FEMA IS-906 Answers - Workplace Security Awareness (2024)

This course provides guidance to individuals and organizations on how to improve security in your workplace. No workplace—be it an office building, construction site, factory floor, or retail store—is immune from security threats.

Employees are often the target of these threats as well as the organization’s first line of defence against them. Threats endanger the confidentiality, integrity, and security of your workplace, as well as your virtual workplace and computer systems. This course presents information on how employees can contribute to your organization’s security.

Which of the following statements is NOT true about peer-to-peer (P2P) software?

A. Some P2P programs have remote-control capabilities, allowing users to take control of a computer from another computer somewhere else in the world.

B. P2P software includes any data storage device that you can remove from a computer and take with you to a peer’s computer.

C. P2P software provides direct access to another computer. Some examples include file sharing, Internet meeting, or chat messaging software.

D. Peer-to-peer software can bypass firewall and antivirus systems by hiding activities of users, such as file transfers.

Vulnerability can be defined as:

A. Physical features or operational attributes that render an entity open to exploitation or susceptible to a given hazard.

B. The diminished capacity of an individual or group to anticipate, cope with, resist and recover from the impact of a natural or man-made hazard.

C. A natural or manmade occurrence, individual, entity, or action that has or indicates the potential to harm life, information, operations, the environment, and/or property.

D. The impact or effect of an event, incident, or occurrence.

TRUE OR FALSE: When noticing a suspicious vehicle on the property, a responsible employee should approach the driver and ask if he/she needs assistance.

A. True

B. False

Controlling doors and other entrances is an example of a measure taken to address:

A. Criminal and terrorist threats.

B. Information and cyber threats.

C. Workplace violence threats.

D. Access and security control threats.

TRUE OR FALSE: The security goals of confidentiality, availability, and integrity of data can be adversely impacted by malicious code.

A. True

B. False

TRUE OR FALSE: Bomb threat checklists are extremely valuable and should be made available at all workstations.

A. True

B. False

Password procedures, information encryption software, and firewalls are examples of measures taken to address:

A. Criminal and terrorist threats.

B. Access and security control threats.

C. Information and cyber threats.

D. Workplace violence threats.

Tricking someone to reveal personal information, passwords, and other information that can compromise a security system is known as:

A. Social Engineering

B. Mass Marketing

C. Telephone Solicitation

D. Hacking

TRUE OR FALSE: If you notice indicators of potentially violent behaviour in a coworker, you must wait until you see something violent actually happen before reporting your suspicions to security personnel or human resources.

A. True

B. False

The potential for an unwanted outcome resulting from an incident, event, or occurrence is:

A. Consequence

B. Risk

C. Threat

D. Vulnerability

When addressing a suspected intruder, it is best to:

A. Attempt to shake hands with the individual, to see if the handshake is reciprocated.

B. Leave it up to coworkers who know more people in the building to decide what to do.

C. Use open-ended questions when asking the person the purpose of his/her visit.

D. Maintain civility and trust your intuition about whether to let him or her pass.

Indicators of potential workplace violence:

A. Cannot usually be identified before an employee ‘snaps’ and commits a violent act.

B. Can often be managed and treated if recognized.

C. Are completely individualized and therefore impossible to protect against.

D. Can only be recognized by trained mental health experts.

An unlawful or unauthorized acquisition, by fraud or deceit, is known as a:

A. Theft

B. Consequence

C. Container Breach

D. Diversion

Any software or program that comes in many forms and is designed to disrupt the normal operation of a computer by allowing an unauthorized process to occur or by granting unauthorized access is known as:

A. Trojan Horse

B. Malicious Code

C. Hacking

D. Peer-to-peer Software

When employees collect or handle personally identifiable information (PII), they should:

A. Share that information with other coworkers upon request.

B. Recognize that sharing PII is often permissible if done for what one believes is the greater good of the community.

C. Collect as much PII as they can at first contact with the individual to avoid having to get other data later.

D. Apply the ‘need to know’ principle before disclosing PII to other personnel.