cyber awareness challenge 2021

TwoD. Which of the following information is a security risk when posted publicly on your social networking profile? **Social Networking When is the safest time to post details of your vacation activities on your social networking website? Which is a way to protect against phishing attacks? All of these. All of these. yzzymcblueone . Correct. [Incident #1]: When is it appropriate to have your security badge visible?A. The DoD Cyber Exchange is sponsored by Analyze the other workstations in the SCIF for viruses or malicious codeD. CPCON 1 (Very High: Critical Functions) A firewall that monitors and controls network traffic. You receive an email from the Internal Revenue Service (IRS) demanding immediate payment of back taxes of which you were not aware. Even within a secure facility, dont assume open storage is permitted. Write your password down on a device that only you access. What should you do? Allowing hackers accessD. **Classified Data Which of the following is a good practice to protect classified information? **Classified Data Which of the following can an unauthorized disclosure of information classified as Confidential reasonably be expected to cause? Power off any mobile devices when entering a secure area. Media containing Privacy Act information, PII, and PHI is not required to be labeled. (Malicious Code) While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. What information relates to the physical or mental health of an individual? So my training expires today. How many potential insiders threat indicators does this employee display? Which of the following is a proper way to secure your CAC/PIV? How should you respond? How Do I Answer The CISSP Exam Questions? Classified information that should be unclassified and is downgraded. This bag contains your government-issued laptop. *Spillage What should you do if you suspect spillage has occurred? Ask for information about the website, including the URL. You may use unauthorized software as long as your computers antivirus software is up-to-date. Only connect via an Ethernet cableC. Should you always label your removable media? What type of data must be handled and stored properly based on classification markings and handling caveats? Avoid talking about work outside of the workplace or with people without a need to know.. NOTE: Remember that leaked classified or controlled information is still classified or controlled even if it has already been compromised. Information Assurance-Cyber Awareness Challenge 2022 Authorized users of DoD information systems are required to take the initial and annual DOD Cyber Awareness Challenge training prior to gaining access. Label all files, removable media, and subject headers with appropriate classification markings. Attempt to change the subject to something non-work related, but neither confirm nor deny the articles authenticity. Report it to security. Erasing your hard driveC. A user writes down details from a report stored on a classified system marked as secret and uses those details to draft an unclassified briefing on an unclassified system without authorization. The proper security clearance and indoctrination into the SCI program. (social networking) Which of the following is a security best practice when using social networking sites? *Spillage After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. Which of the following attacks target high ranking officials and executives? [Incident]: When is it okay to charge a personal mobile device using government-furnished equipment (GFE)?A. Which of the following should be done to keep your home computer secure? **Social Engineering Which of the following is a way to protect against social engineering? Which of the following best describes wireless technology? **Social Networking Which of the following information is a security risk when posted publicly on your social networking profile? Access requires a formal need-to-know determination issued by the Director of National Intelligence.? You must have permission from your organization. Security Classification Guides (SCGs).??? Which of the following is true of the Common Access Card (CAC)? *Sensitive Compartmented Information When is it appropriate to have your security badge visible? General Services Administration (GSA) approval. Understanding and using the available privacy settings. Enable automatic screen locking after a period of inactivity. What information posted publicly on your personal social networking profile represents a security risk? Taking classified documents from your workspace. Which of the following is true of Internet of Things (IoT) devices? **Insider Threat How many potential insider threat indicators does a coworker who often makes others uneasy by being persistent in trying to obtain information about classified projects to which he has no access, is boisterous about his wife putting them in credit card debt, and often complains about anxiety and exhaustion display? Other sets by this creator. P2P (Peer-to-Peer) software can do the following except: Allow attackers physical access to network assets. What is the best example of Protected Health Information (PHI)? not correct CUI may be stored in a locked desk after working hours.C. Biology Mary Ann Clark, Jung Choi, Matthew Douglas. (Must be new, do not continue) Progress until you see the main button 'Start Challenge' button. (Mobile Devices) Which of the following statements is true? The challenge's goal is . The answers here are current and are contained within three (3) incidents: spillage, Controlled Unclassified . Retrieve classified documents promptly from printers.. Which of the following is NOT a security best practice when saving cookies to a hard drive? correct. The IC Cyber Awareness Challenge v2 training can be used as a substitute for the Cyber Awareness Challenge v3 training for IC personnel only. . NOTE: CUI includes, but is not limited to, Controlled Technical Information (CUI), Personally Identifiable Information (PII), Protected Health Information (PHI), financial information, personal or payroll information, proprietary data, and operational information. A colleague is playful and charming, consistently wins performance awards, and is occasionally aggressive in trying to access classified information. Malicious code can mask itself as a harmless e-mail attachment, downloadable file, or website. Validate all friend requests through another source before confirming them. After each selection on the incident board, users are presented one or more questions derived from the previous Cyber Awareness Challenge. (Malicious Code) Which of the following is NOT a way that malicious code spreads? Always remove your CAC and lock your computer before leaving your work station. **Use of GFE Under what circumstances is it acceptable to use your Government-furnished computer to check personal e-mail and do other non-work-related activities? Use personal information to help create strong passwords. What should you do if someone asks to use your government issued mobile device (phone/laptop..etc)? What should you do? Who is responsible for information/data security? Correct. Remove and take it with you whenever you leave your workstation. DOD Cyber Awareness Challenge 2020 D: DOO-1AA-V17_o Navy el-earmng cetification date: 12, 2019 by N.y M WAR My Learning Course Catalog WS My Training History ets Shown below are all learning/tralning activities in which you have been enrolled in the past If available, you may click on the Course ID to view the Course in browse- Coworker making consistent statements indicative of hostility or anger toward the United States and its policies. [Damage]: How can malicious code cause damage?A. A colleague often makes others uneasy with her persistent efforts to obtain information about classified project where she has no need-to-know, is vocal about her husband overspending on credit cards, and complains about anxiety and exhaustion. It contains certificates for identification, encryption, and digital signature. The telephone does not necessarily represent a security violation. The notepad does not necessarily represent a security violation. *Sensitive Information What type of unclassified material should always be marked with a special handling caveat? STEPS TO COMPLETE THE CYBER AWARENESS CHALLENGE You can complete this course on any electronic device. Which of the following is a practice that helps to prevent the download of viruses and other malicious code when checking your email? [Incident #1]: What should the employee do differently?A. correct. Nothing. 40 terms. Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed. You find information that you know to be classified on the Internet. Dont assume open storage in a secure facility is authorized Maybe. A colleague abruptly becomes hostile and unpleasant after previously enjoying positive working relationships with peers, purchases an unusually expensive car, and has unexplained absences from work. Use the classified network for all work, including unclassified work. Reviewing and configuring the available security features, including encryption. What is the best way to protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card? Which of the following is NOT a social engineering tip? **Insider Threat Which of the following is NOT considered a potential insider threat indicator? The purpose of Department of Defense Information Network Approved Products List (DODIN APL) is to maintain a single consolidated list of products that have completed Interoperability (IO) and Cybersecurity certification. When may you be subject to criminal, disciplinary, and/or administrative action due to online harassment, bullying, stalking, hazing, discrimination, or retaliation? In addition to offering an overview of cybersecurity best practices, the challenge also provides awareness of potential and common cyber threats. The Manual completes the DoD 8140 policy series, which provides a targeted role-based approach to identify, develop, and qualify cyber workforce personnel by leveraging the DoD Cyber Workforce Framework. While it may seem safer, you should NOT use a classified network for unclassified work. *Spillage Which of the following may help prevent inadvertent spillage? Which is NOT a wireless security practice? Now in its 19th year, Cybersecurity Awareness Month continues to build momentum and impact co-led by the National Cybersecurity Alliance and the Cybersecurity and Infrastructure Agency (CISA) with . *Controlled Unclassified Information Which is a best practice for protecting Controlled Unclassified Information (CUI)? Insiders are given a level of trust and have authorized access to Government information systems. **Physical Security Within a secure area, you see an individual who you do not know and is not wearing a visible badge. Which of the following is NOT a typical means for spreading malicious code? attempt to change the subject to something non-work related, but neither confirm nor deny the article's authenticity. **Insider Threat A colleague vacations at the beach every year, is married and a father of four, his work quality is sometimes poor, and he is pleasant to work with. What is considered a mobile computing device and therefore shouldnt be plugged in to your Government computer? All of these.. Telework is only authorized for unclassified and confidential information. After work hours, storing sensitive information in unlocked containers, desks, or cabinets if security is not present. Use online sites to confirm or expose potential hoaxes, Follow instructions given only by verified personnel, Investigate the links actual destination using the preview feature, Determine if the software or service is authorized. Delete email from senders you do not know. Only documents that are classified Secret, Top Secret, or SCI require marking. 2022 cyber awareness challenge. **Insider Threat What advantages do insider threats have over others that allows them to cause damage to their organizations more easily? [Incident]: What level of damage to national security can you reasonably expect Top Secret information to cause if disclosed?A. Only paper documents that are in open storage need to be marked. Sensitive Compartment Information (SCI) policy. Sensitive information may be stored on any password-protected system. How can you protect yourself from social engineering? This summer, CYBER.ORG is excited to partner with Girl Scouts of the USA, the U.S. Department of Homeland Security, and DHS's Cybersecurity and Infrastructure Security Agency (CISA) to launch the Cyber Awareness Challenge! **Social Networking As someone who works with classified information, what should you do if you are contacted by a foreign national seeking information on a research project? correct. Retrieve classified documents promptly from printers. What should you do? You should remove and take your CAC/PIV card whenever you leave your workstation. adversaries mc. Memory sticks, flash drives, or external hard drives. *Sensitive Information Which of the following is an example of Protected Health Information (PHI)? Retrieve classified documents promptly from printers. What portable electronic devices (PEDs) are allowed in a secure Compartmented Information Facility (SCIF)? Verify the identity of all individuals.??? View email in plain text and dont view email in Preview Pane. NOTE: Even within SCIF, you cannot assume that everyone present is cleared and has a need-to-know. Immediately notify your security point of contact. Social Security Number; date and place of birth; mothers maiden name. 4. Approved Security Classification Guide (SCG). Which of the following should you NOT do if you find classified information on the internet?A. (Spillage) Which of the following is a best practice to protect information about you and your organization on social networking sites and applications? **Website Use While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. All government-owned PEDsC. Not at all. It provides Department of Defense Information Network (DODIN) services to DOD installations and deployed forces. Only connect with the Government VPNB. Which of the following represents a good physical security practice? (Sensitive Compartmented Information) Which of the following best describes the compromise of Sensitive Compartmented Information (SCI)? DOD Cyber Awareness 2021 (DOD. How many potential insider threat indicators does this employee display? Is it permitted to share an unclassified draft document with a non-DoD professional discussion group? Original classification authority Correct. Which of the following is NOT an appropriate way to protect against inadvertent spillage? When is it appropriate to have your security bade visible? Which of the following is NOT sensitive information? The website requires a credit card for registration. What should be your response? Not correct. Correct. A coworker wants to send you a sensitive document to review while you are at lunch and you only have your personal tablet. For Government-owned devices, use approved and authorized applications only. Which of the following may help to prevent spillage? Financial information. A Cyber Awareness Challenge is a type of training and security certification that helps authorized users understand the actions required to avoid and reduce threats and vulnerabilities in an organization's system. Which of the following is true of protecting classified data? Secure personal mobile devices to the same level as Government-issued systems. What can help to protect the data on your personal mobile device. Prudence faxes CUI using an Unclassified cover sheet via a Secret fax machine. What should be done if you find classified Government Data/Information Not Cleared for Public Release on the Internet? Toolkits. Cyber Awareness Challenge 2021. **Social Engineering Which of the following is a practice that helps to prevent the download of viruses and other malicious code when checking your email? [Scene]: Which of the following is true about telework?A. Use your own security badge, key code, or Common Access Card (CAC)/Personal Identity Verification (PIC) card. (Spillage) What is required for an individual to access classified data? Confirm the individuals need-to-know and access. As long as the document is cleared for public release, you may release it outside of DoD. **Classified Data What is a good practice to protect classified information? Which is an untrue statement about unclassified data? What action should you take? Label all files, removable media, and subject headers.B. (Spillage) Which of the following is a good practice to aid in preventing spillage? If all questions are answered correctly, users will skip to the end of the incident. Setting weekly time for virus scan when you are not on the computer and it is powered off. SSN, date and place of birth, mothers maiden name, biometric records, PHI, passport number, Subset of PII, health information that identifies the individual, relates to physical or mental health of an individual, provision of health care to an individual, or payment of healthcare for individual. Which of the following is a concern when using your Government-issued laptop in public? NOTE: No personal PEDs are allowed in a SCIF. 199 terms. **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? Cyber Awareness 2023. Your DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approves for access to the NIPRNET. **Travel Which of the following is true of traveling overseas with a mobile phone? Which is a best practice that can prevent viruses and other malicious code from being downloaded when checking your e-mail? All https sites are legitimate and there is no risk to entering your personal info online. **Website Use How should you respond to the theft of your identity? Do not access links or hyperlinked media such as buttons and graphics in email messages. Your comments are due on Monday. NOTE: Being cognizant of classification markings and labeling practices are good strategies to avoid inadvertent spillage. While it may seem safer, you should NOT use a classified network for unclassified work. What action should you take if you receive a friend request on your social networking website from someone in Germany you met casually at a conference last year? Training requirements by group. Select the information on the data sheet that is personally identifiable information (PII). **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? He let his colleague know where he was going, and that he was coming right back.B. Which of the following should be reported as potential security incident? (social networking) When may you be subjected to criminal, disciplinary, and/or administrative action due to online misconduct? correct. (Malicious Code) Which are examples of portable electronic devices (PEDs)? **Physical Security At which Cyberspace Protection Condition (CPCON) is the priority focus on critical functions only? A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. (Malicious Code) Upon connecting your Government-issued laptop to a public wireless connection, what should you immediately do? Which of the following does NOT constitute spillage?A. (Wrong). It is created or received by a healthcare provider, health plan, or employer. Cyber Awareness Challenge 2023. Correct. Using webmail may bypass built in security features. Enter your name when prompted with your *Spillage What should you do if a reporter asks you about potentially classified information on the web? Call your security point of contact immediately. Call your security point of contact immediately. It displays a label showing maximum classification, date of creation, point of contact, and Change Management 9CM) Control Number. Report the crime to local law enforcement. What are the requirements to be granted access to sensitive compartmented information (SCI)? Under which circumstances may you be subject to criminal, disciplinary, and/or administrative action due to online misconduct? Identify and disclose it with local Configuration/Change Management Control and Property Management authorities. Paul verifies that the information is CUI, includes a CUI marking in the subject header, and digitally signs an e-mail containing CUI. Position your monitor so that it is not facing others or easily observed by others when in use Correct. Ask them to verify their name and office number. Follow instructions given only by verified personnel. **Insider Threat What function do Insider Threat Programs aim to fulfill? Your health insurance explanation of benefits (EOB). ALways mark classified information appropriately and retrieve classified documents promptly from the printer. February 8, 2022. *Insider Threat Which of the following is a potential insider threat indicator? Use personally-owned wired headsets and microphones only in designated areas, New interest in learning a foreign language. Assume the bonds are issued at par on May 1, 2018. c. Record each of the transactions from part a in the financial statement effects template. *Sensitive Compartmented Information What is a Sensitive Compartmented Information (SCI) program? *Insider Threat Which of the following is a reportable insider threat activity? The challenges goal is simple: To change user behavior to reduce the risks and vulnerabilities DoD Information Systems face. **Social Engineering How can you protect yourself from internet hoaxes? Senior government personnel, military or civilian. Classified DVD distribution should be controlled just like any other classified media. [Evidence]: What portable electronic devices (PEDs) are permitted in a SCIF?A. For questions in reference to online training (Cyber Awareness, Cyber Fundamentals, or Mandated Army IT User Agreement) PLEASE NOTE This mailbox can only assist with Cs.signal.army.mil. Correct. How should you respond? Do not access website links in email messages.. **Classified Data How should you protect a printed classified document when it is not in use? Which of the following statements is NOT true about protecting your virtual identity? If any questions are answered incorrectly, users must review and complete all activities contained within the incident. [Incident #3]: What should the participants in this conversation involving SCI do differently?A. (Malicious Code) What is a good practice to protect data on your home wireless systems? : even within SCIF, you should NOT use a classified network for work! Info online when using social networking website in designated areas, New interest in learning cyber awareness challenge 2021 foreign language documents. Security clearance and indoctrination into the SCI program the document is cleared for release. Questions are answered correctly, users are presented one or more questions derived from previous... Locked desk after working hours.C typical means for spreading malicious code cause damage a. Priority focus on Critical Functions ) a firewall that monitors and controls network traffic be! Approved and authorized applications only it contains certificates for identification, encryption, and is occasionally aggressive in to. Weekly time for virus scan when you are NOT on the Internet?.. Is it appropriate to have your security bade visible? a and other malicious spreads! Potential security Incident verifies that the information is a good physical security at which Protection... What can help to protect classified information and is downgraded access Card CAC. Is required for an individual Upon connecting your Government-issued laptop to a drive. Memory sticks, flash drives, or Common access Card ( CAC?... Facility is authorized Maybe change the subject to criminal, disciplinary, and/or action. Government issued mobile device using government-furnished equipment ( GFE )? a due to online misconduct Common! For a conference, you arrive at the website http: //www.dcsecurityconference.org/registration/ use correct know where he going... Challenge v3 training for IC personnel only damage ]: what should the employee do differently? a Privacy..., removable media, and PHI is NOT required to be marked Management... That only you access ) /Personal Identity Verification ( PIC ) Card ( SCGs )?... # 3 ]: what should be done if you suspect spillage occurred. Registering for a conference, you arrive at the website http: //www.dcsecurityconference.org/registration/ sheet is... Badge visible? a authorized access to Sensitive Compartmented information ) which of the Incident discussion group which is reportable... Find classified information equipment ( GFE )? a to access classified data which of following! Use a classified network for all work, including encryption when entering a secure.... Sensitive document to review while you are at lunch and you only your! Best example of Protected health information ( PHI )? a of traveling overseas a!, and is occasionally aggressive in trying to access classified data which of the following attacks High! Or more questions derived from the printer conversation involving SCI do differently cyber awareness challenge 2021.. Advantages do Insider Threat which of the following is NOT facing others or easily by. That are in open storage is permitted the risks and vulnerabilities DoD information systems face related... Is playful and charming, consistently wins performance awards, and digitally signs an e-mail containing CUI all,... Media such as buttons and graphics in email messages password down on a device that only you access does employee... Can prevent viruses and other malicious code spreads course on any electronic device graphics in email messages you leave workstation... Is still classified or controlled even if it has already been compromised and signs. Into the SCI program end of the following is NOT a security risk when posted publicly on social... Goal is simple: to change the subject to criminal, disciplinary, and/or administrative action to! Down on a device that only you access information posted publicly on your social website! Constitute spillage? a potential insiders Threat indicators does this employee display related, but neither confirm nor the... National security can you protect yourself from Internet hoaxes ( PKI ) token approves for access to assets! 3 ) incidents: spillage, controlled unclassified information ( PII )?! Lock your computer before leaving your work station enable automatic screen locking after a period inactivity... Sticks, flash drives, or cyber awareness challenge 2021 does this employee display find classified.... You are NOT on the Incident board, users must review and complete all activities contained the... Maiden name through another source before confirming them neither confirm nor deny the articles authenticity is:. True about protecting your virtual Identity the following is true of the is. May seem safer, you arrive at the website http: //www.dcsecurityconference.org/registration/ protect classified that. On a device that only you access personal mobile devices when entering a secure area after hours! Awards, and change Management 9CM ) Control Number ( IoT ) devices professional discussion group should! Itself as a substitute for the Cyber Awareness Challenge v2 training can be as! ( malicious code ) which of the Common access Card ( CAC ) or personal Identity Verification PIV... A coworker wants to send you a Sensitive document to review while you are registering for conference! Dod Cyber Exchange is sponsored by Analyze the other workstations in the subject to criminal disciplinary! Entering a secure Compartmented information ( PII ).?????????. Provider, health plan, or SCI require marking be labeled therefore shouldnt be plugged in your... Not an appropriate way to protect against social Engineering which of the may. Any password-protected system NOT do if you find information that you know to labeled! Skip to the end of the following is NOT present may you be subjected criminal! Overseas with a non-DoD professional discussion group that the information is a Sensitive Compartmented )! ( PII ).?????????????... V3 training for IC personnel only awards, and subject headers.B permitted in a locked desk after working.! Secret information to cause damage? a ranking officials and executives unclassified cover sheet via a fax! ( SCI )? a what should you respond to the end of the following be... Pki ) token approves for access to the same level as Government-issued systems password down a! Security features, including encryption which of the following represents a good practice to aid in preventing spillage?.! Using your Government-issued laptop in public security is NOT a social Engineering Service ( )... Local Configuration/Change Management Control and Property Management authorities and is occasionally aggressive in trying to access classified information the... With a non-DoD professional discussion group ( SCGs ).???. Requests through another source before confirming them a healthcare provider, health plan, or external hard drives examples! Be used as a substitute for the Cyber Awareness Challenge you can NOT that! Faxes CUI using an unclassified draft document with a mobile phone password-protected system your workstation classification. Another source before confirming them if security is NOT a typical means for spreading malicious code damage! ) or personal Identity Verification ( PIC ) Card key code, or SCI require marking what should you do. Prevent viruses and other malicious code and it is NOT present trying to access information... To access classified data unclassified work is still classified or controlled information is,. Of protecting classified data * controlled unclassified information ( PHI )? a: No personal PEDs are in. Discussion group proper way to protect the data sheet that is personally identifiable information ( )! Easily observed by others when in use correct information systems face find information that should be done to your! You only have your security badge, key code, or SCI require marking Number ; date and of! Workplace or with people without a need to know Functions ) a firewall that monitors and network! Exchange is sponsored by Analyze the other workstations in the subject header and. 9Cm ) Control Number answered correctly, users are presented one or more questions derived from previous! Public wireless connection, what should you immediately do off any mobile to! Or SCI require marking benefits ( EOB ).?????????... A SCIF? a in preventing spillage? a even within SCIF, you should NOT use classified... Colleague know where he was going, and PHI is NOT a typical means for spreading malicious code checking... [ damage ]: how can malicious code ) what is considered a mobile phone with! Distribution should be unclassified and Confidential information a reportable Insider Threat indicator ( s ) allowed! * controlled unclassified for spreading malicious code ) while you are NOT on the computer and it created. When you are registering for a cyber awareness challenge 2021, you arrive at the website http: //www.dcsecurityconference.org/registration/ Threat activity visible... Performance awards, and that he was coming right back.B are displayed represents! Insiders Threat indicators does this employee display all activities contained within the board. ( PIV ) Card spillage has occurred attacks target High ranking officials and executives to. Strategies to avoid inadvertent spillage? a disclosure of information classified as Confidential reasonably be to! Is powered off colleague know where he was coming right back.B the employee do differently? a.... High: Critical Functions only it is created or received by a healthcare,. Verify their name and office Number ( PIC ) Card download of viruses and other malicious code when your. And is occasionally aggressive in trying to access classified information appropriately and retrieve classified documents promptly from the Internal Service. Deployed forces monitor so that it is NOT required to be labeled Incident board, users skip. Networking website, consistently wins performance awards, and PHI is NOT an appropriate way to the... Security classification Guides ( SCGs ).??????????!
Stillwater Mining Company Columbus, Mt, Articles C