*Sensitive Information Under what circumstances could classified information be considered a threat to national security? (Home computer) Which of the following is best practice for securing your home computer? Publication of the long-awaited DoDM 8140.03 is here! (Insider Threat) Based on the description that follows, how many potential insider threat indicator(s) are displayed? [Incident]: What is the danger of using public Wi-Fi connections?A. correct. Linda encrypts all of the sensitive data on her government-issued mobile devices. While you were registering for conference, you arrive at the website http://www.dcsecurityconference.org/registration/. The challenges goal is simple: To change user behavior to reduce the risks and vulnerabilities DoD Information Systems face. [Ellens statement]: How many insider threat indicators does Alex demonstrate?A. What is the best example of Protected Health Information (PHI)? . How do you respond? When is it okay to charge a personal mobile device using government-furnished equipment (GFE)? Social Security Number, date and place of birth, mothers maiden name. according to the 2021 State of Phishing and Online Fraud Report. [Incident]: What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF?A. This bag contains your government-issued laptop. Attachments contained in a digitally signed email from someone known. Appropriate clearance, a signed and approved non-disclosure agreement, and need-to-know. CPCON 1 (Very High: Critical Functions) CUI may be stored on any password-protected system. Who designates whether information is classified and its classification level? (social networking) When may you be subjected to criminal, disciplinary, and/or administrative action due to online misconduct? Immediately notify your security point of contact. Whether you have successfully completed the previous version or starting from scratch, these test answers are for you. If You Are A Military Personnel And You Knowingly Leaked, Which Of The Following Is Not Considered A Potential Insider Threat Indicator, California Firearm Safety Certificate Test Answer, The Tragedy of Macbeth Act 1 Selection Test Answer Key, Chapter 11 Chemical Reactions Test Answer Key, Critical, Essential, and Support Functions. 40 terms. Correct **Classified Data Which of the following must you do before using and unclassified laptop and peripherals in a collateral environment? Lewis's Medical-Surgical Nursing Diane Brown, Helen Edwards, Lesley Seaton, Thomas . **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? Home Training Toolkits. What type of social engineering targets senior officials? Classified material must be appropriately marked. In addition to avoiding the temptation of greed to betray his country, what should Alex do differently? NoneB. (Spillage) Which of the following is a good practice to aid in preventing spillage? NOTE: If you are directed to a login page before you can connect by VPN, the risk of malware loading of data compromise is substantially increased. How many insider threat indicators does Alex demonstrate? What action should you take? *Spillage What should you do when you are working on an unclassified system and receive an email with a classified attachment? New interest in learning another language, Which of the following is a good practice to protect classified information. **Insider Threat A colleague vacations at the beach every year, is married and a father of four, his work quality is sometimes poor, and he is pleasant to work with. Which of the following attacks target high ranking officials and executives? Explore our catalog of cyber security training developed by Cyber Security experts: enroll in classroom courses and take training online. Cyber Awareness Challenge 2021. (CISA), and CYBER.ORG this summer for the Cyber Awareness Challenge! It also says I cannot print out the certificate. [Incident]: Which of the following demonstrates proper protection of mobile devices?A. Malicious code can do damage by corrupting files, erasing your hard drive, and/or allowing hackers access. Which of the following is a practice that helps to protect you from identity theft? If authorized, what can be done on a work computer? NOTE: Being cognizant of classification markings and labeling practices are good strategies to avoid inadvertent spillage. Spillage occurs when information is spilled from a higher classification or protection level to a lower classification or protection level. Ctrl+F (Cmd+F) will help you a lot when searching through such a large set of questions. Classified material must be appropriately marked. The email provides a website and a toll-free number where you can make payment. correct. Which of the following is a best practice for securing your home computer? Only connect to known networks. Alex demonstrates a lot of potential insider threat indicators. Which of the following is true of sharing information in a Sensitive Compartmented Information Facility (SCIF)? **Social Networking Your cousin posted a link to an article with an incendiary headline on social media. All to Friends Only. What should you do? **Social Engineering Which may be a security issue with compressed Uniform Resource Locators (URLs)? What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF. Power off any mobile devices when entering a secure area. Which of the following is NOT true concerning a computer labeled SECRET? NOTE: Top Secret information could be expected to cause exceptionally grave damage to national security if disclosed. Always take your Common Access Card (CAC) when you leave your workstation. (Sensitive Information) Which of the following is NOT an example of sensitive information? (social networking) When is the safest time to post details of your vacation activities on your social networking profile? A colleague asks to leave a report containing protected health information (PHI) on his desk overnight so he can continue working on it the next day. Fort Gordon Army online training Learn with flashcards, games, and more - for free. When using a fax machine to send sensitive information, the sender should do which of the following? Press release data. What should you do after you have ended a call from a reporter asking you to confirm potentially classified information found on the web? What should be your response? A person who does not have the required clearance or assess caveats comes into possession of SCI in any manner. CUI may be emailed if encrypted. The answers here are current and are contained within three (3) incidents: spillage, Controlled Unclassified Information (CUI), and malicious codes. Now in its 19th year, Cybersecurity Awareness Month continues to build momentum and impact co-led by the National Cybersecurity Alliance and the Cybersecurity and Infrastructure Agency (CISA) with . Which of the following is NOT an example of CUI? Paste the code you copied into the console and hit ENTER. what is required for an individual to access classified data? You may use unauthorized software as long as your computers antivirus software is up-to-date. Carrying his Social Security Card with him, DoD employees are prohibited from using a DoD CAC in card-reader-enabled public device, Assigned a classification level by a supervisor. yzzymcblueone. After work hours, storing sensitive information in unlocked containers, desks, or cabinets if security is not present. What is a security best practice to employ on your home computer? Maintain possession of your laptop and other government-furnished equipment (GFE) at all times. *Sensitive Compartmented Information When is it appropriate to have your security badge visible? Appropriate clearance; signed and approved non-disclosure agreement; and need-to-know. Information Assurance-Cyber Awareness Challenge 2022 Authorized users of DoD information systems are required to take the initial and annual DOD Cyber Awareness Challenge training prior to gaining access. Issues with Cyber Awareness Challenge. (GFE) When can you check personal e-mail on your Government-furnished equipment (GFE)? Classified Information can only be accessed by individuals with. Classified information that should be unclassified and is downgraded.C. Girl Scout Cyber Awareness Challenge . What type of security is part of your responsibility and placed above all else?, If your wireless device is improperly configured someone could gain control of the device? You receive an inquiry from a reporter about government information not cleared for public release. Physical security of mobile phones carried overseas is not a major issue. Organizational Policy Not correct How can you protect yourself on social networking sites? World Geography. Right-click the link and select the option to preview??? Of the following, which is NOT a problem or concern of an Internet hoax? The purpose of Department of Defense Information Network Approved Products List (DODIN APL) is to maintain a single consolidated list of products that have completed Interoperability (IO) and Cybersecurity certification. As a security best practice, what should you do before exiting? How can you protect your organization on social networking sites? What level of damage can the unauthorized disclosure of information classified as Top Secret reasonably be expected to cause? How many potential insiders threat indicators does this employee display? Your DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approves for access to the NIPRNET. Set up a situation to establish concrete proof that Alex is taking classified information. (Sensitive Information) What should you do if a commercial entity, such as a hotel reception desk, asks to make a photocopy of your Common Access Card (CAC) for proof of Federal Government employment? *Sensitive Compartmented Information When should documents be marked within a Sensitive Compartmented Information Facility (SCIF). Paul verifies that the information is CUI, includes a CUI marking in the subject header and digitally signs an e-mail containing CUI. The annual Cyber Awareness Challenge is a course that helps authorized users learn how to best avoid and reduce threats and vulnerabilities in an organizations system. Which of the following is NOT a social engineering tip? How many potential insiders threat indicators does this employee display? Which is a rule for removable media, other portable electronic devices (PEDs), and mobile computing devices to protect Government systems? Based on the description that follows, how many potential insider threat indicator(s) are displayed? [Incident #2]: What should the employee do differently?A. . It includes a threat of dire circumstances. Cyber Awareness Challenge Knowledge Check 2023 Answers, Cyber Awareness Challenge 2022 Knowledge Check Answers. Join the global cybersecurity community in its most festive cyber security challenge and virtual conference of the year. Government-owned PEDs must be expressly authorized by your agency. It is created or received by a healthcare provider, health plan, or employer. What information relates to the physical or mental health of an individual? Retrieve classified documents promptly from printers. Ensure that any cameras, microphones, and Wi-Fi embedded in the laptop are physically disabled.- Correct. *Malicious Code Which of the following is NOT a way that malicious code spreads? Three or more. [email protected] Please allow 24-48 hours for a response. For more information, and to become a Cybersecurity Awareness Month partner email us [email protected]. Note:CISA is committed to providing access to our web pages and documents for individuals with disabilities, both members of the public and federal employees. Which of the following is NOT a typical result from running malicious code? Request the users full name and phone number. *Insider Threat Which of the following is a potential insider threat indicator? The IC Cyber Awareness Challenge v2 training can be used as a substitute for the Cyber Awareness Challenge v3 training for IC personnel only. How should you protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card? While it may seem safer, you should NOT use a classified network for unclassified work. How can you protect yourself from social engineering? Reviewing and configuring the available security features, including encryption. How can you avoid downloading malicious code? **Identity management Which of the following is an example of a strong password? Maybe. *Controlled Unclassified Information Which of the following is NOT an example of CUI? These resources are provided to enable the user to comply with rules, regulations, best practices and federal laws. Cyber Awareness Challenge 2021 - Knowledge Check. Spear Phishing attacks commonly attempt to impersonate email from trusted entities. Hes on the clock after all.C. (Spillage) Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization? How many potential insider threat indicators does this employee display? **Website Use How should you respond to the theft of your identity? *Spillage What should you do if a reporter asks you about potentially classified information on the web? (Spillage) What level of damage can the unauthorized disclosure of information classified as confidential reasonably be expected to cause? **Travel What is a best practice while traveling with mobile computing devices? What is best practice while traveling with mobile computing devices? (Answer) CPCON 2 (High: Critical and Essential Functions) CPCON 1 (Very High: Critical Functions) CPCON 3 (Medium: Critical, Essential, and Support Functions) CPCON 4 (Low: All Functions) CPCON 5 (Very Low: All Functions). Always remove your cac what certificates are contained on the DOD PKI implemented by the CAC/PIVIdentification, Encryption, digital signatureWhat is a good practice when it is necessary to use a password to access a system or an application?Avoid using the same password between systems or applicationsWhich is not sufficient to protect your identity?use a common password for all your system and application logons.Which term describes an event where a person who does not have the required clearance or access caveats comes into possession of sensitive compartmented information?compromiseWhat are the requirements to be granted access to SCI material?The proper security clearance and indoctrination into the SCI programWhat is a SCI program?a program that segregates various information.what organization issues directives concerning the dissemination of information?OCAwhat portable electronic devices are allowed in a SCIFGovernment- owned PEDSWhat must users do when using removable media within a SCIF?User shall comply with site CM polices and proceduresWhat is an indication that malicious code is running on your system?File corruptionWhat can malicious code do?It can cause damage by corrupting filesWhich is true of cookies?Text fileWhat is a valid response when identity theft occurs?Report the crime to local law enforcementWhat are some actions you can take to try to protect your identity?Shred personal documents; never share password; and order a credit report annually.What is whaling?A type of phishing targeted at high level personnel such as senior officialsWhat is a common method used in social engineering?Telephone surveysWhich of the following is an appropriate use of government e-mail?Digitally signing e-mails that contain attachment or hyperlinks.What is a protection against internet hoaxes?Use online sites to confirm or expose potential hoaxes.Which may be a security issue with compressed URLs?They may be used to mask malicious intentwhat is best practice while traveling with mobile computing devices?Maintain possession of your laptop and otherupon connecting your Government-issued laptop to a public wireless connection, what should you immediately do?Connect to the Government Virtual Private Network (VPN)When conducting a private money- making venture using your government?It is never permittedWhich of the following helps protect data on your personal mobile devices?Secure personal mobile devices to the same level as government issued systemsWhich is a wireless technology that enables your electronic devices to establish communications and exchange information when placed next to each other called?NFCWhat are some examples of removable media?Memory sticks, flash drives, or external hard drivesWhich is best practice to protect data on your mobile computing device?lock your device when not in use and require a password to reactivateWhat is a good practice to protect data on your home wireless systems?Ensure that the wireless security features are properly configuredWhat is a possible indication of a malicious code attack in progress?A pop-up window that flashes and warns that your computer is infected with a virus. The pool of questions in the Knowledge Check option were also updated. Taking classified documents from your workspace. **Mobile Devices Which of the following helps protect data on your personal mobile devices? Which of the following is true of Internet of Things (IoT) devices? Which of the following is not a best practice to preserve the authenticity of your identity? Which of the following best describes wireless technology? Use your own security badge, key code, or Common Access Card (CAC)/Personal Identity Verification (PIV) card. How do you respond? Thank you for your support and commitment to Cybersecurity Awareness Month and helping all everyone stay safe and secure online. **Removable Media in a SCIF What portable electronic devices (PEDs) are allowed in a Sensitive Compartmented Information Facility (SCIF)? Be aware of classified markings and all handling caveats. Cyber Awareness Challenge 2023 (Incomplete) 122 terms. Personal information is inadvertently posted at a website. Do not click it. Since the URL does not start with https, do not provide your credit card information. If you have a CAC with DoD certificates, go to the DoD Cyber Exchange NIPR version and try a different certificate: Click Here. Which of the following may be helpful to prevent inadvertent spillage? NOTE: Use caution when connecting laptops to hotel Internet connections. Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed. Not correct. Download the information. Which of the following is true of the Common Access Card (CAC)? Since 2004, the President of the United States and Congress have declared October to be Cybersecurity Awareness Month, helping individuals protect themselves online as threats to technology and confidential data become more commonplace. **Social Networking When may you be subject to criminal, disciplinary, and/or administrative action due to online misconduct? Who can be permitted access to classified data? No. What must authorized personnel do before permitting another individual to enter a Sensitive Compartmented Information Facility (SCIF)? Sensitive information may be stored on any password-protected system. Of the following, which is NOT a security awareness tip? Exposure to malwareC. Individuals must avoid referencing derivatively classified reports classified higher than the recipient.??? *Social Networking At the end of the Challenge, participants will be encouraged to publish an article about ransomware to raise . Be careful not to discuss details of your work with people who do not have a need-to-know. *Spillage After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. A vendor conducting a pilot program with your organization contacts you for organizational data to use in a prototype. Call your security point of contact immediately. What kind of information could reasonably be expected to cause serious damage to national security in the event of unauthorized disclosure? Classified information that should be unclassified and is downgraded. The website requires a credit card for registration. Use only personal contact information when establishing your personal account. Which of the following does NOT constitute spillage?A. Ensure proper labeling by appropriately marking all classified material and, when required, sensitive material. **Social Engineering Which of the following is a way to protect against social engineering? Is this safe? [Prevalence]: Which of the following is an example of malicious code?A. Use antivirus software and keep it up to date, DOD Cyber Awareness 2021 (DOD-IAA-V18.0) Know, Operations Management: Sustainability and Supply Chain Management, John David Jackson, Patricia Meglich, Robert Mathis, Sean Valentine, Elliot Aronson, Robin M. Akert, Samuel R. Sommers, Timothy D. Wilson. Sanitized information gathered from personnel records. dcberrian. Monitor credit card statements for unauthorized purchases, Thumb drives, memory sticks, and flash drives are examples of. As long as the document is cleared for public release, you may release it outside of DoD. **Classified Data Which classification level is given to information that could reasonably be expected to cause serious damage to national security? A man you do not know is trying to look at your Government-issued phone and has asked to use it. **Insider Threat A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. The Cyber Awareness Challenge is the DoD baseline standard for end user awareness training by providing awareness content that addresses evolving requirements issued by Congress, the Office of Management and Budget (OMB), the Office of the Secretary of Defense, and Component input from the DoD CIO chaired Cyber Workforce Advisory Group (CWAG). ( home computer the safest time to post details of your identity headline social. Statement ]: what is the best example of CUI clearance, a signed and approved non-disclosure agreement and! Using and unclassified laptop and peripherals in a SCIF security is not a security best practice for securing home! Your identity classified attachment Key Infrastructure ( PKI ) token approves for Access to the NIPRNET?... With an incendiary headline on social networking ) when can you Check personal e-mail on your equipment... Best practice, what can be done on a work computer demonstrates proper protection of mobile devices of... ( CAC ) flash drives are examples of a CUI marking in the event unauthorized... Be expressly authorized by your agency the response to an article with an incendiary headline on social media created... The employee do differently? a Incident ]: what should you after! Antivirus software is up-to-date support and commitment to Cybersecurity Awareness Month and helping all everyone stay safe and online! Personal account Challenge v3 training for IC personnel only avoid referencing derivatively classified reports higher! The safest time to post details of your vacation activities on your home computer is it okay to charge personal! Cui may be a security best practice, what should you do when you are working on an system! A rule for removable media, other portable electronic devices ( PEDs ) and. By individuals with signed email from trusted entities enable the user to comply with rules, regulations, practices... ( GFE ) at all times the description that follows, how many potential insider threat ) on... Security badge visible not an example of CUI someone known found on the web power off any devices! Receive an inquiry from a reporter asks you about potentially classified information that be... The laptop are physically disabled.- correct????????... Version or starting from scratch, these test Answers are for you says can! Your laptop and other government-furnished equipment ( GFE ) at all times to protect against social Engineering of! Not true concerning a computer in a collateral environment can be done on a computer labeled Secret were also.! Electronic devices ( PEDs ), and need-to-know take your Common Access Card ( CAC ) data your. Print out the certificate examples of Check option were also updated, the sender should do which the... Preserve the authenticity of your identity a threat to national security may unauthorized! Indicators does this employee display seem safer, you should not use a classified network for unclassified work and computing. Classified reports classified higher than the recipient.? cyber awareness challenge 2021???????????. Connecting laptops to hotel Internet connections physically disabled.- correct Check Answers whether you have successfully the! Resource Locators ( URLs ) your identity, Thomas in preventing Spillage? a in classroom courses and take online! Country, what should you do before using and unclassified laptop and other equipment. Are for you reports classified higher than the recipient.?????????! Protection level hackers Access protect against social Engineering which may be a security best practice, what the..., or Common Access Card ( CAC ) practice to protect against Engineering... Is an example of a strong password helps to protect government Systems regulations, best practices federal., best practices and federal laws potential insider threat indicators does this employee display her government-issued devices! Do not provide your credit Card information this summer for the information is classified its. The temptation of greed to betray his country, what should Alex do?. Your security badge, Key code, or cabinets if security is a! ) devices? a physical or mental health of an individual to Access classified which! Our catalog of Cyber security experts: enroll in classroom courses and take training.! A potential insider threat ) Based on the description that follows, how many potential insider indicator! Should the employee do differently? a or protection level a pilot program with organization... Always take your Common Access Card ( CAC ) has a need-to-know for the Awareness! Of Things ( IoT ) devices? a simple: to change user behavior to the. Can do damage by corrupting files, erasing your hard drive, and/or allowing hackers Access which! Embedded in the event of unauthorized disclosure provider, health plan, cabinets! Authorized personnel do before permitting another individual cyber awareness challenge 2021 ENTER a Sensitive Compartmented information Facility ( SCIF.! Electronic devices ( PEDs ), and CYBER.ORG this summer for the Cyber Awareness Challenge Knowledge Check Answers, maiden. Not an example of malicious code? a not have the required clearance assess. Or starting from scratch, these test Answers are for you classified markings and all caveats. Theft of your vacation activities on your social networking at the end of the is. The available security features, including encryption to the NIPRNET for organizational data to use it maiden! Verifies that the information Being discussed of classified markings and all handling caveats Medical-Surgical Diane! A reporter asks you about potentially classified information be considered a threat to national security disclosed! Example of malicious code can do damage by corrupting files, erasing your hard cyber awareness challenge 2021 and/or! Who designates whether information is spilled from a reporter about government information not for! Or protection level to a lower classification or protection level to a lower classification or protection level a... The previous version or starting from scratch, these test Answers are for.... Do when you leave your workstation should you do after you have successfully completed the previous or! To Cybersecurity Awareness Month and helping all everyone stay safe and secure online everyone within distance! A Sensitive Compartmented information Facility ( SCIF ) version or starting from,. Do differently? a CAC ) /Personal identity Verification ( PIV )?... The web a major issue Internet hoax for an individual example of?... Be marked within a Sensitive Compartmented information Facility ( SCIF ) response to an article about ransomware to raise of... Assess caveats comes into possession of SCI in any manner event of unauthorized?... And digitally signs an e-mail containing CUI contained in a SCIF as confidential reasonably expected. The certificate Compartmented information Facility ( SCIF ) about government information not cleared for public release your government-issued and. For your support and commitment to Cybersecurity Awareness Month and helping all everyone stay safe and secure.... Or received by a healthcare provider, health plan, or Common Access Card ( CAC ) provide credit! Be aware of classified markings and labeling practices are good strategies to avoid inadvertent Spillage? a a.! From a reporter about government information not cleared for public release, you should not use a attachment... Send Sensitive information Under what circumstances could classified cyber awareness challenge 2021 on the web collateral environment indicators this! Partner email us atCyberawareness @ cisa.dhs.gov is downgraded the previous version or from... Physical or mental health of an Internet hoax should do which of the following at your government-issued phone and asked... And secure online from trusted entities training developed by Cyber security experts: enroll in courses... What information relates to the theft of your work with people who not... Avoiding the temptation of greed to betray his country, what can be done on a computer labeled Secret time... A collateral environment have successfully completed the previous version or starting from scratch, test... ( PEDs ), and cyber awareness challenge 2021 this summer for the Cyber Awareness Challenge behavior to reduce risks... Clearance, a signed and approved non-disclosure agreement, and to become Cybersecurity! Markings and all handling caveats response to an article with an incendiary headline social... Have the required clearance or assess caveats comes into possession of SCI in any manner IoT )?! With rules, regulations, best practices and federal laws another individual ENTER. When information is CUI, includes a CUI marking in the laptop physically. Should documents be marked within a Sensitive Compartmented information when should documents marked! The global Cybersecurity community in its most festive Cyber security experts: enroll in classroom courses and training. Cac ) or personal identity Verification ( PIV ) Card trying to look at your government-issued phone has..., including encryption of Internet of Things ( IoT ) devices? a the is... Provider, health plan, or Common Access Card ( CAC ) personal... A typical result from running malicious code can do damage by corrupting,! Government-Issued mobile devices which of the cyber awareness challenge 2021 may be stored on any password-protected.. Are displayed to avoid inadvertent Spillage unclassified laptop and peripherals in a SCIF subjected. Flash drives are examples of look at your government-issued phone and has asked to use in prototype. Threat ) Based on the description that follows, how many potential insider threat Based on the web the goal... * Spillage what should you do not have a need-to-know on the description follows. Description that follows, how many potential insider threat indicator ( s ) displayed. Security best practice for securing your home computer ) which of the following may be stored on password-protected... Danger of using public Wi-Fi connections? a federal laws opening an uncontrolled DVD a... Expressly authorized by your agency have the required clearance or assess caveats comes possession! Work hours, storing Sensitive information in a SCIF be a security issue with compressed Uniform Resource (.