trash container b. The process of examining one’s trash for information c. Placing the company’s trash in a locked container d. Both a and c e. All of the above

Sound waves too high in frequency to be heard by the human ear, generally above 20 kHz, are known as: a. High-frequency sound waves b. Microwave waves c. Ultrasonic waves d. Short-frequency sound waves e. None of the above

The process of combining a number of transmissions into one composite signal to be sent over one link is called: a. Transmission integrity b. Communication integration c. A demultiplexer d. Multiplexing e. None of the above

Which of the following applies to the laser as a means of communication? a. Line-of-sight transmission is necessary. b. Poor weather conditions interfere with the beam. c. It is practically impossible to intercept the beam without detection. d. Both a and c. e. All of the above.

Which of the following is not correct in regard to microwave transmissions? a. Microwave signals penetrate fog and snow. b. Microwave signals are transmitted in short radio waves. c. A large number of microwave signals can be transmitted. d. Microwave signals travel in curved lines. e. Microwave signals are not affected by ordinary manmade noise. f. None of the above.

Electromagnetic radiation is detectable electromagnetic energy that is generated by electronic information processing devices. Which of the following is used to protect very sensitive equipment? a. A current carrier device b. Pneumatic cavity shielding c. Tempest shielding d. Pen register shielding

The practice of preventing unauthorized persons from gaining information by analyzing electromagnetic emanations from electronic equipment is often termed: a. Bugging b. Veiling c. Tempest d. All of the above e. None of the above

A term used to indicate a method of disguising information so that it is unintelligible to those who should not obtain it is: a. Interconnection decoy b. Multiplexing c. Scrambling d. Mixed signal e. None of the above

The most secure scrambler in common use is the: a. Frequency inverter b. Decoder c. Laser beam d. Vocoder e. None of the above

The method used to monitor telephone calls by providing a record of all numbers dialed from a particular phone is called: a. Electronic surveillance b. Phone bug c. Wiretap d. Pen register e. None of the above

A small hidden microphone and a radio transmitter are generally known as: a. A wiretap b. A bug c. A beeper d. Electronic surveillance e. All of the above

A specially constructed microphone attached directly to an objector surface to be protected, which responds only when the protected object or surface is disturbed, is known as a: a. Parabolic microphone b. Special audio microphone c. Contact microphone d. Surreptitious microphone e. None of the above

A microphone with a disklike attachment that is used for listening to audio from great distances is known as a(n): a. Contact microphone b. Parabolic microphone c. Ultrasonic microphone d. Both a and c e. None of the above

A microphone that is installed on a common wall adjacent to the target area when it is impractical or impossible to enter the target area is known as a: a. Carbon microphone b. Parabolic microphone c. Contact microphone d. Dynamic microphone e. None of the above

Which method of protection against telephone line eavesdropping is most reliable? a. Don’t discuss sensitive information b. Use a radio jammer c. Use encryption equipment d. Both a and c e. Use an audio jammer

The unauthorized acquisition or dissemination by an employee of confidential data critical to his or her employer is known as: a. Embezzlement b. Larceny c. Industrial espionage d. Burglary e. False pretenses

The term eavesdropping refers to: a. Wiretapping b. Bugging c. Trash cover d. Both a and b e. All of the above

Which of the following methods could be used as a form of eavesdropping using a telephone instrument? a. Wiring can be altered so the handset or receiver will act as an open microphone. b. A radio transmitter can be concealed in the mouthpiece. c. The infinity transmitter can be used. d. Both b and c. e. All of the above.

A microphone that requires no power source, is very small, and is difficult to detect has the characteristics of a(n): a. Contact microphone b. Parabolic microphone c. Dynamic microphone d. Infinity microphone e. None of the above

Installation of a wireless radio eavesdropping device usually consists of the following: a. Transmitter and receiver b. Power supply c. Antenna d. Microphone e. Both a and d f. All of the above

The frequency range best suited for a wireless microphone because it provides better security and lower interference is: a. 25–50 mHz b. 88–104 mHz c. 88–120 mHz d. 150 –174 mHz e. None of the above

The control software of a private board exchange (PBX) can be accessed and compromised by calling the telephone number of a device on the PBX from a computer and modem. The name of this PBX device is the: a. Internal and remote signal port b. Current carrier signaling port c. Time-domain reflectometer d. Remote maintenance access terminal e. None of the above

Which of the following is not true regarding electronic eavesdropping? a. An effective countermeasure to detect evidence of electronic eavesdropping in telephone equipment should be conducted by a person who is technically familiar with such equipment. b. An effective countermeasure would be to conduct a physical search as well as an electronic search. c. All wiring should be traced and accounted for. d. A listening device installed in a wire will cause a crackling sound, click, or other noise that can be heard on the line. e. None of the above.

The first federal legislation that attempted to regulate electronic surveillance in the United States was enacted by Congress in: a. 1910 b. 1924 c. 1934 d. 1968 e. 1971

The manufacture, distribution, possession, and advertising of wire or oral communication interception devices is prohibited by: a. The First Amendment b. The Fourth Amendment c. The Federal Communications Act of 1934 d. The Omnibus Crime Control and Safe Streets Act of 1968 e. The FBI

The criminal punishment for violation of the wiretapping phases of the Omnibus Crime Control and Safe Streets Act of 1968 is: a. A $10,000 fine b. 6 months in jail and/or a $5000 fine c. 1 year in jail and/or a $10,000 fine d. 5 years in prison and/or a $10,000 fine e. None of the above

Which of the following is not a requirement under the Omnibus Crime Control and Safe Streets Act of 1968 before a court may give permission for an electronic surveillance? a. The identity of the offender should be stated. b. The crime must be any felony under federal law. c. The place and location of the electronic surveillance must be stated. d. Initial approval must be granted by the attorney general of the United States or by a specially designated attorney general. e. All of the above.

Which of the following is provided for by the Omnibus Crime Control and Safe Streets Act of 1968? a. It prohibits wiretapping or bugging unless a party to the intercepted conversation gives consent. b. It prohibits the manufacture and distribution of oral communication interceptor devices. c. Nonfederal law enforcement representatives are denied the right to make use of electronic surveillance unless there is a state statute permitting it. d. Both a and b. e. All of the above.

Title III of the Omnibus Crime Control and Safe Streets Act of 1968 requires that an approval for electronic surveillance must be obtained from the: a. Chief justice of the Supreme Court b. Director of the FBI c. Attorney general of the United States or any specially designated assistant attorney general d. Director of the CIA e. All of the above

Criminal violations involving theft of trade secrets could be covered by: a. Statutes on theft of trade secrets b. Bribery statutes involving trade secrets c. Statutes on receipt of stolen property d. Statues on criminal conspiracy e. All of the above

The public statute passed to protect personal information in possession of federal agencies is: a. The Espionage Statute b. The Unauthorized Disclosure Act c. The Omnibus Crime Control Act d. The Privacy Act of 1974 e. None of the above

The Privacy Act of 1974 provides which of the following safeguards? a. Permits individuals to gain access to certain information pertaining to themselves in federal agency records b. Permits individuals to determine what records pertaining to themselves are collected and maintained by federal agencies c. Permits individuals to prevent certain records pertaining to themselves from being used or made available for another purpose without their consent d. Requires federal agencies to be subject to civil suits for any damages that may occur as a result of willful or intentional action that violates an individual’s rights under the Privacy Act of 1974 e. All of the above

Which of the following would not be permitted to review a student’s record according to the Family Educational Rights and the Privacy Act of 1974? a. Law enforcement officials b. Other school officials c. The school’s registrar’s office d. All of the above e. None of the above

Which of the following characteristics pertains to a good information management program? a. An employee education program for those who utilize the classification system b. Limited number of individuals who can initiate classification of information c. Limitation of the duration during which the classification will remain in effect d. All of the above e. None of the above

What are the three most common methods of information loss to be guarded against? a. Newspaper articles, magazine articles, television b. Employee payroll, personnel matters, market surveys c. Theft by an insider, inadvertent disclosure, industrial espionage d. Employee hirings, magazine articles, industrial espionage e. None of the above

The elements of an information security program include: a. Informing employees that the information is to be protected b. Establishing the use of patent or nondisclosure agreements c. Designation of certain information as sensitive d. Providing the means for employees to protect sensitive information e. All of the above

Which of the following statements is not true in regard to an information security program? a. The information security program is an attempt to make theft of sensitive information difficult, not necessarily to eliminate it. b. The protection afforded against losses by either internal or external sources is, at best, limited. c. A good information security program will provide total protection from industrial espionage. d. A trust relationship must be established and maintained with employees. e. The goodwill and compliance of employees is crucial for success.

Vital records normally constitute what percentage of the company’s total records? a. 2% b. 5% c. 10% d. 15% e. 20%

Which of the following is considered to be an approved method of protecting vital records? a. On-site storage in vaults or safes b. Protection of original vital records c. Natural dispersal within an outside organization d. Planned dispersal of copies of vital records e. All of the above

The term social engineering is: a. A function of the personnel department in which like persons are teamed together in workshops or seminars for maximum productivity b. The subtle elicitation of information without revealing the true purpose of the call c. The specific design of a business structure to facilitate the interaction of the inhabitants d. Both a and c e. None of the above

Competitive intelligence gathering is a legitimate activity that is engaged in by many firms throughout the world. The most important function of competitive intelligence is to: a. Alert senior management to changes in protocol in foreign countries b. Alert senior management as to the personal habits of competitive senior management c. Alert government intelligence agencies to marketplace changes d. Alert senior management to marketplace changes in order to prevent surprise e. All of the above

The Secretary of Defense is not authorized to act on behalf of the following agency or department in rendering industrial security services: a. Department of Commerce b. Central Intelligence Agency c. Department of Justice d. Department of Labor e. None of the above

The overall policy guidance for the Defense Industrial Security Program is provided by: a. The Federal Bureau of Investigation b. The Deputy Undersecretary of Defense for Policy c. The Assistant Chief of Staff in Intelligence d. The Defense Intelligence Agency e. None of the above

The Defense Industrial Security Program on behalf of all user agencies is administered by the: a. Director, Defense Investigative Service b. Comptroller, Assistant Secretary of Defense c. Deputy Undersecretary of Defense for Policy d. Defense Industrial Security Clearance Office e. None of the above

71. The executive order that applies to classified information is: a. E.O. 1044 b. E.O. 1066 c. E.O. 12065 d. E.O. 12523 e. E.O. 14084

A controlled area established to safeguard classified material that, because of its size or nature, cannot be adequately protected by other prescribed safeguards is termed to be: a. A restricted area b. A classified area c. A closed area d. A limited area e. None of the above

The DIS regional office under the support of the director of industrial security that has jurisdiction over the geographical area in which a facility is located is called the: a. Regional Security Office b. Division Security Office c. Clearance Office d. Cognizant Security Office e. None of the above

Technical and intelligence information derived from foreign communications by other than the intended recipient is known as: a. Restricted data b. Communications intelligence c. Classified security matters d. Highly confidential e. None of the above

The designation that should be applied to information or material showing unauthorized disclosure that could reasonably be expected to cause damage to national security is: a. Restricted b. Top secret c. Confidential d. Unauthorized disclosure e. None of the above

Technical information used for training, maintenance, and inspection of classified military munitions of war would be classified as: a. Restricted b. Classified c. Top secret d. Confidential e. Cosmic

A designation or marking that identifies classified operational keying material and that indicates the material requiring special consideration with respect to access, storage, and handling is: a. Cosmic b. Special c. Crypto d. Communications intelligence e. Red flagged

The portion of internal security that is concerned with the protection of classified information in the hands of US industry is called: a. Information security b. Classified security c. National security d. Industrial security e. Communications security

The result of any system of administrative policies and procedures for identifying, controlling, and protecting from unauthorized disclosure of information and is authorized by executive order or statute is called: a. Computer security b. Industrial security c. Personnel security d. Communications security e. Information security

An administrative determination that an individual is eligible for access to classified information is: a. Personnel security clearance b. Industrial security clearance c. National security clearance d. Communications security clearance e. None of the above

The combinations to safes, containers, and vaults should be changed: a. Every 3 months b. Every 4 months c. Every 6 months d. Every 9 months e. Every year

The designation that shall be applied only to information or material unauthorized disclosure of which could reasonably be expected to cause serious damage to national security is: a. Restricted b. Secret c. Confidential d. Top secret e. Unauthorized disclosure

Information regarding the revelation of significant military plans or intelligence operations should be classified as: a. Restricted b. Secret c. Confidential d. Top secret e. Cosmic

The designation that should only be applied to information or material unauthorized disclosure of which could reasonably be expected to cause exceptionally grave damage to national security is: a. Restricted b. Secret c. Confidential d. Top secret e. Cosmic

Information that could lead to the compromise of vital national defense plans or complex cryptologic and communications intelligence systems should be classified: a. Restricted b. Secret c. Confidential d. Top secret e. Cosmic

Regulations of the Department of Defense require that the contractor shall establish such procedures as are necessary to ensure that any employee discovering the loss, compromise, or suspected compromise of classified information outside a facility promptly reports to: a. The Defense Intelligence Agency b. The Defense Industrial Security Clearance Office c. The nearest FBI office d. Comptroller, Assistant Secretary of Defense e. The Industrial Security Office

Defense Department regulations require the identification card of a defense contractor to include a: a. Distinctive color coding b. Thumbprint c. Photograph of the holder d. Symbol code e. All of the above

Which of the following should definitely not appear on the identification card of employees of defense contractors? a. Distinctive color coding b. Symbol code c. Top secret or secret d. Confidential e. Both c and d f. All of the above

No invitation, written or oral, shall be given to a foreign national or to a representative of a foreign interest to attend any session of a meeting sponsored by a Department of Defense activity until: a. A full field investigation has resulted in the necessary security clearance b. Approval for attendance has been received from the sponsoring activity c. The Department of the State has given approval d. The CIA has given approval e. None of the above

The basic document for conveying to the contractor the classification and declassification specifications for a classified contract is: a. Form DD-254 b. Form DD-441 c. Form DD-482 d. Form DD-562 e. Form DD-1541

A document that is classified “confidential” shall exhibit the marking at: a. The top of the page b. The bottom of the page c. The right-hand side of the page d. The left-hand side of the page e. Both the top and bottom of the page

Unclassified material should: a. Be marked “unclassified” at the top of the page b. Be marked “unclassified” at the bottom of the page c. Be marked “unclassified” at the top and bottom of the page d. Be marked “unclassified” anywhere on the page e. Have no marking

An unclassified document that is attached to a classified document should have a notation stating: a. “Classified same as enclosure” b. “Treat as classified” c. “Unclassified when separated from classified enclosure” d. No notation needed e. None of the above

Whenever classified information is downgraded, declassified, or upgraded, the material shall be promptly and conspicuously marked to indicate: a. What was changed b. The date it was changed c. The identity of the person taking the action d. All of the above e. None of the above

Foreign classified material should be marked in accordance with instructions received from: a. The Defense Intelligence Agency b. The foreign contracting authority c. The FBI d. The Industrial Security Office e. None of the above

Department of Defense regulations regarding the protection of classified information requires that defense contractors maintain accountability of top secret information for a minimum time of: a. 1 year b. 2 years c. 3 years d. 4 years e. 5 years

When not in use, top secret information should be stored in a: a. Class A vault b. Class B vault c. Class C vault d. Class D vault e. Class E vault

Which of the following is prohibited by the Department of Defense regulations regarding the method of transmitting top secret information outside a facility? a. Electronic means in a crypto system b. Armed Forces Courier Service c. Designated courier that has been cleared d. US Postal Service e. Specifically designated escort

Secret information can be transmitted by which of the following means according to Department of Defense regulations? a. Designated courier that has been cleared b. US Registered Mail c. Armed Forces Courier Service d. Both a and c e. All of the above

Department of Defense regulations indicate that destruction of classified information can be accomplished by: a. Melting b. Burning c. Mutilation d. Chemical decomposition e. All of the above

Which of the following has the appropriate security clearances in the destruction of top secret and secret information according to Department of Defense regulations? a. Two employees of the defense contractor b. Three employees of the defense contractor c. Four employees of the defense contractor d. One employee of the Department of Defense and two employees of the defense contractor e. None of the above

According to Department of Defense regulations, if classified material is removed from the facility for destruction, it should be destroyed: a. The same day it was removed b. Within 2 days c. Within 3 days d. Within 1 week e. Within 10 days

According to Department of Defense regulations, to be eligible for a personnel security clearance for confidential information, the following age must be attained: a. 16 b. 18 c. 20 d. 21 e. 25

According to Department of Defense regulations, the security clearance of a contractual employee shall be effective for: a. 6 months b. 1 year c. 2 years d. 5 years e. As long as he or she is employed by the contractor

According to Department of Defense regulations, the following are not eligible for a personnel security clearance: a. All foreign nationals b. All foreign nationals except those granted reciprocal clearances c. Only foreign nationals that are from a communist country d. Only foreign nationals that are under 16 e. None of the above

A facility security clearance should not be granted to contractor activities: a. In Puerto Rico b. In facilities determined to be under foreign ownership, control, or influence c. In US trust territories d. Both a and c e. All of the above

For personnel security clearances required in connection with a facility security clearance, applications shall be submitted to the: a. Defense Intelligence Agency b. Industrial Clearance Office c. Contracting officer d. Cognizant Security Office e. Central Intelligence Agency

According to Department of Defense regulations, “interim” personnel security clearances must be approved by the: a. Defense Intelligence Agency b. Industrial Clearance Office c. Contracting officer d. Cognizant Security Office e. None of the above

Department of Defense regulations require initial approval in writing prior to processing any classified information in an ADP system by which of the following authorities? a. Head of the Industrial Security Clearance Office b. National Security Agency c. Cognizant Security Office d. Contracting officer e. Defense Intelligence Agency

An ADP system that operates in a manner where all users with access to the system have both a security clearance and a need-to-know status for all classified information that is in the system is known as: a. Classified security mode b. Restricted security mode c. Controlled security mode d. Dedicated security mode e. Limited security mode

An ADP system that operates in a manner in which all users with access to the system who have a security clearance for the highest classification and most restrictive types of information in the system is known as: a. Classified security mode b. Restricted security mode c. Controlled security mode d. System high-security mode e. Dedicated security mode

An ADP system that operates in a manner in which at least some of the users with access to the system have neither a security clearance nor a need-to-know status for all classified information that is in the system, but in a manner that the cognizant security officer or a higher authority has determined that the necessary degree of security has been achieved and maintained, is known as: a. Limited security mode b. Classified security mode c. Controlled security mode d. Restricted security mode e. Dedicated security mode

The ADP system security supervisor or designee should review the audit trail logs at least: a. Daily b. Weekly c. Monthly d. Bimonthly e. Quarterly

The Department of Defense Personnel Security Questionnaire (Industrial) Form is: a. DD-16 b. DD-48 c. DD-254 d. DD-441 e. DD-482

According to Department of Defense regulations, which of the following documents is not acceptable proof of US citizenship concerning the safeguarding of classified information? a. Birth certificate b. Certificate of naturalization c. Certificate of citizenship d. Uncertified copy of baptismal record e. All of the above

All proprietary information is sensitive, while not all sensitive information is proprietary. An example of information that is not proprietary even though the organization would treat it as sensitive is: a. The customer database of the organization b. Confidential personnel data in employee files c. Strategic marketing plans in which the use of outside marketing firms is contemplated d. Specifications for product components that are produced by a subcontractor

Trade secrets are generally afforded greater legal protection than other proprietary information. Which of the following in not an element of the test for a trade secret? a. Be identifiable b. Not already be available in public sources c. Be disclosed only to persons with a duty to protect it d. Be technical or product related

The major reason for the loss of sensitive information is: a. Espionage b. Intentional disclosure by an insider c. Inadvertent disclosure d. Disclosure through legal proceedings

Competitive intelligence gathering is a legitimate activity, which is engaged in by many firms throughout the world. The most important function of competitive intelligence is to: a. Alert senior management to marketplace changes in order to prevent surprises b. Alert senior management as to the personal habits of competitive senior management c. Alert government intelligence agencies to marketplace changes d. Alert senior management to changes in protocol in foreign countries

A microphone with a large disklike attachment used for listening to audio from great distances is known as a: a. Contact microphone b. Spike microphone c. Parabolic microphone d. Moving-coil microphone

Sound waves too high in frequency to be heard by the human ear, generally above 20 kHz, are known as: a. Microwaves b. Ultrasonic c. High frequency d. Short wave

Two methods of protection against telephone line eavesdropping are apparently reliable. The first method is “don’t discuss sensitive information,” and the other is: a. To a use wire tap detector b. To use a radio jammer c. To use an audio jammer d. To use encryption equipment

The unauthorized acquisition of sensitive information is known as: a. Industrial espionage b. Embezzlement c. Larceny d. False pretenses

Proprietary information is: a. Information that must be so classified under government order b. Private information of highly sensitive character c. Defense data that must be classified according to federal regulations d. Anything that an enterprise considers relevant to its status or operations and does not want to disclose publicly

A trade secret is: a. Any formula, pattern, device, or compilation of information that is used in one’s business and that gives that business an opportunity to gain an advantage over competitors who do not know or use it b. All information about a company that the company desires to protect c. Information of a company that is registered as such with the US Patent Office d. Information so designed by the government

The control software of a Private Board Exchange (PBX) can be accessed and compromised by calling the telephone number of a device on the PBX from a computer and modem. What is this access device called? a. Time-domain reflectometer b. Remote maintenance access terminal c. Current carrier signaling port d. Internal and remote signal port

Which of the following is generally not true with regard to proprietary information? a. Secret information does not have to be specifically identifiable. b. Secret information must be such that it can be effectively protected. c. The more narrowly a business defines what it regards as secret, the easier it is to protect that body of information. d. It is difficult to protect as a trade secret that which can be found in publicly accessible sources.

With respect to trade secrets, it may be decided that its disclosure by another was innocent rather than wrongful, even in the case where the person making the disclosure really was guilty of malice or wrong intent. This situation may occur when: a. There is absence of evidence that an owner has taken reasonable precautions to protect confidential information b. The trade secret was not registered c. The trade secret did not involve national defense information d. The trade secret was not in current use

The class of person under duty to safeguard a proprietary secret is known as: a. Agents b. Principals c. Fiduciaries d. Business associates

Which of the following is not a correct statement, or a general rule involving the protection of proprietary information? a. By operation of common law, employees are presumed to be fiduciaries to the extent that they may not disclose secrets of their employers without authorization. b. As a class, employees are the largest group of persons bound to secrecy because of their status or relationship. c. Other than employees, any other persons to be bound to secrecy must agree to be bound. d. Any agreements to be bound must always be in writing and are not implied from acts.

The term eavesdropping refers to: a. Wiretapping only b. Bugging only c. Both wiretapping and bugging d. Mail covers

A microphone that has the characteristics of requiring no power source to operate it and being quite small, relatively difficult to detect, and offered by equipment suppliers in such items as cuff links and hearing aids is known as a: a. Carbon microphone b. Dynamic microphone c. Contact microphone d. Parabolic microphone

A microphone that is normally installed on a common wall adjoining a target area when it is impractical or impossible to enter the area to make a microphone installation is a: a. Carbon microphone b. Dynamic microphone c. Contact microphone d. Parabolic microphone

Which of the following is not true with regard to electronic eavesdropping? a. A listening device installed in a wire will cause a crackling sound, click, or other noise that can be heard on the line. b. There should be an effective countermeasures survey to detect evidence of electronic eavesdropping. c. Equipment in telephones must be conducted by a person technically familiar with such equipment. d. All wiring should be traced out and accounted for in a countermeasures survey. e. In a countermeasures survey to detect electronic eavesdropping, a physical search should be utilized as well as an electronic search.

In designing a proprietary information protection program, the area of greatest vulnerability is: a. Personnel files b. Marketing data c. Employees d. Computers

A nonlinear junction detector is used to locate eavesdropping devices by: a. Detecting the semiconductor components that comprise their circuits b. Recording changes in the voltage on a telephone line c. Measuring the distance from a known point to the indicated location of a telephone line attachment d. Detecting infrared emissions

Which of the following statements is incorrect with regard to an information security program? a. A good information security program will provide absolute protection against an enemy spy. b. The information security program is an attempt to make theft of sensitive information difficult, not necessarily eliminate it. c. A trust relationship must be established and maintained with employees. d. The goodwill and compliance of employees is crucial for success.

A specially constructed microphone attached directly to an object or surface to be protected and that responds only when the protected object or surface is disturbed is known as a: a. Parabolic microphone b. Special audio device c. Contact microphone d. Surreptitious microphone

Social engineering is: a. The conversation involved in the beginning of a romantic relationship b. A function of the personnel department in which like persons are teamed together in workshops or seminars for maximum productivity c. The subtle elicitation of information without revealing the true purpose of the call d. The specific design of a business structure to facilitate the interaction of the inhabitants

A former employee, who had access to your trade secret information, is now employed by a competitor and is apparently using the trade secret information to gain market share. There are several serious factors you should consider before you institute litigation in the matter. Which of the following is not a serious factor to be considered? a. You may have to expose the very secrets you are attempting to protect. b. The cost of litigation may exceed the value of the secret information. c. You may lose a law case. d. Other employees may leave the company and attempt to use the trade secret information in the business of a new employer.

Electromagnetic radiation is detectable electromagnetic energy generated by electronic information processing devices. Which of the following is used to protect very sensitive equipment? a. A current carrier device b. Pneumatic cavity shielding c. Tempest shielding d. Pen register shielding

Piracy refers to the illegal duplication and distribution of recordings. Which form is not considered piracy? a. Pirating b. Downloading c. Bootlegging d. Counterfeiting

To prevent cyber crime, it is not a good strategy to: a. Install a fire protection system b. Assign passwords or codes c. Disable unused computer services d. Update software for improving security

Which federal statute does not protect information and communication systems? a. USA PATRIOT Act b. Economic Espionage Act c. Civil Rights Act d. Sarbanes–Oxley Act

A trade secret consists of which of the following? a. Any formula, pattern, device, or compilation of information that is used in one’s business and that gives him or her an opportunity to gain an advantage over competitors who do not use it b. Answers a and c c. It may be a formula for a chemical compound; a process of manufacturing, treating, or preserving materials; or a pattern for a machine or other device. d. A list of customers e. Answers a, c, and d.

Which of the following are basic elements of trade secrets? a. It must be secret and not known to others. b. It must be used in the business of the owner of the secret to obtain an advantage. c. There must be continuous or consistent business applications of the secret. d. Answers a and b e. All of the above

Which of the following is not a primary distinction between patents and trade secrets? a. Requirements for obtaining a patent are not specific. b. A much lower level of novelty is required of a trade secret. c. Trade secrets are targets. d. To qualify for a patent, the invention must be more than novel and useful. e. It must represent a positive contribution beyond the skill of the average person. f. Because anyone can purchase a patent, there are no industrial espionage targets in a patented invention.

Which of the following statements is correct involving proprietary information? a. All confidential information is proprietary, but not all proprietary information is confidential. b. All proprietary information is not confidential. c. All proprietary information is confidential, but not all confidential information is proprietary. d. All confidential information is proprietary. e. Answers b and d

Which of the following are broad threats to proprietary information? a. It can be lost through inadvertent disclosure. b. An outsider can deliberately steal it. c. An insider can deliberately steal it. d. Answers b and c e. Answers a, b, and c

Which of the following should not be included in an effective proprietary information security program? a. Designation of appropriate data as insensitive b. Informing and notifying employees c. Full utilization of secret agreements with employees d. Providing physical means to protect sensitive data e. Treating sensitive information as proprietary

The contact microphone is usually a crystal microphone and is normally installed on a common wall adjoining a target area. Which of the following is a disadvantage of the contact microphone? a. Signals generated are weak. b. Microphones receive other sounds. c. It is affected by changes in temperature and humidity. d. Answers b and c e. All of the above

What is the best way to protect any type of data? a. Encrypt it b. Patent it c. Apply for a trademark d. None of the above e. All of the above

Any information containing which of the following elements is considered to be a valuable asset requiring protection? a. Production of goods b. Locating and retaining customers c. Production of services d. Answers a and b e. All of the above

Which of the following is the most serious threat to trade secrets? a. Companies b. Media c. Employees d. Customers e. None of the above

CHAPTER 4: PROTECTION OF SENSITIVE INFORMATION Flashcards

(154 cards)