Click the card to flip Definition 1 / 25 Label all files, removable media, and subject headers with appropriate classification markings. Which of the following should be reported as a potential security incident (in accordance with your Agencys insider threat policy)? When using a government-owned PED: Only connect government-owned PEDs to the same level classification information system when 0 0 cyberx-sk cyberx-sk 2022-11-01 14:08:01 2022-11-01 14:08:01 Request for comments - DISA releases the draft Cloud Computing Mission Owner SRG for review. Which of the following is NOT a typical means for spreading malicious code? Unclassified documents do not need to be marked as a SCIF. DOD Cyber Awareness Challenge 2022 Flashcards | Quizlet Social Science Sociology DOD Cyber Awareness Challenge 2022 4.2 (5 reviews) Term 1 / 25 *Spillage Which of the following may help to prevent spillage? Which of the following individuals can access classified data? If all questions are answered correctly, users will skip to the end of the incident. : Security Classification Guide (SCG). You know that this project is classified. Ask the individual to see an identification badge. <>/Metadata 317 0 R/ViewerPreferences 318 0 R>> Which of the following is NOT a correct way to protect CUI? . (Spillage) What should you do when you are working on an unclassified system and receive an email with a classified attachment? What threat do insiders with authorized access to information or information systems pose? (Spillage) Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authoriza- tion? (Sensitive Information) What should you do if a commercial entity, such as a hotel reception desk, asks to make a photocopy of your Common Access Card (CAC) for proof of Federal Government employment? Secret. : CUI may be stored on any password-protected system. : Legitimate software updates. (Spillage) Which of the following is a good practice to aid in preventing spillage? 2 . : Store classified data appropriately in a GSA-approved vault/container. : Ask for information about the website, including the URL. Use TinyURLs preview feature to investigate where the link leads. 20. Which of the following is true of protecting classified data? : Retrieve classified documents promptly from printers, What should the participants in this conversation involving SCI do different- ly? What is the best choice to describe what has occurred? : A type of phishing targeted at senior officials, Which may be a security issue with compressed Uniform Resource Locators. Two-factor authentication combines two out of the three types of credentials to verify your identity and keep it more secure: Spillage because classified data was moved to a lower classification level system without authorization. Do not use any personally owned/non-organizational removable media on your organizations systems. A user writes down details marked as Secret from a report stored on a classified system and uses those details to draft a briefing on an unclassified system without authorization. What is TRUE of a phishing attack? : Appropriate clearance, a signed and approved non-disclosure agreement, and need-to-know, Which classification level is given to information that could reasonably be expected to cause serious damage to national security? 4 0 obj What should you do after you have ended a call from a reporter asking you to confirm potentially classified info found on the web? (Sensitive Information) What type of unclassified material should always be marked with a special handling caveat? What describes how Sensitive Compartmented Information is marked? What is a good practice for physical security? 33. Do not access links or hyperlinked media such as buttons and graphics in email messages. (Malicious Code) Upon connecting your Government-issued laptop to a public wireless connection, what should you immediately do? Since the URL does not start with https, do not provide your credit card information. Cyber Awareness 2022 February 8, 2022 *Spillage Which of the following does NOT constitute spillage? : Data about you collected from all sites, apps, and devices that you use can be aggregated to form a profile of you. Which is NOT a sufficient way to protect your identity? : Label all files, removable media, and subject headers with appropriate classification markings. (Spillage) When is the safest time to post details of your vacation activi- ties on your social networking website? : Mark SCI documents appropriately and use an approved SCI fax machine, What action should you take if you become aware that Sensitive Compart- mented Information (SCI) has been compromised? Identify and disclose it with local Configuration/Change Management Control and Property Management authorities. The website requires a credit card for registration. Which of the following is a practice that helps to prevent the download of viruses and other malicious code when checking your email? : Use only personal contact information when establishing personal social networking accounts, never use Government contact information. (Malicious Code) Which of the following is NOT a way that malicious code spreads? A colleague is playful and charming, consistently wins performance awards, and is occasionally aggressive in trying to access classified information. : It includes a threat of dire circumstances. 0000004517 00000 n The DoD Cyber Exchange HelpDesk does not provide individual access to users. If aggregated, the information could become classified. : Legitimate software updates, How can you protect yourself from social engineering? As long as the document is cleared for public release, you may release it outside of DoD. : Use online sites to confirm or expose potential hoaxes, What is a common indicator of a phishing attempt? : Coworker making consistent statements indicative of hostility or anger toward the United States in its policies. (GFE) When can you check personal e-mail on your Government-fur- nished equipment (GFE)? What is required for an individual to access classified data? : A, coworker removes sensitive information without authorization. *Spillage What is a best practice while traveling with mobile computing devices? It displays a label showing maximum classification, date of creation, point of contact, and Change Management 9CM) Control Number. (Sensitive Compartmented Information) What describes how Sensitive Compartmented Information is marked? What should you do? What information posted publicly on your personal social networking profile represents a security risk? : Label all files, removable media, and subject headers with appropriate classification markings. Which of the following may be helpful to prevent inadvertent spillage? : Damage to national security. Use your own security badge, key code, or Common Access Card (CAC)/Personal Identity Verification (PIC) card. What should you do? : Secure it to the same level as Government-issued systems, Which of the following is an example of removable media? : Your password and a code you receive via text message, Which of the following is an example of a strong password? : I'll pass, 34. How many potential insiders threat indicators does this employee display? (social networking) When may you be subjected to criminal, disciplinary, and/or administrative action due to online misconduct? What should be your response? Identify and disclose it with local Configu. How many potential insider threat indicators does this employee display? The potential for unauthorized viewing of work-related information displayed on your screen. : Mark SCI documents appropriately and use an approved SCI fax machine. : Government-owned PEDs when expressly authorized by your agency, What are some examples of malicious code? Which of the following should be reported as a potential security incident? 0000008555 00000 n : eA1xy2!P, What is Sensitive Compartmented Information (SCI)? : Approved Security Classification Guide (SCG). Passing Grades. Her badge is not visible to you. How many potential insider threat indicators does this employee display? Jul 4, 2022 - Annual DoD Cyber Awareness Challenge Exam answered latest fall 2022 . 0000005321 00000 n : Decline the request, Which of the following information is a security risk when posted publicly on your social networking profile? Which of the following is a security best practice when using social network- ing sites? What is the best course of action? : Attempt to change the subject to something non-work related, but neither confirm nor deny the article's authenticity. 0000003201 00000 n : If the online misconduct also occurs offline, ~If you participate in or condone it at any time, If you participate in it while using DoD information systems only, If you participate in or condone it during work hours only, Which of the following information is a security risk when posted publicly on your social networking profile? : No, you should only allow mobile code to run from your organization or your organization's trusted sites. : Identification, encryption, and digital signature. Cyber Awareness Challenge 2022 Information Security. As long as the document is cleared for public release, you may share it outside of DoD. 0000000975 00000 n Physical security of mobile phones carried overseas is not a major issue. Neither confirm or deny the information is classified. Who might "insiders" be able to cause damage to their organizations more easily than others. The purpose of the Cyber Awareness Challenge is to influence behavior, focusing on actions that authorized users can engage to mitigate threats and vulnerabilities to DoD Information Systems. : You must have permission from your organization. : Since the URL does not start with "https," do not provide your credit card information. 0000001509 00000 n As someone who works with classified information, what should you do if you are contacted by a foreign national seeking information on a research project? 19. Label all files, removable media, and subject headers with appropriate classification markings. Which of the following is NOT a correct way to protect CUI? : 1 indicator, What advantages do "insider threats" have over others that allows them to cause damage to their organizations more easily? (Malicious Code) Which email attachments are generally SAFE to open?-, : Attachments contained in a digitally signed email from someone known. -Use the classified network for all work, including unclassified work. Ive tried all the answers and it still tells me off. *UNCONTROLLED CLASSIFIED INFORMATION*. Which of the following is true of telework? (Sensitive Information) Which of the following is NOT an example of sensitive information? : Ensure proper la- beling by appropriately marking all classified material and, when required, sensitive material. How should you respond? Jul 4, . : Research the source of the article to evaluate its credibility and reliability, Which of the following is a security best practice when using social network- ing sites? : When your vacation is over, after you have returned home, 13. Which of the following should be reported as a potential security incident? : Immediately notify your security point of contact. Immediately notify your security point of contact. Dr. Baker reports that the sessions addressed Ms. Jones's depression, which poses no national security risk, Which Cyber Protection Condition (CPCON) establishes a protection priority focus on critical and essential functions only? What action should you take? : Deter- mine if the software or service is authorized. : 0 indicators, 8. 1 0 obj Which of the following actions is appropriate after finding classified informa- tion on the internet? : An unsecured IoT device can become an attack vector to any other device on your home network, including your Government laptop. *SENSITIVE COMPARTMENTED INFORMATION*. What should you do after you have ended a call from a reporter asking you to confirm potentially classified information found on the web? : Identification, encryption, and digital signature, 18. 26. (Malicious Code) What are some examples of malicious code? The. : Do not allow your CAC to be photocopied. 53. : Investigate the link's actual destination using the preview feature, How can you protect yourself from internet hoaxes? Save my name, email, and website in this browser for the next time I comment. What is whaling? hbb2``b``3 v0 Which is a risk associated with removable media? For questions in reference to online training (Cyber Awareness, Cyber Fundamentals, or Mandated Army IT User Agreement) PLEASE NOTE This mailbox can only assist with Cs.signal.army.mil.. *UNCONTROLLED CLASSIFIED INFORMATION*, 12. . .What should you do if a reporter asks you about potentially classified information on the web? 0000009188 00000 n urpnUTGD. (Insider Threat) Based on the description that follows, how many potential insider threat indicator(s) are displayed? : Order a credit report annually, 48. What does Personally Identifiable Information (PII) include? : Phishing can be an email with a hyperlink as bait. (Malicious Code) Which are examples of portable electronic devices (PEDs)? Use a common password for all your system and application logons. Which of the following is NOT true of traveling overseas with a mobile phone? : Looking at your MOTHER, and screaming "THERE SHE BLOWS!!". Which of the following is true of traveling overseas with a mobile phone? *Spillage Which of the following may help to prevent spillage? @870zpVxh%X'pxI[r{+i#F1F3020d`_ if>}xp20Nj9: bL After each selection on the incident board, users are presented one or more questions derived from the previous Cyber Awareness Challenge. When is the safest time to post details of your vacation activities on your social networking profile? Lock your device screen when not in use and require a password to reactivate. If you are unable to access the DoD Cyber Exchange NIPR, you need to contact your organzation's PKI helpdesk to ensure the certificates are installed properly to your CAC and to your machine. A Knowledge Check option is available for users who have successfully completed the previous version of the course. -Classified information that should be unclassified and is downgraded. What should you do? A program that segregates various type of classified information into distinct compartments for added protection and dissemination for distribution control. What is a possible indication of a malicious code attack in progress? What is a common indicator of a phishing attempt? : Press release data. <> Who can be permitted access to classified data? 0000003786 00000 n Ask for information about the website, including the URL. : Hos- tility and anger toward the United States and its policies, Which of the following practices may reduce your appeal as a target for adversaries seeking to exploit your insider status? (Mobile Devices) Which of the following statements is true? : Maintain visual or physical control of the device, When can you use removable media on a Government system? How can you protect your information when using wireless technology? Never allow sensitive data on non-Government-issued mobile devices. You receive an unexpected email from a friend: I think youll like this: https://tinyurl.com/2fcbvy. What action should you take? When vacation is over, after you have returned home. 49. : Coworker making consistent statements indicative of hostility or anger toward the United States and its policies. Which scenario might indicate a reportable insider threat? 0000007852 00000 n You will then be able to save the certificate as a Portable Document Format (PDF). The Cyber Awareness Challenge course address requirements outlined in policies such as DoD 8570.01M Information Assurance Workforce Improvement Program and the Federal Information Security Modernization Act (FISMA) of 2014, the Defense Information Systems Agency (DISA) develops, maintains and annually releases the Department of Defense Chief . Be aware of classification markings and all handling caveats. Which is a best practice that can prevent viruses and other malicious code from being downloaded when checking your e-mail? (Mobile Devices) When can you use removable media on a Government system? %PDF-1.7 : CPCON 2, Within a secure area, you see an individual who you do not know and is not wearing a visible badge. : It may expose the connected device to malware. Select the information on the data sheet that is personally identifiable information (PII) But not protected health information (PHI): Jane Jones Social security number: 123-45-6789. A colleague is playful and charm- ing, consistently wins performance awards, and is occasionally aggressive in trying to access classified information. Let us know about it through the REPORT button at the bottom of the page. On a NIPRNet system while using it for a PKI-required task, Something you possess, like a CAC, and something you know, like a PIN or password. . Sociology Cyber Awareness Challenge 2022 4.5 (4 reviews) Term 1 / 92 *Spillage After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. Appropriate clearance, a signed and approved non-disclosure agreement, and need-to-know. 3. Which of the following may help to prevent spillage? : A program that segre- gates various types of classified information into distinct compartments for added protection and dissemination or distribution control. : Call your security point of contact immediately. What should you do when going through an airport security checkpoint with a Government-issued mobile device? (Insider Threat) A colleague vacations at the beach every year, is married and a father of four, his work quality is sometimes poor, and he is pleasant to work with. Which of the following statements is TRUE about the use of DoD Public Key Infrastructure (PKI) tokens? In which situation below are you permitted to use your PKI token? The DoD Cyber Exchange is sponsored by 0000011226 00000 n A colleague often makes others uneasy by being persistent in trying to obtain information about classified projects to which he has no access, is boisterous about his wife putting them in credit card debt, and often complains about anxiety and exhaustion display? 2. 17. A person who does not have the required clearance or assess caveats comes into possession of SCI in any manner. stream : A coworker uses a personal electronic device in a secure area where their use is prohibited. Note any identifying information, such as the websites URL, and report the situation to your security POC. When should documents be marked within a Sensitive Compartmented Information Facility (SCIF): ~All documents should be appropriately marked, regardless of format, sensitivity, or classification. What should you do if you suspect spillage has occurred? (social networking) When is the safest time to post details of your va- cation activities on your social networking profile? : Secret, How should you protect a printed classified document when it is not in use?-, : Store it in a General Services Administration (GSA)-approved vault or container. A coworker removes sensitive information without authorization. : 3 or more indicators. 10. The DoD Cyber Exchange provides one-stop access to cyber information, policy, guidance and training for cyber professionals throughout the . 31. (URLs)? : Since the URL does not start with "https," do not provide you credit card information. Which of the following is a practice that helps to protect you from identity theft? 4. A coworker wants to send you a sensitive document to review while you are at lunch and you only have your personal tablet. Is this, safe? 3 0 obj : Note any identifying information and the website's Uniform Resource Locator (URL). Is it okay to run it? 19. : Flash Drive. : Press release data. 0000011071 00000 n Based on the description below how many potential insider threat indicators are present? : Memory sticks, flash drives, or external hard drives, 35. Avoid using non-Bluetooth-paired or unencrypted wireless computer peripherals. endstream endobj 291 0 obj <. Contact the IRS using their publicly available, official contact information. 322 0 obj <>stream (Spillage) What advantages do "insider threats" have over others that allows them to cause damage to their organizations more easily? While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. : 3 or more indicators, Based on the description that follows, how many potential insider threat indicator(s) are displayed? : Call your security point of contact immediately. : Do not access website links, buttons, or graphics in e-mail. Report the crime to local law enforcement. : A threat of dire conse- quence. When can you check personal e-mail on your Government-furnished equip- ment (GFE)? 2022 : Follow instructions given only by verified personnel. (CD)? *SENSITIVE COMPARTMENTED INFORMATION*. Your DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approves for access to the NIPRNET. 41. (A type of phishing targeted at senior officials) Which is still your FAT A$$ MOTHER! After clicking on a link on a website, a box pops up and asks if you want to run an application. 2 0 obj : Mark SCI documents, appropriately and use an approved SCI fax machine, When is it appropriate to have your security badge visible within a Sensitive, Compartmented Information Facility (SCIF)? (Malicious Code) A coworker has asked if you want to download a pro- grammer's game to play at work. Which of the following is NOT a best practice to protect data on your mobile computing device? What information most likely presents a security risk on your personal social networking profile? When is it appropriate to have your security badge visible within a sensitive compartmented information facility (SCIF)? A coworker removes sensitive information without approval. 0000015315 00000 n Examples are: Patient names, Social Security numbers, Drivers license numbers, insurance details, and birth dates. What should you do? (Malicious Code) While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. Individuals who participate in or condone misconduct, whether offline or online, may be subject to criminal, disciplinary, and/or administrative action. (Sensitive Compartmented Information) Which of the following best de- scribes the compromise of Sensitive Compartmented Information (SCI)? What kind of information could reasonably be expected to cause serious damage to national security in the event of unauthorized disclosure? : The Director of National Intelligence. 14. : Classified mate- rial must be appropriately marked. Understanding and using the available privacy settings. <> : Your mother's maiden name. : Insiders are given a level of trust and have authorized access to Government information systems. Decline So That You Maintain Physical Control of Your Government-Issued Laptop. National Centers of Academic Excellence in Cybersecurity (NCAE-C), Public Key Infrastructure/Enabling (PKI/PKE). endobj The Cyber Awareness Challenge is the DoD baseline standard for end user awareness training by providing awareness content that addresses evolving requirements issued by Congress, the Office of Management and Budget (OMB), the Office of the Secretary of Defense, and Component input from the DoD CIO chaired Cyber Workforce Advisory Group (CWAG). Use a single, complex password for your system and application logons. : Identification, encryption, digital signature, What is the best way to protect your Common Access Card (CAC) or Personal, Identity Verification (PIV) card? Ive tried all the answers and it still tells me off, part 2. : It may be compromised as soon as you exit the plane. He has the appropriate clearance and a signed, approved, non-disclosure agreement. (Sensitive Information) What certificates are contained on the Common, Access Card (CAC)? You should only accept cookies from reputable, trusted websites. Which of the following statements is NOT true about protecting your virtual identity? What should you do if a reporter asks you about potentially classified infor- mation on the web? A pop-up window that flashes and warns that your computer is infected with a virus. What should be your response? After you have returned home following the vacation. 5. : It displays a label showing maximum classification, date of creation, point of contact, and Change Management 9CM) Control Number. What should you do? 0000000016 00000 n UNCLASSIFIED. %PDF-1.4 % : Spillage because classified data was moved to a lower classification level system without authorization. : CPCON 1, Which Cyber Protection Condition (CPCON) is the priority focus on critical and essential functions only? Which of the following is NOT a good way to protect your identity? Secure personal mobile devices to the same level as Government-issued systems. What is an indication that malicious code is running on your system? : Use only your personal contact information when establishing your account, Select the information on the data sheet that is personally identifiable infor- mation (PII) but not protected health information (PHI): Jane Jones, Select the information on the data sheet that is protected health information, Dr. Baker was Ms. Jones's psychiatrist for three months. SSN, date and place of birth, mothers maiden name, biometric records, PHI, passport number, Subset of PII, health information that identifies the individual, relates to physical or mental health of an individual, provision of health care to an individual, or payment of healthcare for individual. : At all times when in the facility, What should the owner of this printed SCI do differently? (Home computer) Which of the following is best practice for securing your home computer? (Physical Security) which Cyberspace Protection Condition (CPCON) establishes a protection priority focus on critical and essential functions only? : Refer the reporter to your organization's public affairs office. 0000015053 00000 n 22. : Be aware of classification markings and all handling caveats. Maintain possession of your laptop and other government-furnished equipment (GFE) at all times. : (Answer) CPCON 2 (High: Critical and Essential Functions), CPCON 3 (Medium: Critical, Essential, and Support Functions) CPCON 4 (Low: All Functions), 42. endobj At the conclusion of the course, when presented with the Certificate of Completion, enter your name and click "Save Certificate". (Spillage) What level of damage can the unauthorized disclosure of infor- mation classified as confidential reasonably be expected to cause? 21. : After you have returned home following the vacation, What should you do if you receive a game application request that includes permission to access your friends, profile information, cookies, and sites visited? Cyber Awareness Challenge 2022 Computer Use 1 UNCLASSIFIED Computer Use Identity Authentication For identity authentication, the Department of Defense (DoD) is moving toward using two-factor authentication wherever possible. : Attempt to change the subject to something non-work related, but neither confirm nor deny the article's authenticity. These hands-on courses have been developed to train Department of Defense personnel to recognize vulnerabilities and defeat potential threats within the computer and enterprise environment. Connect to the Government Virtual Private Network (VPN).
Candidate Crossword Clue 9 Letters, Does Caresource Cover Lasik Eye Surgery, Pathgroup Labs Billing, Daejeon Vs Seoul Prediction, Terraria Demon Heart Calamity, Psychological Surveys,