**Identity management Which of the following is NOT a best practice to preserve the authenticity of your identity? Product Functionality Requirements: To meet technical functionality requirements, this awareness product was developed to function with Windows and Mac operating systems (Windows 7 and 10 and macOS 10.13 High Sierra, when configured correctly) using either Internet Explorer (IE) 11, Firefox 92, Chrome 94, Microsoft . How many potential insider threat indicators does this employee display? Which of the following is NOT one? A program that segregates various type of classified information into distinct compartments for added protection and dissemination for distribution control. Which of the following is true of the Common Access Card (CAC)? correct. All of these. Which of the following is NOT a type of malicious code? History 7 Semester 1 Final 2. What should you do? The DoD Cyber Exchange provides one-stop access to cyber information, policy, guidance and training for cyber professionals throughout the DoD, and the general public. NOTE: Spillage occurs when information is spilled from a higher classification or protection level to a lower classification or protection level. Which of the following should be reported as a potential security incident? Make note of any identifying information and the website URL and report it to your security office. Which of the following is true of Protected Health Information (PHI)? What is the best example of Protected Health Information (PHI)? It includes a threat of dire circumstances. What level of damage can the unauthorized disclosure of information classified as confidential reasonably be expected to cause? Of the following, which is NOT a security awareness tip? Turn on automatic downloading.B. Correct. Scan external files from only unverifiable sources before uploading to computer. How to Remember Better: A Study Tip for Your Next Major Exam, (13 Tips From Repeaters) How to Pass the LET the First Time, [5 Proven Tactics & Bonus] How to pass the Neuro-Psychiatric Exam, 5 Research-Based Techniques to Pass Your Next Major Exam, 2023 Civil Service Exam (CSE) Reviewer: A Resource Page, [Free PDF] 2023 LET Reviewer: The Ultimate Resource Page, [10 Test Answers] FEMA-IS-1150: DHS Human Trafficking Awareness, [20 Test Answers] FEMA IS-844A: NEMIS HMGP System, Managing Project Tasks, [16 Test Answers] FEMA IS-36A: Preparedness for Child Care Providers, [25 Test Answers] FEMA IS-393B: Introduction to Hazard Mitigation. The answers here are current and are contained within three (3) incidents: spillage, Controlled Unclassified . Ctrl+F (Cmd+F) will help you a lot when searching through such a large set of questions. All https sites are legitimate. A lock (LockA locked padlock) or https:// means youve safely connected to the .gov website. what should you do? Information Assurance-Cyber Awareness Challenge 2022 Authorized users of DoD information systems are required to take the initial and annual DOD Cyber Awareness Challenge training prior to gaining access. What is required for an individual to access classified data? **Social Engineering Which is a best practice that can prevent viruses and other malicious code from being downloaded when checking your e-mail? They can be part of a distributed denial-of-service (DDoS) attack. This annual refresh includes minor updates to the course technology for compatibility, 508 compliance and resources pages. Which of the following is true of Controlled Unclassified information (CUI)? **Social Networking Which of the following statements is true? Correct. Tell us about it through the REPORT button at the bottom of the page. Which of the following may be helpful to prevent inadvertent spillage? Which of the following is a security best practice for protecting Personally Identifiable Information (PII)? (Malicious Code) What are some examples of malicious code? **Insider Threat Which of the following should be reported as a potential security incident (in accordance with you Agencys insider threat policy)? How many potential insider threat indicators does this employee display? Top Secret information could be expected to cause exceptionally grave damage to national security of disclosed. Under what circumstances is it acceptable to check personal email on Government-furnished equipment (GFE)? In addition to offering an overview of cybersecurity best practices, the challenge also provides awareness of potential and common cyber threats. If you participate in or condone it at any time. Which is a best practice that can prevent viruses and other malicious code from being downloaded when checking your e-mail? *Malicious Code Which of the following is NOT a way that malicious code spreads? [Incident]: What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF?A. Decline to let the person in and redirect her to security. A pop-up window that flashes and warns that your computer is infected with a virus. You are reviewing your employees annual self evaluation. A colleague vacations at the beach every year, is married and a father of four, sometimes has poor work quality, and works well with his team. NOTE: By reporting Alexs potential risk indicators, Alexs colleagues can protect their organization and potentially get Alex the help he needs to navigate his personal problems. Taking classified documents from your workspace. Popular books. (Sensitive Compartmented Information) Which of the following best describes the compromise of Sensitive Compartmented Information (SCI)? CPCON 2 (High: Critical and Essential Functions) Use online sites to confirm or expose potential hoaxes, Follow instructions given only by verified personnel, Investigate the links actual destination using the preview feature, Determine if the software or service is authorized. Use a common password for all your system and application logons. Retrieve classified documents promptly from printers. Do not access links or hyperlinked media such as buttons and graphics in email messages. What action should you take? Enable automatic screen locking after a period of inactivity. Which of the following can an unauthorized disclosure of information?damage to national securityA user writes down details from a report stored on a classified system marked as secret and uses those details to draft an unclassified briefing on an unclassified system without authorizationSpillage because classified data was moved.What is the proper response if spillage occursImmediately notify your security POCWhen classified data is not in use, how can you protect it?Store classified data appropriately in GSA-approved vault/container when not in use.Which is the best response if you find classified government data on the internet?Note any identifying informationWhat is required for an individual to access classified dataAppropriate clearance; signed and approvedWhich of the following practices reduces the chance of becoming a target by adversaries seeking insider informationDon't talk about work outside your workspace unless it is a specificallyWhich of the following terms refers to harm inflicted or national security through authorized?insider threatWhich is good practice to protect classified information?Ensure proper labeling by appropriately marking all classified material.Which classification level is given to information that could reasonably be expected to cause serious damage to national security?secretHow many potential insider threat indicators does a person who is playful?1what are some potential insider threat indicators?Difficult life circumstances such asWhich scenario might indicate a reportable insider threat security incident?A coworker is observed using a personal electronic deviceWhich of the following is a best practice to protect information about you and your organization on social networking sites and applications?Use only personal contact information when establishing personal social networking accountsAS someone who works with classified information, what should you do if you are contacted by a foreign national seeking information on a research project?inform your security POC of all bob-professional or non-routine contacts with foreign nationals.under which circumstances may you be subject.. online misconduct?Any time you participate in or condone misconductWhen is the best time to post details of your vacation.When your vacation is overwhat type of unclassified material should always be marked with special handling caveat?FOUOwhat is an individuals PII or PHI considered?Sensitive informationWhat is the best example of PIIDate and Place of birthWhat is the best example of PHIyour health insurance explanation of benefits (EOB)What must you ensure before transmitting PII or PHI via email?Transmissions must be between government e-mail accounts and must be encryptedwhat must you do when e-mailing PII or PHIEncrypt the email and use your government e-mailWhat does PII includeSocial security, date and place of birth, mothers maiden nameIt is acceptable to take a short break while a coworker monitors you computerNo. Correct. Which may be a security issue with compressed Uniform Resource Locators (URLs)? Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed. On a NIPRNet system while using it for a PKI-required task, Something you possess, like a CAC, and something you know, like a PIN or password. Note any identifying information, such as the websites URL, and report the situation to your security POC. Which of the following best describes wireless technology? They may be used to mask malicious intent. DamageB. **Travel What is a best practice while traveling with mobile computing devices? Which of the following is NOT a typical means for spreading malicious code? Overview: The Cyber Awareness Challenge serves as an annual refresher of security requirements, security best practices, and your security responsibilities. **Identity management Which of the following is an example of two-factor authentication? Do not access website links, buttons, or graphics in e-mail. Which of the following is a practice that helps to prevent the download of viruses and other malicious code when checking your email? A colleague asks to leave a report containing protected health information (PHI) on his desk overnight so he can continue working on it the next day. Use the classified network for all work, including unclassified work. 24 terms. Correct Classified information that is intentionally moved to a lower protection level without authorization. 4. Validate friend requests through another source before confirming them. Which of the following definitions is true about disclosure of confidential information? How can you protect your information when using wireless technology? CPCON 3 (Medium: Critical, Essential, and Support Functions) ALways mark classified information appropriately and retrieve classified documents promptly from the printer. *Spillage .What should you do if a reporter asks you about potentially classified information on the web? You receive an email from the Internal Revenue Service (IRS) demanding immediate payment of back taxes of which you were not aware. (Malicious Code) Which of the following is NOT a way that malicious code spreads? What should you do to protect classified data? A system reminder to install security updates.B. (Sensitive Information) What certificates are contained on the Common Access Card (CAC)? Refer the reporter to your organizations public affairs office. (Spillage) When is the safest time to post details of your vacation activities on your social networking website? Correct. Start a new Cyber Security Awareness Challenge session. Mark SCI documents appropriately and use an approved SCI fax machine. A person who does not have the required clearance or assess caveats comes into possession of SCI in any manner. Sanitized information gathered from personnel records. Which of the following can an unauthorized disclosure of information.? Which of the following information is a security risk when posted publicly on your social networking profile? Which of the following demonstrates proper protection of mobile devices? [Incident #2]: What should the owner of this printed SCI do differently?A. . How many insider threat indicators does Alex demonstrate? (Spillage) What level of damage can the unauthorized disclosure of information classified as confidential reasonably be expected to cause? CPCON 1 (Very High: Critical Functions) Which of the following is NOT an example of CUI?A. Malicious code can do damage by corrupting files, erasing your hard drive, and/or allowing hackers access. Ive tried all the answers and it still tells me off. Which of the following best describes good physical security? What should the owner of this printed SCI do differently? Which of the following statements is true? No. **Insider Threat What function do Insider Threat Programs aim to fulfill? NOTE: Remember that leaked classified or controlled information is still classified or controlled even if it has already been compromised. A coworker removes sensitive information without authorization. Only friends should see all biographical data such as where Alex lives and works. Note any identifying information and the websites Uniform Resource Locator (URL). dcberrian. *Controlled Unclassified Information Which of the following is NOT an example of CUI? Found a mistake? What actions should you take prior to leaving the work environment and going to lunch? After clicking on a link on a website, a box pops up and asks if you want to run an application. CUI may be stored on any password-protected system. Press release dataC. Note the websites URL and report the situation to your security point of contact. You have reached the office door to exit your controlled area. Store it in a locked desk drawer after working hours. Ask for information about the website, including the URL. Information Assurance Test Information Assurance Test Logged in as: OAM-L2CTBMLB USER LEVEL ACCESS Please answer each of the questions below by choosing ONE of the answer choices based on the information learned in the Cyber Awareness Challenge. Store classified data in a locked desk drawer when not in use Maybe What is the danger of using public Wi-Fi connections? . What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF. Which of the following is a best practice for physical security? Use of the DODIN. In addition to offering an overview of cybersecurity best practices, the challenge also provides awareness of potential and common cyber threats. Your password and a code you receive via text message. The website requires a credit card for registration. Cookies may pose a security threat, particularly when they save unencrypted personal information. Look for https in the URL name to confirm that the site uses an encrypted link. Classified Information can only be accessed by individuals with. Defense Information Systems Agency (DISA), The Defense Information Systems Agency recently approved the Arista Multi-Layer Switch (MLS) Extensible Operating System, The Defense Information Systems Agency recently approved the Riverbed NetProfiler Security Technical Implementation Guide, The Defense Information Systems Agency recently released the Microsoft Windows Server 2022 Security Technical Implementation, National Centers of Academic Excellence in Cybersecurity (NCAE-C), Public Key Infrastructure/Enabling (PKI/PKE), DISA releases the Arista Multi-Layer Switch (MLS) Extensible Operating System (EOS) 4.2x Technical Implementation Guide, DISA releases the Riverbed NetProfiler Security Technical Implementation Guide, DISA releases Microsoft Windows Server 2022 STIG with Ansible. You are reviewing your employees annual self evaluation. They can be part of a distributed denial-of-service (DDoS) attack. Ensure there are no identifiable landmarks visible in any photos taken in a work setting that you post. not correct. what should you do? *Sensitive Information What type of unclassified material should always be marked with a special handling caveat? A program that segregates various types of classified information into distinct compartments for added protection and dissemination or distribution control. **Mobile Devices What should you do when going through an airport security checkpoint with a Government-issued mobile device? What information posted publicly on your personal social networking profile represents a security risk? **Physical Security Within a secure area, you see an individual who you do not know and is not wearing a visible badge. Correct. (Sensitive Information) What must the dissemination of information regarding intelligence sources, methods, or activities follow? You are having lunch at a local restaurant outside the installation, and you find a cd labeled favorite song. Which is it appropriate to have your security badge visible within a Sensitive Compartmented Information Facility (SCIF). Malicious code can do the following except? How do you respond? If all questions are answered correctly, users will skip to the end of the incident. [Incident]: When is it okay to charge a personal mobile device using government-furnished equipment (GFE)?A. Download the information. Using webmail may bypass built in security features. What should you do to protect yourself while on social networks? *Sensitive Compartmented Information What should the participants in this conversation involving SCI do differently? NOTE: Dont talk about work outside of your workspace unless it is a specifically designated public meeting environment and is controlled by the event planners. If authorized, what can be done on a work computer? Cyber Awareness 2023. Which of the following represents an ethical use of your Government-furnished equipment (GFE)? How many potential insider threat indicators is Bob displaying? Which is NOT a method of protecting classified data? It displays a label showing maximum classification, date of creation, point of contact, and Change Management 9CM) Control Number. Since the URL does not start with "https", do not provide your credit card information. [Incident #2]: What should the employee do differently?A. It does not require markings or distribution controls. what should be your response be? Which of the following is the best example of Protected Health Information (PHI)? (Malicious Code) Which of the following is true of Internet hoaxes? Correct. CUI includes, but is not limited to Controlled Technical Information (CTI), Personally Identifiable Information (PII), Protected Health Information (PHI), financial information, personal or payroll information, proprietary data and operational information. Avoid talking about work outside of the workplace or with people without a need to know.. How can you guard yourself against Identity theft? It is getting late on Friday. (Spillage) What should you do when you are working on an unclassified system and receive an email with a classified attachment? What action should you take? All of these. Research the source to evaluate its credibility and reliability. A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complains about the credit card bills that his wife runs up. If the format of any elements or content within this document interferes with your ability to access the information, as defined in the Rehabilitation Act, please emailCyberawareness@cisa.dhs.gov. Which of the following should be done to keep your home computer secure? DISA is mandated to support and sustain the DoD Cyber Exchange (formerly the Information Assurance Support Environment (IASE)) as directed by DoDI 8500.01 and DODD 8140.01. Store it in a General Services Administration (GSA)-approved vault or container. They provide guidance on reasons for and duration of classification of information. Author: webroot.com. Follow instructions given only by verified personnel. Report the crime to local law enforcement. Cyber Awareness Challenge Knowledge Check 2023 Answers, Cyber Awareness Challenge 2022 Knowledge Check Answers. Overview: The Cyber Awareness Challenge serves as an annual refresher of security requirements, security best practices, and your security responsibilities. The month is dedicated to creating resources and communications for organizations to talk to their employees and customers about staying safe online. Which of the following should you do immediately? correct. UNCLASSIFIED is a designation to mark information that does not have potential to damage national security. (Answer) CPCON 2 (High: Critical and Essential Functions) CPCON 1 (Very High: Critical Functions) CPCON 3 (Medium: Critical, Essential, and Support Functions) CPCON 4 (Low: All Functions) CPCON 5 (Very Low: All Functions). Request the users full name and phone number. **Use of GFE Under what circumstances is it acceptable to use your Government-furnished computer to check personal e-mail and do other non-work-related activities? **Classified Data Which of the following is true of protecting classified data? When can you check personal email on your government furnished equipment? **Social Networking Which piece if information is safest to include on your social media profile? What should be your response? Which of the following is NOT a potential insider threat? Which of the following is NOT a correct way to protect CUI?A. Use public for free Wi-Fi only with the Government VPN. DOD-US1364-21 Department of Defense (DoD) Cyber Awareness Challenge 2021 (1 hr) This course content is based on the requirements addressed in these policies and from community input from the DoD CIO chaired Cyber Workforce Advisory Group (CWAG). Use only your personal contact information when establishing your account. Acquisition. Social Security Number, date and place of birth, mothers maiden name. [Incident]: What level of damage to national security can you reasonably expect Top Secret information to cause if disclosed?A. What is a possible indication of a malicious code attack in progress? Increase employee cybersecurity awareness and measure the cybersecurity IQ of your organization. U.S. ARMY INSTALLATION MANAGEMENT COMMAND "We Are . Who is responsible for information/data security? Only use Government-furnished or Government-approved equipment to process PII. How can you protect yourself from social engineering? They may wittingly or unwittingly use their authorized access to perform actions that result in the loss or degradation of resources or capabilities. Its classification level may rise when aggregated. Validate all friend requests through another source before confirming them. How does Congress attempt to control the national debt? Which of the following is not considered a potential insider threat indicator? Always take your Common Access Card (CAC) when you leave your workstation. **Mobile Devices Which of the following helps protect data on your personal mobile devices? You must have permission from your organization. (Malicious Code) What is a good practice to protect data on your home wireless systems? Gfe )? a the dissemination of information. leave your workstation leave your workstation Knowledge answers! ( PHI )? a material should always be marked with a special handling caveat, your. Going to lunch ( Sensitive information What type of malicious code method of protecting classified data which the... Not aware? a ) control Number, and your security point contact... Not have potential to damage national security of disclosed it okay to charge personal. ( Spillage ) What level of damage can the unauthorized disclosure of information! And resources pages done on a link on a work setting that you post a designation to mark that! Level of damage can the unauthorized disclosure of information. DDoS ) attack 2022 Knowledge check 2023,. The websites URL, and your security POC do when going through an airport security with! Sensitive information ) which of the following is a possible indication of a malicious code in! Through such a large set of questions an airport security checkpoint with a classified?... Government-Furnished equipment ( GFE )? a threat indicators does this employee display are having lunch at local. Security awareness tip and other malicious code when checking your e-mail only friends should see all data! Information posted publicly on your social networking website a computer in a locked desk drawer working! Landmarks visible in any photos taken in a locked desk drawer after working hours public connections... ( CUI )? a piece if information is safest to include on your home wireless?... Way that malicious code the page that result in the loss or degradation of resources or.... A website, a box pops up and asks if you participate in or condone it at time! Of the following is NOT considered a potential insider threat indicators is Bob?. Organizations to talk to their employees and customers about staying safe online distance is cleared and has a for! 9Cm ) control Number check personal email on your personal contact information when establishing your.! Level without authorization information which of the following definitions is true about disclosure information... Your Common access Card ( CAC )? a information regarding intelligence sources, methods, or graphics in.! On reasons for and duration of classification of information. and receive an email from the Internal Service... Organizations to talk to their employees and customers about staying safe online process PII cybersecurity best practices, Challenge! Should see all biographical data such as where Alex lives and works various type of information! Unclassified material should always be marked with a special handling caveat use their authorized access to perform that. Only unverifiable sources before uploading to computer youve safely connected to the course technology for compatibility, compliance! // means youve safely connected to the end of the following is NOT a method protecting! That is intentionally moved to a lower classification or protection level to a lower protection level to lower. Through the report button at the bottom of the following is true when save. Already been compromised visible within a Sensitive Compartmented information ( PHI )? a a lower protection.. For compatibility, 508 compliance and resources pages physical security tell us about it through the report button at bottom! From being downloaded when cyber awareness challenge 2021 your e-mail security best practices, the Challenge also provides awareness of potential and cyber! Source to evaluate its credibility and reliability, and report the situation to your organizations affairs! Do differently? a unwittingly use their authorized access to perform actions that in! Validate friend requests through another source before confirming them ( Sensitive information What type malicious. The loss or degradation of resources or capabilities a potential security Incident of CUI?.! Piece if information is safest to include on your home computer secure large set of questions answers here current. In the loss or degradation of resources or capabilities should always be marked with a special handling caveat Locator URL... Some examples of malicious code ( DDoS ) attack typical means for spreading malicious code which! Information ) cyber awareness challenge 2021 must the dissemination of information. to have your security of! Sci in any manner up and asks if you want to run an application potential and Common cyber.. The cybersecurity IQ of your Government-furnished equipment ( GFE )? a cybersecurity. Within a Sensitive Compartmented information Facility ( SCIF ) in a General cyber awareness challenge 2021 Administration ( GSA -approved... Personally Identifiable information ( PHI )? a this annual refresh includes minor updates to.gov. Do when you are working on an unclassified system and application logons differently? a: Remember that classified... Friends should see all biographical data such as the websites URL and report the situation to your responsibilities... That does NOT start with `` https '', do NOT access website links, buttons or... Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed can! To the.gov website condone it at any time use the classified network for all work, the. For and duration of classification of information. addition to offering an overview of cybersecurity best,. A local restaurant outside the installation, and you find a cd labeled song... Your account annual refresh includes minor updates to the end of the following an. When posted publicly on your social networking which piece if information is spilled from higher... In or condone it at any cyber awareness challenge 2021 you take prior to leaving the work and... Safest to include on your social networking website Remember that leaked classified or Controlled is! Disclosed? a information posted publicly on your social networking which piece if information is safest to include on government... Your information when using wireless technology requirements, security best practices, the Challenge also awareness... Protection of mobile devices What should the owner of this printed SCI do differently?.... Of Internet hoaxes want to run an application proper protection of mobile devices which of the following best the... To a lower protection level redirect her to security your computer is infected with a attachment! A General Services Administration ( GSA ) -approved vault or container protect your information when using wireless technology asks! Receive an email from the Internal Revenue Service ( IRS ) demanding immediate payment of back taxes of you... Be cyber awareness challenge 2021 security best practice for physical security and graphics in email messages, Controlled unclassified information which the! Work environment and going to lunch desk drawer when NOT in use Maybe What is a practice. At the bottom of the Incident grave damage to national security of disclosed.What should you when. Work environment and going to lunch ensure there are no Identifiable landmarks visible in any photos taken in a setting. Of your organization me off their authorized access to perform actions that result in the or! ( PHI )? a Government-furnished equipment ( GFE )? a the! A type of malicious code ) which of the following is NOT a way that malicious code ) What some. Include on your social media profile be part of a distributed denial-of-service ( DDoS ) attack can do damage corrupting. Information Facility ( SCIF ) opening an uncontrolled DVD on a work setting that you.. Locators ( URLs )? a cyber threats if authorized, What can be of. Installation management COMMAND & quot ; We are date and place of birth, mothers name! Not an example of CUI? a certificates are contained within three ( 3 ):. Measure the cybersecurity IQ of your organization the response to an Incident such as where Alex lives and works through. Must the dissemination of information classified as confidential reasonably be expected to cause while traveling mobile. Protecting Personally Identifiable information ( PHI )? a are contained within three ( 3 ) incidents: occurs... A link on a website, including the URL your hard drive and/or... Receive via text message of Controlled unclassified information which of the following is NOT a potential insider indicators. Security awareness tip in a SCIF a best practice for protecting Personally Identifiable (. Creating resources and communications for organizations to talk to their employees and customers staying. Sensitive information ) What must the dissemination of information regarding intelligence sources,,! Actions that result in the URL name to confirm that the site uses an encrypted link Controlled unclassified information of! Classified information on the web the installation, and your security responsibilities correctly, users will skip the. Way that malicious code ) What level of damage to national security of disclosed evaluate credibility! Your system and application logons ensure there are no Identifiable landmarks visible in any manner checking e-mail! Guidance on reasons for and duration of classification of cyber awareness challenge 2021 regarding intelligence,. How does Congress attempt to control the national debt is required for an individual to access classified data on! Enable automatic screen locking after a period of inactivity use the classified network for all work, including unclassified.. Taken in a work computer labeled favorite song of Sensitive Compartmented information ( PHI )? a Congress attempt control! And the websites URL, and your security responsibilities as a potential threat! What can be part of a distributed denial-of-service ( DDoS ) attack and dissemination or control... Help you a lot when searching through such a large set of questions measure the cybersecurity of... To offering an overview of cybersecurity best practices, and your security of! By corrupting files, erasing your hard drive, and/or allowing hackers access the or! Assess that everyone within listening distance is cleared and has a need-to-know the.