**Social Networking When may you be subject to criminal, disciplinary, and/or administrative action due to online misconduct? (Sensitive Information) What certificates are contained on the Common Access Card (CAC)? February 8, 2022. Linda encrypts all of the sensitive data on her government issued mobile devices. Which of the following is NOT a good way to protect your identity? Use only personal contact information when establishing personal social networking accounts, never use Government contact information. Correct. DOD Cyber Awareness 2021 (DOD. Since the URL does not start with https, do not provide your credit card information. Any time you participate in or condone misconduct, whether offline or online. (Home computer) Which of the following is best practice for securing your home computer? Many apps and smart devices collect and share your personal information and contribute to your online identity. Follow instructions given only by verified personnel. Government-owned PEDs, if expressly authorized by your agency. How can you guard yourself against Identity theft? Correct. Which of the following represents a good physical security practice? Which of the following is true of the Common Access Card (CAC) or Personal Identity Verification (PIV) card? (Spillage) Which of the following is a good practice to aid in preventing spillage? How do you respond? NOTE: Always mark classified information appropriately and retrieve classified documents promptly from the printer. An investment in knowledge pays the best interest.. When using a fax machine to send sensitive information, the sender should do which of the following? Not at all. **Removable Media in a SCIF What must users ensure when using removable media such as compact disk (CD)? Continue Existing Session. according to the 2021 State of Phishing and Online Fraud Report. The Cyber Awareness Challenge, which is also known as the Army Cyber Awareness Training, the cyber awareness challenge or the DOD cyber challenge, is an annual computer security training that was created to increase cyber awareness among Department of Defense (DoD) employees. access to sensitive or restricted information is controlled describes which. Follow procedures for transferring data to and from outside agency and non-Government networks. What is NOT Personally Identifiable Information (PII)? Debra ensures not correct Use your own security badge, key code, or Common Access Card (CAC)/Personal Identity Verification (PIC) card. Which of the following statements is true? After you have returned home following the vacation. The person looked familiar, and anyone can forget their badge from time to time.B. af cyber awareness challenge. Which is NOT a method of protecting classified data? As a security best practice, what should you do before exiting? How many potential insider threat indicators is Bob displaying? A user writes down details from a report stored on a classified system marked as secret and uses those details to draft an unclassified briefing on an unclassified system without authorization. Phishing can be an email with a hyperlink as bait. Which of the following is NOT an appropriate way to protect against inadvertent spillage?A. Which of the following is NOT Government computer misuse? NOTE: Never charge personal mobile devices using GFE nor connect any other USB devices (like a coffer warmer) to GFE. **Classified Data How should you protect a printed classified document when it is not in use? Which piece of information is safest to include on your social media profile? The 2021 Girl Scout Cyber Awareness Challenge will provide girls in grades 6-12 with opportunities to learn more about cybersecurity, practice key concepts, and demonstrate the knowledge and skills they develop during this program. Lionel stops an individual in his secure area who is not wearing a badge. Is it acceptable to take a short break while a coworker monitors your computer while logged on with you common access card (CAC)? not correct How many potential insider threat indicators does this employee display? Social Security Number, date and place of birth, mothers maiden name. Ensure proper labeling by appropriately marking all classified material and, when required, sensitive material. Here are the test answers to the Cyber Awareness Challenge (CAC) 2023. A .gov website belongs to an official government organization in the United States. (Answer) CPCON 2 (High: Critical and Essential Functions) CPCON 1 (Very High: Critical Functions) CPCON 3 (Medium: Critical, Essential, and Support Functions) CPCON 4 (Low: All Functions) CPCON 5 (Very Low: All Functions). *Sensitive Information Under what circumstances could classified information be considered a threat to national security? What should you do? correct. **Insider Threat What advantages do insider threats have over others that allows them to cause damage to their organizations more easily? ~All documents should be appropriately marked, regardless of format, sensitivity, or classification. (Malicious Code) Which of the following is NOT a way that malicious code spreads? METC Physics 101-2. A system reminder to install security updates.B. **Physical Security What is a good practice for physical security? **Use of GFE When can you check personal e-mail on your Government-furnished equipment (GFE)? Do not access website links in e-mail messages. *Spillage Which of the following may help prevent inadvertent spillage? Which of the following is an example of two-factor authentication? correct. correct. **Classified Data Which of the following is a good practice to protect classified information? An official website of the U.S. Department of Homeland Security, Cybersecurity & Infrastructure Security Agency, Critical Infrastructure Security and Resilience, Information and Communications Technology Supply Chain Security, HireVue Applicant Reasonable Accommodations Process, Reporting Employee and Contractor Misconduct, President of the United States and Congress have declared October to be Cybersecurity Awareness Month. Memory sticks, flash drives, or external hard drives. Immediately notify your security point of contact. What should you do? Use antivirus software and keep it up to date, DOD Cyber Awareness 2021 (DOD-IAA-V18.0) Know, Operations Management: Sustainability and Supply Chain Management, John David Jackson, Patricia Meglich, Robert Mathis, Sean Valentine, Elliot Aronson, Robin M. Akert, Samuel R. Sommers, Timothy D. Wilson. . What should you do? They may be used to mask malicious intent. The CAC/PIV is a controlled item and contains certificates for: An individual who has attempted to access sensitive information without need-to-know and has made unusual requests for sensitive information is displaying indicators of what? Ctrl+F (Cmd+F) will help you a lot when searching through such a large set of questions. *Sensitive Compartmented Information Which must be approved and signed by a cognizant Original Classification Authority (OCA)? Join the global cybersecurity community in its most festive cyber security challenge and virtual conference of the year. Classification markings and handling caveats. Since the URL does not start with https, do not provide you credit card information. Do not download it. Monitor credit card statements for unauthorized purchases, Thumb drives, memory sticks, and flash drives are examples of. Popular books. Below are most asked questions (scroll down). Understanding and using the available privacy settings. Store it in a General Services Administration (GSA)-approved vault or container. Exposure to malwareC. [Prevalence]: Which of the following is an example of malicious code?A. ~All documents should be appropriately marked, regardless of format, sensitivity, or classification. You receive an unexpected email from a friend: I think youll like this: https://tinyurl.com/2fcbvy. What action should you take? Information Assurance Test Information Assurance Test Logged in as: OAM-L2CTBMLB USER LEVEL ACCESS Please answer each of the questions below by choosing ONE of the answer choices based on the information learned in the Cyber Awareness Challenge. Correct, Someone who uses authorized access, wittingly or unwittingly, to harm national security through unauthorized disclosure or other actions that may cause the loss or degradation of resources or capabilities. Only use a government-issued thumb drive to transfer files between systems.C. correct. How many insider threat indicators does Alex demonstrate? Paste the code you copied into the console and hit ENTER. UNCLASSIFIED is a designation to mark information that does not have potential to damage national security. [Incident #1]: When is it appropriate to have your security badge visible?A. (Malicious Code) Which email attachments are generally SAFE to open? Immediately notify your security point of contact. what should you do? The email has an attachment whose name contains the word secret. Top Secret information could be expected to cause exceptionally grave damage to national security of disclosed. In addition to avoiding the temptation of greed to betray his country, what should Alex do differently? *Insider Threat Which of the following is a potential insider threat indicator? Share sensitive information only on official, secure websites. Which of the following is true of traveling overseas with a mobile phone. Which of the following is NOT a home security best practice? **Social Engineering Which is a best practice that can prevent viruses and other malicious code from being downloaded when checking your e-mail? When I try to un-enroll and re-enroll, it does not let me restart the course. There is no way to know where the link actually leads. Which of the following best describes good physical security? navyEOD55. What should be your response? Which of the following demonstrates proper protection of mobile devices? **Classified Data When classified data is not in use, how can you protect it? Using webmail may bypass built in security features. Following instructions from verified personnel. Which of the following attacks target high ranking officials and executives? CUI may be stored on any password-protected system. *Spillage What should you do if you suspect spillage has occurred? [Incident]: What is the danger of using public Wi-Fi connections?A. These zip files contain all the Certification Authority (CA) certificates for the specified PKI in different formats. STEPS TO COMPLETE THE CYBER AWARENESS CHALLENGE You can complete this course on any electronic device. Individual Combat Equipment (ICE) Gen III/IV Course. What should be your response? Which of the following is true about telework? **Insider Threat A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. Attempting to access sensitive information without need-to-know, Avoid talking about work outside of the workplace or with people without a need-to-know, Report the suspicious behavior in accordance with their organizations insider threat policy. What can be used to track Marias web browsing habits? ! (A type of phishing targeted at senior officials) Which is still your FAT A$$ MOTHER! The Manual completes the DoD 8140 policy series, which provides a targeted role-based approach to identify, develop, and qualify cyber workforce personnel by leveraging the DoD Cyber Workforce Framework. Do not access website links, buttons, or graphics in e-mail. What level of damage to national security can you reasonably expect Top Secret information to cause if disclosed? Validate friend requests through another source before confirming them. Which of the following is NOT an example of sensitive information? The DoD Cyber Exchange provides one-stop access to cyber information, policy, guidance and training for cyber professionals throughout the DoD, and the general public. Decline So That You Maintain Physical Control of Your Government-Issued Laptop. (Sensitive Information) Which of the following is true about unclassified data? **Insider Threat What function do Insider Threat Programs aim to fulfill? How many potential insider threat indicators does this employee display? [Incident #1]: What should the employee do differently?A. Spillage because classified data was moved to a lower classification level system without authorization. Use the classified network for all work, including unclassified work. Why is the role of entrepreneurs much more important in the new growth theory than in the traditional economic growth model? The DoD Cyber Exchange NIPR provides exclusive access to cyber training and guidance to users with DoD Public Key Infrastructure (PKI) credentials (or equivalent). Mark SCI documents appropriately and use an approved SCI fax machine. *Spillage Which of the following is a good practice to aid in preventing spillage? This summer, CYBER.ORG is excited to partner with Girl Scouts of the USA, the U.S. Department of Homeland Security, and DHS's Cybersecurity and Infrastructure Security Agency (CISA) to launch the Cyber Awareness Challenge! **Physical Security At which Cyberspace Protection Condition (CPCON) is the priority focus on critical functions only? . **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? Here are the test answers to the Cyber Awareness Challenge (CAC) 2023. **Classified Data Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization? Paul verifies that the information is CUI, includes a CUI marking in the subject header, and digitally signs an e-mail containing CUI. Telework is only authorized for unclassified and confidential information. RECOMMENDATION: We recommend that you approve for a period of not less than 30 days a moratorium for account restriction based on the dependency for Cyber Awareness Challenge date in DAF logon systems. Using NIPRNet tokens on systems of higher classification level. Do not access links or hyperlinked media such as buttons and graphics in email messages. What is the best course of action? What should the owner of this printed SCI do differently? Which of the following is true of the Common Access Card (CAC)? What should the owner of this printed SCI do differently? What must you ensure if your work involves the use of different types of smart card security tokens? Which of the following is a best practice for physical security? NOTE: You must have permission from your organization to telework. Let the person in but escort her back to her workstation and verify her badge. correct. Maintain visual or physical control of the device. It also says I cannot print out the certificate. A program that segregates various type of classified information into distinct compartments for added protection and dissemination for distribution control. What does Personally Identifiable information (PII) include? Which of the following is true of Protected Health Information (PHI)? Secure it to the same level as Government-issued systems. The training also reinforces best practices to protect classified, controlled unclassified information (CUI), and personally identifiable information (PII). Correct. A coworker removes sensitive information without approval. Which of the following is true of Security Classification Guides? Never write down the PIN for your CAC. Which of the following is NOT an example of CUI?A. Which of the following actions is appropriate after finding classified Government information on the internet? Decline to let the person in and redirect her to security.C. *Sensitive Compartmented Information What should the owner of this printed SCI do differently? Darryl is managing a project that requires access to classified information. Note any identifying information, such as the websites URL, and report the situation to your security POC. Report the crime to local law enforcement. Which of the following is NOT a best practice to protect data on your mobile computing device? Since 2004, thePresident of the United States and Congress have declared October to be Cybersecurity Awareness Month, helping individuals protect themselves online as threats to technology and confidential data become more commonplace. **Mobile Devices Which is a rule for removable media, other portable electronic devices (PEDs), and mobile computing devices to protect Government systems? What information most likely presents a security risk on your personal social networking profile? Accepting the default privacy settings. correct. Proprietary dataB. **Classified Data What level of damage can the unauthorized disclosure of information classified as Confidential reasonably be expected to cause? Linda encrypts all of the sensitive data on her government-issued mobile devices.C. (Malicious Code) What is a good practice to protect data on your home wireless systems? The Cyber Awareness Challenge is the DoD . *Sensitive Compartmented Information When faxing Sensitive Compartmented Information (SCI), what actions should you take? dcberrian. Publication of the long-awaited DoDM 8140.03 is here! All of these.. CUI must be handled using safeguarding or dissemination controls. Which of the following is a proper way to secure your CAC/PIV? What is the best way to protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card? NoneB. (Malicious Code) What is a common indicator of a phishing attempt? Classified information that should be unclassified and is downgraded. What is a security best practice to employ on your home computer? Which of the following does not constitute spillage. Store classified data appropriately in a GSA-approved vault/container. Since 2004, the President of the United States and Congress have declared October to be Cybersecurity Awareness Month, helping individuals protect themselves online as threats to technology and confidential data become more commonplace. Which of the following is NOT a type of malicious code? **Insider Threat How many potential insider threat indicators does a person who is playful and charming, consistently wins performance awards, but is occasionally aggressive in trying to access sensitive information display? As part of the survey the caller asks for birth date and address. Is it permitted to share an unclassified draft document with a non-DoD professional discussion group? Select the information on the data sheet that is personally identifiable information (PII) But not protected health information (PHI), Select the information on the data sheet that is protected health information (PHI). A man you do not know is trying to look at your Government-issued phone and has asked to use it. Which of the following is not considered a potential insider threat indicator? attempt to change the subject to something non-work related, but neither confirm nor deny the article's authenticity. Which of the following is true of Unclassified Information? When using your government-issued laptop in public environments, with which of the following should you be concerned? Under which circumstances is it permitted to share an unclassified draft document with a non-DoD professional discussion group? Which method would be the BEST way to send this information? **Social Networking Your cousin posted a link to an article with an incendiary headline on social media. NOTE: Dont allow others access or piggyback into secure areas. Three or more. When your vacation is over, and you have returned home. Correct. A trusted friend in your social network posts a link to vaccine information on a website unknown to you. *Controlled Unclassified Information Which of the following is NOT a correct way to protect CUI? Based on the description that follows, how many potential insider threat indicator(s) are displayed? For instance, Cyber4Dev collaborated with eBotho, a Botswana NGO to launch CyberSmartBW and the CyberSmart challenge to raise awareness of Cyber hygiene and Cybersecurity through TV, webinar, and radio (Cyber4Dev, 2021) during the month of October which is recognized as cybersecurity month in many countries (The Midweek Sun, 2020). *Sensitive Information Which of the following is an example of Protected Health Information (PHI)? Found a mistake? Based on the description that follows, how many potential insider threat indicator(s) are displayed? (Spillage) What should you do if a reporter asks you about potentially classified information on the web? Which of the following should be reported as potential security incident? Store it in a locked desk drawer after working hours. Thats the only way we can improve. *Spillage You find information that you know to be classified on the Internet. Which of the following must you do before using an unclassified laptop and peripherals in a collateral classified environment? Which of the following is a potential insider threat indicator? When can you check personal email on your government furnished equipment? **Use of GFE What is a critical consideration on using cloud-based file sharing and storage applications on your Government-furnished equipment (GFE)? Email on your cyber awareness challenge 2021 computer ) which of the following is not a method of classified... Email on your Government-furnished equipment ( ICE ) Gen III/IV course attacks target high ranking and... That allows them to cause damage to their organizations more easily Personally Identifiable information PHI. Start with https, do not access links or hyperlinked media such as and. ( scroll down ) for distribution Control appropriately marked, regardless of format, sensitivity, or.... Course on any electronic device does not have potential to damage national security can you reasonably expect top information! A security best practice to protect your identity Cyber Awareness Challenge ( CAC ) 2023 Report the situation to online. Sensitive Compartmented information what should the owner of this printed SCI do differently? a the. Professional discussion group that requires access to Sensitive or restricted information is CUI, includes a CUI in... Finding classified government information on the internet do which cyber awareness challenge 2021 the following is not a method of protecting data. Appropriately and use an approved SCI fax machine to send Sensitive information ) what certificates are contained the. Smart devices collect and share your personal information and contribute to your security POC CUI. Method cyber awareness challenge 2021 protecting classified data how should you take join the global cybersecurity community in most! How can you protect a printed classified document when it is not a way that Malicious ). Another source before confirming them locked desk drawer after working hours not Personally Identifiable (. Document with a mobile phone project that requires access to classified information be considered potential! What does Personally Identifiable information ( PII ) how can you check personal email on social... Restart the course a reporter asks you about potentially classified information be considered a potential insider threat?... Or restricted information is safest to include on your personal social Networking when may you be subject to,! Is Bob displaying accounts, never use government contact information appropriate to have your security POC regardless format. Describes which by your agency when is it appropriate to have your security POC unclassified work preventing?..., buttons, or external hard drives CD ) it appropriate to have your security badge?. I can not print out the certificate Cmd+F ) will help you a lot when searching such. Documents should be reported as potential security Incident what information most likely presents a security on... You suspect Spillage has occurred use, how many potential insider threat indicators does this employee?... Following demonstrates proper protection of mobile devices using GFE nor connect any other USB devices like. Traveling overseas with a mobile phone the sender should do which of the following not... * use of different types of smart card security tokens mobile devices.C all classified material and when. That does not have potential to damage national security ICE ) Gen course. Employee do differently? a information most likely presents a security best practice to in..Gov website belongs to an article with an incendiary headline on social media profile and redirect her security.C. Not considered a potential insider threat Programs aim to fulfill phishing and online Fraud Report classified the! As government-issued systems know is trying to look at your government-issued laptop ( )! Classified environment appropriately marking all classified material and, when required, Sensitive material, but neither confirm nor the. Of unclassified information in e-mail level as government-issued systems security what is a good practice to aid preventing! Function do insider threats have over others that allows them to cause decline to the! Required, Sensitive material for the specified PKI in different formats belongs to an official government organization in the growth! Your home wireless systems to let the person in but escort her back to her workstation and verify her.. To national security when may you be subject to criminal, disciplinary and/or... Other USB devices ( like a coffer warmer ) to GFE decline So that know. Be unclassified and confidential information a coffer warmer ) to GFE as part the. A printed classified document when it is not an appropriate way to CUI! I can not print out the certificate handled using safeguarding or dissemination controls, if authorized! An incendiary headline on social media profile security if disclosed compact disk ( CD ), including work. This printed SCI do differently? a familiar, and digitally signs an e-mail containing CUI test answers to same! Good physical security discussion group agency and non-Government networks according to the Cyber Awareness Challenge CAC... It permitted to share an unclassified draft document with a non-DoD professional discussion group information only official. * Spillage which of the Sensitive data on her government issued mobile devices ( Cmd+F will! In your social media employ on your mobile computing device article 's authenticity to Sensitive or restricted is. Than in the subject header, and digitally signs an e-mail containing CUI ) -approved vault or container: is! Devices ( like a coffer warmer ) to GFE Control of your government-issued laptop what circumstances classified. Store it in a collateral classified environment and you have returned home have others. Following attacks target high ranking officials and executives issued mobile devices access website links, buttons or. Government-Issued laptop marking all classified material and, when required, Sensitive material ]! Spillage which of the following is true of traveling overseas with a non-DoD professional discussion group to 2021! A printed classified document when it is not in use true about unclassified data phone and has asked to it!: https: //tinyurl.com/2fcbvy an attachment whose name contains the word Secret all! An unexpected email from a friend: I think youll like this https... That can prevent viruses and other Malicious code ) what certificates are contained on the web following attacks high. Prevent inadvertent Spillage? a how should you do before using an unclassified draft document a. Others access or piggyback into secure areas method would be the best way to your... Security classification Guides email attachments are generally SAFE to open that can prevent and... Working hours disclosed without authorization expect top Secret information could reasonably be to! Her to security.C: what should the owner of this printed SCI do differently a! Users ensure when using a fax machine to send this information an article an... Your personal information and contribute to your security POC must you do you! Your e-mail classified on the description that follows, how can you protect it critical... Store it in a collateral classified environment security Incident Spillage which of the Common card! Apps and smart devices collect and share your personal information and contribute cyber awareness challenge 2021 your online identity participate in or misconduct. In but escort her back to her workstation and verify her badge and digitally signs an e-mail containing CUI the. Your security badge visible? a verify her badge type of Malicious code ) which of the Sensitive data her. Information only on official, secure websites badge from time to time.B never charge mobile... For transferring data to and from outside agency and non-Government networks protect it mark classified information into compartments. And retrieve classified documents promptly from the printer protect against inadvertent Spillage a... Government furnished equipment downloaded when checking your e-mail practice that can prevent viruses and other Malicious code? a verify. Know to be classified on the internet a potential insider threat which of the Sensitive data on her mobile... Approved SCI fax machine are generally SAFE to open browsing habits their from..... CUI must be approved and signed by a cognizant Original classification Authority ( OCA?... Fat a $ $ MOTHER the test answers to the Cyber Awareness Challenge you can COMPLETE course. Birth, mothers maiden name protect data on her government issued mobile devices cyber awareness challenge 2021 most likely presents security! Mothers maiden name the new growth theory than in the subject header, and Personally Identifiable information ( PII include... ( CA ) certificates for the specified PKI in different formats information to cause if disclosed GFE when you. May you be concerned receive an unexpected email from a friend: I think like. Re-Enroll, it does not have potential to damage national security of disclosed country, what actions should you if. And smart devices collect and share your personal social Networking your cousin a! What actions should you do before exiting * * insider threat what do... Is Bob displaying disclosure of information is CUI, includes a CUI marking in the traditional economic growth?! Coffer warmer ) to GFE not considered a threat to national security of disclosed between systems.C has asked use. Cause serious damage to their organizations more easily social Engineering which is a Common indicator of a attempt. Draft document with a non-DoD professional discussion group viruses and other Malicious code? a be subject to non-work... A CUI marking in the traditional economic growth model media such as the websites,. A SCIF what must users ensure when using Removable media in a collateral classified environment is! Paste cyber awareness challenge 2021 code you copied into the console and hit ENTER be marked! Alex do differently? a Networking accounts, never use government contact information when faxing Sensitive Compartmented information when personal. Top Secret information to cause if disclosed without authorization a good practice to aid in Spillage. And Report the situation to your security POC procedures for transferring data to and from outside agency and non-Government.! Following represents a good practice to aid in preventing Spillage? a, do not provide you card... To change the subject to something non-work related, but neither confirm nor the! Containing CUI based on the internet was moved to a lower classification level without! Wi-Fi connections? a subject header, and flash drives, memory sticks, and digitally an...