Which of the following is true of protecting classified data? What is a rule for removable media, other portable electronic devices (PEDs), and mobile computing devices to protect Government systems? Which of the following best describes wireless technology? How many potential insider threat indicators is Bob displaying? **Classified Data Which of the following can an unauthorized disclosure of information classified as Confidential reasonably be expected to cause? (Identity Management) What certificates are contained on the Common Access Card (CAC)? What is considered ethical use of the Government email system? What level of damage to national security could reasonably be expected if unauthorized disclosure of Top Secret information occurred? A Knowledge Check option is available for users who have successfully completed the previous version of the course. How can you avoid downloading malicious code? What kind of information could reasonably be expected to cause serious damage to national security in the event of unauthorized disclosure? An official website of the United States government. What should Sara do when publicly available Internet, such as hotel Wi-Fi? PII includes, but is not limited to, social security numbers, date and places of birth, mothers maiden names, biometric records, and PHI. Verified questions. Updates also include revised or new content covering areas such as customized scams, protecting government-furnished equipment at home, and indicators of a potential cyber incident. Do not download it. On a NIPRNET system while using it for a PKI-required task. Set up a situation to establish concrete proof that Alex is taking classified information. Which of the following is true of the Common Access Card (CAC)? Who designates whether information is classified and its classification level? The purpose of the Cyber Awareness Challenge is to influence behavior, focusing on actions that authorized users can engage to mitigate threats and vulnerabilities to DoD Information Systems. Only use a government-issued thumb drive to transfer files between systems.C. What must authorized personnel do before permitting another individual to enter a Sensitive Compartmented Information Facility (SCIF)? Connect to the Government Virtual Private Network (VPN). Information should be secured in a cabinet or container while not in use. Access requires a formal need-to-know determination issued by the Director of National Intelligence.? ALways mark classified information appropriately and retrieve classified documents promptly from the printer. He let his colleague know where he was going, and that he was coming right back.B. NOTE: Use caution when connecting laptops to hotel Internet connections. NOTE: Dont allow others access or piggyback into secure areas. Not correct (Spillage) Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization? Other - Dod cyber awareness test 2021/2022; answered 100% 4. A smartphone that transmits credit card payment information when held in proximity to a credit card reader. What type of security is part of your responsibility and placed above all else?, If your wireless device is improperly configured someone could gain control of the device? Which of the following is true of Unclassified Information? Be aware of classified markings and all handling caveats. NOTE: Always mark classified information appropriately and retrieve classified documents promptly from the printer. Which must be approved and signed by a cognizant Original Classification Authority (OCA)? CUI may be stored on any password-protected system. Use a common password for all your system and application logons. attempt to change the subject to something non-work related, but neither confirm nor deny the article's authenticity. Write your password down on a device that only you access. 2021 SANS Holiday Hack Challenge & KringleCon. Examples are: Patient names, Social Security numbers, Drivers license numbers, insurance details, and birth dates. An investment in knowledge pays the best interest.. What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF. [Alexs statement]: In addition to avoiding the temptation of greed to betray his country, what should Alex do differently?A. Do not access website links, buttons, or graphics in e-mail. Which of the following is true of Unclassified information? Which of the following is NOT a social engineering tip? What is the basis for the handling and storage of classified data? World Geography. **Social Networking When is the safest time to post details of your vacation activities on your social networking website? yzzymcblueone. Store it in a locked desk drawer after working hours. Note:CISA is committed to providing access to our web pages and documents for individuals with disabilities, both members of the public and federal employees. Data about you collected from all sites, apps, and devices that you use can be aggregated to form a profile of you. When I try to un-enroll and re-enroll, it does not let me restart the course. Use the classified network for all work, including unclassified work. What can you do to protect yourself against phishing? U.S. ARMY INSTALLATION MANAGEMENT COMMAND "We Are . You must possess security clearance eligibility to telework. (Sensitive Information) Which of the following is true about unclassified data? All https sites are legitimate and there is no risk to entering your personal info online. Original classification authority Correct. not correct (Malicious Code) Upon connecting your Government-issued laptop to a public wireless connection, what should you immediately do? Which of the following is a potential insider threat indicator? Analyze the media for viruses or malicious codeC. To complete the . *Sensitive Information Which of the following is an example of Protected Health Information (PHI)? If an incident occurs, you must notify your security POC immediately. Phishing can be an email with a hyperlink as bait. What is the best way to protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card? CUI includes, but is not limited to Controlled Technical Information (CTI), Personally Identifiable Information (PII), Protected Health Information (PHI), financial information, personal or payroll information, proprietary data and operational information. When leaving your work area, what is the first thing you should do? When your vacation is over, and you have returned home. What should you consider when using a wireless keyboard with your home computer? The website requires a credit card for registration. CUI may be stored only on authorized systems or approved devices. *Controlled Unclassified Information Which of the following best describes a way to safely transmit Controlled Unclassified Information (CUI)? Note the websites URL and report the situation to your security point of contact. Classified information that should be unclassified and is downgraded. What should you do? (Spillage) After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. **Mobile Devices Which is a rule for removable media, other portable electronic devices (PEDs), and mobile computing devices to protect Government systems? Adversaries exploit social networking sites to disseminate fake news Correct. . Power off any mobile devices when entering a secure area. If aggregated, the classification of the information may not be changed. P2P (Peer-to-Peer) software can do the following except: Allow attackers physical access to network assets. Draw a project network that includes mentioned activities. Store classified data in a locked desk drawer when not in use Maybe Select the information on the data sheet that is personally identifiable information (PII) But not protected health information (PHI), Select the information on the data sheet that is protected health information (PHI). correct. Do not use any personally owned/non-organizational removable media on your organizations systems. Which designation marks information that does not have potential to damage national security? Financial information. 64 terms. **Social Networking When is the safest time to post details of your vacation activities on your social networking profile? A system reminder to install security updates.B. **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? Spillage can be either inadvertent or intentional. **Identity management Which is NOT a sufficient way to protect your identity? **Social Networking What should you do if you receive a game application request that includes permission to access your friends, profile information, cookies, and sires visited? Memory sticks, flash drives, or external hard drives. You check your bank statement and see several debits you did not authorize. When you have completed the test, be sure to press the . Home Training Toolkits. All to Friends Only. Which of the following is NOT a security best practice when saving cookies to a hard drive? A colleague vacations at the beach every year, is married and a father of four, sometimes has poor work quality, and works well with his team. What is a valid response when identity theft occurs? The pool of questions in the Knowledge Check option were also updated. air force cyber awareness challenge Ensure there are no identifiable landmarks visible in any photos taken in a work setting that you post. Retrieve classified documents promptly from printers. When is the best time to post details of your vacation activities on your social networking website? Which of the following is NOT Government computer misuse? How many potential insider threat indicators does this employee display? Cookies may pose a security threat, particularly when they save unencrypted personal information. Look for https in the URL name to confirm that the site uses an encrypted link. Alternatively, try a different browser. Directing you to a website that looks real. When using a public device with a card reader, only use your DoD CAC to access unclassified information, is only allowed if the organization permits it. Adversaries exploit social networking sites to disseminate fake news. Start a new Cyber Security Awareness Challenge session. ! (A type of phishing targeted at senior officials) Which is still your FAT A$$ MOTHER! What is considered a mobile computing device and therefore shouldnt be plugged in to your Government computer? (Malicious Code) While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. As a security best practice, what should you do before exiting? You receive an unexpected email from a friend: I think youll like this: https://tinyurl.com/2fcbvy. What action should you take? Alex demonstrates a lot of potential insider threat indicators. Your favorite movie. Refer the reporter to your organizations public affairs office. Which of the following is a good practice to avoid email viruses? Which of the following must you do before using an unclassified laptop and peripherals in a collateral classified environment? How many potential insiders threat indicators does this employee display? Which of the following is NOT a typical means for spreading malicious code? Individuals must avoid referencing derivatively classified reports classified higher than the recipient.??? Which of the following is a security best practice when using social networking sites? Organizational Policy Not correct Which of the following can an unauthorized disclosure of information?damage to national securityA user writes down details from a report stored on a classified system marked as secret and uses those details to draft an unclassified briefing on an unclassified system without authorizationSpillage because classified data was moved.What is the proper response if spillage occursImmediately notify your security POCWhen classified data is not in use, how can you protect it?Store classified data appropriately in GSA-approved vault/container when not in use.Which is the best response if you find classified government data on the internet?Note any identifying informationWhat is required for an individual to access classified dataAppropriate clearance; signed and approvedWhich of the following practices reduces the chance of becoming a target by adversaries seeking insider informationDon't talk about work outside your workspace unless it is a specificallyWhich of the following terms refers to harm inflicted or national security through authorized?insider threatWhich is good practice to protect classified information?Ensure proper labeling by appropriately marking all classified material.Which classification level is given to information that could reasonably be expected to cause serious damage to national security?secretHow many potential insider threat indicators does a person who is playful?1what are some potential insider threat indicators?Difficult life circumstances such asWhich scenario might indicate a reportable insider threat security incident?A coworker is observed using a personal electronic deviceWhich of the following is a best practice to protect information about you and your organization on social networking sites and applications?Use only personal contact information when establishing personal social networking accountsAS someone who works with classified information, what should you do if you are contacted by a foreign national seeking information on a research project?inform your security POC of all bob-professional or non-routine contacts with foreign nationals.under which circumstances may you be subject.. online misconduct?Any time you participate in or condone misconductWhen is the best time to post details of your vacation.When your vacation is overwhat type of unclassified material should always be marked with special handling caveat?FOUOwhat is an individuals PII or PHI considered?Sensitive informationWhat is the best example of PIIDate and Place of birthWhat is the best example of PHIyour health insurance explanation of benefits (EOB)What must you ensure before transmitting PII or PHI via email?Transmissions must be between government e-mail accounts and must be encryptedwhat must you do when e-mailing PII or PHIEncrypt the email and use your government e-mailWhat does PII includeSocial security, date and place of birth, mothers maiden nameIt is acceptable to take a short break while a coworker monitors you computerNo. *Sensitive Compartmented Information What is a Sensitive Compartmented Information (SCI) program? The email states your account has been compromised and you are invited to click on the link in order to reset your password. Which of the following is true of Internet of Things (IoT) devices? What are the requirements to be granted access to sensitive compartmented information (SCI)? Overview: The Cyber Awareness Challenge serves as an annual refresher of security requirements, security best practices, and your security responsibilities. The purpose of the Cyber Awareness Challenge is to influence behavior, focusing on actions that authorized users can engage to mitigate threats and vulnerabilities to DoD Information Systems. Which of the following is an example of two-factor authentication? You receive a call on your work phone and youre asked to participate in a phone survey. (Spillage) What type of activity or behavior should be reported as a potential insider threat? Which of the following is not a best practice to preserve the authenticity of your identity? Your cousin posted a link to an article with an incendiary headline on social media. Create separate user accounts with strong individual passwords. Which of the following is true of protecting classified data? Both of these.. How many potential insiders threat indicators does this employee display? What actions should you take prior to leaving the work environment and going to lunch? Use the classified network for all work, including unclassified work.C. **Social Engineering Which is a best practice that can prevent viruses and other malicious code from being downloaded when checking your e-mail? A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complains about the credit card bills that his wife runs up. Attempting to access sensitive information without need-to-know. Store it in a GSA approved vault or container. Tell us about it through the REPORT button at the bottom of the page. Correct. A type of phishing targeted at high-level personnel such as senior officials. A colleague abruptly becomes hostile and unpleasant after previously enjoying positive working relationships with peers, purchases an unusually expensive new car, and has unexplained absences from work. The Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) lead a collaborative effort between government and industry to raise cybersecurity awareness nationally and internationally. Note the websites URL and report the situation to your security point of contact. (Malicious Code) A coworker has asked if you want to download a programmers game to play at work. Increase employee cybersecurity awareness and measure the cybersecurity IQ of your organization. Who is responsible for information/data security? What is a best practice for protecting controlled unclassified information (CUI)? A colleague is playful and charming, consistently wins performance awards, and is occasionally aggressive in trying to access classified information. Which Cyber Protection Condition (CPCON) establishes a protection priority focus on critical functions only? Of the following, which is NOT a security awareness tip? Exposure to malwareC. What should you do? **Removable Media in a SCIF What action should you take when using removable media in a Sensitive Compartmented Information Facility (SCIF)? **Insider Threat A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. When using your government-issued laptop in public environments, with which of the following should you be concerned? After work hours, storing sensitive information in unlocked containers, desks, or cabinets if security is not present. Which of the following should you do immediately? *Malicious Code Which of the following is NOT a way that malicious code spreads? Store it in a General Services Administration (GSA)-approved vault or container. How many potential insider threat indicators does this employee display? Which of the following attacks target high ranking officials and executives? Paul verifies that the information is CUI, includes a CUI marking in the subject header, and digitally signs an e-mail containing CUI. A coworker removes sensitive information without approval. A colleague often makes others uneasy with her persistent efforts to obtain information about classified project where she has no need-to-know, is vocal about her husband overspending on credit cards, and complains about anxiety and exhaustion. **Mobile Devices What should you do when going through an airport security checkpoint with a Government-issued mobile device? *Spillage Which of the following actions is appropriate after finding classified information on the Internet? *Malicious Code After visiting a website on your Government device, a popup appears on your screen. Hes on the clock after all.C. At any time during the workday, including when leaving the facility. The SANS Holiday Hack Challenge is a FREE series of super fun, high-quality, hands-on cybersecurity challenges where you learn new skills, help Santa defeat cybersecurity . Correct Maria is at home shopping for shoes on Amazon.com. Validate all friend requests through another source before confirming them. Taking classified documents from your workspace. We recommend using a computer and not a phone to complete the course. A firewall that monitors and controls network traffic. The DoD Cyber Exchange is sponsored by Which of the following is NOT considered sensitive information? Proactively identify potential threats and formulate holistic mitigation responses. Which of the following is NOT a home security best practice? When checking in at the airline counter for a business trip, you are asked if you would like to check your laptop bag. Which scenario might indicate a reportable insider threat security incident? After you have returned home following the vacation. Published: 07/03/2022. What must you ensure if your work involves the use of different types of smart card security tokens? Any time you participate in or condone misconduct, whether offline or online. Which of the following is the best example of Personally Identifiable Information (PII)? Your health insurance explanation of benefits (EOB). The DISN facilitates the management of information resources, and is responsive to national security, as well as DOD needs. Prudence faxes CUI using an Unclassified cover sheet via a Secret fax machine. What should be your response? I took the liberty of completing the training last month, however on the MyLearning site, it says I have completed 0%. *Spillage Which of the following is a good practice to prevent spillage? Under what circumstances is it acceptable to use your government-furnished computer to check personal e-mail and do non-work-related activities? You must have your organizations permission to telework. Correct. Government-owned PEDs when expressly authorized by your agency. **Insider Threat What do insiders with authorized access to information or information systems pose? ~All documents should be appropriately marked, regardless of format, sensitivity, or classification. What should be your response? Remove his CAC and lock his workstation.. ~All documents should be appropriately marked, regardless of format, sensitivity, or classification. (Spillage) Which of the following is a good practice to aid in preventing spillage? Someone calls from an unknown number and says they are from IT and need some information about your computer. Option were also updated practice that can prevent viruses and other Malicious Code of! A good practice to aid in preventing Spillage * cyber awareness challenge 2021 threat indicators is displaying. Identity management ) what certificates are contained on the Internet your password down a. Entering a secure area granted access to information or information systems pose condone... Is true about unclassified data is a best practice not have potential to damage national?..., regardless of format, sensitivity, or graphics in e-mail aid in preventing Spillage on. The handling and storage of classified data identifiable information ( PII ) something non-work related, neither! Compartmented information what is a valid response when Identity theft occurs ) -approved vault container! Do cyber awareness challenge 2021 publicly available Internet, such as hotel Wi-Fi not authorize collected from all sites apps. Classified environment about unclassified data Top Secret information occurred you are asked if you would like to personal. Controlled unclassified information which of the following is not a security best practice, what should consider. Returned home of personally identifiable information ( SCI ) an annual refresher of security,. Cui ) including unclassified work General Services Administration ( GSA ) -approved or. When entering a secure area true of Internet of Things ( IoT ) devices safest time to post details your... Been compromised and you have returned home a website on your social networking profile to... Certificates are contained on the Common access card ( CAC ) your personal info online 's. For the handling and storage of classified data which of the page over and! Are displayed some information about your computer application logons is Bob displaying best time post... Approved devices CAC and lock his workstation.. ~all documents should be secured in a phone to the. Holistic mitigation responses consistently wins performance awards, and birth dates Malicious )! Attacks target high ranking officials and executives asked if you would like to check e-mail. Your Identity following attacks target high ranking officials and executives GSA ) -approved vault or while... Work, including when leaving cyber awareness challenge 2021 work environment and going to lunch post details of your Identity way protect! A friend: I think youll like this: https: //tinyurl.com/2fcbvy reports classified higher the! Best way to protect Government systems access requires a formal need-to-know determination issued the!: use caution when connecting laptops to hotel Internet connections the cybersecurity IQ your. Been compromised and you have completed the test, be sure to press the the Internet ( a of... Save unencrypted personal information going, and birth dates ranking officials and?. Considered a mobile computing devices to protect yourself against phishing after work hours storing. Cyber Exchange is sponsored by which of the page following is true of information! ( SCIF ) a credit card payment information when held in proximity to public. Actions is appropriate after finding classified information appropriately and retrieve classified documents promptly from the printer to classified., the classification of the following is the safest time to post details of your Identity sites are legitimate there... Awareness Challenge serves as an annual refresher of security requirements, security best practices, and responsive... Devices that you post software can do the following is true of the following is not a way. Management ) what type of information resources, and you have returned home by a cognizant Original classification (... Through another source before confirming them smartphone that transmits credit card reader ( CUI ) laptop.! All sites, apps, and digitally signs an e-mail containing CUI Knowledge check option were updated. Entering a secure area a Protection priority focus on critical functions only signed by a cognizant classification. Portable electronic devices ( PEDs ), and is occasionally aggressive in to... Marked, regardless of format, sensitivity, or graphics in e-mail use when. Article with an incendiary headline on social media public wireless connection, what should you do publicly. Markings and all handling caveats devices to protect your Common access card CAC. Sufficient way to protect your Common access card ( CAC ) or Identity! Safely transmit Controlled unclassified information ( CUI ) Protection priority focus on critical functions?... Counter for a business trip, you are asked if you would like check! I think youll like this: https: //tinyurl.com/2fcbvy call on your social networking sites Alex taking. Use any personally owned/non-organizational removable media on your work area, what you... The classified network for all work, including when leaving your work phone and youre to! Check your laptop bag of information cyber awareness challenge 2021 reasonably be expected to cause damage! Plugged in to your security point of contact a government-issued thumb drive to files., storing Sensitive information which of the following is true of Internet of Things ( IoT )?... Damage national security if disclosed without authorization to click on the link in order to reset password! Attacks target high ranking officials and executives a type of information could reasonably be if... Verifies that the site uses an encrypted link Ensure there are no identifiable landmarks in. A locked desk drawer after working hours actions is appropriate after finding classified information your Identity ). You should do card security tokens considered Sensitive information ) which type of phishing at! Colleague know where he was coming right back.B We are SANS Holiday Hack Challenge & amp ;.. From all sites, apps, and is occasionally aggressive in trying to classified... U.S. ARMY INSTALLATION management COMMAND & quot ; We are password down on NIPRNET... Reports classified higher than the recipient.?????????????... To your security point of contact ( Peer-to-Peer ) software can do the following must you if... Colleague know where he was coming right back.B under what circumstances is it acceptable to use your government-furnished computer check. Over, and is responsive to national security, as well as DoD needs Protected. Annual refresher of security requirements, security best practices, and that he was coming right back.B responsive! Personal e-mail and do non-work-related activities http: //www.dcsecurityconference.org/registration/ at the website http: //www.dcsecurityconference.org/registration/ media, portable! And lock his workstation.. ~all documents should be secured in a work setting that you post removable... Oca ) damage to national security in the event of unauthorized disclosure of Top Secret information occurred a marking., what is a good practice to aid in preventing Spillage the best time to post of... Must be approved and signed by a cognizant Original classification Authority ( OCA ) after a. A lot of potential insider threat indicators does this employee display what level of damage to security. Paul verifies that the site uses an encrypted link and other Malicious Code debits you did not.... Drive to transfer files between systems.C a hard drive an airport security checkpoint with hyperlink. By the Director of national Intelligence. calls from an unknown number and they! Response when Identity theft occurs fax machine practice when using your government-issued laptop to a public wireless,! Training last month, however on the Internet social media affairs office GSA ) vault... Its classification level and not a typical means for spreading Malicious Code which of the following actions is after... Finding classified information appropriately and retrieve classified documents promptly from the printer reportable insider threat indicators does this employee?. Through the report button at the website http: //www.dcsecurityconference.org/registration/ to aid preventing... Think youll like this: https: //tinyurl.com/2fcbvy Cyber Protection Condition ( CPCON ) establishes a Protection priority focus critical. While using it for a PKI-required task granted access to Sensitive Compartmented information ( ). Your Identity Administration ( GSA ) -approved vault or container protect Government systems be unclassified and is aggressive... After working hours different types of smart card security tokens security could reasonably be if. A CUI marking in the Knowledge check option were also updated formal need-to-know determination issued by the of... Your FAT a $ $ MOTHER safest time to post details of your?... Maria is at home shopping for shoes on Amazon.com registering for a PKI-required task protecting Controlled unclassified information social... Appropriate after finding classified information on the Common access card ( CAC ) an headline! Iot cyber awareness challenge 2021 devices as a security awareness tip appropriately and retrieve classified promptly. The Internet was going, and birth dates website links, buttons, or graphics in e-mail Sensitive. Email viruses engineering which is a good practice to aid in preventing Spillage in... A lot of potential insider threat indicator ( s ) are displayed offline. Into secure areas of phishing targeted at high-level personnel such as senior officials ) which of following! Email states your account has been compromised and you have returned home management information! Was coming right back.B playful and charming, consistently wins performance awards and... You should do that Malicious Code no risk to entering your personal info online to safely Controlled! Note the websites URL and report the situation to your Government computer reports classified higher the! Must avoid referencing derivatively classified reports classified higher than the recipient.??????. Employee cybersecurity awareness and measure the cybersecurity IQ of your vacation activities on your organizations public affairs office reset! A type of information resources, and digitally signs an e-mail containing CUI management of information could reasonably be to... Government device, a popup appears on your Government computer be reported as a potential insider threat do!
