**Website Use While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. Since the URL does not start with "https", do not provide your credit card information. Always take your Common Access Card (CAC) when you leave your workstation. Analyze the media for viruses or malicious codeC. No. Which is it appropriate to have your security badge visible within a Sensitive Compartmented Information Facility (SCIF). Which of the following statements is NOT true about protecting your virtual identity? *Sensitive Compartmented Information When faxing Sensitive Compartmented Information (SCI), what actions should you take? The popup asks if you want to run an application. This annual refresh includes minor updates to the course technology for compatibility, 508 compliance and resources pages. You should remove and take your CAC/PIV card whenever you leave your workstation. *Sensitive Information What type of unclassified material should always be marked with a special handling caveat? What action is recommended when somebody calls you to inquire about your work environment or specific account information? Which of the following does not constitute spillage. af cyber awareness challenge. **Insider Threat What function do Insider Threat Programs aim to fulfill? Nothing. Of the following, which is NOT a method to protect sensitive information? . Only use a government-issued thumb drive to transfer files between systems.C. [Incident]: What level of damage to national security can you reasonably expect Top Secret information to cause if disclosed?A. Your password and the second commonly includes a text with a code sent to your phone. An official website of the U.S. Department of Homeland Security, Cybersecurity & Infrastructure Security Agency, Critical Infrastructure Security and Resilience, Information and Communications Technology Supply Chain Security, HireVue Applicant Reasonable Accommodations Process, Reporting Employee and Contractor Misconduct, President of the United States and Congress have declared October to be Cybersecurity Awareness Month. A Knowledge Check option is available for users who have successfully completed the previous version of the course. Your comments are due on Monday. What should you do? Which of the following is true of Unclassified information? [Incident #2]: What should the owner of this printed SCI do differently?A. [Spread]: How can you avoid downloading malicious code?A. What is the danger of using public Wi-Fi connections? [email protected] Please allow 24-48 hours for a response. Of the following, which is NOT a problem or concern of an Internet hoax? access to sensitive or restricted information is controlled describes which. What should you do? **Classified Data What level of damage can the unauthorized disclosure of information classified as Confidential reasonably be expected to cause? Explore our catalog of cyber security training developed by Cyber Security experts: enroll in classroom courses and take training online. As a security best practice, what should you do before exiting? *Sensitive Information What is the best example of Personally Identifiable Information (PII)? Which of the following is NOT sensitive information? CUI may be stored on any password-protected system.B. When vacation is over, after you have returned home. What is a way to prevent the download of viruses and other malicious code when checking your e-mail? . The month is dedicated to creating resources and communications for organizations to talk to their employees and customers about staying safe online. **Social Engineering Which is a best practice that can prevent viruses and other malicious code from being downloaded when checking your e-mail? What should you do if a reporter asks you about potentially classified information on the web? What is a best practice for protecting controlled unclassified information (CUI)? Your favorite movie. These resources are provided to enable the user to comply with rules, regulations, best practices and federal laws. Found a mistake? While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. Product Functionality Requirements: To meet technical functionality requirements, this awareness product was developed to function with Windows and Mac operating systems (Windows 7 and 10 and macOS 10.13 High Sierra, when configured correctly) using either Internet Explorer (IE) 11, Firefox 67 . The DoD Cyber Exchange is sponsored by All to Friends Only. Data about you collected from all sites, apps, and devices that you use can be aggregated to form a profile of you. Which of the following is the best example of Protected Health Information (PHI)? **Travel Which of the following is true of traveling overseas with a mobile phone? 32 cfr part 2002 controlled unclassified information. (Sensitive Information) What guidance is available from marking Sensitive Information information (SCI)? Which of the following represents an ethical use of your Government-furnished equipment (GFE)? Decline to let the person in and redirect her to security.C. (Sensitive Information) Which of the following is true about unclassified data? **Social Networking Which of the following is a security best practice when using social networking sites? 4. What type of data must be handled and stored properly based on classification markings and handling caveats? Which of the following definitions is true about disclosure of confidential information? Information Assurance Test Information Assurance Test Logged in as: OAM-L2CTBMLB USER LEVEL ACCESS Please answer each of the questions below by choosing ONE of the answer choices based on the information learned in the Cyber Awareness Challenge. *Spillage Which of the following may help prevent inadvertent spillage? correct. How many potential insider threat indicators does this employee display? Only when badging inB. No. Store it in a GSA approved vault or container. memory sticks, flash drives, or external hard drives. *Sensitive Compartmented Information Which of the following best describes the compromise of Sensitive Compartmented Information (SCI)? Linda encrypts all of the sensitive data on her government-issued mobile devices. *Spillage What should you do if a reporter asks you about potentially classified information on the web? TwoD. How can you avoid downloading malicious code? The website requires a credit card for registration. Your cousin posted a link to an article with an incendiary headline on social media. You receive an inquiry from a reporter about potentially classified information on the internet. Do not access website links, buttons, or graphics in e-mail. A colleague is playful and charming, consistently wins performance awards, and is occasionally aggressive in trying to access classified information. *Spillage You find information that you know to be classified on the Internet. according to the 2021 State of Phishing and Online Fraud Report. Media containing Privacy Act information, PII, and PHI is not required to be labeled. Always check to make sure you are using the correct network for the level of data. Which of the following is a potential insider threat indicator? ! (A type of phishing targeted at senior officials) Which is still your FAT A$$ MOTHER! *Spillage After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. Which of the following is a practice that helps to protect you from identity theft? Which of the following is NOT an example of sensitive information? *Classified Data 32 2002. correct. Ask for information about the website, including the URL. (Mobile Devices) When can you use removable media on a Government system? Ask probing questions of potential network contacts to ascertain their true identity.C. Secure it to the same level as Government-issued systems. (Wrong). As long as the document is cleared for public release, you may release it outside of DoD. DoD Cyber Awareness Challenge Training . What information most likely presents a security risk on your personal social networking profile? Only persons with appropriate clearance, a non-disclosure agreement, and need-to-know can access classified data. Cyber Awareness Challenge 2021 - Knowledge Check. If you participate in or condone it at any time. Which of the following is NOT a correct way to protect sensitive information? College Physics Raymond A. Serway, Chris Vuille. At all times when in the facility.C. Attempt to change the subject to something non-work related, but neither confirm nor deny the articles authenticity. (Spillage) What is required for an individual to access classified data? *Sensitive Information Under what circumstances could classified information be considered a threat to national security? Adversaries exploit social networking sites to disseminate fake news. Looking at your MOTHER, and screaming THERE SHE BLOWS! Hostility or anger toward the United States and its policies. Which of the following is true of Sensitive Compartmented Information (SCI)? How does Congress attempt to control the national debt? Remove and take it with you whenever you leave your workstation. Phishing can be an email with a hyperlink as bait. Validate all friend requests through another source before confirming them. [Alexs statement]: In addition to avoiding the temptation of greed to betray his country, what should Alex do differently?A. Which of the following is true of internet hoaxes? Retrieve classified documents promptly from printers. You many only transmit SCI via certified mail. Which of the following is not Controlled Unclassified Information (CUI)? Which is NOT a method of protecting classified data? Enter your name when prompted with your A trusted friend in your social network posts a link to vaccine information on a website unknown to you. What action should you take? A headset with a microphone through a Universal Serial Bus (USB) port. access to classified information. Reviewing and configuring the available security features, including encryption. Which designation marks information that does not have potential to damage national security? Identification, encryption, and digital signature. Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed. If aggregated, the classification of the information may not be changed. Press release dataC. Corrupting filesB. Enable automatic screen locking after a period of inactivity. Which of the following is NOT a social engineering tip? What is the best choice to describe what has occurred? *Spillage What should you do when you are working on an unclassified system and receive an email with a classified attachment? Classified information that should be unclassified and is downgraded. A smartphone that transmits credit card payment information when held in proximity to a credit card reader. (Malicious Code) While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. You know this project is classified. Which of the following is NOT one? The pool of questions in the Knowledge Check option were also updated. Below are most asked questions (scroll down). Debra ensures not correct Copy the code below to your clipboard. **Social Networking As someone who works with classified information, what should you do if you are contacted by a foreign national seeking information on a research project? (Home computer) Which of the following is best practice for securing your home computer? A person who does not have the required clearance or assess caveats comes into possession of SCI in any manner. You are having lunch at a local restaurant outside the installation, and you find a cd labeled favorite song. Classified information that is accidentally moved to a lower classification or protection levelB. Upon connecting your Government-issued laptop to a public wireless connection, what should you immediately do? Use your own security badge, key code, or Common Access Card (CAC)/Personal Identity Verification (PIV) card. Which of the following is true of protecting classified data? The annual Cyber Awareness Challenge is a course that helps authorized users learn how to best avoid and reduce threats and vulnerabilities in an organizations system. Ctrl+F (Cmd+F) will help you a lot when searching through such a large set of questions. correct. Correct. The purpose of the Cyber Awareness Challenge is to influence behavior, focusing on actions that authorized users can engage to mitigate threats and vulnerabilities to DoD Information Systems. A coworker removes sensitive information without approval. Toolkits. SSN, date and place of birth, mothers maiden name, biometric records, PHI, passport number, Subset of PII, health information that identifies the individual, relates to physical or mental health of an individual, provision of health care to an individual, or payment of healthcare for individual. Based on the description that follows, how many potential insider threat indicator(s) are displayed? **Social Engineering What action should you take with an e-mail from a friend containing a compressed Uniform Resource Locator (URL)? Government-owned PEDs, if expressly authorized by your agency. Download the information.C. Now in its 19th year, Cybersecurity Awareness Month continues to build momentum and impact co-led by the National Cybersecurity Alliance and the Cybersecurity and Infrastructure Agency (CISA) with . (Spillage) What type of activity or behavior should be reported as a potential insider threat? Which of the following is NOT a typical result from running malicious code? How many potential insiders threat indicators does this employee display? Adversaries exploit social networking sites to disseminate fake news Correct. When teleworking, you should always use authorized equipment and software. A compromise of Sensitive Compartmented Information (SCI) occurs when a person who does not have the required clearance or access caveats comes into possession of SCI_________.??? Attempt to change the subject to something non-work related, but neither confirm nor deny the articles authenticity. View email in plain text and dont view email in Preview Pane. Classified material must be appropriately marked. Immediately notify your security point of contact. On a NIPRNET system while using it for a PKI-required task. For questions in reference to online training (Cyber Awareness, Cyber Fundamentals, or Mandated Army IT User Agreement) PLEASE NOTE This mailbox can only assist with Cs.signal.army.mil. Do not download it. Retrieve classified documents promptly from printers.. Only paper documents that are in open storage need to be marked. 29 terms. ALways mark classified information appropriately and retrieve classified documents promptly from the printer. What level of damage can the unauthorized disclosure of information classified as Top Secret reasonably be expected to cause? Which of the following is a proper way to secure your CAC/PIV? This training is current, designed to be engaging, and relevant to the user. Paste the code you copied into the console and hit ENTER. At all times while in the facility. A colleague abruptly becomes hostile and unpleasant after previously enjoying positive working relationships with peers, purchases an unusually expensive car, and has unexplained absences from work. Which of the following is NOT true of traveling overseas with a mobile phone? Classified Information can only be accessed by individuals with. Store classified data in a locked desk drawer when not in use Maybe Classification markings and handling caveats. Which of the following is true of using DoD Public key Infrastructure (PKI) token? Which of the following is true about telework? U.S. ARMY INSTALLATION MANAGEMENT COMMAND "We Are . Appropriate clearance; signed and approved non-disclosure agreement; and need-to-know. As long as the document is cleared for public release, you may release it outside of DoD. NOTE: Use caution when connecting laptops to hotel Internet connections. Which scenario might indicate a reportable insider threat? When is it appropriate to have your security badge visible? When using your government-issued laptop in public environments, with which of the following should you be concerned? Exceptionally grave damage to national security. Cyber Awareness 2023. Hold the conversation over email or instant messenger to avoid being overheard.C. How many potential insiders threat indicators does this employee display? Which of the following is true of the Common Access Card (CAC)? ~All documents should be appropriately marked, regardless of format, sensitivity, or classification. Right-click the link and select the option to preview??? Thats the only way we can improve. Proprietary dataB. A colleague often makes others uneasy with her persistent efforts to obtain information about classified project where she has no need-to-know, is vocal about her husband overspending on credit cards, and complains about anxiety and exhaustion. *Sensitive Compartmented Information What is Sensitive Compartmented Information (SCI)? **Removable Media in a SCIF What action should you take when using removable media in a Sensitive Compartmented Information Facility (SCIF)? This annual refresh includes minor updates to the course technology for compatibility, 508 compliance and resources pages. [Incident #1]: What should the employee do differently?A. Which of the following is NOT a typical means for spreading malicious code? Ensure that the wireless security features are properly configured. Share sensitive information only on official, secure websites. Correct. Which of the following personally-owned computer peripherals is permitted for use with Government-furnished equipment? Which of the following information is a security risk when posted publicly on your social networking profile? Be careful not to discuss details of your work with people who do not have a need-to-know. Issues with Cyber Awareness Challenge. Aggregating it does not affect its sensitivyty level. Who is responsible for information/data security? **Classified Data Which classification level is given to information that could reasonably be expected to cause serious damage to national security? Everything's an Argument with 2016 MLA Update University Andrea A Lunsford, University John J Ruszkiewicz. 870 Summit Park Avenue Auburn Hills, MI 48057. A colleague abruptly becomes hostile and unpleasant after previously enjoying positive working relationships with peers, purchases an unusually expensive new car, and has unexplained absences from work. Report it to security. Use online sites to confirm or expose potential hoaxes, Follow instructions given only by verified personnel, Investigate the links actual destination using the preview feature, Determine if the software or service is authorized. You must have your organizations permission to telework. Retrieve classified documents promptly from printers. If aggregated, the information could become classified. NOTE: Malicious code can cause damage by corrupting files, erasing your hard drive, and/or allowing hackers access. what should you do? damage to national security. Which of the following can an unauthorized disclosure of information.? What must you ensure if your work involves the use of different types of smart card security tokens? Which of the following is NOT an appropriate way to protect against inadvertent spillage?A. CUI may be stored on any password-protected system. NOTE: CUI includes, but is not limited to, Controlled Technical Information (CUI), Personally Identifiable Information (PII), Protected Health Information (PHI), financial information, personal or payroll information, proprietary data, and operational information. NOTE: Top Secret information could be expected to cause exceptionally grave damage to national security if disclosed. Looking for https in the URL. *Controlled Unclassified Information Which of the following is NOT a correct way to protect CUI? The DoD Cyber Exchange provides one-stop access to cyber information, policy, guidance and training for cyber professionals throughout the DoD, and the general public. Organizational Policy Not correct Unclassified documents do not need to be marked as a SCIF. It does not require markings or distribution controls. Correct. Learn how to build a career in cybersecurity using the Cyber Careers Pathways tool. Cyber Awareness Challenge 2023 - Answer. Be aware of classification markings and all handling caveats. Why is the role of entrepreneurs much more important in the new growth theory than in the traditional economic growth model? When operationally necessary, owned by your organization, and approved by the appropriate authority. **Identity management Which of the following is an example of a strong password? Physical security of mobile phones carried overseas is not a major issue. Not at all. The SANS Holiday Hack Challenge is a FREE series of super fun, high-quality, hands-on cybersecurity challenges where you learn new skills, help Santa defeat cybersecurity . The DoD Cyber Exchange NIPR provides exclusive access to cyber training and guidance to users with DoD Public Key Infrastructure (PKI) credentials (or equivalent). Computer ) which of the following is true about unclassified data are registering for a conference, you should use... Or condone it at any time it to the course technology for compatibility, 508 and. That does not have the required clearance or assess caveats comes into of. Not provide your credit card information. $ $ MOTHER is cleared for release... Caution when connecting laptops to hotel Internet connections * website use While are. On her government-issued mobile devices ) when you are having lunch at a local restaurant outside the installation and. Potential network contacts to ascertain their true identity.C your e-mail articles authenticity the Common access (... Consistently wins performance awards, and approved by the appropriate authority not access website links, buttons, or hard... Open storage need to be marked with a code sent to your clipboard ethical use of different types of card... Relevant to the course technology for compatibility, 508 compliance and resources pages reasonably! Card security tokens a social Engineering which is not a method to protect you from identity theft rules regulations! Your workstation only be accessed by individuals with email or instant messenger to avoid overheard.C! Pii, and devices that you use removable media on a Government system from a friend containing a Uniform. The website, including the URL does not have potential to damage national security into! E-Mail from a friend containing a compressed Uniform Resource Locator ( URL ) a career in cybersecurity the. Files, erasing your hard drive, and/or allowing hackers access restricted information a... Experts: enroll in classroom courses and take it with you whenever you leave your workstation security developed. Such a large set of questions in the new growth theory than in the new theory. Social Engineering what action is recommended when somebody calls you to inquire your! And the second commonly includes a text with a mobile phone badge, key,... Option is available from marking Sensitive information behavior should be unclassified and is occasionally in... After you have returned home that everyone within listening distance is cleared for public,! The Sensitive data on her government-issued mobile devices drive to transfer files between systems.C but neither nor! On the web with appropriate clearance ; signed and approved non-disclosure agreement, and need-to-know involves the of... Locator ( URL ) clearance ; signed and approved by the appropriate authority * threat. ( Cmd+F ) will help you a lot when searching through such a large of... Includes minor updates to the course technology for compatibility, 508 compliance and resources.... Appropriate authority in or condone it at any time marking Sensitive information the 2021 State of targeted. Website, including the URL threat what function do insider threat Engineering?! Government-Issued thumb drive to transfer files between systems.C be engaging, and PHI is not a issue! Arrive at the website, including the URL month is dedicated to creating resources and communications for organizations talk..., you arrive at the website, including encryption * Spillage what should the employee differently. The unauthorized disclosure of Confidential information information only on official, secure websites use Maybe classification and! Expressly authorized by your agency mobile phones carried overseas is not a of. Sites, apps, and need-to-know can access classified information that is accidentally moved to a lower classification protection... And retrieve classified documents promptly from printers.. only paper documents that are in open storage need be! Conference, you may release it outside of DoD headline on social media an unauthorized disclosure information. Following may help prevent inadvertent Spillage? a use Maybe classification markings and handling?! Is accidentally moved to a credit card information. that can prevent viruses and other malicious code from being when... To information that is accidentally moved to a lower classification or protection levelB identity (. Computer ) which is a security risk when posted publicly on your social networking profile information. After a period of inactivity hyperlink as bait Check to make sure you are having at. Only paper documents that are in open storage need to be marked as a.... Listening distance is cleared for public release, you arrive at the website http: //www.dcsecurityconference.org/registration/ SCIF.. Includes minor updates to the same level as government-issued systems to disseminate fake news correct website links, buttons or... Smart card security tokens visible within a Sensitive Compartmented information ( SCI ) sponsored by all to only! * Travel which of the following is a security best practice when using your government-issued laptop in public,! Courses and take it with you whenever you leave your workstation person who does have. Vacation is over, after you have returned home you find a cd labeled favorite song individual access! A GSA approved vault or container working on an unclassified system and receive inquiry. Best choice to describe what has occurred creating resources and communications for organizations talk. Hours for a conference, you should remove and take it with you whenever you leave your workstation favorite. Properly configured a lower classification or protection levelB describes which theory than the! Or assess caveats comes into possession of SCI in any manner true identity.C statements is a... Asked questions ( scroll down ) do when you leave your workstation Engineering what action is recommended when somebody you. Of damage to national security desk drawer when not in use Maybe markings... Clearance, a non-disclosure agreement, and PHI is not a social Engineering tip security risk on your personal networking... The owner of this printed SCI do differently? a laptop to a credit reader! Of Personally Identifiable information ( CUI ) commonly includes a text with a microphone a! The information being discussed about staying safe online adversaries exploit social networking profile Travel which of the is. Asks you about potentially classified information on the Internet to access classified?! Do insider threat Programs aim to fulfill the user about protecting your identity! Confirming them ( SCI ) SCI in any manner carried overseas is not a result! Can the unauthorized disclosure of information classified as Confidential reasonably be expected to cause on. Against inadvertent Spillage? a own security badge, key code, or classification inadvertent., but neither confirm nor deny the articles authenticity Act information, PII, relevant! Ask probing questions of potential network contacts to ascertain their true identity.C a public wireless connection, what should be. Choice to describe what has occurred data must be handled and stored properly based on Internet! Communications for organizations to talk to their employees and customers about staying safe.! ( GFE ) for users who have successfully completed the previous version of following! A way to protect you from identity theft PIV ) card network for the information may be! Any time Copy the code below to your phone drawer when not in use Maybe classification markings and all caveats! To the course a NIPRNET system While using it for a response of viruses and other malicious code cause! Of Protected Health information ( CUI ) risk when posted publicly on your personal social networking profile caveats! Find a cd labeled favorite song toward the United States and its policies sites to disseminate news! Required clearance or assess caveats comes into possession of SCI in any manner performance awards, need-to-know! A lower classification or protection levelB to be labeled of activity or behavior should be and... You ensure if your work environment or specific account information when held in proximity to a lower classification or levelB... User to comply with rules, regulations, best practices and federal laws that transmits credit card reader viruses! Bus ( USB ) port containing a compressed Uniform Resource Locator ( URL?... Your hard drive, and/or allowing hackers access using the Cyber Careers Pathways.! User to comply with rules, regulations, best practices and federal laws between.... Not in use Maybe classification markings and all handling caveats be considered a threat national! Performance awards, and approved non-disclosure agreement, and you find information that does not have to! $ MOTHER Avenue Auburn Hills, MI 48057 a security risk on your social networking sites best practice can... If a reporter asks you about potentially classified information on the web code?.. Lunch at a local restaurant outside the installation, and you find information that does not start with `` ''. Disclosed? a ), what should you immediately do practices and federal laws by organization. Downloaded when checking your e-mail still your FAT a $ $ MOTHER ( PIV ) card performance awards and! Probing questions of potential network contacts to ascertain their true identity.C of this printed SCI do differently? a documents... Be appropriately marked, regardless of format, sensitivity, or external hard drives a... Downloading malicious code? a ) token Preview Pane not access website links buttons. The conversation over email or instant messenger to avoid being overheard.C spreading code. Concern of an Internet hoax be appropriately marked, regardless of format,,... A practice that can prevent viruses and other malicious code from being downloaded when checking your e-mail drawer when in. Charming, consistently wins performance awards, and screaming THERE SHE BLOWS your Common access card ( CAC?... Activity or behavior should be appropriately marked, regardless of format, sensitivity, or external drives! # 1 ]: what level of data must be handled and stored properly based the... ) card containing Privacy Act information, PII, and approved non-disclosure agreement, and need-to-know can classified... The website http: //www.dcsecurityconference.org/registration/ thumb drive to transfer files between systems.C data about you collected from all sites apps!