Pages

✅ DOD Cyber Awareness Challenge Answers 1

Which of the following may be helpful to prevent inadvertent spillage?

Which of the following may help to prevent inadvertent spillage? knowledge check
Which of the following may help to prevent spillage?
A: Purge the memory of any device removed from a classified network before plugging it into an unclassified network.
B: Label all files, removable media, and subject headers with appropriate classification markings.
C: Use a classified network for all work, especially unclassified processing.
D: Be aware of the network you are using when connecting a personal, unauthorized device.

Show or Reveal the Answer

Label all files, removable media, and subject headers with appropriate classification markings.

2. What should you do if a reporter asks you about potentially classified information on the web?

A: Confirm the information is classified.
B: Neither confirm nor deny the information is classified.
C: Deny the information is classified.
D: Explain that you are not authorized to discuss this classified project over the phone but could meet in person.

Show or Reveal the Answer

Neither confirm nor deny the information is classified.

What should you do if a reporter asks you about potentially classified information on the web?

A: Provide your official email to the reporter and ask that she send you the information.
B: Ask for information about the website, including the URL.
C: Download the story to validate the details with your classified project notes prior to answering.
D: Shut off your computer.

Show or Reveal the Answer

Ask for information about the website, including the URL.

What should you do after you have ended a call from a reporter asking you to confirm potentially classified information found on the web?

Alert your security point of contact.

What should you do if a reporter asks you about potentially classified information on the web?

Refer the reporter to your organization's public affairs office.

After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. You know that this project is classified. How should you respond?

Attempt to change the subject to something non-work related, but neither confirm nor deny the article's authenticity

What should you do when you are working on an unclassified system and receive an email with a classified attachment? You are working at your unclassified system and receive an email from a coworker containing a classified attachment. What should you do?

Call your security point of contact immediately to alert them.

Which of the following terms refers to harm inflicted on national security through authorized access to information or information systems?

A: Whaling
B: Insider Threat

Show or Reveal the Answer

Insider Threat

DOD Cyber Awareness Challenge, Insider threat awareness Test answers


Which of the following does not constitute spillage
A: Classified information that is accidentally moved to a lowerclassification or protection level
B: Classified information that should be unclassified and is downgraded
C: Classified information that is intentionally moved to a lowerprotection level without authorization

Show or Reveal the Answer

Classified information that should be unclassified and is downgraded.

Cyber Awareness Challenge: Malicious Code - Website Use Knowledge Check
What is a valid response when identity theft occurs?
ANSWER: Report the crime to local law enforcement.

Cyber Awareness Challenge: Malicious Code Knowledge Check
What can malicious code do?
ANSWER: It can cause damage by corrupting files, erasing your hard drive, and/or allowing hackers access.

What is an indication that malicious code is running on your system?
ANSWER: File corruption

What is a possible indication of a malicious code attack in progress?
ANSWER: A pop-up window that flashes and warns that your computer is infected with a virus.

Cyber Awareness Challenge: Malicious Code - Social Engineering Knowledge Check
What is a common method used in social engineering?
ANSWER: Telephone surveys

What is a way to prevent the download of viruses and other malicious code when checking your e-mail?
ANSWER: View e-mail in plain text and don't view e-mail in Preview Pane.

What is whaling?
ANSWER: A type of phishing targeted at high-level personnel such as senior officials.

What is a protection against internet hoaxes?
ANSWER: Use online sites to confirm or expose potential hoaxes.

Cyber Awareness Challenge: Malicious Code - Use of GFE Knowledge Check
When is conducting a private money-making venture using your Government-furnished computer permitted?
ANSWER: It is never permitted.

Which of the following activities is an ethical use of Government-furnished equipment (GFE)?
ANSWER: Completing your expense report for your government travel.

Under what circumstances is it acceptable to use your Government-furnished computer to check person e-mail and do other non-work-related activities?
ANSWER: If allowed by organization policy.

Cyber Awareness Challenge: Malicious Code - Travel Knowledge Check
Upon connecting your Government-issued laptop to a public wireless connection, what should you immediately do?
ANSWER: Connect to the Government Virtual Private Network (VPN).

Cyber Awareness Challenge: Malicious Code - Home Computer Security Knowledge Check
What is a good practice to protect data on your home wireless systems?
ANSWER: Ensure that the wireless security features are properly configured.

Cyber Awareness Challenge: Malicious Code - Mobile Devices Knowledge Check
What is a rule for removable media, other portable electronic devices (PEDs), and mobile computing devices to protect Government systems?
ANSWER: Do not use any personally owned/non-organizational removable media on your organization's systems.

What are some examples of removable media?
ANSWER: Memory sticks, flash drives, or external hard drives

Which are examples of portable electronic devices (PEDs)?
ANSWER: Thumb drives, memory sticks, and optical disks

What portable electronic devices (PEDs) are allow in a Secure Compartmented Information Facility (SCIF)?
ANSWER: Government-owned PEDs, if expressly authorized by your agency.

Cyber Awareness Challenge: Spillage - Social Networking Knowledge Check
When may you be subject to criminal, disciplinary, and/or administrative action due to online misconduct?
When may you be subjected to criminal, disciplinary, and/or administrative action due to online misconduct?
A: If the online misconduct also occurs offline
B: If you participate in or condone it at any time
C: If you participate in it while using DoD information systems only
D: If you participate in or condone it during work hours only

Show or Reveal the Answer

If you participate in or condone it at any time

Under which circumstances may you be subject to criminal, disciplinary, and/or administrative action due to online misconduct?
ANSWER: Any time you participate in or condone misconduct, whether offline or online
What information most likely presents a security risk on your personal social networking profile?
What information posted publicly on your personal social networking profile represents a security risk?
ANSWER: Your place of birth

Cyber Awareness Challenge: Spillage - Classified Data Knowledge Check
Which classification level is given to information that could reasonably be expected to cause serious damage to national security?
What kind of information could reasonably be expected to cause serious damage to national security
If classified information were released, which classification level would result in "Exceptionally grave damage to national security"?
ANSWER: Secret.

which is true for protecting classified data cyber awareness 2020
ANSWER: Classified material is stored in a GSA-approved container when not in use.

Cyber Awareness Challenge: Spillage - Insider Threat Knowledge Check
An individual who has attempted to access sensitive information without need-to-know and has made unusual requests for sensitive information is displaying indicators of what?
ANSWER: Potential Insider Threat

How many potential insider threat indicators does a person who is married with two children, vacations at the beach every year, is pleasant to work with, but sometimes has poor work quality display?
Based on the description that follows, how many potential insider threat indicator(s) are displayed? A colleague vacations at the beach every year, is married and a father of four, sometimes has poor work quality, and works well with his team.
A colleague vacations at the beach every year, is married and a father of four, his work quality is sometimes poor, and he is pleasant to work with. How many potential insider threat indicators does this employee display?
ANSWER: 0 indicators

How many potential insider threat indicators does a person who is playful and charming, consistently wins performance awards, but is occasionally aggressive in trying to access sensitive information display?
ANSWER: 1 indicator

Based on the description that follows, how many potential insider threat indicator(s) are displayed? A colleague is playful and charming, consistently wins performance awards, and is occasionally aggressive in trying to access classified information.
ANSWER: 1 indicator

A colleague has won 10 high-performance awards, can be playful and charming, is not currently in a relationship, and is occasionally aggressive in trying to access sensitive information. How many potential insider threat indicators does this employee display?
ANSWER: 1 indicator

How many potential insider threat indicators does a coworker who often makes others uneasy by being persistent in trying to obtain information about classified projects to which he has no access, is boisterous about his wife putting them in credit card debt, and often complains about anxiety and exhaustion display?
ANSWER: 3 or more indicators

A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complains about the credit card bills that his wife runs up. How many potential insider threat indicators does this employee display?
ANSWER: 3 or more indicators

A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. How many potential insiders threat indicators does this employee display?
ANSWER: 3 or more indicators

Based on the description that follows, how many potential insider threat indicator(s) are displayed? A colleague often makes others uneasy with her persistent efforts to obtain information about classified project where she has no need-to-know, is vocal about her husband overspending on credit cards, and complains about anxiety and exhaustion.
ANSWER: 3 or more indicators

Bob, a coworker, has been going through a divorce, has financial difficulties and is displaying hostile behavior. How many potential insider threat indicators is Bob displaying?
ANSWER: 3

Cyber Awareness Challenge: Sensitive Information Knowledge Check
What certificates are contained on the DoD Public Key Infrastructure (PKI) implemented by the Common Access Card (CAC)/Personal Identity Verification (PIV) card?
What certificates does the CAC or PIV card contain?
What certificates are contained on the Common Access Card (CAC)?
ANSWER: Identification, encryption, and digital signature

What should you do if a commercial entity, such as a hotel reception desk, asks for Government identification so that they can make a photocopy?
What should you do if a commercial entity, such as a hotel reception desk, asks to make a photocopy of your Common Access Card (CAC) for proof of Federal Government employment?
ANSWER: Do not allow you Common Access Card (CAC) to be photocopied.

Which of the following is NOT a correct way to protect sensitive information?
ANSWER: Sensitive information may be stored on any password-protected system.

(Sensitive Information) What type of unclassified material should always be marked with a special handling caveat?
ANSWER: For Official Use Only (FOUO)

(Sensitive Information) Which of the following is NOT an example of sensitive information?
ANSWER: Press release data

(Controlled Unclassified Information) Which of the following is NOT an example of CUI?
ANSWER: Press release data

(controlled unclassified information) Which of the following is NOT correct way to protect CUI?
ANSWER: CUI may be stored on any password-protected system.

(Controlled Unclassified Information) Select the information on the data sheet that is personally identifiable information (PII) but not protected health information (PHI)
ANSWER: Jane Jones
Social Security Number: 123-45-6789(Top)

(Controlled Unclassified Information) Select the information on the data sheet that is protected health information (PHI) but not personally identifiable information (PII).
ANSWER: Interview: Dr. Nora Baker
Dr. Baker was Ms. Jones's psychiatrist for three months. Dr. Baker reports that the sessions addressed Ms. Jones's depression, which poses no national security risk (Bottom)

What is NOT Personally Identifiable Information (PII)?
ANSWER: Hobby

What is the best protection method for sharing Personally Identifiable Information (PII)?
ANSWER: Digitally sign and encrypt the email.

What is an individual's Personally Identifiable Information (PII) or Protected Health Information (PHI) considered?
ANSWER: Sensitive information.

What is the best example of Personally Identifiable Information (PII)?
ANSWER: Date and place of birth

Which of the following is the best example of Personally Identifiable Information (PII)?
ANSWER: Passport number

Which of the following is the example of Personally Identifiable Information (PII)?
ANSWER: Date of Birth

Which of the following is the best example of Personally Identifiable Information (PPI)?
ANSWER: Date of Birth

What does Personally Identifiable Information (PII) include?
ANSWER: Social Security Number; date and place of birth; mother's maiden name

What must you do when e-mailing PII or PHI?
What must you do when e-mailing Personally Identifiable Information (PII) or Protected Health Information (PHI)?
ANSWER: Encrypt the e-mail and use your Government e-mail account.

What must you ensure before transmitting Personally Identifiable Information (PII) or Protected Health Information (PHI) via e-mail?
ANSWER: Transmissions must be between Government e-mail accounts and must be encrypted and digitally signed when possible.

Under what circumstances could unclassified information be considered a threat to national security?
ANSWER: When/If aggregated, the information could become classified.

What is the best example of Protected Health Information (PHI)?
ANSWER: Your health insurance explanation of benefits (EOB)

Which of the following is an example of Protected Health Information (PHI)?
ANSWER: Medical test results

Which of the following is an example of Protected Health Information (PHI)?
ANSWER: Explanation of benefits from a health insurance company.
Examples are: Patient names, Social Security numbers, Driver's license numbers, insurance details, and birth dates

Which of the following is NOT Protected Health Information (PHI)?
ANSWER: Medical care facility name

Cyber Awareness Challenge: Sensitive Information - Physical Security Knowledge Check
What is a good practice for physical security?
ANSWER: Challenge people without the proper badge.

(Physical Security) At which Cyberspace Protection Condition (CPCON) is the priority focus on critical functions only?
ANSWER: CPCON 1

(Physical Security) which Cyberspace Protection Condition (CPCON) establishes a protection priority focus on critical and essential functions only?
Which Cyber Protection Condition (CPCON) is the priority focus on critical and essential functions only?
Which Cyber Protection Condition (CPCON) establishes a protection priority focus on critical and essential functions only?
A: CPCON 1 (Very High: Critical Functions)
B: CPCON 2 (High: Critical and Essential Functions)
C: CPCON 3 (Medium: Critical, Essential, and Support Functions)
D: CPCON 4 (Low: All Functions)
E: CPCON 5 (Very Low: All Functions)

Show or Reveal the Answer

CPCON 2 (High: Critical and Essential Functions)

Within a secure area, you see an individual who you do not know and is not wearing a visible badge. What should you do?
ANSWER: Ask the individual for identification

Cyber Awareness Challenge: Sensitive Information - Identity Management Knowledge Check
(Identity Management) Your DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approved for access to the Non-classified Internet Protocol ROuter Network (NIPRNet). In which situation are you permitted to use your PKI token?
Your DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approved for access to the NIPRNet. In which situation below are you permitted to use your PKI token?
ANSWER: On a NIPRNet system while using it for a PKI-required task.

Which of the following is NOT a good way to protect your identity?
ANSWER: Use a single, complex password for your system and application logons.

(Identity management) Which is NOT a sufficient way to protect your identity?
ANSWER: Use a common password for all your system and application logons.

(Identity Management) What is the best way to protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card?
(Identity management) What is the best way to protect your Common Access Card (CAC)?
Maintain possession of it at all times

(Identity management) Which of the following is NOT a best practice to preserve the authenticity of your identity?
A: Store your Common Access Card (CAC) or Personal Identity Verification (PIV) card in a shielded sleeve
B: Write your password down on a device that only you access (e.g., your smartphone)
C: Change your password at least every 3 months
D: Enable two-factor authentication whenever available, even for personal accounts

Show or Reveal the Answer

Write your password down on a device that only you access (e.g., your smartphone)

(Identity Management) Which of the following is an example of two-factor authentication?
ANSWER: Your password and a code you receive via text message

(Identity Management) Which of the following is an example of two-factor authentication?
ANSWER: Your password and the second commonly includes a text with a code sent to your phone

(Identity management) Which of the following is an example of a strong password?
What is an example of a strong password?
ANSWER: eA1xy2!P

(Identity Management) What certificates are contained on the Common Access Card (CAC)?
ANSWER: Identification, encryption, and digital signature

(Identity Management) What certificates does the Common Access Card (CAC) or Personal Identity Verification (PIV) card contain?
ANSWER: Identification, encryption, digital signature

What certificates are contained on the DoD Public Key Infrastructure (PKI) implemented by the Common Access Card (CAC)/Personal Identity Verification (PIV) card?
ANSWER: Identification, encryption, and digital signature

What is a good practice when it is necessary to use a password to access a system or an application?
ANSWER: Avoid using the same password between systems or applications.

What must you ensure if your work involves the use of different types of smart card security tokens?
ANSWER: Avoid a potential security violation by using the appropriate token for each system.

What should you do if an individual asks you to let her follow you into your controlled space, stating that she left her security badge at her desk?
ANSWER: Don't allow her access into secure areas and report suspicious activity.

Cyber Awareness Challenge: Sensitive Compartmented Information Knowledge Check
What describes how Sensitive Compartmented Information is marked?

ANSWER: Approved Security Classification Guide (SCG)
What are the requirements to be granted access to SCI material?
ANSWER: The proper security clearance and indoctrination into the SCI program.

Which must be approved and signed by a cognizant Original Classification Authority (OCA)? ANSWER: Security Classification Guide (SCG)

What describes a Sensitive Compartmented Information (SCI) program?
ANSWER: A program that segregates various type of classified information into distinct compartments for added protection and dissemination for distribution control.

Which term describes an event where a person who does not have the required clearance or access caveats comes into possession of Sensitive Compartmented Information (SCI)
ANSWER: Compromise

Cyber Awareness Challenge: Sensitive Compartmented Information - Removable Media in a SCIF Knowledge Check
Which is a risk associated with removable media?
ANSWER: Spillage of classified information.

What must users do when using removable media within a Sensitive Compartmented Information Facility (SCIF)?
ANSWER: Comply with Configuration/Change Management (CM) policies and procedures

When can you use removable media on a government computer cyber awareness challenge
ANSWER: Some examples of removable media are memory sticks, flash drives, or external hard drives. The rule for removable media, mobile computing devices and other portable electronic devices (PEDs) to protect Government systems is do not use any personally owned/non-organizational removable media on on a government computer or organization's systems.

Which of the following is not considered a potential insider threat indicator
ANSWER: Treated mental health issues.

Which of the following is not considered a potential insider threat indicator
ANSWER: New interest in learning a foreign language.

What do insiders with authorized access to information or information systems pose?
What threat do insiders with authorized access to information or information systems pose?
ANSWER: They may wittingly or unwittingly use their authorized access to perform actions that result in the loss or degradation of resources or capabilities

Which of the following is true of protecting classified data
ANSWER: Classified material must be appropriately marked.

What level of damage to national security can you reasonably expect Top Secret information to cause if disclosed?
ANSWER: Exceptionally grave damage

What level of damage can the unauthorized disclosure of information classified as Confidential reasonably be expected to cause?
ANSWER: Damage to national security

Which of the following is true about telework?
ANSWER: You must have your organization's permission to telework.

Which of the following is true of telework?
ANSWER: You must have permission from your organization.

Which is NOT a telework guideline?
ANSWER: Taking classified documents from your workspace

Which is NOT a requirement for telework?
ANSWER: Telework is only authorized for unclassified and confidential information

Which of the following is NOT a requirement for telework?
ANSWER: You must possess security clearance eligibility to telework.

Who can be permitted access to classified data?
ANSWER: Only persons with appropriate clearance, a non-disclosure agreement, and need-to-know.

Ellen's Statement: How many insider threat indicators does Alex demonstrate?
How many insider threats does alex demonstrate
ANSWER: Three or more

Mark's Statement: What should Alex's colleagues do?
ANSWER: Report the suspicious behavior in accordance with their organization's insider threat policy

which of the following represents a good physical security practice? cyber awareness
ANSWER: Use your own security badge, key code, or Common Access Card (CAC)/Personal Identity Verification (PIV) card.

Which of the following is a best practice for physical security?
ANSWER: Use your own facility access badge or key code

Which of the following is true about unclassified data?
ANSWER: When unclassified data is aggregated, its classification level may rise.

Which scenario might indicate a reportable insider threat security incident?
ANSWER: A coworker is observed using a personal electronic device in an area where their use is prohibited.
cyber awareness 2019, 2020, 2021 answers

No comments:

Post a Comment