General security
Who is your Facility Security Officer (FSO)
Laura Altounian
True or False: Keeping your software and operating system updated is one of the easiest things you can do to protect your computer.
True
You lost your access card / keys but don’t need to go onsite anytime soon. Do you still need to report it?
A. Yes
B. No
A. Yes
Note: It’s important to report this so that the access can be disabled should a third party find your lost item and attempt to use it. You should promptly contact your regional Security team to report the loss. You will need to complete a Report of Lost Key or Identification/Access Card.
In the context of security, what is training?
A. Occurence of regular team meetings.
B. Formal instruction that provides the employees with knowledge and skills required to perform specific tasks or functions.
C. To engage in vigorous physical exercise.
B. Formal instruction that provides the employees with knowledge and skills required to perform specific tasks or functions.
True or False: Information is categorized as Protected A, Protected B or Protected C when unauthorized disclosure could reasonably be expected to cause injury outside of the national interest (e.g., personal information).
A. True
B. False
A. True
Which of the following is a mandatory condition of employment for all positions within the Federal Government under the Public Service Employment Act (PSEA)?
A. An Airmiles Card
B. A University Diploma
C. A Secret Security Clearance
D. A Personnel Security Screening
D. A Personnel Security Screening
Which of the following signs indicate that an email is not from a reliable source?
A. Requests for personal information
B. Sense of urgency
C. Unknown sender or unusual email address from known sender
D. Donation requests
E. All of the above
E. All of the above
Note: Immediately delete the message without opening it.
While travelling in a foreign country, you should never discuss sensitive information in :
A. A taxi
B. Your hotel room
C. In a restaurant
D. All of the above
D. All of the above
How often do you need to take the Security Awareness course (COR310, legacy course A230), that promotes the application of security principles and best practices at ECCC?
A. Every 10 years
B. Every 2 years
C. Every 5 years
D. You only need to do it once
C. Every 5 years
What is the best way to maintain privacy and the security of information while working from home?
A. Face your monitors away from open windows, or where others can view them
B. Put away your documents when you are done for the day (clean desk)
C. Lock your computer when you leave (ctrl + alt + delete)
D. Lock your exterior doors
E. All of the above
E. All of the above
I see a person without a visible access card in my immediate work environment, how should I react?
A. Do nothing, the security guard will take care of it
B. Tell my supervisor
C. Politely question the person to see if they have a valid access card.
C. Politely question the person to see if they have a valid access card.
Note: If the person doesn’t have an access card, direct the individual to the security office.
True or False: Virtual private network (VPN) is a secure, encrypted tunnel through which information is sent and protects data.
A. True
B. False
A. True
Note: for more information consult: Security tips for organizations with remote workers (ITSAP.10.016) - Canadian Centre for Cyber Security
True or false:
You have a responsibility to ensure that doors close properly behind you when entering or leaving a building to avoid unauthorized entry.
A. True
B. False
A. True
When was the first Security Awareness Week launched?
A. In February 2001
B. In February 2019
C. In February 2014
D. In February 2003
D. In February 2003
Aside from locking the doors to our homes, what are best practices for protecting our laptops when working from home?
A. After powering down the laptop for the day, store it in any lockable cabinet/container.
B. After powering down the laptop for the day, store it in a space that is out of plain sight.
C. Since the doors to our homes are locked, there is nothing else we have to do to protect our laptops.
D. A and B
D. A and B
An external consultant visits our premises. The person does not have an ID card or a temporary pass. When does this person need to be escorted by an employee with a valid ID card?
A. At all times
B. They don’t need to be escorted in common areas once signed in
C. Only in designated ‘secret’ areas
D. B and C
A. At all times
True or False: I can connect personal storage devices (e.g. USB key, cameras, phones, MP3 music players, etc.) to ECCC computers.
A. True, but only if it is required for work.
B. True, but only if I am working with non-sensitive information.
C. True, but only to recharge the battery.
D. False. Only ECCC approved equipment may be connected.
D. False. Only ECCC approved equipment may be connected.
When I arrived at work this morning, I noticed signs of theft. How should I react as an employee?
A. Notify my supervisor immediately
B. Notify my building site security officer
C. Notify the Deputy Minister’s office
D. A and B
D. A and B
Which communication tool presenting different topics on security is published monthly on the ECCC Intranet page?
A. ECCC Secure: Departmental Security Division Newsletter
B. ECCC News
C. The Weather Channel
D. The DM’s Corner’s Main page
A. ECCC Secure: Departmental Security Division Newsletter
You want to send a protected document via Departmental Email System, which of the following categories need to be encrypted?
A. Protected A, Protected B, Protected C
B. Protected B, Protected C
C. Only Protected B
D. Only Protected C
C. Only Protected B
You work with classified or protected information regularly. What justifies your ability to access and work with this information?
1. You have a valid security clearance
2. You need to know this information to carry out your duties
3. You have the minimum-security clearance required according to the classification of the information to be consulted
B. 1 and 3
C. 1 and 2
D. 2 and 3
D. 2 and 3
You are happily working on your computer, and you suddenly receive an alert that your data has been compromised. What is the first thing you should do?
A. Turn off your computer
B. Disconnect from the VPN network
C. Restart your computer, it will disappear
D. Report it to your IT service desk
B. Disconnect from the VPN network
Note: Start by disconnecting from the network (VPN) to prevent the breach from spreading, then contact your IT service desk and report the issue.
You are going out of the country for work. What steps need to be taken in order to bring your ECCC devices?
A. All electronic devices leaving the country need to be approved by the department’s Chief Security Officer (CSO)
B. You need to complete the Travel Security Form signed by your director and send it to the Service Desk by email at bureaudeservices-servicedesk@ec.gc.ca.
C. You need to ask Prime Minister Justin Trudeau
D. A and B
D. A and B
Not: For more details, please visit the International travel and remote work with ECCC devices section on the intranet.
What does the red icon with the exclamation point on your computer desktop represent?
A. A quick access button to the ECCC Intranet
B. Emergency Response Guide for employees
C. The ECCC Healthy Cookbook
D. None of the answers above
B. Emergency Response Guide for employees
You must forward a file to a colleague containing Protected C information. To do so, you can use which of the following transmission modes?
A. Can be processed on the ECCC Network with approved encryption
B. Must be processed through the Government of Canada Secret Infrastructure (GCSI) system.
C. Can be processed on the ECCC Network without encryption.
B. Must be processed through the Government of Canada Secret Infrastructure (GCSI) system.