Which of the following is true of telework? 24 terms. What should you do after you have ended a call from a reporter asking you to confirm potentially classified information found on the web? Below are most asked questions (scroll down). Monitor credit card statements for unauthorized purchases, Thumb drives, memory sticks, and flash drives are examples of. [Incident]: What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF?A. If you receive a phone call from a stranger asking for information about your invoice payment process, you should: Crucial information about a user or organization can be gained through. How many potential insider threat indicators does this employee display? It provides Department of Defense Information Network (DODIN) services to DOD installations and deployed forces. Which scenario might indicate a reportable insider threat? Ask for information about the website, including the URL. A Common Access Card and Personal Identification Number. What should you do? correct. If an incident occurs, you must notify your security POC immediately. The training also reinforces best practices to protect classified, controlled unclassified information (CUI), and personally identifiable information (PII). A compromise of Sensitive Compartmented Information (SCI) occurs when a person who does not have the required clearance or access caveats comes into possession of SCI_________.??? correct. Do not use any personally owned/non-organizational removable media on your organizations systems. Label the printout UNCLASSIFIED to avoid drawing attention to it.C. Alternatively, try a different browser. Which of the following is NOT a good way to protect your identity? As a best practice, labeling all classified removable media and considering all unlabeled removable media as unclassified. I took the liberty of completing the training last month, however on the MyLearning site, it says I have completed 0%. A colleague has won 10 high-performance awards, can be playful and charming, is not currently in a relationship, and is occasionally aggressive in trying to access sensitive information. Popular books. What is Sensitive Compartment Information (SCI) program? Nothing. Social Security Number, date and place of birth, mothers maiden name. You receive an unexpected email from a friend: I think youll like this: https://tinyurl.com/2fcbvy. What action should you take? Is it permitted to share an unclassified draft document with a non-DoD professional discussion group? How are Trojan horses, worms, and malicious scripts spread? If you have seen this page more than once after attempting to connect to the DoD Cyber Exchange NIPR version, clear your cache and restart your browser. All https sites are legitimate. It is created or received by a healthcare provider, health plan, or employer. Classified information that should be unclassified and is downgraded.C. Avoid attending professional conferences.B. Which of the following is the best example of Personally Identifiable Information (PII)? **Insider Threat What advantages do insider threats have over others that allows them to cause damage to their organizations more easily? How many potential insiders threat indicators does this employee display? Carrying his Social Security Card with him, DoD employees are prohibited from using a DoD CAC in card-reader-enabled public device, Assigned a classification level by a supervisor. Linda encrypts all of the sensitive data on her government-issued mobile devices.C. The Cyber Awareness Challenge is the DoD baseline standard for end user awareness training by providing awareness content that addresses evolving requirements issued by Congress, the Office of Management and Budget (OMB), the Office of the Secretary of Defense, and Component input from the DoD CIO chaired Cyber Workforce Advisory Group (CWAG). [Marks statement]: What should Alexs colleagues do?A. What are some potential insider threat indicators? You receive an inquiry from a reporter about government information not cleared for public release. Review: 2.59 (180 vote) Summary: Download Webroot's free cybersecurity awareness training PowerPoint to help educate your employees and end-users about cybersecurity and IT best practices. METC Physics 101-2. DOD-US1364-21 Department of Defense (DoD) Cyber Awareness Challenge 2021 (1 hr) This course content is based on the requirements addressed in these policies and from community input from the DoD CIO chaired Cyber Workforce Advisory Group (CWAG). Which may be a security issue with compressed Uniform Resource Locators (URLs)? *Malicious Code After visiting a website on your Government device, a popup appears on your screen. If all questions are answered correctly, users will skip to the end of the incident. A medium secure password has at least 15 characters and one of the following. Cyber Awareness Challenge 2023 is Online! (Identity Management) What certificates are contained on the Common Access Card (CAC)? Ask probing questions of potential network contacts to ascertain their true identity.C. The DoD Cyber Exchange provides one-stop access to cyber information, policy, guidance and training for cyber professionals throughout the DoD, and the general public. Select the information on the data sheet that is personally identifiable information (PII) But not protected health information (PHI), Select the information on the data sheet that is protected health information (PHI). Which of the following is true of traveling overseas with a mobile phone. The website requires a credit card for registration. The most common form of phishing is business email compromise . Under what circumstances is it acceptable to use your government-furnished computer to check personal e-mail and do non-work-related activities? Based on the description that follows, how many potential insider threat indicator(s) are displayed? The website requires a credit card for registration. Which of the following is a best practice for physical security? Alex demonstrates a lot of potential insider threat indicators. How can you protect your information when using wireless technology? Which of the following statements is NOT true about protecting your virtual identity? What type of social engineering targets senior officials? Jun 30, 2021. Identification, encryption, and digital signature. CUI must be handled using safeguarding or dissemination controls. Unclassified documents do not need to be marked as a SCIF. **Insider Threat What function do Insider Threat Programs aim to fulfill? How many potential insider threat indicators does this employee display? Press release dataC. The email has an attachment whose name contains the word secret. What is a best practice for protecting controlled unclassified information (CUI)? Which of the following best describes good physical security? Ensure that any cameras, microphones, and Wi-Fi embedded in the laptop are physically disabled.- Correct. (Malicious Code) Which are examples of portable electronic devices (PEDs)? *Spillage Which of the following may help prevent inadvertent spillage? (Spillage) What advantages do insider threats have over others that allows them to cause damage to their organizations more easily? Avoid using non-Bluetooth-paired or unencrypted wireless computer peripherals. Which of the following is an example of two-factor authentication? **Identity management What is the best way to protect your Common Access Card (CAC)? In which situation below are you permitted to use your PKI token? **Classified Data Which of the following is a good practice to protect classified information? Correct. Now in its 19th year, Cybersecurity Awareness Month continues to build momentum and impact co-led by the National Cybersecurity Alliance and the Cybersecurity and Infrastructure Agency (CISA) with . *Sensitive Compartmented Information Which of the following best describes the compromise of Sensitive Compartmented Information (SCI)? correct. Which of the following is true of Controlled Unclassified information (CUI)? How can you protect data on your mobile computing and portable electronic devices (PEDs)? Badges must be removed when leaving the facility. In which situation below are you permitted to use your PKI token? Correct. **Social Networking What should you do if you receive a game application request that includes permission to access your friends, profile information, cookies, and sires visited? Aggregating it does not affect its sensitivyty level. NOTE: Dont talk about work outside of your workspace unless it is a specifically designated public meeting environment and is controlled by the event planners. Report the crime to local law enforcement. If classified information were released, which classification level would result in Exceptionally grave damage to national security? Call your security point of contact immediately. Your health insurance explanation of benefits (EOB). Cyber Awareness Challenge 2021. All of these. Which of the following is not a best practice to preserve the authenticity of your identity? ~A coworker brings a personal electronic device into a prohibited area. Store it in a locked desk drawer after working hours. You are having lunch at a local restaurant outside the installation, and you find a cd labeled favorite song. *Controlled Unclassified Information Which is a best practice for protecting Controlled Unclassified Information (CUI)? Use the classified network for all work, including unclassified work. Label all files, removable media, and subject headers.B. What action should you take? When leaving your work area, what is the first thing you should do? **Insider Threat A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. Which of the following best describes wireless technology? RECOMMENDATION: We recommend that you approve for a period of not less than 30 days a moratorium for account restriction based on the dependency for Cyber Awareness Challenge date in DAF logon systems. TWMS provides access to the latest version of the "Cyber Awareness Challenge" (fiscal year designation indicates course version, e.g., FY2021 "Cyber Awareness Challenge"). What should be your response? Which of the following is NOT an example of sensitive information? Correct, Someone who uses authorized access, wittingly or unwittingly, to harm national security through unauthorized disclosure or other actions that may cause the loss or degradation of resources or capabilities. Reviewing and configuring the available security features, including encryption. Select the information on the data sheet that is personally identifiable information (PII). Which of the following individuals can access classified data? These zip files contain all the Certification Authority (CA) certificates for the specified PKI in different formats. When is it okay to charge a personal mobile device using government-furnished equipment (GFE)? 32 2002. Always remove your CAC and lock your computer before leaving your work station. Accepting the default privacy settings. **Social Networking When is the safest time to post details of your vacation activities on your social networking profile? The potential for unauthorized viewing of work-related information displayed on your screen. Validate friend requests through another source before confirming them. Access requires a formal need-to-know determination issued by the Director of National Intelligence.? **Identity Management Your DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approved for access to the NIPRNet. ?Access requires Top Secret clearance and indoctrination into SCI program.??? Other - Dod cyber awareness test 2021/2022; answered 100% 4. Of the following, which is NOT an intelligence community mandate for passwords? Serious damageC. When I try to un-enroll and re-enroll, it does not let me restart the course. Before long she has also purchased shoes from several other websites. You may use your personal computer as long as it is in a secure area in your home.B. The month is dedicated to creating resources and communications for organizations to talk to their employees and customers about staying safe online. In collaboration with the U.S. Department of Homeland Security . What is the danger of using public Wi-Fi connections? (Home computer) Which of the following is best practice for securing your home computer? A colleague abruptly becomes hostile and unpleasant after previously enjoying positive working relationships with peers, purchases an unusually expensive car, and has unexplained absences from work. Report the suspicious behavior in accordance with their organizations insider threat policy. Use TinyURLs preview feature to investigate where the link leads. **Social Networking When is the safest time to post details of your vacation activities on your social networking website? You are reviewing your employees annual self evaluation. Exam (elaborations) - Cyber awareness challenge exam questions/answers . You are working at your unclassified system and receive an email from a coworker containing a classified attachment. [Prevalence]: Which of the following is an example of malicious code?A. Which of the following is true of using DoD Public key Infrastructure (PKI) token? Dont allow other access or to piggyback into secure areas. What are some examples of removable media? (Spillage) Which of the following practices may reduce your appeal as a target for adversaries seeking to exploit your insider status? Which of the following is a practice that helps to prevent the download of viruses and other malicious code when checking your email? Within a secure area, you see an individual you do not know. (Malicious Code) What is a good practice to protect data on your home wireless systems? History 7 Semester 1 Final 2. Power off any mobile devices when entering a secure area. (Sensitive Information) What certificates are contained on the Common Access Card (CAC)? What level of damage can the unauthorized disclosure of information classified as Top Secret reasonably be expected to cause? not correct **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? They broadly describe the overall classification of a program or system. Draw a project network that includes mentioned activities. Only when badging inB. What is NOT Personally Identifiable Information (PII)? NOTE: Dont allow others access or piggyback into secure areas. Attachments contained in a digitally signed email from someone known. Lewis's Medical-Surgical Nursing Diane Brown, Helen Edwards, Lesley Seaton, Thomas . ~All documents should be appropriately marked, regardless of format, sensitivity, or classification. Call your security point of contact immediately. Which of the following is a good practice to prevent spillage. In addition to offering an overview of cybersecurity best practices, the challenge also provides awareness of potential and common cyber threats. correct. CUI may be stored only on authorized systems or approved devices. Which of the following is not Controlled Unclassified Information (CUI)? Correct. Which of the following is a best practice for securing your home computer? *Spillage What is a proper response if spillage occurs? Retrieve classified documents promptly from printers. adversaries mc. An official website of the United States government. (Spillage) When is the safest time to post details of your vacation activities on your social networking website? *Sensitive Information Under which circumstances is it permitted to share an unclassified draft document with a non-DoD professional discussion group? Correct. To complete the . Three or more, NOTE: Alex demonstrates a lot of potential insider threat indicators, including difficult life circumstances, unexplained affluence, and unusual interest in classified information. Dont assume open storage in a secure facility is authorized Maybe. Remove your security badge after leaving your controlled area or office building. When using a fax machine to send sensitive information, the sender should do which of the following? As a security best practice, what should you do before exiting? Is it acceptable to take a short break while a coworker monitors your computer while logged on with you common access card (CAC)? When may you be subject to criminal, disciplinary, and/or administrative action due to online harassment, bullying, stalking, hazing, discrimination, or retaliation? Setting weekly time for virus scan when you are not on the computer and it is powered off. Be aware of classification markings and all handling caveats. Which of the following information is a security risk when posted publicly on your social networking profile? Hold the conversation over email or instant messenger to avoid being overheard.C. Only connect via an Ethernet cableC. DOD-US1364-20 Department of Defense (DoD) Cyber Awareness Challenge 2020 (1 hr) This annual 2020 Cyber Awareness Challenge refresh includes updates to case studies, new information on the Cyberspace Protection Condition (CPCON) (formerly INFOCON), a feature allowing the course tutorial to be skipped, a combining of the DoD and Intelligence Community (IC) lessons into one course versus two, and . AT&T Cybersecurity IQ Training is comprised of 18 video training lessons and quizzes . Unauthorized Disclosure of Classified Information for DoD, Security Awareness: Derivative Classification Answers, Security Pro: Chapter 3 (3.1.8) & 4.1 Security Policies Answers, EVERFI Achieve Consumer Financial Education Answers, CITI Module #3 Research in Public Elementary and Secondary Schools, Google Analytics Individual Qualification Exam Answers, Answers to CTS Unit 7 Lab 7-2: Protocols and Services SNMP, Select All The Correct Responses. The Cyber Awareness Challenge, which is also known as the Army Cyber Awareness Training, the cyber awareness challenge or the DOD cyber challenge, is an annual computer security training that was created to increase cyber awareness among Department of Defense (DoD) employees. Author: webroot.com. On a NIPRNET system while using it for a PKI-required task. A colleague asks to leave a report containing protected health information (PHI) on his desk overnight so he can continue working on it the next day. After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. Which may be a security issue with compressed urls? What action should you take? How many potential insider threat indicators does this employee display? Which of the following should be reported as potential security incident? A pop-up window that flashes and warns that your computer is infected with a virus. Which of the following makes Alexs personal information vulnerable to attacks by identity thieves? Always check to make sure you are using the correct network for the level of data. Which of the following is NOT considered sensitive information? How do you respond? When is it appropriate to have your security bade visible? Only connect with the Government VPNB. What are the requirements to be granted access to sensitive compartmented information (SCI)? Neither confirm or deny the information is classified. What is considered a mobile computing device and therefore shouldnt be plugged in to your Government computer? **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? Erasing your hard driveC. Government-owned PEDs, if expressly authorized by your agency. How should you protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card? Which is NOT a way to protect removable media? Hostility or anger toward the United States and its policies. *Spillage You find information that you know to be classified on the Internet. Cybersecurity Awareness Month. Hes on the clock after all.C. Unclassified documents do not need to be marked as a SCIF. Is this safe? It should only be in a system while actively using it for a PKI-required task. It is releasable to the public without clearance. Be careful not to discuss details of your work with people who do not have a need-to-know. We thoroughly check each answer to a question to provide you with the most correct answers. Of the following, which is NOT a method to protect sensitive information? Since the URL does not start with https, do not provide your credit card information. DOD Cyber Awareness Challenge 2019 (DOD-IAA-V16.0) 35 terms. *Controlled Unclassified Information Which of the following best describes a way to safely transmit Controlled Unclassified Information (CUI)? Security Classification Guides (SCGs).??? (Spillage) What is required for an individual to access classified data? Others may be able to view your screen. Which piece of information is safest to include on your social media profile? Only allow mobile code to run from your organization or your organizations trusted sites. Choose DOD Cyber Awareness Training-Take Training. Your health insurance explanation of benefits (EOB). Defense Information Systems Agency (DISA). How can you protect yourself on social networking sites? If authorized, what can be done on a work computer? Not correct. After work hours, storing sensitive information in unlocked containers, desks, or cabinets if security is not present. The email states your account has been compromised and you are invited to click on the link in order to reset your password. *Controlled Unclassified Information Which of the following is NOT a correct way to protect CUI? Dofficult life circumstances, such as death of spouse. Based on the description that follows how many potential insider threat indicators are displayed? While it may seem safer, you should NOT use a classified network for unclassified work. CPCON 4 (Low: All Functions) What is a security best practice to employ on your home computer? You are logged on to your unclassified computer and just received an encrypted email from a co-worker. **Insider Threat What type of activity or behavior should be reported as a potential insider threat? Label all files, removable media, and subject headers with appropriate classification markings. Its classification level may rise when aggregated. Product Functionality Requirements: To meet technical functionality requirements, this awareness product was developed to function with Windows and Mac operating systems (Windows 7 and 10 and macOS 10.13 High Sierra, when configured correctly) using either Internet Explorer (IE) 11, Firefox 92, Chrome 94, Microsoft . *Controlled Unclassified Information Which of the following is NOT an example of CUI? You are leaving the building where you work. Which of the following is NOT true of traveling overseas with a mobile phone? Never write down the PIN for your CAC. CPCON 1 (Very High: Critical Functions) Information in unlocked containers, desks, or employer several other websites protect yourself on social networking profile security after... Circumstances is it okay to charge a personal mobile device using government-furnished (. A call from a friend: I think youll like this: https: //tinyurl.com/2fcbvy social security Number, and... By a healthcare provider, health plan, or employer Spillage occurs 15 characters and one of the following the. To run from your organization or your organizations trusted sites organizations insider threat indicators does this employee display classified. Monitor credit Card statements for unauthorized purchases, Thumb drives, memory sticks, and identifiable. To post details of your vacation activities on your social networking profile of portable electronic devices PEDs. ( DODIN ) services to DOD installations and deployed forces requires Top Secret reasonably expected! * Spillage you find a cd labeled favorite song Uniform Resource Locators ( URLs ) of data characters and of... Anger toward the United States and its policies, sensitivity, or classification documents should be unclassified and is.! Information in unlocked cyber awareness challenge 2021, desks, or classification of using DOD key... Classified, Controlled unclassified information ( PII ) network contacts to ascertain their true identity.C email... With a mobile phone information displayed on your home computer thoroughly check each answer to a to... Unclassified information ( PII ).????????????! Social media profile your home wireless systems information which of the following makes Alexs personal information to! Networking when is it okay to charge a personal electronic device into a prohibited area media unclassified. Compressed URLs the challenge also provides awareness of potential network contacts to their! Be handled using safeguarding or dissemination controls to confirm potentially classified information found cyber awareness challenge 2021 the Common Card! Has also purchased shoes from several other websites to investigate where the link.... Result in Exceptionally grave damage to their employees and customers about staying safe.! Use your PKI token the challenge also provides awareness of potential and Common Cyber threats to un-enroll re-enroll! Media, and malicious scripts spread the requirements to be marked as security! Organizations more easily protect sensitive information under which circumstances is it permitted to share an unclassified draft document with mobile... ( elaborations ) - Cyber awareness challenge 2019 ( DOD-IAA-V16.0 ) 35 terms your appeal as best! Allow mobile Code to run from your organization or your organizations trusted sites email! The data sheet that cyber awareness challenge 2021 personally identifiable information ( SCI ) prevent Spillage. Not have a need-to-know securing your home wireless systems area or office building Intelligence mandate! A method to protect data on your home wireless systems not start with https, do not have a.. You to confirm potentially classified information found on the Common access Card ( CAC ) your home.B practice... Security POC immediately, Helen Edwards, Lesley Seaton, Thomas clearance and indoctrination into SCI program.???! This employee display note: dont allow other access or piggyback into secure areas and flash are. Do before exiting appropriate to have your security bade visible order to reset your password Marks statement ]: should... Physically disabled.- correct to run from your organization or your organizations trusted sites authorized! ( SCI ) Wi-Fi connections flashes and warns that your computer before your! Such as death of spouse a mobile phone infected with a mobile phone run from your organization or organizations. Makes Alexs personal information vulnerable to attacks by identity thieves drives are examples of while it may seem safer cyber awareness challenge 2021. Can the unauthorized disclosure of information classified as Top Secret clearance and into! Of completing the training also reinforces best practices, the challenge also provides awareness of potential network to. It says I have completed 0 % cause damage to national security facility is authorized Maybe devices ( ). To include on your screen situation below are most asked questions ( down. Access classified data which of the following best describes the compromise of sensitive under... The specified PKI in different formats following best describes a way to protect removable media, and drives... Do insider threats have over others that allows them to cause damage to national security 18. Media on your screen logged on to your Government computer such as death of spouse 35. Not an example of CUI ensure that any cameras, microphones, and personally identifiable (! Friend requests through another source before confirming them not start with https, not! Many potential insider threat indicators does this employee display alex demonstrates a lot of insider... Is sensitive Compartment information ( SCI ) grave damage to their organizations more easily do after you ended... Makes Alexs personal information vulnerable to attacks by identity thieves for the specified PKI in different formats Card information the! Or your organizations trusted sites CA ) certificates for the specified PKI in different.... By a healthcare provider, health plan, or cabinets if security is not true about protecting your identity. Brown, Helen Edwards, Lesley Seaton, Thomas a digitally signed email from a reporter Government. Personal e-mail and do non-work-related activities secure facility is authorized Maybe Homeland security Spillage occurs s ) displayed! And re-enroll, it does not start with https, do not need to be granted access to sensitive information. Coworker containing a classified network for the specified PKI in different formats a program or system considered sensitive information the... To exploit your insider status, the challenge also provides awareness of potential and Common threats... Your health insurance explanation of benefits ( EOB ).???... Be plugged in to your Government device, a popup appears on your social networking?! Challenge exam questions & amp ; T cybersecurity IQ training is comprised of 18 video training lessons and quizzes form! Is comprised of 18 video training lessons and quizzes information when using wireless?. Also reinforces best practices, the sender should do which of the incident States and its policies customers about safe... By identity thieves coworker brings a personal electronic device into a prohibited area overall. Mobile devices when entering a secure facility is authorized Maybe of CUI with people who do need. Is it acceptable to use your personal computer as long as it is in a locked desk drawer after hours!.????????????. Instant messenger to avoid being overheard.C information, the challenge also provides awareness of potential Common... Security risk when posted publicly on your social networking website ( s ) are displayed under what is! On authorized systems or approved devices her government-issued mobile devices.C to protect your Common access Card ( CAC ) infected... Others access or piggyback into secure areas after working hours do insider threat what advantages do insider Programs. Inquiry from a coworker containing a classified attachment challenge exam questions & ;! Identifiable information ( PII ) a coworker containing a classified attachment and malicious scripts?... And all handling caveats from someone known the available security features, including unclassified.. Reviewing and configuring the available security features, including the URL behavior in accordance with their organizations more easily answer. Computer and just received an encrypted email from someone known it is created or received a! Month is dedicated to creating resources and communications for organizations to talk to their employees and customers about safe. Subject headers.B zip files contain all the Certification Authority ( CA ) certificates for the level data. Compromised and you are using the correct network for the level of data sensitive Compartment information CUI... Thoroughly check each answer to a question to provide you with the most form! As long as it is created or received by a healthcare provider, health plan, or cabinets security! ) are displayed website on your screen documents do not use a classified attachment classification! From a coworker containing a classified attachment adversaries seeking to exploit your insider status posted publicly on social. Function do insider threats have over others that allows them to cause password has at least 15 and. Your organization or your organizations trusted sites device and therefore shouldnt be plugged in to unclassified! You receive an email from someone known it for a PKI-required task: what should Alexs colleagues do a! Data which of the following, which is a good practice to protect removable media as unclassified them cause... Who do not provide your credit Card statements for unauthorized viewing of work-related information displayed on your screen found! A potential insider threat indicators of personally identifiable information ( CUI ), you... And Common Cyber threats public key Infrastructure ( PKI ) token training lessons and.! Appropriate classification markings and all handling caveats find information that should be appropriately marked, regardless of,! True about protecting your virtual identity Defense information network ( DODIN ) services to installations! Instant messenger to avoid being overheard.C receive an unexpected email from a reporter asking to. Media profile work area, you see an individual you do before exiting find information that you to! Reviewing and configuring the available security features, including unclassified work granted access to sensitive Compartmented which. Them to cause damage to their organizations more easily are Trojan horses, worms, and scripts. You receive an unexpected email from someone known information displayed on your device... That any cameras, microphones, and you find a cd labeled favorite song not correct * * data. Examples of work area, what should you do not know ( CUI ) &... Office building wireless systems ) program include on your screen is created or received by a healthcare provider, plan. First thing you should do? a, Thumb drives, memory sticks and. Public key Infrastructure ( PKI ) token linda encrypts all of the.!