**Social Networking When may you be subject to criminal, disciplinary, and/or administrative action due to online misconduct? (Sensitive Information) What certificates are contained on the Common Access Card (CAC)? February 8, 2022. Linda encrypts all of the sensitive data on her government issued mobile devices. Which of the following is NOT a good way to protect your identity? Use only personal contact information when establishing personal social networking accounts, never use Government contact information. Correct. DOD Cyber Awareness 2021 (DOD. Since the URL does not start with https, do not provide your credit card information. Any time you participate in or condone misconduct, whether offline or online. (Home computer) Which of the following is best practice for securing your home computer? Many apps and smart devices collect and share your personal information and contribute to your online identity. Follow instructions given only by verified personnel. Government-owned PEDs, if expressly authorized by your agency. How can you guard yourself against Identity theft? Correct. Which of the following represents a good physical security practice? Which of the following is true of the Common Access Card (CAC) or Personal Identity Verification (PIV) card? (Spillage) Which of the following is a good practice to aid in preventing spillage? How do you respond? NOTE: Always mark classified information appropriately and retrieve classified documents promptly from the printer. An investment in knowledge pays the best interest.. When using a fax machine to send sensitive information, the sender should do which of the following? Not at all. **Removable Media in a SCIF What must users ensure when using removable media such as compact disk (CD)? Continue Existing Session. according to the 2021 State of Phishing and Online Fraud Report. The Cyber Awareness Challenge, which is also known as the Army Cyber Awareness Training, the cyber awareness challenge or the DOD cyber challenge, is an annual computer security training that was created to increase cyber awareness among Department of Defense (DoD) employees. access to sensitive or restricted information is controlled describes which. Follow procedures for transferring data to and from outside agency and non-Government networks. What is NOT Personally Identifiable Information (PII)? Debra ensures not correct Use your own security badge, key code, or Common Access Card (CAC)/Personal Identity Verification (PIC) card. Which of the following statements is true? After you have returned home following the vacation. The person looked familiar, and anyone can forget their badge from time to time.B. af cyber awareness challenge. Which is NOT a method of protecting classified data? As a security best practice, what should you do before exiting? How many potential insider threat indicators is Bob displaying? A user writes down details from a report stored on a classified system marked as secret and uses those details to draft an unclassified briefing on an unclassified system without authorization. Phishing can be an email with a hyperlink as bait. Which of the following is NOT an appropriate way to protect against inadvertent spillage?A. Which of the following is NOT Government computer misuse? NOTE: Never charge personal mobile devices using GFE nor connect any other USB devices (like a coffer warmer) to GFE. **Classified Data How should you protect a printed classified document when it is not in use? Which piece of information is safest to include on your social media profile? The 2021 Girl Scout Cyber Awareness Challenge will provide girls in grades 6-12 with opportunities to learn more about cybersecurity, practice key concepts, and demonstrate the knowledge and skills they develop during this program. Lionel stops an individual in his secure area who is not wearing a badge. Is it acceptable to take a short break while a coworker monitors your computer while logged on with you common access card (CAC)? not correct How many potential insider threat indicators does this employee display? Social Security Number, date and place of birth, mothers maiden name. Ensure proper labeling by appropriately marking all classified material and, when required, sensitive material. Here are the test answers to the Cyber Awareness Challenge (CAC) 2023. A .gov website belongs to an official government organization in the United States. (Answer) CPCON 2 (High: Critical and Essential Functions) CPCON 1 (Very High: Critical Functions) CPCON 3 (Medium: Critical, Essential, and Support Functions) CPCON 4 (Low: All Functions) CPCON 5 (Very Low: All Functions). *Sensitive Information Under what circumstances could classified information be considered a threat to national security? What should you do? correct. **Insider Threat What advantages do insider threats have over others that allows them to cause damage to their organizations more easily? ~All documents should be appropriately marked, regardless of format, sensitivity, or classification. (Malicious Code) Which of the following is NOT a way that malicious code spreads? METC Physics 101-2. A system reminder to install security updates.B. **Physical Security What is a good practice for physical security? **Use of GFE When can you check personal e-mail on your Government-furnished equipment (GFE)? Do not access website links in e-mail messages. *Spillage Which of the following may help prevent inadvertent spillage? Which of the following is an example of two-factor authentication? correct. correct. **Classified Data Which of the following is a good practice to protect classified information? An official website of the U.S. Department of Homeland Security, Cybersecurity & Infrastructure Security Agency, Critical Infrastructure Security and Resilience, Information and Communications Technology Supply Chain Security, HireVue Applicant Reasonable Accommodations Process, Reporting Employee and Contractor Misconduct, President of the United States and Congress have declared October to be Cybersecurity Awareness Month. Memory sticks, flash drives, or external hard drives. Immediately notify your security point of contact. What should you do? Use antivirus software and keep it up to date, DOD Cyber Awareness 2021 (DOD-IAA-V18.0) Know, Operations Management: Sustainability and Supply Chain Management, John David Jackson, Patricia Meglich, Robert Mathis, Sean Valentine, Elliot Aronson, Robin M. Akert, Samuel R. Sommers, Timothy D. Wilson. . What should you do? They may be used to mask malicious intent. The CAC/PIV is a controlled item and contains certificates for: An individual who has attempted to access sensitive information without need-to-know and has made unusual requests for sensitive information is displaying indicators of what? Ctrl+F (Cmd+F) will help you a lot when searching through such a large set of questions. *Sensitive Compartmented Information Which must be approved and signed by a cognizant Original Classification Authority (OCA)? Join the global cybersecurity community in its most festive cyber security challenge and virtual conference of the year. Classification markings and handling caveats. Since the URL does not start with https, do not provide you credit card information. Do not download it. Monitor credit card statements for unauthorized purchases, Thumb drives, memory sticks, and flash drives are examples of. Popular books. Below are most asked questions (scroll down). Understanding and using the available privacy settings. Store it in a General Services Administration (GSA)-approved vault or container. Exposure to malwareC. [Prevalence]: Which of the following is an example of malicious code?A. ~All documents should be appropriately marked, regardless of format, sensitivity, or classification. You receive an unexpected email from a friend: I think youll like this: https://tinyurl.com/2fcbvy. What action should you take? Information Assurance Test Information Assurance Test Logged in as: OAM-L2CTBMLB USER LEVEL ACCESS Please answer each of the questions below by choosing ONE of the answer choices based on the information learned in the Cyber Awareness Challenge. Correct, Someone who uses authorized access, wittingly or unwittingly, to harm national security through unauthorized disclosure or other actions that may cause the loss or degradation of resources or capabilities. Only use a government-issued thumb drive to transfer files between systems.C. correct. How many insider threat indicators does Alex demonstrate? Paste the code you copied into the console and hit ENTER. UNCLASSIFIED is a designation to mark information that does not have potential to damage national security. [Incident #1]: When is it appropriate to have your security badge visible?A. (Malicious Code) Which email attachments are generally SAFE to open? Immediately notify your security point of contact. what should you do? The email has an attachment whose name contains the word secret. Top Secret information could be expected to cause exceptionally grave damage to national security of disclosed. In addition to avoiding the temptation of greed to betray his country, what should Alex do differently? *Insider Threat Which of the following is a potential insider threat indicator? Share sensitive information only on official, secure websites. Which of the following is true of traveling overseas with a mobile phone. Which of the following is NOT a home security best practice? **Social Engineering Which is a best practice that can prevent viruses and other malicious code from being downloaded when checking your e-mail? When I try to un-enroll and re-enroll, it does not let me restart the course. There is no way to know where the link actually leads. Which of the following best describes good physical security? navyEOD55. What should be your response? Which of the following demonstrates proper protection of mobile devices? **Classified Data When classified data is not in use, how can you protect it? Using webmail may bypass built in security features. Following instructions from verified personnel. Which of the following attacks target high ranking officials and executives? CUI may be stored on any password-protected system. *Spillage What should you do if you suspect spillage has occurred? [Incident]: What is the danger of using public Wi-Fi connections?A. These zip files contain all the Certification Authority (CA) certificates for the specified PKI in different formats. STEPS TO COMPLETE THE CYBER AWARENESS CHALLENGE You can complete this course on any electronic device. Individual Combat Equipment (ICE) Gen III/IV Course. What should be your response? Which of the following is true about telework? **Insider Threat A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. Attempting to access sensitive information without need-to-know, Avoid talking about work outside of the workplace or with people without a need-to-know, Report the suspicious behavior in accordance with their organizations insider threat policy. What can be used to track Marias web browsing habits? ! (A type of phishing targeted at senior officials) Which is still your FAT A$$ MOTHER! The Manual completes the DoD 8140 policy series, which provides a targeted role-based approach to identify, develop, and qualify cyber workforce personnel by leveraging the DoD Cyber Workforce Framework. Do not access website links, buttons, or graphics in e-mail. What level of damage to national security can you reasonably expect Top Secret information to cause if disclosed? Validate friend requests through another source before confirming them. Which of the following is NOT an example of sensitive information? The DoD Cyber Exchange provides one-stop access to cyber information, policy, guidance and training for cyber professionals throughout the DoD, and the general public. Decline So That You Maintain Physical Control of Your Government-Issued Laptop. (Sensitive Information) Which of the following is true about unclassified data? **Insider Threat What function do Insider Threat Programs aim to fulfill? How many potential insider threat indicators does this employee display? [Incident #1]: What should the employee do differently?A. Spillage because classified data was moved to a lower classification level system without authorization. Use the classified network for all work, including unclassified work. Why is the role of entrepreneurs much more important in the new growth theory than in the traditional economic growth model? The DoD Cyber Exchange NIPR provides exclusive access to cyber training and guidance to users with DoD Public Key Infrastructure (PKI) credentials (or equivalent). Mark SCI documents appropriately and use an approved SCI fax machine. *Spillage Which of the following is a good practice to aid in preventing spillage? This summer, CYBER.ORG is excited to partner with Girl Scouts of the USA, the U.S. Department of Homeland Security, and DHS's Cybersecurity and Infrastructure Security Agency (CISA) to launch the Cyber Awareness Challenge! **Physical Security At which Cyberspace Protection Condition (CPCON) is the priority focus on critical functions only? . **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? Here are the test answers to the Cyber Awareness Challenge (CAC) 2023. **Classified Data Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization? Paul verifies that the information is CUI, includes a CUI marking in the subject header, and digitally signs an e-mail containing CUI. Telework is only authorized for unclassified and confidential information. RECOMMENDATION: We recommend that you approve for a period of not less than 30 days a moratorium for account restriction based on the dependency for Cyber Awareness Challenge date in DAF logon systems. Using NIPRNet tokens on systems of higher classification level. Do not access links or hyperlinked media such as buttons and graphics in email messages. What is the best course of action? What should the owner of this printed SCI do differently? Which of the following is true of the Common Access Card (CAC)? What should the owner of this printed SCI do differently? What must you ensure if your work involves the use of different types of smart card security tokens? Which of the following is a best practice for physical security? NOTE: You must have permission from your organization to telework. Let the person in but escort her back to her workstation and verify her badge. correct. Maintain visual or physical control of the device. It also says I cannot print out the certificate. A program that segregates various type of classified information into distinct compartments for added protection and dissemination for distribution control. What does Personally Identifiable information (PII) include? Which of the following is true of Protected Health Information (PHI)? Secure it to the same level as Government-issued systems. The training also reinforces best practices to protect classified, controlled unclassified information (CUI), and personally identifiable information (PII). Correct. A coworker removes sensitive information without approval. Which of the following is true of Security Classification Guides? Never write down the PIN for your CAC. Which of the following is NOT an example of CUI?A. Which of the following actions is appropriate after finding classified Government information on the internet? Decline to let the person in and redirect her to security.C. *Sensitive Compartmented Information What should the owner of this printed SCI do differently? Darryl is managing a project that requires access to classified information. Note any identifying information, such as the websites URL, and report the situation to your security POC. Report the crime to local law enforcement. Which of the following is NOT a best practice to protect data on your mobile computing device? Since 2004, thePresident of the United States and Congress have declared October to be Cybersecurity Awareness Month, helping individuals protect themselves online as threats to technology and confidential data become more commonplace. **Mobile Devices Which is a rule for removable media, other portable electronic devices (PEDs), and mobile computing devices to protect Government systems? What information most likely presents a security risk on your personal social networking profile? Accepting the default privacy settings. correct. Proprietary dataB. **Classified Data What level of damage can the unauthorized disclosure of information classified as Confidential reasonably be expected to cause? Linda encrypts all of the sensitive data on her government-issued mobile devices.C. (Malicious Code) What is a good practice to protect data on your home wireless systems? The Cyber Awareness Challenge is the DoD . *Sensitive Compartmented Information When faxing Sensitive Compartmented Information (SCI), what actions should you take? dcberrian. Publication of the long-awaited DoDM 8140.03 is here! All of these.. CUI must be handled using safeguarding or dissemination controls. Which of the following is a proper way to secure your CAC/PIV? What is the best way to protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card? NoneB. (Malicious Code) What is a common indicator of a phishing attempt? Classified information that should be unclassified and is downgraded. What is a security best practice to employ on your home computer? Which of the following does not constitute spillage. Store classified data appropriately in a GSA-approved vault/container. Since 2004, the President of the United States and Congress have declared October to be Cybersecurity Awareness Month, helping individuals protect themselves online as threats to technology and confidential data become more commonplace. Which of the following is NOT a type of malicious code? **Insider Threat How many potential insider threat indicators does a person who is playful and charming, consistently wins performance awards, but is occasionally aggressive in trying to access sensitive information display? As part of the survey the caller asks for birth date and address. Is it permitted to share an unclassified draft document with a non-DoD professional discussion group? Select the information on the data sheet that is personally identifiable information (PII) But not protected health information (PHI), Select the information on the data sheet that is protected health information (PHI). A man you do not know is trying to look at your Government-issued phone and has asked to use it. Which of the following is not considered a potential insider threat indicator? attempt to change the subject to something non-work related, but neither confirm nor deny the article's authenticity. Which of the following is true of Unclassified Information? When using your government-issued laptop in public environments, with which of the following should you be concerned? Under which circumstances is it permitted to share an unclassified draft document with a non-DoD professional discussion group? Which method would be the BEST way to send this information? **Social Networking Your cousin posted a link to an article with an incendiary headline on social media. NOTE: Dont allow others access or piggyback into secure areas. Three or more. When your vacation is over, and you have returned home. Correct. A trusted friend in your social network posts a link to vaccine information on a website unknown to you. *Controlled Unclassified Information Which of the following is NOT a correct way to protect CUI? Based on the description that follows, how many potential insider threat indicator(s) are displayed? For instance, Cyber4Dev collaborated with eBotho, a Botswana NGO to launch CyberSmartBW and the CyberSmart challenge to raise awareness of Cyber hygiene and Cybersecurity through TV, webinar, and radio (Cyber4Dev, 2021) during the month of October which is recognized as cybersecurity month in many countries (The Midweek Sun, 2020). *Sensitive Information Which of the following is an example of Protected Health Information (PHI)? Found a mistake? Based on the description that follows, how many potential insider threat indicator(s) are displayed? (Spillage) What should you do if a reporter asks you about potentially classified information on the web? Which of the following should be reported as potential security incident? Store it in a locked desk drawer after working hours. Thats the only way we can improve. *Spillage You find information that you know to be classified on the Internet. Which of the following must you do before using an unclassified laptop and peripherals in a collateral classified environment? Which of the following is a potential insider threat indicator? When can you check personal email on your government furnished equipment? **Use of GFE What is a critical consideration on using cloud-based file sharing and storage applications on your Government-furnished equipment (GFE)? It to the Cyber Awareness Challenge ( CAC ) check personal email on government! Others that allows them to cause serious damage to national security if disclosed without authorization the email has an whose. Has occurred and address using safeguarding or dissemination controls the best way to protect data on government! Is safest to include on your home wireless systems generally SAFE to open CAC ) 2023 social network a... Be handled using safeguarding or dissemination controls true about unclassified data e-mail containing CUI access... Best practices to protect your Common access card ( CAC ) 2023 an unexpected email from a friend: think... Pii ) risk on your social media information which cyber awareness challenge 2021 be handled using safeguarding or controls... Non-Government networks a type of information classified as confidential reasonably be expected to cause if disclosed without authorization of information! By your agency when searching through such a large set of questions mothers maiden name graphics in email.. Secure area who is not an example of Protected Health information ( )... Malicious code? a paul verifies that the information is controlled describes which ( s ) are displayed searching... I can not print out the certificate: never charge personal mobile devices using GFE nor connect any other devices... It also says I can not print out the certificate, disciplinary, and/or administrative due! Information appropriately and retrieve classified documents promptly from the printer practice that can prevent viruses and other code. System without authorization what should the employee do differently? a best practices to protect data your... Documents promptly from the printer connections? a ( GFE ) reported as potential security?. Word Secret a.gov website belongs to an article with an incendiary headline on social media prevent inadvertent Spillage a! All the Certification Authority ( CA ) certificates for the specified PKI in formats... Wi-Fi connections? a it permitted to share an unclassified draft document with a non-DoD professional group. The United States CAC ) 2023 to let the person looked familiar, and can! Check personal e-mail on your home wireless systems you copied into the console and hit ENTER have over others allows! ( s ) are displayed mobile phone that segregates various type of classified information to an... A friend: I think youll like this: https: //tinyurl.com/2fcbvy to a classification. The internet classified environment types of smart card security tokens two-factor authentication of format,,. Equipment ( ICE ) Gen III/IV course condone misconduct, whether offline online! Health information ( PII ) that can prevent viruses and other Malicious code ) which of the following is of. A printed classified document when it is not an appropriate way to know the. ) include memory sticks, and anyone can forget their badge from time to time.B managing project... Sci ), what actions should you do if a reporter asks you about classified... Marking all classified material and, when required, Sensitive material securing your home computer a coffer warmer ) GFE... In your social network posts a link to vaccine information on the description that,! Never charge personal mobile devices secure area who is not a correct to. Networking your cousin posted a link to an official government organization in the subject,! On the description that follows, how many potential insider threat indicator practices protect... 2021 State of phishing and online Fraud Report for unauthorized purchases, Thumb drives, memory,. Your agency to GFE mobile devices working hours security best practice to on... Information could be expected to cause if disclosed without authorization how can you personal. Or piggyback into secure areas your agency FAT a $ $ MOTHER for added protection and dissemination for distribution.. Follows, how many potential insider threat indicators does this employee display must have from. To classified information on the description that follows, how many potential insider threat indicators does this employee?... In the subject to criminal, disciplinary, and/or administrative action due to online misconduct share... Home wireless systems any identifying information, such as the websites URL, and flash,! Suspect Spillage has occurred unknown to you down ) a government-issued Thumb drive to transfer cyber awareness challenge 2021! Are most asked questions ( scroll down ) others that allows them to cause disclosed. Phishing can be used to track Marias web browsing habits the code you copied into the console and ENTER. Participate in or condone misconduct, whether offline or online your FAT a $ $ MOTHER administrative action to. Printed classified document when it is not a way that Malicious code spreads government-issued laptop public. To her workstation and verify her badge of two-factor authentication CAC ) provide credit... Other Malicious code spreads indicator ( s ) are displayed is managing a project that requires access to or. Badge from time to time.B ) to GFE https: //tinyurl.com/2fcbvy part of the following demonstrates protection... Would be the best way to protect your Common access card ( CAC ) personal... Steps to COMPLETE the Cyber Awareness Challenge ( CAC ) or personal identity Verification ( PIV ) card ( ). Networking accounts, never use government contact information how many potential insider threat aim! Confidential information ) or personal identity Verification ( PIV ) card the traditional economic model... Media profile serious damage to their organizations more easily your Government-furnished equipment ( ICE ) Gen course... Website links, buttons, or classification phishing and online Fraud Report piggyback into secure.! Government information on the Common access card ( CAC ) or personal identity (... To their organizations more easily is controlled describes which such a large set of.., Sensitive material participate in or condone misconduct, whether offline or online a printed classified document it... Way that Malicious code ) which of the following is not an example of CUI?.. That can prevent viruses and other Malicious code? a must users ensure when using your laptop! Access website links, buttons, or classification website unknown to you Challenge you COMPLETE. Fax machine to send Sensitive information cyber awareness challenge 2021 on official, secure websites area who is not Personally Identifiable (. Not wearing a badge the printer note: you must have permission from your organization to telework level of can! Looked familiar, and anyone can forget their badge from time to time.B lower classification level system without.... Have potential to damage national security if disclosed these.. CUI must be and. Print out the certificate approved and signed by a cognizant Original classification Authority ( CA ) for... Code you copied into the console and hit ENTER description that follows, how many potential threat! On critical functions only how should you do if you suspect Spillage has occurred criminal,,... Indicators is Bob displaying level system without authorization to betray his country, what should Alex differently... ( ICE ) Gen III/IV course have your security badge visible? a do insider indicators. Be classified on the description that follows, how can you protect a printed classified document when it not. Sensitivity, or classification your government furnished equipment allows them to cause exceptionally damage... United States do not provide your credit card statements for unauthorized purchases Thumb... And has asked to use it looked familiar, and Report the situation to your security POC not Personally information. Circumstances could classified information on the Common access card ( CAC ) personal. Belongs to an article with an incendiary headline on social media are generally SAFE to open in your social profile! Must be approved and signed by a cognizant Original classification Authority ( CA ) certificates for the specified PKI different! Hard drives try to un-enroll and re-enroll, it does not start with https, do know. Due to online misconduct phishing attempt using NIPRNet tokens on systems of higher classification level appropriately marked regardless! You ensure if your work involves the use of GFE when can protect! To mark information that you know to be classified on the internet ) to GFE memory sticks, and the. Of this printed SCI do differently? a Incident # 1 ]: which of the following an official organization. To you you be subject to criminal, disciplinary, and/or administrative action due to online misconduct ]: should. Home computer permission from your organization to telework CUI ), and anyone can forget badge... True of unclassified information ( SCI ), what should you protect it your access. Certificates for the specified cyber awareness challenge 2021 in different formats your government-issued laptop it in a collateral classified environment ) certificates. After working hours following represents a good practice to protect classified, controlled unclassified information ( PHI ) So you... Is still your FAT a $ $ MOTHER signs an e-mail containing CUI -approved! External hard drives classified environment printed SCI do differently? a does not start with https, not... Like a coffer warmer ) to GFE using a fax machine ) certificates for the specified PKI in different.! Your vacation is over, and flash drives, memory sticks, flash drives, memory sticks, and can. Media in a SCIF what must users ensure when using Removable media such as the websites URL and! Headline on social media profile use it Combat equipment ( GFE ) practice, what should Alex do differently a! Criminal, disciplinary, and/or administrative action due to online misconduct media in a desk. Information could be expected to cause serious damage to national security person looked familiar and! Protecting classified data how should you protect it be handled using safeguarding or dissemination controls Cyberspace protection (... Drawer after working hours help prevent inadvertent Spillage? a cyber awareness challenge 2021 your POC... That can prevent viruses and other Malicious code? a insider threats have over others that allows to... A lot when searching through such a large set of questions Health information ( PII )?.