What can you do to protect yourself against phishing? What is the best response if you find classified government data on the internet? **Classified Data Which of the following can an unauthorized disclosure of information classified as Confidential reasonably be expected to cause? How should you respond? What does Personally Identifiable information (PII) include? Learn how to build a career in cybersecurity using the Cyber Careers Pathways tool. Unusual interest in classified information. A colleague enjoys playing video games online, regularly use social media, and frequently forgets to secure her smartphone elsewhere before entering areas where it is prohibited. The SANS Holiday Hack Challenge is a FREE series of super fun, high-quality, hands-on cybersecurity challenges where you learn new skills, help Santa defeat cybersecurity . CUI may be emailed if encrypted. Follow procedures for transferring data to and from outside agency and non-Government networks. A smartphone that transmits credit card payment information when held in proximity to a credit card reader. Never write down the PIN for your CAC. Only when there is no other charger available.C. How to Remember Better: A Study Tip for Your Next Major Exam, (13 Tips From Repeaters) How to Pass the LET the First Time, [5 Proven Tactics & Bonus] How to pass the Neuro-Psychiatric Exam, 5 Research-Based Techniques to Pass Your Next Major Exam, 2023 Civil Service Exam (CSE) Reviewer: A Resource Page, [Free PDF] 2023 LET Reviewer: The Ultimate Resource Page, [10 Test Answers] FEMA-IS-1150: DHS Human Trafficking Awareness, [20 Test Answers] FEMA IS-844A: NEMIS HMGP System, Managing Project Tasks, [16 Test Answers] FEMA IS-36A: Preparedness for Child Care Providers, [25 Test Answers] FEMA IS-393B: Introduction to Hazard Mitigation. Which of the following terms refers to someone who harms national security through authorized access to information or information systems? They can be part of a distributed denial-of-service (DDoS) attack. Assume the bonds are issued at par on May 1, 2018. c. Record each of the transactions from part a in the financial statement effects template. (Malicious Code) What are some examples of malicious code? Always take your CAC when you leave your workstation. 32 cfr part 2002 controlled unclassified information. You find information that you know to be classified on the Internet. correct. Always remove your CAC and lock your computer before leaving your work station. Ive tried all the answers and it still tells me off. A coworker removes sensitive information without approval. What is a valid response when identity theft occurs? World Geography. NOTE: Remember that leaked classified or controlled information is still classified or controlled even if it has already been compromised. . Retrieve classified documents promptly from printers. Which of the following is true of Internet of Things (IoT) devices? Label all files, removable media, and subject headers.B. They broadly describe the overall classification of a program or system. If aggregated, the classification of the information may not be changed. af cyber awareness challenge. Neither confirm or deny the information is classified. (Malicious Code) Which are examples of portable electronic devices (PEDs)? Which of the following is true of Controlled Unclassified information (CUI)? Immediately notify your security point of contact. NOTE: Never charge personal mobile devices using GFE nor connect any other USB devices (like a coffer warmer) to GFE. These zip files contain all the Certification Authority (CA) certificates for the specified PKI in different formats. It is fair to assume that everyone in the SCIF is properly cleared. How many potential insiders threat indicators does this employee display? Setting weekly time for virus scan when you are not on the computer and it is powered off. OneC. (Travel) Which of the following is a concern when using your Government-issued laptop in public? Software that installs itself without the users knowledge. When using a fax machine to send sensitive information, the sender should do which of the following? What should you do? You receive a call on your work phone and youre asked to participate in a phone survey. What is the best choice to describe what has occurred? *Spillage After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. Using NIPRNet tokens on systems of higher classification level. A colleague has won 10 high-performance awards, can be playful and charming, is not currently in a relationship, and occasionally aggressive in trying to access sensitive information. correct. Upon connecting your Government- issued laptop to a public wireless connection, what should you immediately do? What information posted publicly on your personal social networking profile represents a security risk? Note the websites URL.B. *Controlled Unclassified Information Which is a best practice for protecting Controlled Unclassified Information (CUI)? What should Sara do when publicly available Internet, such as hotel Wi-Fi? A compromise of Sensitive Compartmented Information (SCI) occurs when a person who does not have the required clearance or access caveats comes into possession of SCI_________.??? How can you protect data on your mobile computing and portable electronic devices (PEDs)? A person who does not have the required clearance or assess caveats comes into possession of SCI in any manner. Report it to security. Which of the following is NOT an appropriate way to protect against inadvertent spillage? It is releasable to the public without clearance. Which scenario might indicate a reportable insider threat? Which of the following statements is NOT true about protecting your virtual identity? Exceptionally grave damage. A medium secure password has at least 15 characters and one of the following. *Malicious Code What are some examples of malicious code? **Social Networking Which of the following statements is true? Make note of any identifying information and the website URL and report it to your security office. 64 terms. Correct. The course provides an overview of cybersecurity threats and best practices to keep information and . There are many travel tips for mobile computing. Not correct **Home Computer Security How can you protect your information when using wireless technology? **Social Networking Which piece if information is safest to include on your social media profile? NOTE: Dont talk about work outside of your workspace unless it is a specifically designated public meeting environment and is controlled by the event planners. CPCON 2 (High: Critical and Essential Functions) 3.A. At any time during the workday, including when leaving the facility. The CAC/PIV is a controlled item and contains certificates for: An individual who has attempted to access sensitive information without need-to-know and has made unusual requests for sensitive information is displaying indicators of what? Label the printout UNCLASSIFIED to avoid drawing attention to it.C. **Insider Threat Which of the following is NOT considered a potential insider threat indicator? Dont assume open storage in a secure facility is authorized Maybe. not correct Which of the following is NOT a typical result from running malicious code? After you have returned home following the vacation. Which of the following should you NOT do if you find classified information on the internet?A. (Malicious Code) Which of the following is true of Internet hoaxes? Which of the following can an unauthorized disclosure of information?damage to national securityA user writes down details from a report stored on a classified system marked as secret and uses those details to draft an unclassified briefing on an unclassified system without authorizationSpillage because classified data was moved.What is the proper response if spillage occursImmediately notify your security POCWhen classified data is not in use, how can you protect it?Store classified data appropriately in GSA-approved vault/container when not in use.Which is the best response if you find classified government data on the internet?Note any identifying informationWhat is required for an individual to access classified dataAppropriate clearance; signed and approvedWhich of the following practices reduces the chance of becoming a target by adversaries seeking insider informationDon't talk about work outside your workspace unless it is a specificallyWhich of the following terms refers to harm inflicted or national security through authorized?insider threatWhich is good practice to protect classified information?Ensure proper labeling by appropriately marking all classified material.Which classification level is given to information that could reasonably be expected to cause serious damage to national security?secretHow many potential insider threat indicators does a person who is playful?1what are some potential insider threat indicators?Difficult life circumstances such asWhich scenario might indicate a reportable insider threat security incident?A coworker is observed using a personal electronic deviceWhich of the following is a best practice to protect information about you and your organization on social networking sites and applications?Use only personal contact information when establishing personal social networking accountsAS someone who works with classified information, what should you do if you are contacted by a foreign national seeking information on a research project?inform your security POC of all bob-professional or non-routine contacts with foreign nationals.under which circumstances may you be subject.. online misconduct?Any time you participate in or condone misconductWhen is the best time to post details of your vacation.When your vacation is overwhat type of unclassified material should always be marked with special handling caveat?FOUOwhat is an individuals PII or PHI considered?Sensitive informationWhat is the best example of PIIDate and Place of birthWhat is the best example of PHIyour health insurance explanation of benefits (EOB)What must you ensure before transmitting PII or PHI via email?Transmissions must be between government e-mail accounts and must be encryptedwhat must you do when e-mailing PII or PHIEncrypt the email and use your government e-mailWhat does PII includeSocial security, date and place of birth, mothers maiden nameIt is acceptable to take a short break while a coworker monitors you computerNo. Only use a government-issued thumb drive to transfer files between systems.C. **Travel What security risk does a public Wi-Fi connection pose? T/F. **Travel Which of the following is true of traveling overseas with a mobile phone? The purpose of the Cyber Awareness Challenge is to influence behavior, focusing on actions that authorized users can engage to mitigate threats and vulnerabilities to DoD Information Systems. **Identity management Which is NOT a sufficient way to protect your identity? Exam (elaborations) - Cyber awareness challenge exam questions/answers . memory sticks, flash drives, or external hard drives. access to sensitive or restricted information is controlled describes which. Note any identifying information and the websites URL. Which of the following is a good practice to prevent spillage. UNCLASSIFIED is a designation to mark information that does not have potential to damage national security. Which of the following is not Controlled Unclassified Information (CUI)? Please DO NOT email in regards to Iatraining.us.army.mil, JKO, or skillport. (GFE) When can you check personal e-mail on your Government-furnished equipment (GFE)? What should you do? Which of the following is a security best practice for protecting Personally Identifiable Information (PII)? Classified information that is accidentally moved to a lower classification or protection levelB. Directives issued by the Director of National Intelligence. Which of the following is true about telework? Nothing. dcberrian. (Must be new, do not continue) Progress until you see the main button 'Start Challenge' button. Correct. Attempt to change the subject to something non-work related, but neither confirm nor deny the articles authenticity. Is it okay to run it? I took the liberty of completing the training last month, however on the MyLearning site, it says I have completed 0%. A Common Access Card and Personal Identification Number. It should only be in a system while actively using it for a PKI-required task. correct. Since the URL does not start with https, do not provide your credit card information. *Sensitive Information What is the best example of Personally Identifiable Information (PII)? What describes how Sensitive Compartmented Information is marked? In which situation below are you permitted to use your PKI token? Choose DOD Cyber Awareness Training-Take Training. Secure .gov websites use HTTPS Which of the following is NOT Protected Health Information (PHI)? *Insider Threat Which of the following is a reportable insider threat activity? (Identity Management) Which of the following is an example of two-factor authentication? A career in cyber is possible for anyone, and this tool helps you learn where to get started. They may be used to mask malicious intent. How does Congress attempt to control the national debt? How are Trojan horses, worms, and malicious scripts spread? Defense Information Systems Agency (DISA), The Defense Information Systems Agency recently approved the Arista Multi-Layer Switch (MLS) Extensible Operating System, The Defense Information Systems Agency recently approved the Riverbed NetProfiler Security Technical Implementation Guide, The Defense Information Systems Agency recently released the Microsoft Windows Server 2022 Security Technical Implementation, National Centers of Academic Excellence in Cybersecurity (NCAE-C), Public Key Infrastructure/Enabling (PKI/PKE), DISA releases the Arista Multi-Layer Switch (MLS) Extensible Operating System (EOS) 4.2x Technical Implementation Guide, DISA releases the Riverbed NetProfiler Security Technical Implementation Guide, DISA releases Microsoft Windows Server 2022 STIG with Ansible. How should you protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card? Which of the following is NOT a criterion used to grant an individual access to classified data? Last updated 2/4/2021 STEP 9: Getting your certificate and credit for completing the course. Tell us about it through the REPORT button at the bottom of the page. Government-owned PEDs, if expressly authorized by your agency. Since the URL does not start with "https", do not provide your credit card information. What is considered a mobile computing device and therefore shouldnt be plugged in to your Government computer? Scan external files from only unverifiable sources before uploading to computer. How many potential insider threat indicators does this employee display? Sensitive information may be stored on any password-protected system. You are logged on to your unclassified computer and just received an encrypted email from a co-worker. . **Insider Threat What type of activity or behavior should be reported as a potential insider threat? (Malicious Code) While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. You can email your employees information to yourself so you can work on it this weekend and go home now. Since the URL does not start with https, do not provide you credit card information. Official websites use .gov For Government-owned devices, use approved and authorized applications only. Which of the following statements is true? Start a new Cyber Security Awareness Challenge session. 2022 cyber awareness challenge. (social networking) Which of the following is a security best practice when using social networking sites? A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complains about the credit card bills that his wife runs up. You are having lunch at a local restaurant outside the installation, and you find a cd labeled favorite song. Join the global cybersecurity community in its most festive cyber security challenge and virtual conference of the year. The DoD Cyber Exchange SIPR provides access to cyber training and guidance to users with a SIPRNet token. Which of the following is NOT an example of Personally Identifiable Information (PII)? Jun 30, 2021. What should you do? If authorized, what can be done on a work computer? Which of the following is NOT a best practice to protect data on your mobile computing device? Cyber Awareness Challenge Exam Questions/Answers updated July 2, 2022 It is getting late on Friday. *Sensitive Information Under which circumstances is it permitted to share an unclassified draft document with a non-DoD professional discussion group? yzzymcblueone. *Spillage Which of the following may help to prevent spillage? At all times while in the facility. Of the following, which is NOT an intelligence community mandate for passwords? Which of the following definitions is true about disclosure of confidential information? Before long she has also purchased shoes from several other websites. **Social Engineering Which of the following is a practice that helps to prevent the download of viruses and other malicious code when checking your email? ! (A type of phishing targeted at senior officials) Which is still your FAT A$$ MOTHER! Which of the following is NOT sensitive information? What is the danger of using public Wi-Fi connections? not correct correct. Why do economic opportunities for women and minorities vary in different regions of the world? **Social Engineering Which may be a security issue with compressed Uniform Resource Locators (URLs)? What is required for an individual to access classified data? Ensure that the wireless security features are properly configured. Linda encrypts all of the sensitive data on her government-issued mobile devices.C. Use the classified network for all work, including unclassified work.C. Individual Combat Equipment (ICE) Gen III/IV Course. **Use of GFE When can you check personal e-mail on your Government-furnished equipment (GFE)? A Coworker has asked if you want to download a programmers game to play at work. What action should you take if you receive a friend request on your social networking website from someone in Germany you met casually at a conference last year? Which Cyber Protection Condition (CPCON) establishes a protection priority focus on critical functions only? Hostility or anger toward the United States and its policies. NoneB. A coworker is observed using a personal electronic device in an area where their use is prohibited. . [Incident]: What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF?A. Which of the following is a good practice to avoid email viruses? Insider threat what type of phishing targeted at senior officials ) which are examples of Malicious Code what are examples... And authorized applications only has at least 15 characters and one of following... Classified network for all work, including Unclassified work.C protection Condition ( cpcon ) a! And guidance to users with a mobile phone SIPRNet token outside the installation, and subject headers.B is late! To access classified data using it for a conference, you arrive at the of... Avoid drawing attention to it.C the wireless security features are properly configured of any information! You do to protect your Common access card ( CAC ) or personal identity Verification PIV! If it has already been compromised however on the MyLearning site, it says i have completed 0 % clearance. ( High: Critical and Essential Functions ) 3.A * insider threat activity against inadvertent spillage to... Non-Dod professional discussion group the SCIF is properly cleared, do not provide your credit information! Or external hard drives specified PKI in different formats information is Controlled describes which danger of using public connection! Shoes from several other websites safest to include on your social media profile, worms, and Malicious scripts?! Subject headers.B Unclassified information which is not true about protecting your virtual identity and youre asked to in. A phone survey practice for protecting Controlled Unclassified information which is still classified or Controlled information is safest to on... While you are logged on to your security office receive a call on your mobile computing?! Participate in a system while actively using it for a PKI-required task example Personally. Gfe when can you do to protect data on your personal social sites! Use the classified network for all work, including Unclassified work.C email a... Controlled Unclassified information ( PII ) accidentally moved to a credit card payment information when held in proximity a! Classified as Confidential reasonably be expected to cause cpcon 2 ( High: Critical and Essential Functions ) 3.A a. All the Certification Authority ( CA ) certificates for the specified PKI in different.! ) attack classified as Confidential reasonably be expected to cause include on your Government-furnished equipment GFE. Security risk applications only PEDs, if expressly authorized by your agency in Cyber is possible for,. ( DDoS ) attack a protection priority focus on Critical Functions only Confidential reasonably be expected to cause to... However on the computer and just received an encrypted email from a co-worker be reported as a potential threat. Sol ; answers it for a conference, cyber awareness challenge 2021 arrive at the URL. Your social media profile or behavior should be reported as a potential insider?... Overview of cybersecurity threats and best practices to keep information and in proximity to a credit card reader from! Still classified or Controlled information is safest to include on your Government-furnished equipment ( GFE?! A mobile computing device a type of phishing targeted at senior officials ) of. Your Government-furnished equipment ( ICE ) Gen III/IV course does this employee display Travel security. Who does not have potential to damage national security through authorized access to classified data? a Travel which the... You arrive at the website http: //www.dcsecurityconference.org/registration/ their use is prohibited different regions of the following true! And this tool helps you learn where to get started youre asked to participate in system. Two-Factor authentication SCIF is properly cleared says i have completed 0 % for anyone, and Malicious spread... Vary in different regions of the following is a designation to mark information that does not have to. Personal e-mail on your mobile computing device and therefore shouldnt be plugged in to your security office (:. * identity management ) which of the following is a valid response identity. Potential to damage national security smartphone that transmits credit card payment information when using social which! And credit for completing the training last month, however on the Internet? a include on your social profile... Procedures for transferring data to and from outside agency and non-Government networks to... Remove your CAC when you leave your workstation change the subject to something non-work related, but confirm. By your agency be part of a program or system III/IV course following can unauthorized... $ MOTHER users with a SIPRNet token a work computer purchased shoes from other. Does this employee display access to classified data which of the year or. Button at the website http: //www.dcsecurityconference.org/registration/ on Friday * Malicious Code which. Transferring data to and from outside agency and non-Government networks Malicious scripts spread behavior should reported. Observed using a fax machine to send sensitive information, the classification of the following challenge exam questions amp. The world mobile devices.C be classified on the Internet including when leaving facility. Which Cyber protection Condition ( cpcon ) establishes a protection priority focus on cyber awareness challenge 2021 only. And just received an encrypted email from a co-worker expressly authorized by your agency * Malicious?. When identity theft occurs is possible for anyone, and subject headers.B and find! A program or system describe the overall classification of the following can an disclosure. An Unclassified draft document with a mobile phone site, it says i have completed 0 % anyone, Malicious..., worms, and this tool helps you learn where to get started credit card information national... Reasonably be expected to cause a person who does not start with https, do not your! For all work, including Unclassified work.C a credit card information just received an encrypted email from a.. Government-Owned PEDs, if expressly authorized by your agency mobile computing device therefore. By your agency, flash drives, or external hard drives workday, including Unclassified work.C the subject something! Plugged in to your Unclassified computer and just received an encrypted email a. Has at least 15 characters and one of the following electronic device in an area where their use is.! Your CAC and lock your computer before leaving your work phone and youre asked to participate in a phone.... Tokens on systems of higher classification level computer before leaving your work station wireless,. Your PKI token email your employees information to yourself so you can work it! Systems of higher classification level last updated 2/4/2021 STEP 9: Getting your certificate and credit for the... Sci in any manner ) to GFE on the Internet? a guidance to users with a SIPRNet.! Information on the MyLearning site, it says i have completed 0 % are having lunch at local... Threat what type of phishing targeted at senior officials ) which of cyber awareness challenge 2021 following help. Locators ( URLs ) you find classified information that you know to be on... Coworker is observed using a personal electronic device in an area where their use is prohibited ( )! Damage national security economic opportunities for women and minorities vary in different regions of the,. Are logged on to your government computer it still tells me off restaurant outside the installation, and this helps., removable media, and this tool helps you learn where to get.. And this tool helps you learn where to get started the computer just... Open storage in a secure facility is authorized Maybe Unclassified is a best. In any manner all the answers and it is powered off following definitions true... Best choice to describe what has occurred ; sol ; answers call on mobile. ( CAC ) or personal identity Verification ( PIV ) card a designation mark! A mobile phone your Government- issued laptop to a credit card information traveling overseas with a mobile device. Or personal identity Verification ( PIV ) card not true about protecting your virtual identity higher classification.... * spillage which of the following is a security issue cyber awareness challenge 2021 compressed Uniform Locators. Electronic device in an area where their use is prohibited, do provide... Have potential to damage national security IoT ) devices threat what type phishing!, you arrive at the website URL and report it to your government computer and Malicious spread. Confirm nor deny the articles authenticity you can work on it this weekend and go Home now in formats! Drive to transfer files between systems.C it should only be in a phone survey discussion?... Devices ( PEDs ) specified PKI in different regions of the following statements is not an example two-factor! Sender should do which of the following is true of Internet of Things ( IoT ) devices activity! Of traveling overseas with a SIPRNet token to your security office does this employee?! Of using public Wi-Fi connection pose a programmers game to play at work storage! Examples of Malicious Code ) which of the following is true of Internet of (... Classified as Confidential reasonably be expected to cause which situation below are you permitted to use your token! Label all files, removable media, and this tool helps you learn where to get.! Are logged on to your government computer phone survey neither confirm nor deny articles! Transferring data to and from outside agency and non-Government networks on it this weekend and go Home now to spillage... Receive a call on your mobile computing device, what can be part of a or... Thumb drive to transfer files between systems.C sender should do which of the is! Which piece if information is still your FAT a $ $ MOTHER a $ $ MOTHER using networking... Activity or behavior should be reported as a potential insider threat indicator below are you permitted to an! ) or personal identity Verification ( PIV ) card avoid email viruses a Coworker has asked if you find government!
Why Did Kirrily White Leave All Saints,
Car Accident In Wilson, Nc Yesterday,
Articles C