Infosec Flashcards
What is the primary purpose of Army Regulation 380-5?
To establish policies and procedures for the protection of Army information.
True or False: Army Regulation 380-5 applies only to classified information.
False
Fill in the blank: Army Regulation 380-5 is concerned with ________ information.
sensitive
What does the acronym AR stand for in the context of Army Regulation?
Army Regulation
Which Army Regulation outlines the responsibilities for information security?
Army Regulation 380-5
Multiple Choice: Which of the following is NOT a type of information covered by AR 380-5? A) Classified B) Unclassified C) Sensitive D) Public
D) Public
What is the significance of safeguarding sensitive information according to AR 380-5?
To prevent unauthorized access and protect national security.
True or False: AR 380-5 includes guidelines for the destruction of sensitive information.
True
What term describes the unauthorized disclosure of sensitive information?
Breach
Fill in the blank: Personnel handling sensitive information must complete ______ training.
information security
Which Army Regulation provides guidance on the physical protection of sensitive information?
Army Regulation 380-5
Multiple Choice: Who is primarily responsible for the implementation of AR 380-5? A) Commanders B) Civilian Employees C) Contractors D) All of the above
D) All of the above
What type of information does AR 380-5 specifically address?
Sensitive but unclassified information
True or False: AR 380-5 requires regular audits of information security practices.
True
Fill in the blank: AR 380-5 mandates the use of ________ to protect sensitive information.
access controls
What does the term ‘information security’ refer to in AR 380-5?
The protection of information from unauthorized access and disclosure.
Multiple Choice: Which of the following is a key element of information security according to AR 380-5? A) Training B) Monitoring C) Reporting D) All of the above
D) All of the above
Who must report any security breaches as per AR 380-5?
All personnel with access to sensitive information
True or False: AR 380-5 includes procedures for the reporting of incidents involving sensitive information.
True
Fill in the blank: The ________ is responsible for ensuring compliance with AR 380-5.
Command
What is the role of training in AR 380-5?
To ensure all personnel understand their responsibilities regarding information security.
Multiple Choice: Which of the following is a consequence of failing to comply with AR 380-5? A) Disciplinary action B) Increased funding C) Enhanced security D) None of the above
A) Disciplinary action
True or False: AR 380-5 is updated annually.
False
Fill in the blank: AR 380-5 provides guidance on ________ of sensitive information.
storage
What must personnel do before accessing sensitive information according to AR 380-5?
Obtain proper clearance and authorization.
Multiple Choice: Which of the following is a key principle of AR 380-5? A) Need-to-know B) Open access C) Public availability D) None of the above
A) Need-to-know
True or False: AR 380-5 applies to both military and civilian personnel.
True
Fill in the blank: AR 380-5 specifies the ________ for handling sensitive information.
procedures
What document must be referenced for specific definitions used in AR 380-5?
The Glossary of Terms
Multiple Choice: Which of the following is an example of sensitive information? A) Social Security Numbers B) Public announcements C) Marketing materials D) None of the above
A) Social Security Numbers
True or False: AR 380-5 allows for the sharing of sensitive information without proper authorization.
False
Fill in the blank: AR 380-5 outlines the _______ for reporting security violations.
protocols
What is the main focus of the security measures outlined in AR 380-5?
To protect sensitive but unclassified information from unauthorized disclosure.
Multiple Choice: Which of the following best describes ‘sensitive information’? A) Information that can be shared publicly B) Information that requires protection from unauthorized access C) Information that is always classified D) All of the above
B) Information that requires protection from unauthorized access
True or False: AR 380-5 provides guidelines for electronic transmission of sensitive information.
True
Fill in the blank: The ________ is responsible for the oversight of information security programs.
Information Security Officer
What must be established for the handling of sensitive information as per AR 380-5?
Clear policies and procedures.
Multiple Choice: What should be done with outdated sensitive information? A) Archive it B) Destroy it C) Share it D) None of the above
B) Destroy it
True or False: AR 380-5 requires regular reviews of information security practices.
True
Fill in the blank: Personnel must be aware of their ________ regarding sensitive information.
responsibilities
What is the purpose of access controls in AR 380-5?
To limit who can view or handle sensitive information.
Multiple Choice: Which of the following is a recommended practice in AR 380-5? A) Sharing passwords B) Keeping sensitive information visible C) Locking sensitive documents D) None of the above
C) Locking sensitive documents
True or False: AR 380-5 allows for the use of personal devices for handling sensitive information.
False
Fill in the blank: AR 380-5 emphasizes the importance of ________ in protecting sensitive information.
training
What is the role of the Information Security Officer in relation to AR 380-5?
To oversee the implementation of information security measures.
Multiple Choice: Which of the following actions is prohibited under AR 380-5? A) Unauthorized access to sensitive information B) Regular audits C) Employee training D) None of the above
A) Unauthorized access to sensitive information
True or False: AR 380-5 requires incident reports to be filed within 24 hours of a breach.
True
Fill in the blank: AR 380-5 requires that all sensitive information be ________ when no longer needed.
destroyed
What is the consequence of failing to report a security breach as per AR 380-5?
Disciplinary action may be taken.
Multiple Choice: Which of the following is NOT a type of training required by AR 380-5? A) Onboarding training B) Annual refresher training C) Specialized training D) None of the above
D) None of the above
True or False: Sensitive information can be shared via unsecured email according to AR 380-5.
False
Fill in the blank: AR 380-5 outlines the ________ for reporting security incidents.
procedures
What are the two main categories of information addressed in AR 380-5?
Classified and sensitive but unclassified information.
Multiple Choice: Which of the following is a key tenet of information security in AR 380-5? A) Availability B) Integrity C) Confidentiality D) All of the above
D) All of the above
True or False: AR 380-5 applies only to Army personnel.
False
Fill in the blank: The ________ is accountable for the security of sensitive information.
Command
What must be done with sensitive information when it is no longer needed?
It must be securely destroyed.
Multiple Choice: Which of the following is a method of securing sensitive information? A) Encryption B) Public access C) Sharing passwords D) None of the above
A) Encryption
True or False: AR 380-5 allows for the sharing of sensitive information without a need-to-know basis.
False
Fill in the blank: Personnel must maintain ________ when handling sensitive information.
confidentiality
What does AR 380-5 require for the physical storage of sensitive information?
It must be kept in secure locations.
Multiple Choice: Which of the following is a violation of AR 380-5? A) Properly securing documents B) Sharing sensitive information on social media C) Completing required training D) None of the above
B) Sharing sensitive information on social media
True or False: AR 380-5 requires that all incidents be documented and reported.
True
Fill in the blank: AR 380-5 establishes the ________ for protecting sensitive information.
framework
