[15 Test Answers] FEMA IS-906: Workplace Security Awareness

Here are the test answers to FEMA IS-906: Workplace Security Awareness.

Overview: FEMA IS-906 course was published on 10/31/2013 to provide guidance to individuals and organizations on how to improve the security in your workplace. No workplace—be it an office building, construction site, factory floor, or retail store—is immune from security threats.

Employees are often the target of these threats as well as the organization’s first line of defense against them. Threats endanger the confidentiality, integrity, and security of your workplace, as well as your virtual workplace and computer systems.

Primary audience: All private-sector and public-sector employees. FEMA IS-906 presents information on how employees can contribute to your organization’s security.

FEMA IS-906 test answers

Question 1: Which of the following statements is NOT true about peer-to-peer (P2P) software?
A. Some P2P programs have remote-control capabilities, allowing users to take control of a computer from another computer somewhere else in the world.
B. P2P software includes any data storage device that you can remove from a computer and take with you to a peer’s computer.✅
C. P2P software provides direct access to another computer. Some examples include file sharing, Internet meetings, or chat messaging software.
D. Peer-to-peer software can bypass firewall and antivirus systems by hiding the activities of users, such as file transfers.

Question 2: Vulnerability can be defined as:
A. Physical features or operational attributes that render an entity open to exploitation or susceptible to a given hazard.
B. The diminished capacity of an individual or group to anticipate, cope with, resist, and recover from the impact of a natural or man-made hazard.✅
C. A natural or manmade occurrence, individual, entity, or action that has or indicates the potential to harm life, information, operations, the environment, and/or property.
D. The impact or effect of an event, incident, or occurrence.

Question 3: TRUE OR FALSE: When noticing a suspicious vehicle on the property, a responsible employee should approach the driver and ask if he/she needs assistance.
A. True✅
B. False

Question 4: Controlling doors and other entrances is an example of a measure taken to address:
A. Criminal and terrorist threats.
B. Information and cyber threats.
C. Workplace violence threats.
D. Access and security control threats.✅

Question 5: TRUE OR FALSE: The security goals of confidentiality, availability, and integrity of data can be adversely impacted by malicious code.
A. True✅
B. False

Question 6: TRUE OR FALSE: Bomb threat checklists are extremely valuable and should be made available at all workstations.
A. True✅
B. False

Question 7: Password procedures, information encryption software, and firewalls are examples of measures taken to address:
A. Criminal and terrorist threats.
B. Access and security control threats.
C. Information and cyber threats.✅
D. Workplace violence threats.

Question 8: Tricking someone to reveal personal information, passwords, and other information that can compromise a security system is known as:
A. Social Engineering✅
B. Mass Marketing
C. Telephone Solicitation
D. Hacking

Question 9: TRUE OR FALSE: If you notice indicators of potentially violent behavior in a coworker, you must wait until you see something violent actually happen before reporting your suspicions to security personnel or human resources.
A. True
B. False✅

Question 10: The potential for an unwanted outcome resulting from an incident, event, or occurrence is:
A. Consequence
B. Risk✅
C. Threat
D. Vulnerability

Question 11: When addressing a suspected intruder, it is best to:
A. Attempt to shake hands with the individual, to see if the handshake is reciprocated.✅
B. Leave it up to coworkers who know more people in the building to decide what to do.
C. Use open-ended questions when asking the person the purpose of his/her visit.
D. Maintain civility and trust your intuition about whether to let him or her pass.

Question 12: Indicators of potential workplace violence:
A. Cannot usually be identified before an employee ‘snaps’ and commits a violent act.✅
B. Can often be managed and treated if recognized.
C. Are completely individualized and therefore impossible to protect against.
D. Can only be recognized by trained mental health experts.

Question 13: An unlawful or unauthorized acquisition, by fraud or deceit, is known as a: 
A. Theft
B. Consequence
C. Container Breach
D. Diversion✅

Question 14: Any software or program that comes in many forms and is designed to disrupt the normal operation of a computer by allowing an unauthorized process to occur or by granting unauthorized access is known as:
A. Trojan Horse
B. Malicious Code✅
C. Hacking
D. Peer-to-peer Software

Question 15: When employees collect or handle personally identifiable information (PII), they should: 
A. Share that information with other coworkers upon request.
B. Recognize that sharing PII is often permissible if done for what one believes is the greater good of the community.
C. Collect as much PII as they can at first contact with the individual to avoid having to get other data later.
D. Apply the ‘need to know’ principle before disclosing PII to other personnel.✅