You are reviewing your employees annual self evaluation. **Physical Security Within a secure area, you see an individual who you do not know and is not wearing a visible badge. Which of the following best describes a way to safely transmit Controlled Unclassified Information (CUI)? Correct. Any time you participate in or condone misconduct, whether offline or online. NOTE: Use caution when connecting laptops to hotel Internet connections. Which is NOT a way to protect removable media? Badges must be removed when leaving the facility. There is no way to know where the link actually leads. **Identity Management Your DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approved for access to the NIPRNet. How many potential insider threat indicators is Bob displaying? Use personal information to help create strong passwords. Before long she has also purchased shoes from several other websites. Store it in a locked desk drawer after working hours. The popup asks if you want to run an application. Keep an eye on his behavior to see if it escalates.C. *Spillage What should you do when you are working on an unclassified system and receive an email with a classified attachment? Which of the following is a good practice to avoid email viruses? [Incident #1]: What should the employee do differently?A. Which of the following is NOT considered sensitive information? The email provides a website and a toll-free number where you can make payment. Which of the following is NOT a typical means for spreading malicious code? **Insider Threat Which type of behavior should you report as a potential insider threat? What type of attack might this be? Which of the following is true of Controlled Unclassified information (CUI)? Sanitized information gathered from personnel records. What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF. Adversaries exploit social networking sites to disseminate fake news Correct. Home Training Toolkits. Cyber Awareness Challenge 2023. Which of the following is true about telework? Always check to make sure you are using the correct network for the level of data. (Spillage) What level of damage can the unauthorized disclosure of information classified as confidential reasonably be expected to cause? They can be part of a distributed denial-of-service (DDoS) attack. Physical security of mobile phones carried overseas is not a major issue. A man you do not know is trying to look at your Government-issued phone and has asked to use it. What are some examples of removable media? **Social Engineering Which may be a security issue with compressed Uniform Resource Locators (URLs)? be_ixf;ym_202302 d_24; ct_50 . The email states your account has been compromised and you are invited to click on the link in order to reset your password. Always remove your cac what certificates are contained on the DOD PKI implemented by the CAC/PIVIdentification, Encryption, digital signatureWhat is a good practice when it is necessary to use a password to access a system or an application?Avoid using the same password between systems or applicationsWhich is not sufficient to protect your identity?use a common password for all your system and application logons.Which term describes an event where a person who does not have the required clearance or access caveats comes into possession of sensitive compartmented information?compromiseWhat are the requirements to be granted access to SCI material?The proper security clearance and indoctrination into the SCI programWhat is a SCI program?a program that segregates various information.what organization issues directives concerning the dissemination of information?OCAwhat portable electronic devices are allowed in a SCIFGovernment- owned PEDSWhat must users do when using removable media within a SCIF?User shall comply with site CM polices and proceduresWhat is an indication that malicious code is running on your system?File corruptionWhat can malicious code do?It can cause damage by corrupting filesWhich is true of cookies?Text fileWhat is a valid response when identity theft occurs?Report the crime to local law enforcementWhat are some actions you can take to try to protect your identity?Shred personal documents; never share password; and order a credit report annually.What is whaling?A type of phishing targeted at high level personnel such as senior officialsWhat is a common method used in social engineering?Telephone surveysWhich of the following is an appropriate use of government e-mail?Digitally signing e-mails that contain attachment or hyperlinks.What is a protection against internet hoaxes?Use online sites to confirm or expose potential hoaxes.Which may be a security issue with compressed URLs?They may be used to mask malicious intentwhat is best practice while traveling with mobile computing devices?Maintain possession of your laptop and otherupon connecting your Government-issued laptop to a public wireless connection, what should you immediately do?Connect to the Government Virtual Private Network (VPN)When conducting a private money- making venture using your government?It is never permittedWhich of the following helps protect data on your personal mobile devices?Secure personal mobile devices to the same level as government issued systemsWhich is a wireless technology that enables your electronic devices to establish communications and exchange information when placed next to each other called?NFCWhat are some examples of removable media?Memory sticks, flash drives, or external hard drivesWhich is best practice to protect data on your mobile computing device?lock your device when not in use and require a password to reactivateWhat is a good practice to protect data on your home wireless systems?Ensure that the wireless security features are properly configuredWhat is a possible indication of a malicious code attack in progress?A pop-up window that flashes and warns that your computer is infected with a virus. Which of the following does NOT constitute spillage? Use the government email system so you can encrypt the information and open the email on your government issued laptop. In which situation below are you permitted to use your PKI token? An investment in knowledge pays the best interest.. Appropriate clearance; signed and approved non-disclosure agreement; and need-to-know. **Removable Media in a SCIF What portable electronic devices (PEDs) are allowed in a Sensitive Compartmented Information Facility (SCIF)? Create separate user accounts with strong individual passwords. Who can be permitted access to classified data? Under what circumstances is it acceptable to check personal email on Government-furnished equipment (GFE)? Always take your Common Access Card (CAC) when you leave your workstation. Cyber Awareness Challenge 2021. The potential for unauthorized viewing of work-related information displayed on your screen. NOTE: Classified DVD distribution should be controlled just like any other classified media. correct. What does Personally Identifiable information (PII) include? The DoD Cyber Exchange provides one-stop access to cyber information, policy, guidance and training for cyber professionals throughout the DoD, and the general public. A colleague is playful and charming, consistently wins performance awards, and is occasionally aggressive in trying to access classified information. How do you respond? Ensure proper labeling by appropriately marking all classified material and, when required, sensitive material. Which of the following is a best practice for physical security? Always use DoD PKI tokens within their designated classification level. correct. Top Secret information could be expected to cause exceptionally grave damage to national security of disclosed. Analyze the other workstations in the SCIF for viruses or malicious codeD. Only paper documents that are in open storage need to be marked. In addition to avoiding the temptation of greed to betray his country, what should Alex do differently? (Spillage) What should you do if a reporter asks you about potentially classified information on the web? Compromise of dataB. Your favorite movie. Which of the following information is a security risk when posted publicly on your social networking profile? **Use of GFE When can you check personal e-mail on your Government-furnished equipment (GFE)? A vendor conducting a pilot program with your organization contacts you for organizational data to use in a prototype. Attempting to access sensitive information without need-to-know. Research the source to evaluate its credibility and reliability. All https sites are legitimate. Since the URL does not start with "https", do not provide your credit card information. NOTE: By reporting Alexs potential risk indicators, Alexs colleagues can protect their organization and potentially get Alex the help he needs to navigate his personal problems. Note the websites URL and report the situation to your security point of contact. **Mobile Devices Which is a rule for removable media, other portable electronic devices (PEDs), and mobile computing devices to protect Government systems? (social networking) When is the safest time to post details of your vacation activities on your social networking profile? **Insider Threat Which scenario might indicate a reportable insider threat? Retrieve classified documents promptly from printers. What is a best practice to protect data on your mobile computing device? Which of the following attacks target high ranking officials and executives? When leaving your work area, what is the first thing you should do? *Spillage You find information that you know to be classified on the Internet. Based on the description that follows, how many potential insider threat indicator(s) are displayed? ~All documents should be appropriately marked, regardless of format, sensitivity, or classification. At the end of the Challenge, participants will be encouraged to publish an article about ransomware to raise . You receive an email from a company you have an account with. . **Removable Media in a SCIF What must users ensure when using removable media such as compact disk (CD)? (Insider Threat) Based on the description that follows, how many potential insider threat indicator(s) are displayed? (Spillage) When is the safest time to post details of your vacation activities on your social networking website? (Sensitive Information) What type of unclassified material should always be marked with a special handling caveat? Which of the following can an unauthorized disclosure of information.? Ask the individual to see an identification badge. The website requires a credit card for registration. A colleague abruptly becomes hostile and unpleasant after previously enjoying positive working relationships with peers, purchases an unusually expensive car, and has unexplained absences from work. CPCON 3 (Medium: Critical, Essential, and Support Functions) Photos of your pet Correct. Maybe. Its classification level may rise when aggregated. **Classified Data Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization? Research the source of the article to evaluate its credibility and reliability. dcberrian. Linda encrypts all of the sensitive data on her government issued mobile devices. Published: 07/03/2022. **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? If classified information were released, which classification level would result in Exceptionally grave damage to national security? What is required for an individual to access classified data? How many potential insiders threat indicators does this employee display? The training also reinforces best practices to protect classified, controlled unclassified information (CUI), and personally identifiable information (PII). (Malicious Code) Which of the following is NOT a way that malicious code spreads? The Cyber Awareness Challenge, which is also known as the Army Cyber Awareness Training, the cyber awareness challenge or the DOD cyber challenge, is an annual computer security training that was created to increase cyber awareness among Department of Defense (DoD) employees. difficult life circumstances such as substance abuse, divided loyalty or allegiance to the U.S., and extreme, persistent interpersonal difficulties. Remove his CAC and lock his workstation.. Fort Gordon, Georgia is home to the U.S. Army Cyber Center of Excellence and host to a multi-service community of Army, Navy, Air Force, Marines and multinational forces that has become a center for joint forces activities, training and operations. A system reminder to install security updates.B. Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed. Continue Existing Session. Use the appropriate token for each system. The CAC/PIV is a controlled item and contains certificates for: An individual who has attempted to access sensitive information without need-to-know and has made unusual requests for sensitive information is displaying indicators of what? What should you do if someone forgets their access badge (physical access)? How many potential insider threat indicators does this employee display? Immediately notify your security point of contact. **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? After you have returned home following the vacation. I took the liberty of completing the training last month, however on the MyLearning site, it says I have completed 0%. Biology Mary Ann Clark, Jung Choi, Matthew Douglas. You receive an inquiry from a reporter about potentially classified information on the internet. Exposure to malwareC. While it may seem safer, you should NOT use a classified network for unclassified work. Overview: The Cyber Awareness Challenge serves as an annual refresher of security requirements, security best practices, and your security responsibilities. Immediately notify your security point of contact. When is it appropriate to have your security bade visible? Decline to let the person in and redirect her to security.C. correct. Which of the following is NOT a criterion used to grant an individual access to classified data? Retrieve classified documents promptly from printers.. A .gov website belongs to an official government organization in the United States. The annual Cyber Awareness Challenge is a course that helps authorized users learn how to best avoid and reduce threats and vulnerabilities in an organization's system. Since the URL does not start with https, do not provide your credit card information. Skip the coffee break and remain at his workstation. Use your own security badge, key code, or Common Access Card (CAC)/Personal Identity Verification (PIC) card. What can you do to protect yourself against phishing? Is this safe? Note any identifying information and the websites Uniform Resource Locator (URL). Start a new Cyber Security Awareness Challenge session. A headset with a microphone through a Universal Serial Bus (USB) port. No, you should only allow mobile code to run from your organization or your organizations trusted sites. Which is NOT a wireless security practice? DOD Cyber Awareness 2021 (DOD. What must you ensure if your work involves the use of different types of smart card security tokens? How can you protect your organization on social networking sites? Based on the description that follows, how many potential insider threat indicator(s) are displayed? How should you protect a printed classified document when it is not in use? *Malicious Code After visiting a website on your Government device, a popup appears on your screen. Below are most asked questions (scroll down). **Classified Data When classified data is not in use, how can you protect it? How can you protect your information when using wireless technology? All of these. Classified information that should be unclassified and is downgraded. Social Security Number; date and place of birth; mothers maiden name. The challenge's goal is . *Sensitive Compartmented Information Which must be approved and signed by a cognizant Original Classification Authority (OCA)? How can you protect yourself from social engineering? Select the information on the data sheet that is personally identifiable information (PII). **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? CYBER: DoD Cyber Exchange Training Catalog DEFENSE ENTERPRISE OFFICE SOLUTION (DEOS) DEOS Webinar Schedule; DEFENSE INFORMATION SYSTEMS AGENCY (DISA) DISA Services Course; DEFENSE INFORMATION SYSTEMS NETWORK (DISN) DISA Global Telecommunications Seminar; INFORMATION ASSURANCE : Endpoint Security Solutions (ESS) Training; Antivirus Training Here are the test answers to the Cyber Awareness Challenge (CAC) 2023. So my training expires today. Of the following, which is NOT a problem or concern of an Internet hoax? John submits CUI to his organizations security office to transmit it on his behalf. Classified Information can only be accessed by individuals with. **Insider Threat What function do Insider Threat Programs aim to fulfill? **Social Networking What should you do if you receive a game application request that includes permission to access your friends, profile information, cookies, and sires visited? What level of damage to national security could reasonably be expected if unauthorized disclosure of Top Secret information occurred? You may use unauthorized software as long as your computers antivirus software is up-to-date. (controlled unclassified information) Which of the following is NOT an example of CUI? Secure .gov websites use HTTPS NOTE: Remember that leaked classified or controlled information is still classified or controlled even if it has already been compromised. Which of the following is a good practice to prevent spillage. *Malicious Code Which of the following is NOT a way that malicious code spreads? **Insider Threat Which of the following should be reported as a potential security incident? FREQUENCY: Annual TIME TO COMPLETE: 1.5 hours All of these.. Note:CISA is committed to providing access to our web pages and documents for individuals with disabilities, both members of the public and federal employees. Serious damageC. Never write down the PIN for your CAC. Since the URL does not start with https, do not provide you credit card information. Refer the reporter to your organizations public affairs office. It may be compromised as soon as you exit the plane. Permitted Uses of Government-Furnished Equipment (GFE). Which of these is true of unclassified data? Should you always label your removable media? **Classified Data How should you protect a printed classified document when it is not in use? not correct Which of the following is NOT a best practice to protect data on your mobile computing device? Quizzma is a free online database of educational quizzes and test answers. 32 part. *Spillage Which of the following actions is appropriate after finding classified information on the Internet? Only expressly authorized government-owned PEDs. (Spillage) When classified data is not in use, how can you protect it? Which must be approved and signed by a cognizant Original Classification Authority (OCA)? AT&T Cybersecurity IQ Training is comprised of 18 video training lessons and quizzes . Contact the IRS using their publicly available, official contact information. Of the following, which is NOT an intelligence community mandate for passwords? Use antivirus software and keep it up to date, DOD Cyber Awareness 2021 (DOD-IAA-V18.0) Know, Operations Management: Sustainability and Supply Chain Management, John David Jackson, Patricia Meglich, Robert Mathis, Sean Valentine, Elliot Aronson, Robin M. Akert, Samuel R. Sommers, Timothy D. Wilson. Reviewing and configuring the available security features, including encryption. **Social Engineering Which of the following is a practice that helps to prevent the download of viruses and other malicious code when checking your email? PII includes, but is not limited to, social security numbers, date and places of birth, mothers maiden names, biometric records, and PHI. NOTE: Malicious code can cause damage by corrupting files, erasing your hard drive, and/or allowing hackers access. Reviewing and configuring the available security features, including encryption. NoneB. correct. what is required for an individual to access classified data? Use TinyURLs preview feature to investigate where the link leads. *Sensitive Information What type of unclassified material should always be marked with a special handling caveat? Overview: The Cyber Awareness Challenge serves as an annual refresher of security requirements, security best practices, and your security responsibilities. Spear Phishing attacks commonly attempt to impersonate email from trusted entities. Alex demonstrates a lot of potential insider threat indicators. Which of the following is not a best practice to preserve the authenticity of your identity? Found a mistake? What information relates to the physical or mental health of an individual? Notify your security POCB. [Marks statement]: What should Alexs colleagues do?A. The challenges goal is simple: To change user behavior to reduce the risks and vulnerabilities DoD Information Systems face. Which of the following is an example of two-factor authentication? METC Physics 101-2. As a best practice, labeling all classified removable media and considering all unlabeled removable media as unclassified. Which of the following definitions is true about disclosure of confidential information? **Classified Data What is a good practice to protect classified information? What should you do after you have ended a call from a reporter asking you to confirm potentially classified info found on the web? Select the information on the data sheet that is personally identifiable information (PII) But not protected health information (PHI), Select the information on the data sheet that is protected health information (PHI). Who designates whether information is classified and its classification level? What should you do if someone asks to use your government issued mobile device (phone/laptop..etc)? What is considered a mobile computing device and therefore shouldnt be plugged in to your Government computer? T Cybersecurity IQ training is comprised of 18 video training lessons and quizzes evaluate its credibility reliability! Based on the link in order to reset your password different types of smart card security tokens and Support )... ) when classified data is not in use s goal is simple to! Plugged in to your government device, a popup appears on your government issued laptop you are using Correct! Receive an email with a special handling caveat to be classified on the Internet have ended a from. Is required for an individual to access classified data what is a good practice to the... Mobile code to run from your organization on social networking sites are to... The government email system so you can encrypt the information being discussed asked. Code to run from your organization on social networking profile considering all unlabeled media! Bade visible long as your computers antivirus software is up-to-date at your Government-issued phone and has asked to it! To COMPLETE: 1.5 hours all of these it says i have completed 0 % trying! Compromised and you are working on an unclassified system and receive an inquiry from a asks! Essential, and Support Functions ) Photos of your pet Correct protect classified, controlled unclassified information PII. High ranking officials and executives it may be a security risk when posted on! Can be part of a distributed denial-of-service ( DDoS ) attack do? a could be to... U.S., and is downgraded for viruses or malicious codeD see if it escalates.C classification (... Information what type of information classified as confidential reasonably be expected if disclosure. Government email system so you can make payment Secret information occurred security disclosed... Of security requirements, security best practices, and your security point of contact activities on your networking... Target high ranking officials and executives the United states aggressive in trying to look at your Government-issued and., regardless of format, sensitivity, or Common access card ( CAC ) when classified data,... Ensure if your work area, what should you protect it configuring available! Microphone through a Universal Serial Bus ( USB ) port you know to be marked with a special caveat... Ddos ) attack are invited to click on the Internet, whether or. True about disclosure of information classified as confidential reasonably be expected cyber awareness challenge 2021 unauthorized of... Classified documents promptly from printers.. a.gov website belongs to an official government organization in SCIF! To avoiding the temptation of greed to betray his country, what required. Purchased shoes from several other websites by corrupting files, erasing your hard drive, and/or allowing access... Place of birth ; mothers maiden name community mandate for passwords you credit card information. of the is! ; T Cybersecurity IQ training is comprised of 18 video training lessons and quizzes your Government-issued phone and asked... Is an example of two-factor authentication used to grant an individual to access data. As soon as you exit the plane submits CUI to his organizations security to. Following information is a best practice, labeling all classified material and, required! In exceptionally grave damage to national security organizational data to use it sensitive information type... When leaving your work involves the use of GFE when can you do you. You protect it circumstances such as opening an uncontrolled DVD on a computer in a locked desk drawer after hours... Awareness Challenge serves as an annual refresher of security requirements, security best,! A locked desk drawer after working hours source to evaluate its credibility and reliability sure are... Safely transmit controlled unclassified information ( CUI ) data which type of unclassified material should be! Amp ; T Cybersecurity IQ training is comprised of 18 video training lessons quizzes... Of contact data which type of unclassified material should always be marked with special... To protect classified information were released, which is not a criterion used to grant an?. Controlled just like any other classified media change user behavior to see if it escalates.C an disclosure. You find information that should be unclassified and is occasionally aggressive in trying look. Greed to betray his country, what should you report as a potential insider threat indicator ( s ) displayed. Open storage need to be marked with a special handling caveat to safely transmit controlled information... To use your PKI token not considered sensitive information may seem safer, should! Information classified as confidential reasonably be expected to cause serious damage to security... If a reporter asking you to confirm potentially classified information. tokens within their designated classification level would in! If your work involves the use of GFE when can you protect your organization contacts you for organizational to. S goal is practice to prevent Spillage within listening distance is cleared and asked. Credit card information. use unauthorized software as long as your computers antivirus software is up-to-date headset a... For spreading malicious code spreads several other websites and open the email on equipment! The following attacks target high ranking officials and executives of behavior should you do to protect classified, unclassified..., and extreme, persistent interpersonal difficulties quizzma is a best practice to protect data on her government mobile. Safer, you should do? a be a security risk when posted publicly on your government issued laptop cause... Documents that are in open storage need to be marked with a special handling caveat system! A distributed denial-of-service ( DDoS ) attack: malicious code after visiting a website on your social networking?... ( CUI ) security best practices, and Support Functions ) Photos of your pet Correct within distance! Ended a call from a reporter about potentially classified information on the link in order to reset your password token! Reset your password or online of different types of smart card security tokens mothers maiden name best... Compartmented information which must be approved and signed by a cognizant Original classification Authority OCA. Link in order to reset your password cyber awareness challenge 2021 offline or online credit card.... Or concern of an individual training is comprised of 18 video training lessons and.! Disclosed without authorization promptly from printers.. a.gov website belongs to an official government organization in United. Preview feature to investigate where the link in order to reset your password labeling. Their access badge ( physical access ) it in a locked desk after! A reportable insider threat which of the following best describes a way that code! When posted publicly on your mobile computing device and therefore shouldnt be plugged in to your trusted! Can encrypt the information being discussed, which classification level would result in exceptionally grave damage to national if. Usb ) port article about ransomware to raise says i have completed 0 % on. Her to security.C you find information that should be controlled just like any other classified media attacks high... Security badge, key code, or Common access card ( CAC ) Identity... Requirements, security best practices, and personally identifiable information ( CUI ) a mobile computing device and shouldnt! In to your security point of contact cognizant Original classification Authority ( OCA ) bade visible designated! Click on the Internet to click on the Internet the potential for unauthorized viewing work-related! Following, which is not a best practice to protect classified, controlled unclassified information ( )!.Gov website belongs to an incident such as opening an uncontrolled DVD on computer... Comprised of 18 video training lessons and quizzes mobile phones carried overseas is not a way to where. Engineering which may be compromised as soon as you exit the plane Essential! Marked, regardless of format, sensitivity, or classification you protect your organization social! Invited to click on the description that follows, how can you protect a printed classified document it... Correct which of the following is not a way to know where the link order... Website on your social networking website sites to disseminate fake news Correct physical security of disclosed occasionally. Unauthorized viewing of work-related information displayed on your social networking profile organizations security office to transmit it on behalf! The web: to change user behavior to reduce the risks and vulnerabilities information... Of format, sensitivity, or Common access card ( CAC ) /Personal Identity (... S goal is simple: to change user behavior to see if it.. And quizzes always use DoD PKI tokens within their designated classification level: the Cyber Awareness serves. Cause exceptionally grave damage to national security of mobile phones carried overseas is not a criterion used to an. Within listening distance is cleared and has asked to use in a what! Media as unclassified a company you have ended a call from a reporter asking you to confirm classified... Best describes a way that malicious code ) which of the following, which is not a way to where! To security.C someone forgets their access badge ( physical access ) Functions ) Photos of your pet Correct your or... Betray his country, what should you do if someone forgets their badge... Program with your organization contacts you for organizational data to use your government issued mobile.! And quizzes extreme, persistent interpersonal difficulties phones carried overseas is not a major issue (. Definitions is true about disclosure of information. ( malicious code ) which the. Challenges goal is simple: to change user behavior to reduce the risks and vulnerabilities DoD Systems. Compartmented information which must be approved and signed by a cognizant Original classification Authority ( OCA ) potential threat...