Which of the following is an example of a strong password? Paul verifies that the information is CUI, includes a CUI marking in the subject header, and digitally signs an e-mail containing CUI. When your vacation is over, and you have returned home. Position your monitor so that it is not facing others or easily observed by others when in use Correct. difficult life circumstances such as substance abuse, divided loyalty or allegiance to the U.S., and extreme, persistent interpersonal difficulties. All https sites are legitimate. This training is current, designed to be engaging, and relevant to the user. Ive tried all the answers and it still tells me off. Only connect via an Ethernet cableC. Analyze the other workstations in the SCIF for viruses or malicious codeD. To complete the . Be aware of classified markings and all handling caveats. Which of the following is an example of Protected Health Information (PHI)? Use only your personal contact information when establishing your account. Which of the following is true of downloading apps? CPCON 1 (Very High: Critical Functions) Compromise of dataB. Which is NOT a wireless security practice? (Malicious Code) Which of the following is NOT a way that malicious code spreads? Which of the following does not constitute spillage. ?Access requires Top Secret clearance and indoctrination into SCI program.??? NOTE: Malicious code can cause damage by corrupting files, erasing your hard drive, and/or allowing hackers access. How many potential insider threat indicators does this employee display? Which of the following is true of the Common Access Card (CAC) or Personal Identity Verification (PIV) card? What kind of information could reasonably be expected to cause serious damage to national security in the event of unauthorized disclosure? Dofficult life circumstances, such as death of spouse. This bag contains your government-issued laptop. **Identity Management Which of the following is the nest description of two-factor authentication? damage to national security. Use your own security badge, key code, or Common Access Card (CAC)/Personal Identity Verification (PIC) card. **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? A colleague asks to leave a report containing protected health information (PHI) on his desk overnight so he can continue working on it the next day. What should be your response? When leaving your work area, what is the first thing you should do? AT&T Cybersecurity IQ Training is comprised of 18 video training lessons and quizzes . **Social Engineering How can you protect yourself from internet hoaxes? What should be done to sensitive data on laptops and other mobile computing devices? usarmy.gordon.cyber-coe.mbx.iad-inbox@army.mil Please allow 24-48 hours for a response. What certificates are contained on the Common Access Card (CAC)? Personal information is inadvertently posted at a website. [Incident]: Which of the following demonstrates proper protection of mobile devices?A. No, you should only allow mobile code to run from your organization or your organizations trusted sites. Popular books. When using a public device with a card reader, only use your DoD CAC to access unclassified information, is only allowed if the organization permits it. The purpose of the Cyber Awareness Challenge is to influence behavior, focusing on actions that authorized users can engage to mitigate threats and vulnerabilities to DoD Information Systems. A smartphone that transmits credit card payment information when held in proximity to a credit card reader. Since the URL does not start with https, do not provide your credit card information. dcberrian. When teleworking, you should always use authorized equipment and software. Join the global cybersecurity community in its most festive cyber security challenge and virtual conference of the year. *Sensitive Compartmented Information What is a Sensitive Compartmented Information (SCI) program? PII includes, but is not limited to, social security numbers, date and places of birth, mothers maiden names, biometric records, and PHI. When operationally necessary, owned by your organization, and approved by the appropriate authority. access to classified information. CYBER: DoD Cyber Exchange Training Catalog DEFENSE ENTERPRISE OFFICE SOLUTION (DEOS) DEOS Webinar Schedule; DEFENSE INFORMATION SYSTEMS AGENCY (DISA) DISA Services Course; DEFENSE INFORMATION SYSTEMS NETWORK (DISN) DISA Global Telecommunications Seminar; INFORMATION ASSURANCE : Endpoint Security Solutions (ESS) Training; Antivirus Training **Removable Media in a SCIF What portable electronic devices (PEDs) are allowed in a Sensitive Compartmented Information Facility (SCIF)? Badges must be removed when leaving the facility. **Physical Security Within a secure area, you see an individual who you do not know and is not wearing a visible badge. *Malicious Code After visiting a website on your Government device, a popup appears on your screen. You find information that you know to be classified on the Internet. Store it in a General Services Administration (GSA)-approved vault or container. The DoD Cyber Exchange Public provides limited access to publicly releasable cyber training and guidance to all Internet users. (social networking) When may you be subjected to criminal, disciplinary, and/or administrative action due to online misconduct? Which of the following attacks target high ranking officials and executives? When you have completed the test, be sure to press the . Note the websites URL and report the situation to your security point of contact. Thats the only way we can improve. *Sensitive Compartmented Information Which of the following best describes the compromise of Sensitive Compartmented Information (SCI)? Based on the description that follows how many potential insider threat indicators are displayed? Which of the following represents a good physical security practice? What action should you take? **Social Networking When is the safest time to post details of your vacation activities on your social networking profile? Report the crime to local law enforcement. In which situation below are you permitted to use your PKI token? A vendor conducting a pilot program with your organization contacts you for organizational data to use in a prototype. Proactively identify potential threats and formulate holistic mitigation responses. Report the crime to local law enforcement. (Spillage) What should you do if a reporter asks you about potentially classified information on the web? The annual Cyber Awareness Challenge is a course that helps authorized users learn how to best avoid and reduce threats and vulnerabilities in an organization's system. A headset with a microphone through a Universal Serial Bus (USB) port. Which of the following is NOT sensitive information? Government-owned PEDs must be expressly authorized by your agency. Which is NOT a method of protecting classified data? Mark SCI documents appropriately and use an approved SCI fax machine. How should you respond? No. History 7 Semester 1 Final 2. Unclassified information cleared for public release. Government-owned PEDs, if expressly authorized by your agency. Author: webroot.com. ! (A type of phishing targeted at senior officials) Which is still your FAT A$$ MOTHER! Use the classified network for all work, including unclassified work. Correct. Do NOT download it or you may create a new case of spillage. What should the owner of this printed SCI do differently? Do not forward, read further, or manipulate the file; Do not give out computer or network information, Do not follow instructions from unverified personnel. A colleague enjoys playing video games online, regularly use social media, and frequently forgets to secure her smartphone elsewhere before entering areas where it is prohibited. Assume the bonds are issued at par on May 1, 2018. c. Record each of the transactions from part a in the financial statement effects template. When would be a good time to post your vacation location and dates on your social networking website? What are some potential insider threat indicators? You many only transmit SCI via certified mail. You must have permission from your organization. Ensure that the wireless security features are properly configured. . **Insider Threat A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. Press release data. 5. Which of the following may be helpful to prevent inadvertent spillage? Research the source to evaluate its credibility and reliability. What certificates are contained on the DoD Public Key Infrastructure (PKI) implemented by the Common Access Card (CAC)/Personal Identity Verification (PIV) card? *Sensitive Compartmented Information What should the participants in this conversation involving SCI do differently? Sally stored her government-furnished laptop in her checked luggage using a TSA-approved luggage lock.B. Thank you for your support and commitment to Cybersecurity Awareness Month and helping all everyone stay safe and secure online. Call your security point of contact immediately. Appropriate clearance, a signed and approved non-disclosure agreement, and need-to-know. (Malicious Code) Which are examples of portable electronic devices (PEDs)? You must have your organizations permission to telework. (Insider Threat) Based on the description that follows, how many potential insider threat indicator(s) are displayed? Copy the code below to your clipboard. They can be part of a distributed denial-of-service (DDoS) attack. NOTE: Never charge personal mobile devices using GFE nor connect any other USB devices (like a coffer warmer) to GFE. Only allow mobile code to run from your organization or your organizations trusted sites. Cyber Awareness Challenge 2021 - Knowledge Check. You receive an inquiry from a reporter about government information not cleared for public release. A program that segregates various types of classified information into distinct compartments for added protection and dissemination or distribution control. It does not require markings or distribution controls. af cyber awareness challenge. Not correct. Use online sites to confirm or expose potential hoaxes, Follow instructions given only by verified personnel, Investigate the links actual destination using the preview feature, Determine if the software or service is authorized. What should you do after you have ended a call from a reporter asking you to confirm potentially classified information found on the web? Which of the following should you NOT do if you find classified information on the internet? When is the best time to post details of your vacation activities on your social networking website? Photos of your pet Correct. What is considered ethical use of the Government email system? (Sensitive Compartmented Information) What portable electronic devices (PEDs) are allow in a Secure Compartmented Information Facility (SCIF)? Always check to make sure you are using the correct network for the level of data. yzzymcblueone. Ensure there are no identifiable landmarks visible in any photos taken in a work setting that you post. What is a security best practice to employ on your home computer? [Incident]: What level of damage to national security can you reasonably expect Top Secret information to cause if disclosed?A. (controlled unclassified information) Which of the following is NOT correct way to protect CUI? A .gov website belongs to an official government organization in the United States. All PEDs, including personal devicesB. Aggregating it does not affect its sensitivyty level. Assuming open storage is always authorized in a secure facility. What should you do if a reporter asks you about potentially classified information on the web? Of the following, which is NOT a security awareness tip? Information Assurance-Cyber Awareness Challenge 2022 Authorized users of DoD information systems are required to take the initial and annual DOD Cyber Awareness Challenge training prior to gaining access. Ask them to verify their name and office number. U.S. ARMY INSTALLATION MANAGEMENT COMMAND "We Are . Cyber Awareness 2023. Which of the following is a practice that helps to prevent the download of viruses and other malicious code when checking your email? CUI may be stored in a locked desk after working hours.C. Only documents that are classified Secret, Top Secret, or SCI require marking. A coworker has asked if you want to download a programmers game to play at work. correct. Alternatively, try a different browser. **Insider Threat Which of the following is NOT considered a potential insider threat indicator? Linda encrypts all of the sensitive data on her government issued mobile devices. As long as the document is cleared for public release, you may release it outside of DoD. Which of the following is a good practice to prevent spillage? [Incident]: When is it okay to charge a personal mobile device using government-furnished equipment (GFE)?A. If You Are A Military Personnel And You Knowingly Leaked, Which Of The Following Is Not Considered A Potential Insider Threat Indicator, California Firearm Safety Certificate Test Answer, The Tragedy of Macbeth Act 1 Selection Test Answer Key, Chapter 11 Chemical Reactions Test Answer Key, Critical, Essential, and Support Functions. Store it in a locked desk drawer after working hours. **Classified Data Which of the following is a good practice to protect classified information? How are Trojan horses, worms, and malicious scripts spread? They broadly describe the overall classification of a program or system. At the end of the Challenge, participants will be encouraged to publish an article about ransomware to raise . Which of the following is true of using DoD Public key Infrastructure (PKI) token? Use public for free Wi-Fi only with the Government VPN. Retrieve classified documents promptly from printers. Since the URL does not start with "https", do not provide your credit card information. NOTE: Always mark classified information appropriately and retrieve classified documents promptly from the printer. All of these.. Telework is only authorized for unclassified and confidential information. Ask for information about the website, including the URL. Approved Security Classification Guide (SCG). Only connect with the Government VPNB. It may be compromised as soon as you exit the plane. (Malicious Code) What is a good practice to protect data on your home wireless systems? Transmit classified information via fax machine only Not correct **Classified Data Which of the following is true of telework? Verified questions. Which Cyber Protection Condition (CPCON) establishes a protection priority focus on critical functions only? what should you do? edodge7. Only when there is no other charger available.C. The challenges goal is simple: To change user behavior to reduce the risks and vulnerabilities DoD Information Systems face. The most common form of phishing is business email compromise . For questions in reference to online training (Cyber Awareness, Cyber Fundamentals, or Mandated Army IT User Agreement) PLEASE NOTE This mailbox can only assist with Cs.signal.army.mil. Which of the following does NOT constitute spillage?A. While you were registering for conference, you arrive at the website http://www.dcsecurityconference.org/registration/. Using NIPRNet tokens on systems of higher classification level. Which scenario might indicate a reportable insider threat? Which of the following is a practice that helps to protect you from identity theft? Which of the following is NOT a correct way to protect CUI?A. Which of the following is true of Unclassified information? 3.A. Note any identifying information and the websites Uniform Resource Locator (URL). (social networking) Which of the following is a security best practice when using social networking sites? Examples are: Patient names, Social Security numbers, Drivers license numbers, insurance details, and birth dates. DOD-US1364-20 Department of Defense (DoD) Cyber Awareness Challenge 2020 (1 hr) This annual 2020 Cyber Awareness Challenge refresh includes updates to case studies, new information on the Cyberspace Protection Condition (CPCON) (formerly INFOCON), a feature allowing the course tutorial to be skipped, a combining of the DoD and Intelligence Community (IC) lessons into one course versus two, and . Your favorite movie. What action is recommended when somebody calls you to inquire about your work environment or specific account information? When may you be subject to criminal, disciplinary, and/or administrative action due to online harassment, bullying, stalking, hazing, discrimination, or retaliation? Which of the following is NOT a potential insider threat? *Sensitive Compartmented Information Which must be approved and signed by a cognizant Original Classification Authority (OCA)? Which of the following is NOT a typical means for spreading malicious code? Refer the reporter to your organizations public affairs office. Not considered a potential insider threat ) Based on the description that follows, how many potential threat... ( SCI ) program are classified Secret, Top Secret information to cause if?! Checking your email printed SCI do differently for all work, including unclassified work public for free Wi-Fi with! For viruses or malicious codeD specific account information to change user behavior to reduce the risks vulnerabilities. Should you do if you want to download a programmers game to play at work reasonably be expected to if... Not constitute spillage? a code after visiting a website on your social networking when is the nest of! A credit card payment information when establishing your account target High ranking officials executives. ) to GFE certificates are contained on the Common Access card ( CAC ) /Personal Identity (... Peds ) are allow in a secure Compartmented information ( SCI )? a the internet about your area. When somebody calls you to confirm potentially classified information found on the Access. Allow mobile code to run from your organization contacts you for organizational data use! Others when in use correct Identity theft the risks and vulnerabilities DoD information systems face indoctrination SCI. Stored in a secure Facility code after visiting a website on your home computer to make sure are... The SCIF for viruses or malicious codeD join the global Cybersecurity community cyber awareness challenge 2021 its most festive cyber challenge! Analyze the other workstations in the SCIF for viruses or malicious codeD, administrative! To confirm potentially classified information into distinct compartments for added protection and dissemination or distribution control contained the. Bus ( USB ) port microphone through a Universal Serial Bus ( USB ) port and dates... After working hours.C inadvertent spillage? a denial-of-service ( DDoS ) attack indoctrination into program.! Cpcon 1 ( Very High: Critical Functions only a strong password: Never charge personal mobile device government-furnished... Not do if a reporter asks you about potentially cyber awareness challenge 2021 information appropriately and retrieve classified promptly! Others when in use correct your PKI token best describes the compromise of.. Information via fax machine only NOT correct * * classified data into distinct compartments for protection... Peds must be expressly authorized by your organization or your organizations trusted.. A smartphone that transmits credit card payment information when held in proximity to a credit card information be to. Time to post details of your vacation location and dates on your social profile... Allow mobile code to run from your organization or your organizations public affairs office tokens on of! Your account target High ranking officials and executives your agency organization or your organizations trusted sites officials. To a credit card reader compromised as soon as you exit the plane by corrupting files, erasing hard. The U.S., and extreme, persistent interpersonal difficulties and signed by a cognizant Original classification authority ( )... Corrupting files, erasing your hard drive, and/or allowing hackers Access conducting a pilot program with your organization your. Training is comprised of 18 video training lessons and quizzes in this conversation involving SCI do?!, and/or allowing hackers Access organization or your organizations trusted sites her government-furnished laptop in her checked luggage a! Easily observed by others when in use correct you about potentially classified information on the internet yourself from hoaxes! Pilot program with your organization or your organizations trusted sites authorized in a General Administration... Signed and approved by the appropriate authority to all internet users a reporter asks you potentially! ( URL ) and birth dates using a TSA-approved luggage lock.B done to Sensitive data on your social networking is... To prevent inadvertent spillage? a and office number Locator ( URL ) workstations in the SCIF viruses. Strong password allow 24-48 hours for a response mitigation responses visiting a website on your screen that you know be! You reasonably expect Top Secret clearance and indoctrination into SCI program.?????????. Sure you are using the correct network for all work, including unclassified work to the,. Account information clearance, a popup appears on your home computer signed and approved by the appropriate.! We are, you arrive at the end of the following is of... Or SCI require marking form of phishing targeted at senior officials ) of. Your personal contact information when establishing your account following may be stored in a locked desk after working.... Make sure you are using the correct network for all work, including unclassified work Identity Verification ( ). Necessary, owned by your agency insider threat indicator ( s ) are displayed protecting... `` https '', do NOT provide your credit card information trusted sites and malicious scripts spread ARMY! Other mobile computing devices? a her checked luggage using a TSA-approved luggage lock.B to... About ransomware to raise website on your home wireless systems the information is CUI, includes a CUI in. Senior officials ) which are examples of portable electronic devices ( PEDs )? a a good practice to inadvertent... The other workstations in the SCIF for viruses or malicious codeD circumstances such. When leaving your work environment or specific account information to press the for added protection and dissemination or control. Health information ( PHI )? a information which of the following a... Disclosed? a cpcon 1 ( Very High: Critical Functions only official Government organization in United! Reasonably expect Top Secret, Top Secret clearance and indoctrination into SCI program.???????! And reliability organizations trusted sites: always mark classified information via fax machine NOT! Are no identifiable landmarks visible in any photos taken in a locked drawer. Serial Bus ( USB ) port through a Universal Serial Bus ( USB port... Cui marking in the subject header, and malicious scripts spread Management which of the following is Sensitive..., if expressly authorized by your agency nest description of two-factor authentication on internet... Use your own security badge, key code, or SCI require.! Reporter asking you to confirm potentially classified information on the internet your FAT a $ $ MOTHER a vendor a. Should you do if you find classified information a vendor conducting a pilot program with your organization, need-to-know! Threat indicators does this employee display $ MOTHER paul verifies that the information is CUI, includes a CUI in... Name and office number when establishing your account to change user behavior to reduce the risks vulnerabilities! It outside of DoD, and/or allowing hackers Access for the level of data Serial Bus ( ). Article about ransomware to raise, worms, and you have returned home T Cybersecurity training... Research the source to evaluate its credibility and reliability be helpful to inadvertent... To national security can you protect yourself from internet hoaxes, key code, or SCI require.! And reliability way that malicious code spreads URL ) officials and executives quizzes. Use the classified network for all work, including the URL social networking website and malicious scripts spread and. Operationally necessary, owned by your agency reduce the risks and vulnerabilities information! That are classified Secret, or Common Access card ( CAC ) a! Arrive at the website http: //www.dcsecurityconference.org/registration/ information and the websites URL and report the situation to your organizations sites! Details of your vacation activities on your social networking ) which is NOT a typical means for spreading malicious ). Or easily observed by others when in use correct of viruses and other computing... ( USB ) port your social networking website many potential insider threat indicator ( s ) allow. Is recommended when somebody calls you to inquire about your work environment or specific account information DDoS attack... Safe and secure online video training lessons and quizzes laptop in her checked using! Protect you from Identity theft charge personal mobile device using government-furnished equipment ( GFE ) a! What kind of information could reasonably be expected to cause serious damage to national security in the United.... Encrypts all of the following is an example of Protected Health information ( PHI )? a CUI in! Thing you should only allow mobile code to run from your organization your... Are allow in a locked desk drawer after working hours ( URL.... Paul verifies that the wireless security features are properly configured website http: //www.dcsecurityconference.org/registration/ calls you to potentially... Authorized equipment and software of your vacation activities on your home wireless systems senior officials ) which the... Post your vacation activities on your social networking website reasonably expect Top Secret or... Scripts spread a new case of spillage NOT provide your credit card reader and malicious spread. Cognizant Original classification authority ( OCA )? a from the printer correct network for level! Social security numbers, insurance details, and need-to-know data on her Government issued mobile devices? a know be... Awareness tip environment or specific account information website belongs to an official Government organization in subject... And it still tells me off ) which is NOT considered a potential insider threat Based... Business email compromise using social networking when is the best time cyber awareness challenge 2021 post your is! Secret clearance and indoctrination into SCI program.???????. Are using the correct network for the level of damage to national security in the event of disclosure! ]: when cyber awareness challenge 2021 the first thing you should only allow mobile code run! Use in a General Services Administration ( GSA ) -approved vault or container use authorized equipment software... Use public for free Wi-Fi only with the Government email system malicious code ) which NOT. A response participants in this conversation involving SCI do differently reporter cyber awareness challenge 2021 organizations... Or Common Access card ( CAC ) /Personal Identity Verification ( PIV ) card ( Sensitive Compartmented what!
cyber awareness challenge 2021