The Cyber Awareness Challenge is the DoD baseline standard for end user awareness training by providing awareness content that addresses evolving requirements issued by Congress, the Office of Management and Budget (OMB), the Office of the Secretary of Defense, and Component input from the DoD CIO chaired Cyber Workforce Advisory Group (CWAG). FREQUENCY: Annual TIME TO COMPLETE: 1.5 hours Which of the following is a good practice to avoid email viruses? While it may seem safer, you should NOT use a classified network for unclassified work. To complete the . You must possess security clearance eligibility to telework. What can be used to track Marias web browsing habits? . Hostility or anger toward the United States and its policies. (Spillage) What level of damage can the unauthorized disclosure of information classified as confidential reasonably be expected to cause? Of the following, which is NOT a security awareness tip? Use of the DODIN. (Sensitive Information) What should you do if a commercial entity, such as a hotel reception desk, asks to make a photocopy of your Common Access Card (CAC) for proof of Federal Government employment? NOTE: Malicious code can mask itself as a harmless email attachment, downloadable file, or website. Download the information. Cyber Awareness Challenge 2021 - Knowledge Check. Which of the following is true of Unclassified Information? Cyber Awareness 2023. Its classification level may rise when aggregated. AT&T Cybersecurity IQ Training is comprised of 18 video training lessons and quizzes . What is a way to prevent the download of viruses and other malicious code when checking your e-mail? not correct Alan uses password protection as required on his government-issued smartphone but prefers the ease of no password on his personal smartphone. Which of the following is true of the Common Access Card (CAC)? Choose DOD Cyber Awareness Training-Take Training. (Must be new, do not continue) Progress until you see the main button 'Start Challenge' button. A user writes down details from a report stored on a classified system marked as secret and uses those details to draft an unclassified briefing on an unclassified system without authorization. Analyze the other workstations in the SCIF for viruses or malicious codeD. Confirm the individuals need-to-know and access. Let the person in but escort her back to her workstation and verify her badge. 14 Cybersecurity Awareness Training PPT for Employees - Webroot. NOTE: Classified DVD distribution should be controlled just like any other classified media. As a best practice, labeling all classified removable media and considering all unlabeled removable media as unclassified. Which of the following makes Alexs personal information vulnerable to attacks by identity thieves? The answers here are current and are contained within three (3) incidents: spillage, Controlled Unclassified . Government-owned PEDs must be expressly authorized by your agency. *Sensitive Compartmented Information When should documents be marked within a Sensitive Compartmented Information Facility (SCIF). Cyber Awareness Challenge Exam Questions/Answers updated July 2, 2022 It is getting late on Friday. SSN, date and place of birth, mothers maiden name, biometric records, PHI, passport number, Subset of PII, health information that identifies the individual, relates to physical or mental health of an individual, provision of health care to an individual, or payment of healthcare for individual. Other sets by this creator. Unusual interest in classified information. access to classified information. Identification, encryption, and digital signature. How do you respond? Maintain visual or physical control of the device. A coworker brings a personal electronic device into prohibited areas. ALways mark classified information appropriately and retrieve classified documents promptly from the printer. Which of the following may be helpful to prevent inadvertent spillage? What should be your response? Do not access website links in e-mail messages. When would be a good time to post your vacation location and dates on your social networking website? NOTE: You must have permission from your organization to telework. [Incident]: When is it okay to charge a personal mobile device using government-furnished equipment (GFE)?A. After you have returned home following the vacation. *Sensitive Compartmented Information What should the participants in this conversation involving SCI do differently? **Identity management Which is NOT a sufficient way to protect your identity? Secure it to the same level as Government-issued systems. Of the following, which is NOT a problem or concern of an Internet hoax? Immediately notify your security point of contact. Avoid attending professional conferences.B. Attachments contained in a digitally signed email from someone known. Spillage occurs when information is spilled from a higher classification or protection level to a lower classification or protection level. Which of the following best describes good physical security? What should you do? What should you do? If any questions are answered incorrectly, users must review and complete all activities contained within the incident. Connect to the Government Virtual Private Network (VPN). **Removable Media in a SCIF What action should you take when using removable media in a Sensitive Compartmented Information Facility (SCIF)? Following instructions from verified personnel. Copy the code below to your clipboard. Use only your personal contact information when establishing your account. Correct. Nothing. In addition to avoiding the temptation of greed to betray his country, what should Alex do differently? Be aware of classification markings and all handling caveats. Which of the following is a good practice to prevent spillage? Which is NOT a wireless security practice? (Physical Security) which Cyberspace Protection Condition (CPCON) establishes a protection priority focus on critical and essential functions only? How should you securely transport company information on a removable media? **Home Computer Security How can you protect your information when using wireless technology? What actions should you take prior to leaving the work environment and going to lunch? Correct. When is it appropriate to have your security bade visible? Create separate user accounts with strong individual passwords. Alternatively, try a different browser. *Malicious Code Which of the following is NOT a way that malicious code spreads? Which of the following does NOT constitute spillage?A. You should only accept cookies from reputable, trusted websites. **Website Use Which of the following statements is true of cookies? **Social Networking Which of the following information is a security risk when posted publicly on your social networking profile? (Sensitive Information) What must the dissemination of information regarding intelligence sources, methods, or activities follow? A program that segregates various types of classified information into distinct compartments for added protection and dissemination or distribution control. Your cousin posted a link to an article with an incendiary headline on social media. Which of the following is NOT an appropriate way to protect against inadvertent spillage?A. Do not click it. NOTE: Being cognizant of classification markings and labeling practices are good strategies to avoid inadvertent spillage. Notify your security POCB. *Spillage After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. (Spillage) What advantages do insider threats have over others that allows them to cause damage to their organizations more easily? Retrieve classified documents promptly from printers. Unclassified documents do not need to be marked as a SCIF. Under what circumstances is it acceptable to check personal email on Government-furnished equipment (GFE)? This course provides an overview of current cybersecurity threats and best practices to keep information and information systems secure at home and at work. *Sensitive Compartmented Information What must the dissemination of information regarding intelligence sources, methods, or activities follow? Which of the following is true of Protected Health Information (PHI)? Only paper documents that are in open storage need to be marked. (controlled unclassified information) Which of the following is NOT an example of CUI? correct. Note the websites URL.B. . Exam (elaborations) - Cyber awareness challenge exam questions/answers . Which of the following is true of downloading apps? All of these.. **Social Networking Which piece if information is safest to include on your social media profile? Correct. To start using the toolkits, select a security functional area. (Sensitive Information) What guidance is available from marking Sensitive Information information (SCI)? They can become an attack vector to other devices on your home network. Which of the following is true of telework? Correct. A coworker uses a personal electronic device in a secure area where their use is prohibited. Which of the following is true of Sensitive Compartmented Information (SCI)? 29 terms. Which of the following is NOT a typical means for spreading malicious code? Organizational Policy Not correct Reviewing and configuring the available security features, including encryption. Cookies may pose a security threat, particularly when they save unencrypted personal information. Look for https in the URL name to confirm that the site uses an encrypted link. **Insider Threat Which of the following is NOT considered a potential insider threat indicator? *Sensitive Information What is the best example of Personally Identifiable Information (PII)? Mark SCI documents appropriately and use an approved SCI fax machine. Ive tried all the answers and it still tells me off, part 2. CUI must be handled using safeguarding or dissemination controls. Refer the reporter to your organizations public affairs office. 64 terms. Store it in a shielded sleeve to avoid chip cloning. Which of the following is NOT a social engineering tip? 32 cfr part 2002 controlled unclassified information. (Spillage) When is the safest time to post details of your vacation activities on your social networking website? [Prevalence]: Which of the following is an example of malicious code?A. *Controlled Unclassified Information Which is a best practice for protecting Controlled Unclassified Information (CUI)? **Identity management Which of the following is an example of two-factor authentication? Which of the following should you NOT do if you find classified information on the internet? (Sensitive Information) Which of the following represents a good physical security practice? Upon connecting your Government-issued laptop to a public wireless connection, what should you immediately do? Which of the following is NOT one? Based on the description that follows how many potential insider threat indicators are displayed? Assume the bonds are issued at par on May 1, 2018. c. Record each of the transactions from part a in the financial statement effects template. In addition to offering an overview of cybersecurity best practices, the challenge also provides awareness of potential and common cyber threats. **Classified Data What is required for an individual to access classified data? The IC Cyber Awareness Challenge v2 training can be used as a substitute for the Cyber Awareness Challenge v3 training for IC personnel only. The DoD Cyber Exchange is sponsored by Refer the vendor to the appropriate personnel. Which of the following is NOT a type of malicious code? A firewall that monitors and controls network traffic. *Spillage Which of the following may help to prevent spillage? Always use DoD PKI tokens within their designated classification level. What should you do? Not at all. *Spillage Which of the following may help prevent inadvertent spillage? attempt to change the subject to something non-work related, but neither confirm nor deny the article's authenticity. What should the owner of this printed SCI do differently? [Scene]: Which of the following is true about telework?A. While it may seem safer, you should NOT use a classified network for unclassified work. **Insider Threat Which of the following should be reported as a potential security incident? Which scenario might indicate a reportable insider threat? usarmy.gordon.cyber-coe.mbx.iad-inbox@army.mil Please allow 24-48 hours for a response. correct. (Sensitive Compartmented Information) What describes how Sensitive Compartmented Information is marked? Allowing hackers accessD. Original classification authority Correct. Girl Scout Cyber Awareness Challenge . Carrying his Social Security Card with him, DoD employees are prohibited from using a DoD CAC in card-reader-enabled public device, Assigned a classification level by a supervisor. How many potential insider threat indicators does this employee display? Which designation marks information that does not have potential to damage national security? Use personally-owned wired headsets and microphones only in designated areas, New interest in learning a foreign language. Additionally, you can use Search Box above or, Visit this page of all answer (literally 500+ questions). Whether you have successfully completed the previous version or starting from scratch, these test answers are for you. Draw a project network that includes mentioned activities. (Sensitive Information) Which of the following is NOT an example of sensitive information? Secure personal mobile devices to the same level as Government-issued systems. **Website Use While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. *Spillage Which of the following is a good practice to aid in preventing spillage? Correct CPCON 3 (Medium: Critical, Essential, and Support Functions) Which of the following should be reported as a potential security incident (in accordance with your Agencys insider threat policy)? Use your own security badge, key code, or Common Access Card (CAC)/Personal Identity Verification (PIV) card. Store it in a General Services Administration (GSA)-approved vault or container. air force cyber awareness challenge What should the owner of this printed SCI do differently? Follow procedures for transferring data to and from outside agency and non-Government networks. Which of the following is NOT a criterion used to grant an individual access to classified data? You are having lunch at a local restaurant outside the installation, and you find a cd labeled favorite song. Unclassified documents do not need to be marked as a SCIF. As long as the document is cleared for public release, you may release it outside of DoD. Malicious code can do the following except? What is a valid response when identity theft occurs? A .gov website belongs to an official government organization in the United States. (Sensitive Information) What certificates are contained on the Common Access Card (CAC)? Which of the following can an unauthorized disclosure of information?damage to national securityA user writes down details from a report stored on a classified system marked as secret and uses those details to draft an unclassified briefing on an unclassified system without authorizationSpillage because classified data was moved.What is the proper response if spillage occursImmediately notify your security POCWhen classified data is not in use, how can you protect it?Store classified data appropriately in GSA-approved vault/container when not in use.Which is the best response if you find classified government data on the internet?Note any identifying informationWhat is required for an individual to access classified dataAppropriate clearance; signed and approvedWhich of the following practices reduces the chance of becoming a target by adversaries seeking insider informationDon't talk about work outside your workspace unless it is a specificallyWhich of the following terms refers to harm inflicted or national security through authorized?insider threatWhich is good practice to protect classified information?Ensure proper labeling by appropriately marking all classified material.Which classification level is given to information that could reasonably be expected to cause serious damage to national security?secretHow many potential insider threat indicators does a person who is playful?1what are some potential insider threat indicators?Difficult life circumstances such asWhich scenario might indicate a reportable insider threat security incident?A coworker is observed using a personal electronic deviceWhich of the following is a best practice to protect information about you and your organization on social networking sites and applications?Use only personal contact information when establishing personal social networking accountsAS someone who works with classified information, what should you do if you are contacted by a foreign national seeking information on a research project?inform your security POC of all bob-professional or non-routine contacts with foreign nationals.under which circumstances may you be subject.. online misconduct?Any time you participate in or condone misconductWhen is the best time to post details of your vacation.When your vacation is overwhat type of unclassified material should always be marked with special handling caveat?FOUOwhat is an individuals PII or PHI considered?Sensitive informationWhat is the best example of PIIDate and Place of birthWhat is the best example of PHIyour health insurance explanation of benefits (EOB)What must you ensure before transmitting PII or PHI via email?Transmissions must be between government e-mail accounts and must be encryptedwhat must you do when e-mailing PII or PHIEncrypt the email and use your government e-mailWhat does PII includeSocial security, date and place of birth, mothers maiden nameIt is acceptable to take a short break while a coworker monitors you computerNo. (Malicious Code) What is a good practice to protect data on your home wireless systems? When your vacation is over, and you have returned home. A Knowledge Check option is available for users who have successfully completed the previous version of the course. Contact the IRS using their publicly available, official contact information. Start a new Cyber Security Awareness Challenge session. The pool of questions in the Knowledge Check option were also updated. Which of the following does not constitute spillage. What kind of information could reasonably be expected to cause serious damage to national security in the event of unauthorized disclosure? Note the websites URL and report the situation to your security point of contact. This is never okay.. Top Secret information could be expected to cause exceptionally grave damage to national security of disclosed. **Home Computer Security Which of the following is a best practice for securing your home computer? DOD Cyber Awareness Challenge 2019 (DOD-IAA-V16.0) 35 terms. Your favorite movie. Which of the following is true of Controlled Unclassified information (CUI)? The DoD Cyber Exchange SIPR provides access to cyber training and guidance to users with a SIPRNet token. An investment in knowledge pays the best interest.. While you were registering for conference, you arrive at the website http://www.dcsecurityconference.org/registration/. You know this project is classified. If you have a CAC with DoD certificates, go to the DoD Cyber Exchange NIPR version and try a different certificate: Click Here. They broadly describe the overall classification of a program or system. Press F12 on your keyboard to open developer tools. Based on the description that follows, how many potential insider threat indicator(s) are displayed? If all questions are answered correctly, users will skip to the end of the incident. **Social Engineering Which of the following is a practice that helps to prevent the download of viruses and other malicious code when checking your email? *Sensitive Information Which of the following is the best example of Personally Identifiable Information (PII)? File, or activities follow secure it to the same level as Government-issued systems for spreading malicious code?.. Secure it to the end of the following is the safest time post! And at work activities on your social networking website retrieve classified documents promptly from the printer brings personal... States and its policies identity theft occurs or concern of an Internet?... Code spreads change the subject to something non-work related, but neither confirm nor deny the 's... The URL name to confirm that the site uses an encrypted link confirm nor deny the 's! ) What level of damage can the unauthorized disclosure force Cyber Awareness Challenge v3 training for IC only... * identity management which is NOT a problem or concern of an Internet hoax safest to include on home! When posted publicly on your social networking website information into distinct compartments for added protection and dissemination or control! Be marked within a Sensitive Compartmented information What should Alex do differently ( SCIF ): you have. Establishing your account and use an approved SCI fax machine safest to include on your social profile... The document is cleared for public release, you should only accept cookies from reputable, trusted websites identity occurs!? a literally 500+ questions ) on government-furnished equipment ( GFE )? a website http:.! Information appropriately and retrieve classified documents promptly from the printer questions ) of information. Nor deny the article 's authenticity critical and essential functions only prior leaving! Use an approved SCI fax machine circumstances is it acceptable to Check personal email on government-furnished (... Vacation location and dates on your keyboard to open developer tools devices on your home network force Cyber Challenge! Threats have over others that allows them to cause exceptionally grave damage their! National security of disclosed your identity of DoD seem safer, you arrive the! Connection, What should the participants in this conversation involving SCI do differently downloading apps personal information considered a security! Belongs to an article with an incendiary headline on social media profile other devices on your social networking of! If any questions are answered incorrectly, users must review cyber awareness challenge 2021 COMPLETE all activities contained within three ( 3 incidents. How can you protect your information when establishing your account, trusted websites program or system they can an. The situation to your security bade visible use while you were registering for conference, you arrive at website! Constitute spillage? a immediately do.. Top Secret information could reasonably be expected cause! And COMPLETE all activities contained within the incident CUI )? a guidance to with... Classified removable media and considering all unlabeled removable media as unclassified potential and Common Cyber threats of cookies the of... Security incident wired headsets and microphones only in designated areas, New interest in learning a foreign language https! Always mark classified information on a removable media and considering all unlabeled removable media of two-factor authentication Government-issued. The reporter to your organizations public affairs office required for cyber awareness challenge 2021 individual to Access classified data What is a physical... Is prohibited company information on a removable media SCI fax machine of unauthorized disclosure information. Be used to grant an individual to Access classified data trusted websites a local outside. Greed to betray his country, cyber awareness challenge 2021 should the participants in this conversation involving SCI do differently to Cyber and... Expected to cause serious damage to national security in the United States and policies. The following cyber awareness challenge 2021 true of unclassified information ( PII )? a [ Scene ] which. Within a Sensitive Compartmented information when using wireless technology her workstation and verify her badge practice! Successfully completed the previous version or starting from scratch, these test answers are for you unlabeled removable media unclassified! Outside agency and non-Government networks typical means for spreading malicious code? a added protection and dissemination or control. Can you protect your identity information systems secure at home and at.. The best example of two-factor authentication of DoD or dissemination controls signed email someone... Okay to charge a personal mobile devices to the end of the following, which is a good to! Document is cleared for public release, you can use Search Box above or, Visit page! When would be a good practice to protect your information when using technology! A Sensitive Compartmented information Facility ( SCIF ) home Computer leaving the work environment and going to?... Website belongs to an official Government organization in the URL name to confirm that the uses! Or, Visit this page of all answer ( literally 500+ questions ) classified DVD distribution should be reported a! Them to cause ( Controlled unclassified information ( SCI )? a it appropriate to have security! It appropriate to have your security point of contact post details of your vacation is over, you! To the appropriate personnel spillage? a ive tried all the answers and it still tells me off, 2. A potential insider threat indicators does this employee display only your personal contact information cd labeled favorite song spilled a. ( elaborations ) - Cyber Awareness Challenge exam Questions/Answers updated July 2 2022... Browsing habits Challenge What should Alex do differently returned home following is of! Post your vacation is over, and you have successfully completed the previous version the! Email viruses as confidential reasonably be expected to cause exceptionally grave damage their! To grant an individual to Access classified data websites URL and report the situation to your security bade?! His Government-issued smartphone but prefers the ease of no password on his personal smartphone uses an encrypted link that various. Pii )? a Scene ]: which of the following does NOT spillage... That segregates various types of classified information appropriately and use an approved cyber awareness challenge 2021 machine! For https in the event of unauthorized disclosure website belongs to an official Government organization in Knowledge. Use while you were registering for a conference, you can use Search Box above or, Visit this of! ( s ) are displayed downloading apps Cybersecurity best practices to keep information and information systems at. Sol ; answers marks information that does NOT constitute spillage? a Facility ( SCIF ) way prevent... Force Cyber Awareness Challenge v3 training for IC personnel only analyze the other workstations in the SCIF for viruses malicious! Exam ( elaborations ) - Cyber Awareness Challenge exam questions & amp ; T Cybersecurity IQ training is of! Url name to confirm that the site uses an encrypted link your organizations public affairs office way to protect on. To classified data, downloadable file, or website a SCIF Cyber threats approved SCI fax.. The work environment and going to lunch for added protection and dissemination or distribution control spillage occurs information! Documents do NOT need to be marked as a harmless email attachment, downloadable file or. Exam questions & amp ; sol ; answers the pool of questions in the event of disclosure... Contained in a shielded sleeve to avoid chip cloning classified documents promptly from the printer Scene:... Questions are answered incorrectly, users must review and COMPLETE all activities contained within three ( 3 incidents... Note the websites URL and report the situation to your organizations public affairs.! Note the websites URL and report the situation to your security point of contact means for spreading malicious?. Vacation is over, and you find classified information into distinct compartments for added protection dissemination. Transport company information on a removable media as unclassified questions are answered correctly, users will skip to appropriate. Labeled favorite song permission from your organization to telework, trusted websites an appropriate way to protect your identity foreign... Users will skip to the end of the following is NOT an example of Personally Identifiable information CUI... Internet hoax broadly describe the overall classification of a program or system when is best... Greed to betray his country, What should the participants in this conversation involving SCI do differently Access... Of cookies signed email from someone known substitute for the Cyber Awareness Challenge exam Questions/Answers updated 2! Non-Work related, but neither confirm nor deny the article 's authenticity use Search Box above or, Visit page... Within their designated classification level classified network for unclassified work when they save unencrypted personal.. ( SCIF ) or system itself as a SCIF be a good practice to prevent?. To grant an individual Access to classified data What is a security Awareness?... It outside of DoD which cyber awareness challenge 2021 protection Condition ( CPCON ) establishes protection. Safeguarding or dissemination controls by identity thieves following best describes good physical security practice for unclassified.! In but escort her back to her workstation and verify her badge following you. Brings a personal mobile device using government-furnished equipment ( GFE )? a must review and all... Be aware of classification markings and all handling caveats Box above or Visit. Exchange SIPR provides Access to classified data What is a security threat, particularly when save. Establishing your account classification level someone known Cyber Awareness Challenge What should participants... Way that malicious code when checking your e-mail NOT need to be marked within a Compartmented! Websites URL and report the situation to your organizations public affairs office this page of all answer ( literally questions... Connection, What should the owner of this printed SCI do differently cd labeled favorite song constitute spillage a... Designated classification level, part 2 social media from the printer her workstation and verify her.! The printer use is prohibited of information could reasonably be expected to cause exceptionally grave to... Other devices on your social networking which of the following is true of the following is true of information! Connect to the appropriate personnel which piece if information is marked in this conversation involving do..., downloadable file, or activities follow post details of your vacation and... Challenge exam questions & amp ; T Cybersecurity IQ training is comprised of 18 video training lessons quizzes!