The phrase “which of the following is true of spillage” almost always appears in cybersecurity and cyber-awareness quizzes, where spillage means mishandling classified or sensitive information.

In that context, the correct statement is:

Spillage can be either inadvertent (accidental) or intentional.

What “spillage” means (cyber context)

In cybersecurity and information assurance training, spillage is not about liquid or chemical spills. It refers to:

  • Classified or sensitive information being transferred, exposed, or stored on a system, network, or location not authorized for that level of information.
  • This can involve emails, documents, screenshots, removable media, cloud storage, or chat tools used in ways that bypass or ignore security rules.

Example:
Sending a document labeled “Secret” from a classified network to a normal corporate email system is a spillage, even if you “just wanted to work from home.”

Why “inadvertent or intentional” is correct

Training and quiz sources for this exact question explicitly give the answer:

  • “Which of the Following is True of Spillage? Correct Answer: It can be either inadvertent or intentional.

This captures two key realities:

  1. Inadvertent spillage
    • Mistyping an email address and sending classified data to the wrong person.
    • Uploading a sensitive file to an unapproved cloud drive.
    • Copy‑pasting sensitive content into a chat or document that is not authorized for that level of information.
  1. Intentional spillage
    • Deliberately sharing restricted information with someone who lacks clearance.
    • Copying classified plans onto a personal USB drive to take them out of a secure environment.

Both cases are treated seriously because impact matters more than intent.

Common wrong options you’re likely to see

On quizzes, the other choices are often incorrect statements like:

  • “It refers only to unclassified information.”
  • “It is always accidental.”
  • “It only happens when systems are hacked.”
  • “It only applies to paper documents.”

These are wrong because:

  • Spillage is specifically about classified or sensitive information ending up in an unauthorized place or system.
  • Human error (accidental) and deliberate leaks (intentional) are both recognized forms of spillage.

Quick mental rule for future questions

If you see a multiple‑choice question about spillage in a security or cyber- awareness module, you can usually remember:

  • Spillage = sensitive/classified info + wrong system/person/location.
  • It does not care whether you “meant to” or not; both intentional and accidental count.

So, if one option says “It can be either inadvertent or intentional” — that’s the one to pick.