HPM 40.4

Question 1

Employees _____ leave computers accessing/displaying confidential information unattended.

a) Shall Not

b) Should Not

c) May Not

Answer 1

a) Shall Not

Question 2

Employees _____ obtain approval prior to using personally owned electronic devices for work related activities.

a) Shall

b) Should

c) May

Answer 2

a) Shall

Question 3

How often are all departmental employees required to completed security awareness training?

a) Annually

b) Quarterly

c) Monthly

d) Bi Annually

Answer 3

a) Annually

Question 4

How are confidential or sensitive paper records supposed to be disposed of?

a) Burning

b) Throwing them away

c) Cross Shredding

Answer 4

c) Cross Shredding

Question 5

Are employees allowed to connect personal flash drives to the Department network for work related functions?

Yes or No

Answer 5

No

Question 6

Can the MIS system be used by those hired temporarily by the Department?

Yes or No

Answer 6

Yes, as long as the employee has passed the proper background checks

Question 7

How often is a CHP 101 read and signed? Who shall witness the signature?

a) Quarterly, any other employee

b) Annually, Immediate Supervisor

c) Bi Annually, Any Supervisor

d) One in career, Academy Staff

Answer 7

b) Annually, Immediate Supervisor

Question 8

How long is the signed CHP 101 retained for?

a) 4

b) 3

c) 2

d) 5

Answer 8

b) 3

Question 9

CHP Employees have a reasonable expectation of privacy while using the CHP network.

True or False

Answer 9

False

Question 10

Consent is not required for the CHP to monitor network activity of an employee.

True or False

Answer 10

True

Question 11

How many characters are the CHP passwords required to be?

a) 6

b) 8

c) 10

d) 12

Answer 11

b) 8

Question 12

Passwords are allowed to be stored and are not required to be memorized.

True or False

Answer 12

False

Question 13

When a PRA is requested for e-mails from CHP employees, who shall the request be forwarded to?
a) Commissioners Office

b) Division Office

c) Area Commander

d) Office of Legal Affairs

Answer 13

d) Office of Legal Affairs

Question 14

CHP Employees______ _____ send confidential information via email.

a) Should Not

b) May Not

c) Will Not

d) Shall not

Answer 14

d) Shall not

Question 15

Is the CHP e-mail system private? How long can deleted e-mail messages be recovered for?

a) No, 30 days

b) No, 45 days

c) yes, 30 days

d) yes, 45 days

Answer 15

a) No, 30 days

Question 16

What form shall the Commander ensure all departmental employees and consultants are made aware of?

a) CHP 101, 101a

b) CHP 103, 101a

c) CHP 102, 101a

d) CHP 104, 101a

Answer 16

a) CHP 101, 101a

Question 17

Misuse of computing, network, or automated information resources may result in administrative action and loss of computing privileges.

True or False

Answer 17

True

Question 18

Should / Shall all files downloaded from the internet be scanned for viruses?

Answer 18

Shall

Question 19

Employees may utilize CHP internet to search for a new motor home.

True or False

Answer 19

False, CHP Internet is only CHP business use

Question 20

What form is used to request internet access?

a) CHP 101

b) CHP 102

c) CHP 109

d) CHP 201

Answer 20

c) CHP 109 Information Technology Request

Question 21

Employees can request enhanced internet access through a CHP 109.

True or Flase

Answer 21

True, in rare instances employees will be granted enhanced internet access

Question 22

How should employees consider posts on social media pages to be on the internet

a) Only until they are deleted

b) 30 days after being deleted

c) Forever

Answer 22

c) Forever

Question 23

The Department can hold individual employees responsible for postings on their personal Web sites if they misuse CHP materials and/or images of uniformed CHP
peace officers.

True or False

Answer 23

True

Question 24

An employee should/shall provide a disclaimer on personal web postings, if departmental insignias or references to the CHP are used?

Answer 24

Shall

Question 25

Can a public safety officer prohibit a photograph of that officer be used on the departmental Internet site?

yes or no

Answer 25

Yes, Government Code Section 3307.5. This Section prohibits the use of a public safety officer’s photograph on the departmental Internet site “if that officer reasonably believes that the disclosure may result in a threat, harassment, intimidation, or harm to that officer or his or her family.”Pg 4-15 para 10-b

Question 26

When should Electronic Mail Attachments be scanned for viruses?

a) Whenever the employee decides

b) Only when they are flagged

c) Only when it comes from other government agencies

d) At all times

Answer 26

d) At all times

Question 27

Can an unencrypted email be encrypted?

Yes or No

Answer 27

yes

Question 28

Criminal history information for licensing, employment, certification, or preemployment background investigations for sworn peace officers should be obtained from what?

a) Fingerprint Submissions

b) Other Law Enforcement Agencies

c) Phone Calls

d) Criminal History

Answer 28

a) Fingerprint Submissions

Question 29

How long must the agency keep a record of each release of criminal offender record information?

a) 3 years

b) 4 years

c) 5 years

d) 1 year

Answer 29

a) 3 years

Question 30

A preliminary record check shall be performed on any person prior to their approval as a “ride-along” with a law enforcement officer or “sit-along” with a CLETS operator if that person is not employed by the law enforcement agency.

Shall or Should

Answer 30

Shall

Question 31

Any employee who misuses the CLETS system can face criminal and civil penalties.

True or False

Answer 31

True

Question 32

Supervisors shall ensure the completion of what CHP form for each employee authorizing access to appropriate departmental computer and information systems?

a) CHP 109

b) CHP 102

c) CHP 301

d) CHP 205

Answer 32

a) CHP 109

Question 33

How long shall a CHP 109 be retained in the personnel field folder?

a) 5 years

b) 10 years

c) Renewed every year

d) Duration of employment

Answer 33

d) Duration of employment

Question 34

Who is responsible for backing up the servers, and supporting, maintaining, and troubleshooting the servers, LAN, and wide area network equipment installed within the Division?

a) Division Network Administrators (DAdmin)

b) HQ IMD

c) Each Area is handled by there own LAN Coor

Answer 34

a) Division Network Administrators (DAdmin)

Question 35

Who is the Office of Primary Interest (OPI) for all information technology (IT) activities in the Department?

a) Information Management Division (IMD)

b) information technology division (IMT)

c) Division Computer Technology

d) None of the above

Answer 35

a) Information Management Division (IMD)

Question 36

Laptop computer users must connect their laptop to the network and log in to update the virus software definitions how often?

a) Atleast every 15 days

b) Atleast every 30 days

c) Atleast every 45 days

d) Atleast every 60 days

Answer 36

d) Atleast every 60 days

Question 37

Can a user change the screensaver/wallpaper on departmental computers?

Yes or No

Answer 37

No, that is strictly forbidden

Question 38

The purpose of the Remote Computing policy is to define standards for connecting to the California Highway Patrol’s (CHP) network from any computing device outside the Department’s _______.

a) Internet

b) Computers

c) Internal Network

d) None of the above

Answer 38

c) Internal Network

Question 39

When establishing a strong password, a minimum of how many characters using a combination of upper and lowercase letters, numbers, and special characters should be used?

a) 8 characters

b) 10 characters

c) 12 characters

d) 14 characters

Answer 39

a) 8 characters

Question 40

The Remote Computing policy applies to all CHP employees, contractors, vendors, and agents using either a CHP-owned or personally owned computer or computing device used to connect to the CHP network or when connecting to the CHP Network from WHERE?

a) a departmental laptop

b) Remote location

c) Starbucks

d) Internet Cafe

Answer 40

b) Remote location

Question 41

Remote access covered by the Remote Computing policy include any method to access CHP IT resources from a non-CHP network location using either personal or departmental computing devices.

True or False

Answer 41

True

Question 42

At the discretion of Information Management Division (IMD) and Information Technology Section (ITS) remote access privileges may be revoked for how long?

a) Permanently

b) Temporarily

c) Indefinitely

d) Both A and B

Answer 42

d) Both A and B

Question 43

When attempting to access departmental email from a personally owned computer who may an employee contact to determine minimum software specifications?

a) Area LAN Coordinator

b) Division LAN Coordinator

c) Help Desk

d) IMD

Answer 43

c) Help Desk

Question 44

The request for VPN (Virtual Private Network) must be approved by who?

a) Area Commander
b) Division Chief
c) ITS commander
d) IMD
e) All of the above

Answer 44

e) All of the above

Question 45

Employees interested in becoming teleworkers must complete the Safety Checklist /Acknowledgement and certify its accuracy how often.

a) Monthly

b) Quarterly

c) Annually

d) Duration of Employment

Answer 45

c) Annually

Question 46

Who is responsible for ensuring the IT and information security policies are followed when authorizing work to be performed under a Telework Arrangement?

a) Area Commander

b) Appropriate Commissioner

c) Supervisors

d) Division Commander

Answer 46

c) Supervisor

Question 47

Pursuant to Government Code Section 14613.7(a) State agencies are required to report to the Department regarding state-owned or state-leased property where state employees are discharging their duties when what occurs?

a) All Crimes

b) Cell Phone Crimes

c) All crimes involving state computer resources.

d) None of the above

Answer 47

c) All crimes involving state computer resources.

Question 48

What Unit is designated to investigate computer-related crimes and threats against California’s information technology infrastructure?

a) The Computer Crimes Investigation Unit (CCIU)

b) Division ISU

c) Retail Theft Task Force

d) IMD

Answer 48

a) The Computer Crimes Investigation Unit (CCIU)

Question 49

Officers assigned to conduct forensic examinations of electronic media shall be required to complete the Robert Presley Institute of Criminal Investigation, in the specialty of Computer Crimes Investigation.

True or False

Answer 49

True

Question 50

All forensic examinations of electronic media for the purpose of obtaining criminal evidence, intelligence, data, or the existence of or configuration of specific hardware or software, should normally be done with a _______?

a) 202d signed

b) Search warrant

c) Search of computers consent form

d) None of the above

Answer 50

b) Search warrant

Question 51

If after business hours how may the Computer Crimes Investigation Unit (CCIU) be contacted?

a) No Contact can be made after hours

b) Call HQ

c) Special Cell phones

d) ENTAC

Answer 51

d) ENTAC

Question 52

When the Computer Crimes Investigation Unit (CCIU) are requested to conduct forensic examinations of devices where will the devices be stored after the examination process.

a) Evidence at HQ

b) DOJ

c) Evidence at Division

d) Returned to the requesting agency or office

Answer 52

d) Returned to the requesting agency or office

Question 53

When seizing property related to computer crimes how should you normally handle the device?

Answer 53

Device should only be examined by a trained investigator

Question 54

ENTAC (Emergency Notification Tactical Alert Center) is designed for Statewide notification center for emergency incidents.

True of False

Answer 54

True

Question 55

Information technology security incidents involving the California Highway Patrol (CHP) shall also be reported to who?

a) Division Coordinator

b) ISU Supervisor

c) Area Supervisor

d) Department Information Security Officer (ISO)

Answer 55

d) Department Information Security Officer (ISO)

Question 56

Who will respond to, assess, and defuse computer emergencies such as bonafide network breaches, major virus attacks, and system outages?

a) IMD

b) IMT

c) ENTAC

d) The Computer Incident Response Team (CIRT)

Answer 56

d) The Computer Incident Response Team (CIRT)

Question 57

After documenting loss, theft, or damage of state-owned digital media, as required by and documenting the incident as outlined in policy, the Department ISO will send the reporting command a SIMM 5340-A to complete and return to the Department ISO within how many days?

a) 2 Days

b) 2 Calendar Days

c) 3 Days

d) 3 Calendar Days

Answer 57

b) 2 Calendar Days

Question 58

Who is the Officer of Primary Interest (OPI) for all information technology (IT) activities in the Department?

a) Department ISO

b) IMT

c) IMD

d) Division

Answer 58

c) IMD

Question 59

When initiating or proposing an IT project, or a project which contains an IT component, commanders shall submit a CHP 53 (Request for Information Technology Services) to WHO for approval?

a) Department ISO

b) IMT

c) IMD

d) Division

Answer 59

c) IMD

Question 60

The project approval lifecycle for an Informational Technology project consists of how many stages?

a) 1

b) 2

c) 3

d) 4

Answer 60

d) 4

Question 61

The final reporting requirement for an Information Technology (IT) project is a Post Implementation Evaluation Report (Pier).

True or False

Answer 61

True

Question 62

The purpose of the Media Sanitation and Disposal policy is to provide requirements for sanitization of data from media, both _____ and ______, prior to reuse or release from departmental control.

a) Digital and Nondigital

b) Sensitive and Nonsensitive

c) Audo and Video

d) None of the above

Answer 62

a) Digital and Nondigital

Question 63

If computers are surplused, any sensitive and confidential information stored on the machines must be thoroughly erased/wiped. Is it INSUFFICIENT or SUFFICIENT to just delete the information?

Answer 63

In general, it is insufficient to delete the information, because it may remain on the medium.

Question 64

Prior to disposal of any device or media containing sensitive or confidential data, the device or media must be sanitized using Department Information Security Officer ISO-approved utility. If the wiping process cannot be completed without error, the medium may be manually or electromagnetically destroyed to ensure the data cannot be retrieved or reconstructed.

True of False

Answer 64

True

Question 65

Destroy paper using _____shredders which produce particles that are one by five millimeters in size or pulverize/disintegrate paper materials using disintegrator devices equipped with a 3/32-inch security screen.

a) Strip-Cut

b) Micro-Cut

c) Cross-Cut

Answer 65

c) Cross Cut

Question 66

What practices do NOT effectively remove or protect sensitive or confidential data on data storage media and should NOT be used?

a) Removing the hard drive

b) Reimaging

c) Disk Imaging

d) B and C

Answer 66

d) B and C

Question 67

What is the Office of Primary Interest (OPI) for outreach activities including the use of social media? (Chapt. 16.4.a, page 16-4)

a. The Office of Community Outreach and Media Relations (COMR)

b. The Office of the Commissioner

c. The Office of Employee Outreach

d. The Office of the Assistant Commissioner, Staff

Answer 67

a. The Office of Community Outreach and Media Relations (COMR)

Question 68

When speaking on social media on behalf of the department, how shall you identify yourself? (Chapt. 16.3.f, page 16-6)

a. Title, Full name, Area/Command

b. Full name, Title, Agency

c. Social Media Username, Title, Agency

d. You shall not identify yourself while speaking for the department.

Answer 68

b. Full name, Title, Agency

Question 69

Users __________ use their work password on social media sites. (Chapt. 16.3.i, page 16-6)

A. Shall

B. Shall not

C. Should

D. Should not

Answer 69

B. Shall not

Question 70

Employees wishing to use personal smartphones and/or tablets to access state e-mail shall submit which forms?

a. CHP 109- Information Technology Request, and SIMM 5360-B- Remote Access Agreement

b. CHP 110- Confidentiality Agreement, and CHP 129- Duty Statement

c. CHP 174- Right to Privacy Acknowledgement and CHP 190- Release of Information Application

d. No forms are required.

Answer 70

a. CHP 109- Information Technology Request, and SIMM 5360-B- Remote Access Agreement

Question 71

Which of the following is NOT true of password protection required on a personal device used for state email? (Chapt. 17.4.b.3.d)

a. A new password to be created once every 60 days.

b. Automatic lockout after five failed password attempts.

c. Password cannot include family member names.

d. Password must be at least four characters long.

Answer 71

c. Password cannot include family member names.

Question 72

Incidental use of the state email system is ________ for personal and family matters such as a phone call or email to a child’s daycare. (CH 18 pg 18-3 (3) 2c)

a. Allowed

b. Not allowed

c. approved on a case by case basis by the Area Commander

d. required to be approved by the Division Commander

Answer 72

a. Allowed

Question 73

s it acceptable to use state email for outside employment if you are engaged in approved secondary employment? (CH 18 pg 18-4 B1b)

a) Yes

b) Only with permission from the Commander.

c) Yes if you understand there is no expectation of privacy.

d) No.

Answer 73

d) No.

Question 74

What disciplinary action may take place for violation of the acceptable use policy? (CH 18-5 4 )

a) Memorandum of Direction.

b) Bazemore Admonition.

c) Up to and including termination.

d) Up to 30 days of Administrative Time Off.

Answer 74

c) Up to and including termination.

Question 75

An MDC user _________be logged in their MDC with the GPS activated to enable CAD dispatch locator for SOS (11-99) button, and radio extender 11-99 button. (CH 19 pg 19-3 3A)

a) Shall

b) Should

c) May

d) Shall not

Answer 75

a) Shall

Question 76

What is the OPI for the MDC program? (CH 19 pg 19-4, 4)

a) Information Management Division (IMD)

b) Enforcement and Planning Division

c) Special Projects Section

d) Administrative Services Division

Answer 76

a) Information Management Division (IMD)

Question 77

If an officer or supervisor does not have a patrol vehicle available with a working MDC, what steps shall be taken? (CH 19 pg 19-5 5 e)

a. A patrol vehicle shall be borrowed from an adjoining area.

b. Nothing. Working MDC’s are a luxury.

c. The officer or supervisor shall ride with another unit with a working MDC.

d. They shall notify a supervisor or manager, advise communication center the patrol vehicle ID and the name of the supervisor that was notified.

Answer 77

d. They shall notify a supervisor or manager, advise communication center the patrol vehicle ID and the name of the supervisor that was notified.

Question 78

There is _______ right or expectation of privacy on CHP networks, systems, devices, and/or media; unauthorized access or use is strictly prohibited and may be punishable under Section 502 of the California Penal Code.

a) No

b) A limited

c) An absolute

d) A partial

Answer 78

a) No

Question 79

California Highway Patrol staff having appropriate network security

administrative responsibilities shall utilize ____________ to perform electronic scans of networks, servers, switches/routers, firewalls, and/or any other systems at the CHP.

a) sound, professional judgement

b) auditing software

c) department created software

d) contracted services

Answer 79

b) auditing software

Question 80

If an unknow wireless access point (WAP) is discovered emanating from a CHP property, who should a supervisor or commander contact to confirm if the WAP is authorized?

a) ISU

b) Division

c) IMD

d) IMT

Answer 80

d) IMD

Question 81

If a contractor needs wireless internet to connect to their equipment to facilitate work on a CHP facility, what can be used to accommodate them?

a) Provide own hotspot

b) Use CHP Secure network

c) Use CHP Guest Wifi

d) To bad so sad

Answer 81

c) Use CHP Guest Wifi

Question 82

If an employee finds inappropriate use of File Share, they shall notify their supervisor or commander. The supervisor or commander shall then contact which entity for further guidance?

a) Computer Crimes Investigation Unit (CCIU)

b) ISU

c) ENTAC

d) Division

Answer 82

a) Computer Crimes Investigation Unit (CCIU)

Question 83

If misuse of the Onedrive is discovered at the command level, CCIU shall be notified and consulted.

True or False

Answer 83

True

Question 84

A command has how many days to report a lost or stolen device that is syncing with Onedrive to IMD?
a) 1 business day

b) 2 business days

c) 3 business days

d) 5 business days

Answer 84

d) 5 business days