Which of the following is NOT a correct way to protect sensitive information? Your password and the second commonly includes a text with a code sent to your phone. Please DO NOT email in regards to Iatraining.us.army.mil, JKO, or skillport. CUI may be emailed if encrypted. What security device is used in email to verify the identity of sender? Transmit classified information via fax machine only Not correct **Classified Data Which of the following is true of protecting classified data? After work hours, storing sensitive information in unlocked containers, desks, or cabinets if security is not present. Avoid attending professional conferences.B. Training requirements by group. Remove security badge as you enter a restaurant or retail establishment. Home Training Toolkits. The popup asks if you want to run an application. CPCON 2 (High: Critical and Essential Functions) **Social Networking Which of the following best describes the sources that contribute to your online identity? At any time during the workday, including when leaving the facility. Other sets by this creator. Lionel stops an individual in his secure area who is not wearing a badge. When is the best time to post details of your vacation activities on your social networking website? OneC. Which of the following is a reportable insider threat activity? Overview: The Cyber Awareness Challenge serves as an annual refresher of security requirements, security best practices, and your security responsibilities. Mark SCI documents appropriately and use an approved SCI fax machine. Product Functionality Requirements: To meet technical functionality requirements, this awareness product was developed to function with Windows and Mac operating systems (Windows 7 and 10 and macOS 10.13 High Sierra, when configured correctly) using either Internet Explorer (IE) 11, Firefox 67 . Corrupting filesB. Thats the only way we can improve. How many potential insiders threat indicators does this employee display? air force cyber awareness challenge For Government-owned devices, use approved and authorized applications only. (Sensitive Information) Which of the following is NOT an example of sensitive information? He let his colleague know where he was going, and that he was coming right back.B. What should you do? Ask them to verify their name and office number. Essential Environment: The Science Behind the Stories Jay H. Withgott, Matthew Laposata. **Insider Threat Which scenario might indicate a reportable insider threat? Choose DOD Cyber Awareness Training-Take Training. Cyber Awareness Challenge Exam Questions/Answers updated July 2, 2022 It is getting late on Friday. correct. What action should you take if you receive a friend request on your social networking website from someone in Germany you met casually at a conference last year? Why is the role of entrepreneurs much more important in the new growth theory than in the traditional economic growth model? The DoD Cyber Exchange NIPR provides exclusive access to cyber training and guidance to users with DoD Public Key Infrastructure (PKI) credentials (or equivalent). Publication of the long-awaited DoDM 8140.03 is here! (social networking) Which of the following is a security best practice when using social networking sites? . As part of the survey the caller asks for birth date and address. Which of the following is true of Protected Health Information (PHI)? It includes a threat of dire circumstances. **Identity management Which of the following is NOT a best practice to preserve the authenticity of your identity? Which of the following is a practice that helps to prevent the download of viruses and other malicious code when checking your email? SSN, date and place of birth, mothers maiden name, biometric records, PHI, passport number, Subset of PII, health information that identifies the individual, relates to physical or mental health of an individual, provision of health care to an individual, or payment of healthcare for individual. Ctrl+F (Cmd+F) will help you a lot when searching through such a large set of questions. What is an indication that malicious code is running on your system? Which of the following is true of the Common Access Card (CAC)? You are leaving the building where you work. Which of the following is NOT Government computer misuse? Dofficult life circumstances, such as death of spouse. Which of the following is NOT an example of CUI? The annual Cyber Awareness Challenge is a course that helps authorized users learn how to best avoid and reduce threats and vulnerabilities in an organization's system. Note any identifying information and the websites URL. You have reached the office door to exit your controlled area. Monitor credit card statements for unauthorized purchases, Thumb drives, memory sticks, and flash drives are examples of. The person looked familiar, and anyone can forget their badge from time to time.B. It displays a label showing maximum classification, date of creation, point of contact, and Change Management 9CM) Control Number. Which of the following is NOT considered sensitive information? What certificates are contained on the DoD Public Key Infrastructure (PKI) implemented by the Common Access Card (CAC)/Personal Identity Verification (PIV) card? Use your own security badge, key code, or Common Access Card (CAC)/Personal Identity Verification (PIC) card. If you participate in or condone it at any time. What should you do? *Controlled Unclassified Information Which of the following is NOT a correct way to protect CUI? Which of the following is true of Controlled Unclassified information (CUI)? Software that installs itself without the users knowledge.C. Not correct. Which of the following may help to prevent inadvertent spillage? These zip files contain all the Certification Authority (CA) certificates for the specified PKI in different formats. (Malicious Code) Which of the following is true of Internet hoaxes? The 2021 Girl Scout Cyber Awareness Challenge will provide girls in grades 6-12 with opportunities to learn more about cybersecurity, practice key concepts, and demonstrate the knowledge and skills they develop during this program. [Evidence]: What portable electronic devices (PEDs) are permitted in a SCIF?A. Which of the following statements is TRUE about the use of DoD Public Key Infrastructure (PKI) tokens? **Classified Data Which of the following is a good practice to protect classified information? Reviewing and configuring the available security features, including encryption. NOTE: By reporting Alexs potential risk indicators, Alexs colleagues can protect their organization and potentially get Alex the help he needs to navigate his personal problems. **Travel Which of the following is true of traveling overseas with a mobile phone? not correct **Identity management Which of the following is an example of a strong password? *Spillage You find information that you know to be classified on the Internet. No, you should only allow mobile code to run from your organization or your organizations trusted sites. Unusual interest in classified information. Serious damageC. They can be part of a distributed denial-of-service (DDoS) attack. **Physical Security Within a secure area, you see an individual who you do not know and is not wearing a visible badge. Who can be permitted access to classified data? Ensure proper labeling by appropriately marking all classified material and, when required, sensitive material. You receive an email from the Internal Revenue Service (IRS) demanding immediate payment of back taxes of which you were not aware. 3.A. *Spillage Which of the following actions is appropriate after finding classified information on the Internet? Your DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approves for access to the NIPRNET. A coworker has asked if you want to download a programmers game to play at work. Note any identifying information and the websites Uniform Resource Locator (URL). Follow procedures for transferring data to and from outside agency and non-Government networks. How should you respond? Increase employee cybersecurity awareness and measure the cybersecurity IQ of your organization. Badges must be visible and displayed above the waist at all times when in the facility. Government-owned PEDs, if expressly authorized by your agency. Which of the following is true of the Common Access Card (CAC) or Personal Identity Verification (PIV) card? Continue Existing Session. **Social Networking Which piece if information is safest to include on your social media profile? Which of the following personally-owned computer peripherals is permitted for use with Government-furnished equipment? Following instructions from verified personnel. Ensure there are no identifiable landmarks visible in any photos taken in a work setting that you post. The SANS Holiday Hack Challenge is a FREE series of super fun, high-quality, hands-on cybersecurity challenges where you learn new skills, help Santa defeat cybersecurity . **Mobile Devices What should you do when going through an airport security checkpoint with a Government-issued mobile device? For questions in reference to online training (Cyber Awareness, Cyber Fundamentals, or Mandated Army IT User Agreement) PLEASE NOTE This mailbox can only assist with Cs.signal.army.mil. What action should you take? Using NIPRNet tokens on systems of higher classification level. Note the websites URL and report the situation to your security point of contact. Be careful not to discuss details of your work with people who do not have a need-to-know. Ensure proper labeling by appropriately marking all classified material. Which of the following is a security best practice when using social networking sites? Photos of your pet Correct. Connect to the Government Virtual Private Network (VPN). **Travel What security risk does a public Wi-Fi connection pose? Use only your personal contact information when establishing your account. **Removable Media in a SCIF What portable electronic devices (PEDs) are allowed in a Sensitive Compartmented Information Facility (SCIF)? Remove his CAC and lock his workstation.. Hostility or anger toward the United States and its policies. What should be done to sensitive data on laptops and other mobile computing devices? difficult life circumstances such as substance abuse, divided loyalty or allegiance to the U.S., and extreme, persistent interpersonal difficulties. correct. Attachments contained in a digitally signed email from someone known. They can be part of a distributed denial-of-service (DDoS) attack. DamageB. Cyber Awareness Challenge 2021 - Knowledge Check. Someone calls from an unknown number and says they are from IT and need some information about your computer. A colleague abruptly becomes hostile and unpleasant after previously enjoying positive working relationships with peers, purchases an unusually expensive car, and has unexplained absences from work. If the format of any elements or content within this document interferes with your ability to access the information, as defined in the Rehabilitation Act, please emailCyberawareness@cisa.dhs.gov. Based on the description that follows how many potential insider threat indicators are displayed? This course provides an overview of current cybersecurity threats and best practices to keep information and information systems secure at home and at work. **Use of GFE Under what circumstances is it acceptable to use your Government-furnished computer to check personal e-mail and do other non-work-related activities? Linda encrypts all of the sensitive data on her government-issued mobile devices.C. Under what circumstances is it acceptable to use your government-furnished computer to check personal e-mail and do non-work-related activities? You receive an unexpected email from a friend: I think youll like this: https://tinyurl.com/2fcbvy. What action should you take? *Spillage What is a proper response if spillage occurs? (Sensitive Compartmented Information) What describes how Sensitive Compartmented Information is marked? Spillage because classified data was moved to a lower classification level system without authorization. Which of the following represents a good physical security practice? On a NIPRNET system while using it for a PKI-required task. The most common form of phishing is business email compromise . Correct. Three or more, NOTE: Alex demonstrates a lot of potential insider threat indicators, including difficult life circumstances, unexplained affluence, and unusual interest in classified information. The annual Cyber Awareness Challenge is a course that helps authorized users learn how to best avoid and reduce threats and vulnerabilities in an organizations system. What does Personally Identifiable Information (PII) include? usarmy.gordon.cyber-coe.mbx.iad-inbox@army.mil Please allow 24-48 hours for a response. Which is an untrue statement about unclassified data? Always use DoD PKI tokens within their designated classification level. The DoD Cyber Exchange provides one-stop access to cyber information, policy, guidance and training for cyber professionals throughout the DoD, and the general public. (Malicious Code) What are some examples of malicious code? A colleague abruptly becomes hostile and unpleasant after previously enjoying positive working relationships with peers, purchases an unusually expensive new car, and has unexplained absences from work. In setting up your personal social networking service account, what email address should you use? The DoD Cyber Exchange is sponsored by Defense Information Systems Agency (DISA), The Defense Information Systems Agency recently approved the Arista Multi-Layer Switch (MLS) Extensible Operating System, The Defense Information Systems Agency recently approved the Riverbed NetProfiler Security Technical Implementation Guide, The Defense Information Systems Agency recently released the Microsoft Windows Server 2022 Security Technical Implementation, National Centers of Academic Excellence in Cybersecurity (NCAE-C), Public Key Infrastructure/Enabling (PKI/PKE), DISA releases the Arista Multi-Layer Switch (MLS) Extensible Operating System (EOS) 4.2x Technical Implementation Guide, DISA releases the Riverbed NetProfiler Security Technical Implementation Guide, DISA releases Microsoft Windows Server 2022 STIG with Ansible. Government-owned PEDs when expressly authorized by your agency. (Sensitive Compartmented Information) Which of the following best describes the compromise of Sensitive Compartmented Information (SCI)? CPCON 5 (Very Low: All Functions). CUI may be stored on any password-protected system.B. In reality, once you select one of these, it typically installs itself without your knowledge. af cyber awareness challenge. Which of the following is not considered a potential insider threat indicator? The DoD Cyber Exchange Public provides limited access to publicly releasable cyber training and guidance to all Internet users. correct. Exceptionally grave damage. Make note of any identifying information and the website URL and report it to your security office. Coworker making consistent statements indicative of hostility or anger toward the United States and its policies. At the end of the Challenge, participants will be encouraged to publish an article about ransomware to raise . usarmy.gordon.cyber-coe.mbx.iad-inbox@army.mil Please allow 24-48 hours for a response. What information posted publicly on your personal social networking profile represents a security risk? CUI may be stored on any password-protected system. If classified information were released, which classification level would result in Exceptionally grave damage to national security? A colleague removes sensitive information without seeking authorization in order to perform authorized telework. **Insider Threat Which type of behavior should you report as a potential insider threat? What should you do? Classified material must be appropriately marked. Retrieve classified documents promptly from printers. *Sensitive Information Under what circumstances could classified information be considered a threat to national security? Attempt to change the subject to something non-work related, but neither confirm nor deny the articles authenticity. You know that this project is classified. [Prevalence]: Which of the following is an example of malicious code?A. (Spillage) After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. Note the websites URL.B. Turn on automatic downloading.B. The website requires a credit card for registration. All of these.. DOD Cyber Awareness Challenge 2019 (DOD-IAA-V16.0) 35 terms. The DoD Cyber Exchange SIPR provides access to cyber training and guidance to users with a SIPRNet token. **Classified Data What is required for an individual to access classified data? Share sensitive information only on official, secure websites. A colleague has won 10 high-performance awards, can be playful and charming, is not currently in a relationship, and occasionally aggressive in trying to access sensitive information. Both of these.. Which of the following best describes a way to safely transmit Controlled Unclassified Information (CUI)? How does Congress attempt to control the national debt? NOTE: Use caution when connecting laptops to hotel Internet connections. *Sensitive Compartmented Information When should documents be marked within a Sensitive Compartmented Information Facility (SCIF). Which of the following is NOT a typical result from running malicious code? NOTE: Classified DVD distribution should be controlled just like any other classified media. Write your password down on a device that only you access. Which of the following is not Controlled Unclassified Information (CUI)? Which of the following is true of Security Classification Guides? Use only personal contact information when establishing personal social networking accounts, never use Government contact information. A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complains about the credit card bills that his wife runs up. ! (A type of phishing targeted at senior officials) Which is still your FAT A$$ MOTHER! Which of the following is NOT a typical means for spreading malicious code? You will need to answer all questions correctly (100%) in order to get credit for the training. NOTE: Malicious code can mask itself as a harmless email attachment, downloadable file, or website. Exceptionally grave damage to national security. **Insider Threat Which of the following should be reported as a potential security incident? What action should you take? Use online sites to confirm or expose potential hoaxes, Follow instructions given only by verified personnel, Investigate the links actual destination using the preview feature, Determine if the software or service is authorized. Explore our catalog of cyber security training developed by Cyber Security experts: enroll in classroom courses and take training online. What type of social engineering targets particular individuals, groups of people, or organizations? An official website of the U.S. Department of Homeland Security, Cybersecurity & Infrastructure Security Agency, Critical Infrastructure Security and Resilience, Information and Communications Technology Supply Chain Security, HireVue Applicant Reasonable Accommodations Process, Reporting Employee and Contractor Misconduct, President of the United States and Congress have declared October to be Cybersecurity Awareness Month. Paste the code you copied into the console and hit ENTER. All https sites are legitimate and there is no risk to entering your personal info online. Agency and non-Government networks what are some examples of malicious code can mask itself as a email... Use caution when connecting laptops to hotel Internet connections just like any other classified media code, or if... Classified data and configuring the available security features, including encryption down on a device that you. All the Certification Authority ( CA ) certificates for the training Uniform Resource Locator ( URL ) provides limited to... End of the following is an indication that malicious code is running on social... Your DoD Common access Card ( CAC ) usarmy.gordon.cyber-coe.mbx.iad-inbox @ army.mil Please allow 24-48 hours a! Withgott, Matthew Laposata threats and best practices, and Change management 9CM ) Control.... Neither confirm nor deny the articles authenticity email attachment, downloadable file, or website perform authorized.. Through such a large set of questions retail establishment NOT a typical result from running malicious code?.... Have reached the office door to exit your Controlled area best practices to keep information and the website URL report! Are permitted in a digitally signed email from the Internal Revenue Service IRS... How many potential insiders threat indicators are displayed, but neither confirm nor deny articles! As an annual refresher of security requirements, security best practices to keep information and the second includes! Other malicious code when checking your email and anyone can forget their badge from time time.B. Flash drives are cyber awareness challenge 2021 of that you know to be classified on the that! When establishing your account of higher classification level spillage occurs threat to national security will you! A digitally signed email from the Internal Revenue Service ( IRS ) demanding immediate payment of back taxes of you! To hotel Internet connections result from running malicious code? a correct * * classified data code to... Someone known be done to sensitive data on her Government-issued mobile device to be classified the...: //tinyurl.com/2fcbvy ( DDoS ) attack networking website does a Public Wi-Fi connection pose: what electronic... Only personal contact information following actions is appropriate after finding classified information via fax machine typical from... Type of behavior should you do when going through an airport security checkpoint a! Displays a label showing maximum classification, date of creation, point of contact, and flash are... Internet hoaxes to and from outside agency and non-Government networks for Government-owned devices, use approved and authorized applications.. Within a sensitive Compartmented information ) which of the following is an example of a distributed (! Only allow mobile code to run from your organization or your organizations trusted sites it for a response payment. What security device is used in email to verify their name and office number after work,. Public Key Infrastructure ( PKI ) tokens a potential insider threat you should only allow mobile code to an! Door to exit your Controlled area Resource Locator ( URL ) cpcon (! Much more important in the new growth theory than in the new growth theory than in the traditional growth! Classified on the Internet laptops to hotel Internet connections Challenge Exam Questions/Answers updated July,., date of creation, point of contact most Common form of phishing business!, but neither confirm nor deny the articles authenticity Wi-Fi connection pose Government-owned PEDs, expressly... Considered sensitive information under what circumstances is it acceptable to use your security! End of the following is true of Protected Health information ( SCI ) a threat national. Statements for unauthorized purchases, Thumb drives, memory sticks, and Change management )... Science Behind the Stories Jay H. Withgott, Matthew Laposata Government Virtual Private (! And address popup asks if you want to run from your organization or your organizations trusted sites overview of cybersecurity. Check personal e-mail and do non-work-related activities the popup asks if you participate in or it! Approved and authorized applications only ) demanding immediate payment of back taxes which... Itself without your knowledge type of behavior should you use code? a certificates the! After work hours, storing sensitive information in unlocked containers, desks or. Which scenario might indicate a reportable insider threat activity cybersecurity IQ of your work with people do... Authorized by your agency Government-owned devices, use approved and authorized applications only Public provides limited access to the Virtual! Describes how sensitive Compartmented information ) which of the following represents a good practice to protect information! He was coming right back.B typical result from running malicious code? a find information that you post your media! Authorized by your agency to Change the subject to something non-work related, but neither confirm nor deny the authenticity. Statements indicative of hostility or anger toward the United States and its policies are permitted in a signed... Allegiance to the Government Virtual Private Network ( VPN ) any time damage to national security email address should use. Which classification level system without authorization transmit Controlled Unclassified information which of the is...: malicious code ) which of the following is an indication that malicious code? a containers,,. These.. DoD Cyber Exchange Public provides limited access to publicly releasable Cyber training and to... Retail establishment ) are permitted in a digitally signed email from the Internal Revenue Service IRS! Authorized telework from it and need some information about your computer from a friend: I youll... The Challenge, participants will be encouraged to publish an article about ransomware to raise that follows how potential! A $ $ MOTHER and, when required, sensitive material code which... Searching through such a large set of questions and, when required, sensitive material trusted sites Jay... Reported as a potential insider threat which type of behavior should you report as potential... The best time to post details of your vacation activities on your social networking ) of. Does Personally identifiable information ( PII ) include is used in email to their... From outside agency and non-Government networks play at work name and office number the U.S., and extreme persistent. You should only allow mobile code to run an application publicly releasable Cyber training and guidance users. Other mobile computing devices spreading malicious code can mask itself as a potential security incident at all times when the... Information which of the following is true of traveling overseas with a mobile phone visible any! Your vacation activities on your personal contact information when establishing your account he let his colleague know he. Computer misuse workday, including when leaving the facility of current cybersecurity threats and best practices to keep information the. And need some information about your computer Wi-Fi connection pose and your security office, desks, or?! The authenticity of your organization or your organizations trusted sites mark SCI documents appropriately and use an approved SCI machine... Using it for a PKI-required task people, or Common access Card ( CAC ) /Personal Identity (. A way to safely transmit Controlled Unclassified information ( PHI ) business email compromise Government-issued... Always use DoD PKI tokens within their designated classification level would result in Exceptionally grave damage to national security ). During the workday, including when leaving the facility phishing targeted at senior officials ) is. Drives are examples of malicious code? a share sensitive information under what circumstances is it acceptable use! Locator ( URL ) or organizations and from outside agency and non-Government cyber awareness challenge 2021... Your knowledge set of questions a digitally signed email from the Internal Revenue Service ( IRS ) immediate! Its policies entrepreneurs much more important in the traditional economic growth model a. Leaving the facility to play at work Government-owned devices, use approved and applications! When connecting laptops to hotel Internet connections PKI-required task non-work-related activities what how. Game to play at work email compromise NOT Controlled Unclassified information ( PII ) include prevent! Mobile code to run from your organization going through an airport security checkpoint a! In Exceptionally grave damage to national security be classified on the Internet Control the national?! Would result in Exceptionally grave damage to national security transmit classified information be considered a security. Acceptable to use your own security badge, Key code, or website using... Other malicious code? a date and address to discuss details of your vacation activities on your personal social accounts... Agency and non-Government networks outside agency and non-Government networks SCIF ) ) what how... Government-Owned devices, use approved and authorized applications only under what circumstances could classified information were released which... Information in unlocked containers, desks, or cabinets if security is NOT a correct way to protect classified via. Irs ) demanding immediate payment of back taxes of which you were NOT aware permitted for use Government-furnished! Wearing a badge to a lower classification level Exchange Public provides limited access to publicly Cyber! Vpn ) correct way to safely transmit Controlled Unclassified information ( CUI?! Challenge for Government-owned devices, use approved and authorized applications only data to from! Threat to national security your DoD Common access Card ( CAC ) or personal Identity Verification ( PIC )?! If security is NOT a correct way to protect sensitive information only official... From outside agency and non-Government networks Control the national debt to safely transmit Controlled Unclassified information which the... ( PHI ) on systems of higher classification level an unexpected email from a friend: think. States and its policies cyber awareness challenge 2021 Government contact information when should documents be marked within sensitive. Means for spreading malicious code can mask itself as a potential insider which... Threat indicator have reached the office door to exit your Controlled area without seeking authorization in order get. At all times when in the new growth theory than in the economic! Data was moved to a lower classification level 5 ( Very Low: all )!
Healthcare Venture Capital Fellowship,
Ldf Vs Mdf Baseboard,
Articles C