FEMA IS-277.A: Benefit-Cost Analysis (BCA): Entry- Level Answers
1. The following activities are associated with potential malicious insiders, EXCEPT FOR:
A. Frequently recognizing coworker achievements.
B. Making unexplainable large data transfers.
C. Inappropriately obtaining access to unauthorized locations.
D. Taking abnormal measures to keep activities unobserved.
2. The following behaviors are associated with potential malicious insiders, EXCEPT FOR:
A. Appearing overwhelmed by career disappointments.
B. Openly conveying hostility toward the organization or coworkers.
C. Making exorbitant purchases inconsistent with income.
D. Facing workplace challenges with flexibility and patience.
3. The following activities are associated with potential malicious insiders, EXCEPT FOR:
A. Meeting frequently with strangers around the workplace.
B. Encouraging coworkers to follow effective security practices.
C. Taking proprietary or other material without authorization.
D. Working odd hours without a valid reason or authorization.
4. Which of the following organizational factors might present an opportunity to a malicious insider?
A. Well-known and strict legal consequences for malicious activities.
B. Thorough training for employees on protecting proprietary information.
C. Clearly defined policies regarding working from home.
D. The ease of leaving the premises with protected materials.
5. The following are examples of threats to critical infrastructure from malicious insider activities, EXCEPT FOR:
A. Disruptions of essential services.
B. Overlaps in business processes.
C. Contamination of food or water supplies.
D. Theft of intellectual property.
6. A malicious insider exploits the vulnerabilities of an entity’s security, systems, services, products, or facilities with the intent to:
A. Resist malice.
B. Achieve progress.
C. Place blame.
D. Cause harm.
7. What does a malicious insider require in order to exploit an organization’s vulnerabilities?
A. Access or inside knowledge.
B. Elimination of knowledge-related processes.
��C. Explicit and tacit knowledge.
D. Network-enabled access controllers.
8. TRUE OR FALSE: Malicious insiders include employees who are motivated by adventure or a sense of thrill.
9. TRUE OR FALSE: Malicious insiders can be encouraged by a work environment where employees feel rushed.
10. The following are examples of threats to critical infrastructure from malicious insider activities, EXCEPT FOR:
A. Destroying equipment and inventory.
B. Stealing hazardous or essential materials.
C. Developing unconventional technologies.
D. Sabotaging control or other essential systems.
11. The following are common characteristics of malicious insiders, EXCEPT FOR:
A. Having performance or behavioral problems.
B. Being at risk for layoff or termination.
C. Having alternate sources of income.
D. Expressing extreme levels of dissatisfaction with the organization.
12. The following are protective measures that you can take against an insider threat, EXCEPT FOR:
A. Providing non-threatening and convenient ways for employees to report suspicions.
B. Issuing universal systems access and credentials to all employees.
C. Using appropriate screening processes to select new employees.
D. Ensuring that access is terminated for employees leaving the organization.