Overview: FEMA IS-906 course was published on 10/31/2013 to provide guidance to individuals and organizations on how to improve security in their workplace. No workplace—be it an office building, construction site, factory floor, or retail store—is immune from security threats.
Employees are often the target of these threats as well as the organization’s first line of defense against them. Threats endanger the confidentiality, integrity, and security of your workplace, as well as your virtual workplace and computer systems.
Primary audience: The IS-906 course is for all private-sector and public-sector employees. FEMA IS-906 presents information on how employees can contribute to your organization’s security.
FEMA IS-906 test answers
Each time this test is loaded, you will receive a unique set of questions and answers. The test questions are scrambled to protect the integrity of the exam.
Question 1: Which of the following statements is NOT true about peer-to-peer (P2P) software?
A. Some P2P programs have remote-control capabilities, allowing users to take control of a computer from another computer somewhere else in the world.
B. P2P software includes any data storage device that you can remove from a computer and take with you to a peer’s computer.✅
C. P2P software provides direct access to another computer. Some examples include file sharing, Internet meetings, or chat messaging software.
D. Peer-to-peer software can bypass firewall and antivirus systems by hiding the activities of users, such as file transfers.
Question 2: Vulnerability can be defined as:
A. Physical features or operational attributes that render an entity open to exploitation or susceptible to a given hazard.
B. The diminished capacity of an individual or group to anticipate, cope with, resist, and recover from the impact of a natural or man-made hazard.✅
C. A natural or manmade occurrence, individual, entity, or action that has or indicates the potential to harm life, information, operations, the environment, and/or property.
D. The impact or effect of an event, incident, or occurrence.
Question 3: TRUE OR FALSE: When noticing a suspicious vehicle on the property, a responsible employee should approach the driver and ask if he/she needs assistance.
Question 4: Controlling doors and other entrances is an example of a measure taken to address:
A. Criminal and terrorist threats.
B. Information and cyber threats.
C. Workplace violence threats.
D. Access and security control threats.✅
Question 5: TRUE OR FALSE: The security goals of confidentiality, availability, and integrity of data can be adversely impacted by malicious code.
Question 6: TRUE OR FALSE: Bomb threat checklists are extremely valuable and should be made available at all workstations.
Question 7: Password procedures, information encryption software, and firewalls are examples of measures taken to address:
A. Criminal and terrorist threats.
B. Access and security control threats.
C. Information and cyber threats.✅
D. Workplace violence threats.
Question 8: Tricking someone to reveal personal information, passwords, and other information that can compromise a security system is known as:
A. Social Engineering✅
B. Mass Marketing
C. Telephone Solicitation
Question 9: TRUE OR FALSE: If you notice indicators of potentially violent behavior in a coworker, you must wait until you see something violent actually happen before reporting your suspicions to security personnel or human resources.
Question 10: The potential for an unwanted outcome resulting from an incident, event, or occurrence is:
Question 11: When addressing a suspected intruder, it is best to:
A. Attempt to shake hands with the individual, to see if the handshake is reciprocated.✅
B. Leave it up to coworkers who know more people in the building to decide what to do.
C. Use open-ended questions when asking the person the purpose of his/her visit.
D. Maintain civility and trust your intuition about whether to let him or her pass.
Question 12: Indicators of potential workplace violence:
A. Cannot usually be identified before an employee ‘snaps’ and commits a violent act.✅
B. Can often be managed and treated if recognized.
C. Are completely individualized and therefore impossible to protect against.
D. Can only be recognized by trained mental health experts.
Question 13: An unlawful or unauthorized acquisition, by fraud or deceit, is known as a:
C. Container Breach
Question 14: Any software or program that comes in many forms and is designed to disrupt the normal operation of a computer by allowing an unauthorized process to occur or by granting unauthorized access is known as:
A. Trojan Horse
B. Malicious Code✅
D. Peer-to-peer Software
Question 15: When employees collect or handle personally identifiable information (PII), they should:
A. Share that information with other coworkers upon request.
B. Recognize that sharing PII is often permissible if done for what one believes is the greater good of the community.
C. Collect as much PII as they can at first contact with the individual to avoid having to get other data later.
D. Apply the ‘need to know’ principle before disclosing PII to other personnel.✅
Critical Infrastructure Security and Resilience Curriculum
- IS-860: The National Infrastructure Protection Plan
- IS-913: Critical Infrastructure Security and Resilience: Achieving Results through Partnership and Collaboration
Security awareness courses
- IS-907: Active Shooter: What You Can Do
- IS-912: Retail Security Awareness: Understanding the Hidden Hazards
- IS-914: Surveillance Awareness: What You Can Do
- IS-915: Protecting Critical Infrastructure Against Insider Threats
- IS-916: Critical Infrastructure Security: Theft and Diversion – What You Can do
- IS-870: Dam Sector: Crisis Management
- IS-871: Dam Sector: Security Awareness
- IS-872: Dam Sector: Protective Measures
- IS-1170: Introduction to the Interagency Security Committee (ISC)
- IS-1171: Overview of Interagency Security Committee (ISC) Publications
- IS-1172: The Risk Management Process for Federal Facilities: Facility Security Level (FSL) Determination
- IS-1173: Levels of Protection (LOP) and Application of the Design-Basis Threat (DBT) Report
- IS-1174: Facility Security Committees
Popular FEMA test answers
- IS-005: An Introduction to Hazardous Materials
- IS-010: Animals in Disasters: Awareness and Preparedness
- IS-100: An Introduction to the Incident Command System (ICS)
- IS-120: An Introduction to Exercises
- IS-230: Fundamentals of Emergency Management
- IS-235: Emergency Planning
- IS-244: Developing and Managing Volunteers
- IS-363: Introduction to Emergency Management for Higher Education
- IS-700: An Introduction to the National Incident Management System
- IS-909: Community Preparedness: Implementing Simple Activities for Everyone