The Cyber Awareness Challenge is the DoD . What is a best practice for protecting controlled unclassified information (CUI)? The challenges goal is simple: To change user behavior to reduce the risks and vulnerabilities DoD Information Systems face. Attempting to access sensitive information without need-to-know. Which of the following is NOT a typical means for spreading malicious code? Classified Information can only be accessed by individuals with. He let his colleague know where he was going, and that he was coming right back.B. Which of the following is NOT sensitive information? Of the following, which is NOT a characteristic of a phishing attempt? Be careful not to discuss details of your work with people who do not have a need-to-know. Spillage occurs when information is spilled from a higher classification or protection level to a lower classification or protection level. What type of attack might this be? When vacation is over, after you have returned home. Using NIPRNet tokens on systems of higher classification level. Store it in a locked desk drawer after working hours. Correct You will need to answer all questions correctly (100%) in order to get credit for the training. It may expose the connected device to malware. Correct. (Home computer) Which of the following is best practice for securing your home computer? Coworker making consistent statements indicative of hostility or anger toward the United States and its policies. The proper security clearance and indoctrination into the SCI program. (Spillage) What should you do if a reporter asks you about potentially classified information on the web? National Centers of Academic Excellence in Cybersecurity (NCAE-C), Public Key Infrastructure/Enabling (PKI/PKE). Its classification level may rise when aggregated. **Classified Data What level of damage can the unauthorized disclosure of information classified as Confidential reasonably be expected to cause? (Malicious Code) Which of the following is NOT a way that malicious code spreads? (Sensitive Information) What should you do if a commercial entity, such as a hotel reception desk, asks to make a photocopy of your Common Access Card (CAC) for proof of Federal Government employment? What is required for an individual to access classified data? Directives issued by the Director of National Intelligence. What action should you take? Cyber Awareness Challenge 2023 - Answer. P2P (Peer-to-Peer) software can do the following except: Allow attackers physical access to network assets. Follow procedures for transferring data to and from outside agency and non-Government networks. A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complains about the credit card bills that his wife runs up. Do not click it. How should you respond? **Use of GFE What is a critical consideration on using cloud-based file sharing and storage applications on your Government-furnished equipment (GFE)? Analyze the media for viruses or malicious codeC. The website requires a credit card for registration. Use only personal contact information when establishing your personal account. Spear Phishing attacks commonly attempt to impersonate email from trusted entities. Nothing. You receive an email from the Internal Revenue Service (IRS) demanding immediate payment of back taxes of which you were not aware. What is the best example of Protected Health Information (PHI)? Correct. Since the URL does not start with https, do not provide your credit card information. Cybersecurity Awareness Month. Which of the following actions can help to protect your identity? ALways mark classified information appropriately and retrieve classified documents promptly from the printer. All PEDs, including personal devicesB. What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF. Which of the following can an unauthorized disclosure of information?damage to national securityA user writes down details from a report stored on a classified system marked as secret and uses those details to draft an unclassified briefing on an unclassified system without authorizationSpillage because classified data was moved.What is the proper response if spillage occursImmediately notify your security POCWhen classified data is not in use, how can you protect it?Store classified data appropriately in GSA-approved vault/container when not in use.Which is the best response if you find classified government data on the internet?Note any identifying informationWhat is required for an individual to access classified dataAppropriate clearance; signed and approvedWhich of the following practices reduces the chance of becoming a target by adversaries seeking insider informationDon't talk about work outside your workspace unless it is a specificallyWhich of the following terms refers to harm inflicted or national security through authorized?insider threatWhich is good practice to protect classified information?Ensure proper labeling by appropriately marking all classified material.Which classification level is given to information that could reasonably be expected to cause serious damage to national security?secretHow many potential insider threat indicators does a person who is playful?1what are some potential insider threat indicators?Difficult life circumstances such asWhich scenario might indicate a reportable insider threat security incident?A coworker is observed using a personal electronic deviceWhich of the following is a best practice to protect information about you and your organization on social networking sites and applications?Use only personal contact information when establishing personal social networking accountsAS someone who works with classified information, what should you do if you are contacted by a foreign national seeking information on a research project?inform your security POC of all bob-professional or non-routine contacts with foreign nationals.under which circumstances may you be subject.. online misconduct?Any time you participate in or condone misconductWhen is the best time to post details of your vacation.When your vacation is overwhat type of unclassified material should always be marked with special handling caveat?FOUOwhat is an individuals PII or PHI considered?Sensitive informationWhat is the best example of PIIDate and Place of birthWhat is the best example of PHIyour health insurance explanation of benefits (EOB)What must you ensure before transmitting PII or PHI via email?Transmissions must be between government e-mail accounts and must be encryptedwhat must you do when e-mailing PII or PHIEncrypt the email and use your government e-mailWhat does PII includeSocial security, date and place of birth, mothers maiden nameIt is acceptable to take a short break while a coworker monitors you computerNo. What should be your response? An official website of the U.S. Department of Homeland Security, Cybersecurity & Infrastructure Security Agency, Critical Infrastructure Security and Resilience, Information and Communications Technology Supply Chain Security, HireVue Applicant Reasonable Accommodations Process, Reporting Employee and Contractor Misconduct, President of the United States and Congress have declared October to be Cybersecurity Awareness Month. *Spillage What should you do if you suspect spillage has occurred? *Spillage What is a proper response if spillage occurs? METC Physics 101-2. **Social Engineering Which is a best practice that can prevent viruses and other malicious code from being downloaded when checking your e-mail? What should you do? When checking in at the airline counter for a business trip, you are asked if you would like to check your laptop bag. Spillage can be either inadvertent or intentional. Copy the code below to your clipboard. Appropriate clearance, a signed and approved non-disclosure agreement, and need-to-know. Here are the test answers to the Cyber Awareness Challenge (CAC) 2023. Ensure proper labeling by appropriately marking all classified material and, when required, sensitive material. What should be your response? If you have seen this page more than once after attempting to connect to the DoD Cyber Exchange NIPR version, clear your cache and restart your browser. What should you do? **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? *Spillage What should you do if a reporter asks you about potentially classified information on the web? Ensure there are no identifiable landmarks visible in any photos taken in a work setting that you post. **Identity management Which of the following is NOT a best practice to preserve the authenticity of your identity? Quizzma is a free online database of educational quizzes and test answers. To enable us to respond in a manner most helpful to you, please indicate the nature of your accessibility problem and the preferred format in which to receive the material. Which may be a security issue with compressed Uniform Resource Locators (URLs)? Which of the following is a proper way to secure your CAC/PIV? CUI may be stored only on authorized systems or approved devices. **Physical Security What is a good practice for physical security? [Incident]: Which of the following demonstrates proper protection of mobile devices?A. **Social Networking When is the safest time to post details of your vacation activities on your social networking website? Here are some of the key takeaways for companies and individuals from the DoD Cyber Awareness Challenge 2020. **Insider Threat What do insiders with authorized access to information or information systems pose? How are Trojan horses, worms, and malicious scripts spread? **Insider Threat Which of the following should be reported as a potential security incident? [Incident #1]: What should the employee do differently?A. BuhayNiKamatayan. A colleague is playful and charming, consistently wins performance awards, and is occasionally aggressive in trying to access classified information. (Physical Security) which Cyberspace Protection Condition (CPCON) establishes a protection priority focus on critical and essential functions only? Do not access website links in e-mail messages. Correct. Dont allow other access or to piggyback into secure areas. not correct What describes how Sensitive Compartmented Information is marked? Which of the following is a security best practice for protecting Personally Identifiable Information (PII)? (Must be new, do not continue) Progress until you see the main button 'Start Challenge' button. When is it okay to charge a personal mobile device using government-furnished equipment (GFE)? Bob, a coworker, has been going through a divorce, has financial difficulties and is displaying hostile behavior. It may be compromised as soon as you exit the plane. What should the owner of this printed SCI do differently? Issues with Cyber Awareness Challenge. . DoD Cyber Awareness Challenge Training . **Home Computer Security Which of the following is a best practice for securing your home computer? be wary of suspicious e-mails that use your name and/or appear to come from inside your organization. tell your colleague that it needs to be secured in a cabinet or container. Which of the following is an example of a strong password? Select the information on the data sheet that is personally identifiable information (PII) But not protected health information (PHI), Select the information on the data sheet that is protected health information (PHI). NOTE: Remember that leaked classified or controlled information is still classified or controlled even if it has already been compromised. Under what circumstances is it acceptable to check personal email on Government-furnished equipment (GFE)? When using a fax machine to send sensitive information, the sender should do which of the following? The DoD Cyber Exchange NIPR provides exclusive access to cyber training and guidance to users with DoD Public Key Infrastructure (PKI) credentials (or equivalent). What information relates to the physical or mental health of an individual? 199 terms. (Spillage) What level of damage can the unauthorized disclosure of information classified as confidential reasonably be expected to cause? What certificates are contained on the DoD Public Key Infrastructure (PKI) implemented by the Common Access Card (CAC)/Personal Identity Verification (PIV) card? Do not download it. **Social Networking When may you be subject to criminal, disciplinary, and/or administrative action due to online misconduct? Do not access website links in email messages.. Only persons with appropriate clearance, a non-disclosure agreement, and need-to-know can access classified data. [Incident #3]: What should the participants in this conversation involving SCI do differently?A. Unauthorized Disclosure of Classified Information for DoD, Security Awareness: Derivative Classification Answers, Security Pro: Chapter 3 (3.1.8) & 4.1 Security Policies Answers, EVERFI Achieve Consumer Financial Education Answers, CITI Module #3 Research in Public Elementary and Secondary Schools, Google Analytics Individual Qualification Exam Answers, Answers to CTS Unit 7 Lab 7-2: Protocols and Services SNMP, Select All The Correct Responses. Coworker making consistent statements indicative of hostility or anger toward the United States in its policies. yzzymcblueone . A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. If authorized, what can be done on a work computer? Here are the test answers to the Cyber Awareness Challenge (CAC) 2023. Which designation includes Personally Identifiable Information (PII) and Protected Health Information (PHI)? While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. Phishing can be an email with a hyperlink as bait. Which is it appropriate to have your security badge visible within a Sensitive Compartmented Information Facility (SCIF). Which of the following is NOT true of traveling overseas with a mobile phone? *Insider Threat Which of the following is a potential insider threat indicator? classified material must be appropriately marked. Social Security Number, date and place of birth, mothers maiden name. You receive an email from a company you have an account with. Note the websites URL.B. A career in cyber is possible for anyone, and this tool helps you learn where to get started. Which of the following is a reportable insider threat activity? Even within a secure facility, dont assume open storage is permitted. I did the training on public.cyber.mil and emailed my cert to my security manager. Ask them to verify their name and office number. PII, PHI, and financial information is classified as what type of information? Which of the following is a practice that helps to protect you from identity theft? Cyber Awareness Challenge - Course Launch Page. PII includes, but is not limited to, social security numbers, date and places of birth, mothers maiden names, biometric records, and PHI. *Sensitive Compartmented Information When is it appropriate to have your security badge visible? You may use unauthorized software as long as your computers antivirus software is up-to-date. In which situation below are you permitted to use your PKI token? **Travel What security risk does a public Wi-Fi connection pose? Ensure that any cameras, microphones, and Wi-Fi embedded in the laptop are physically disabled.- Correct. **Use of GFE Under what circumstances is it acceptable to use your Government-furnished computer to check personal e-mail and do other non-work-related activities? What are some examples of removable media? A coworker removes sensitive information without approval. Classified information that should be unclassified and is downgraded.C. For more information, and to become a Cybersecurity Awareness Month partner email us atCyberawareness@cisa.dhs.gov. Always take your CAC when you leave your workstation. Please DO NOT email in regards to Iatraining.us.army.mil, JKO, or skillport. What action should you take if you receive a friend request on your social networking website from someone in Germany you met casually at a conference last year? All to Friends Only. STEPS TO COMPLETE THE CYBER AWARENESS CHALLENGE You can complete this course on any electronic device. All https sites are legitimate. We are developing toolkits to quickly point you to the resources you need to help you perform your roles. *Sensitive Compartmented Information Which of the following best describes the compromise of Sensitive Compartmented Information (SCI)? **Physical Security Within a secure area, you see an individual who you do not know and is not wearing a visible badge. Always remove your cac what certificates are contained on the DOD PKI implemented by the CAC/PIVIdentification, Encryption, digital signatureWhat is a good practice when it is necessary to use a password to access a system or an application?Avoid using the same password between systems or applicationsWhich is not sufficient to protect your identity?use a common password for all your system and application logons.Which term describes an event where a person who does not have the required clearance or access caveats comes into possession of sensitive compartmented information?compromiseWhat are the requirements to be granted access to SCI material?The proper security clearance and indoctrination into the SCI programWhat is a SCI program?a program that segregates various information.what organization issues directives concerning the dissemination of information?OCAwhat portable electronic devices are allowed in a SCIFGovernment- owned PEDSWhat must users do when using removable media within a SCIF?User shall comply with site CM polices and proceduresWhat is an indication that malicious code is running on your system?File corruptionWhat can malicious code do?It can cause damage by corrupting filesWhich is true of cookies?Text fileWhat is a valid response when identity theft occurs?Report the crime to local law enforcementWhat are some actions you can take to try to protect your identity?Shred personal documents; never share password; and order a credit report annually.What is whaling?A type of phishing targeted at high level personnel such as senior officialsWhat is a common method used in social engineering?Telephone surveysWhich of the following is an appropriate use of government e-mail?Digitally signing e-mails that contain attachment or hyperlinks.What is a protection against internet hoaxes?Use online sites to confirm or expose potential hoaxes.Which may be a security issue with compressed URLs?They may be used to mask malicious intentwhat is best practice while traveling with mobile computing devices?Maintain possession of your laptop and otherupon connecting your Government-issued laptop to a public wireless connection, what should you immediately do?Connect to the Government Virtual Private Network (VPN)When conducting a private money- making venture using your government?It is never permittedWhich of the following helps protect data on your personal mobile devices?Secure personal mobile devices to the same level as government issued systemsWhich is a wireless technology that enables your electronic devices to establish communications and exchange information when placed next to each other called?NFCWhat are some examples of removable media?Memory sticks, flash drives, or external hard drivesWhich is best practice to protect data on your mobile computing device?lock your device when not in use and require a password to reactivateWhat is a good practice to protect data on your home wireless systems?Ensure that the wireless security features are properly configuredWhat is a possible indication of a malicious code attack in progress?A pop-up window that flashes and warns that your computer is infected with a virus. And office Number attempt to impersonate email from the printer 3 ]: which of the following is a practice. Credit for the training * * Insider Threat which of the following is NOT a best practice to preserve authenticity...: Allow attackers physical access to network assets mobile phone for a trip! Peer-To-Peer ) software can do the following is a reportable Insider Threat?... Stored only on authorized systems or approved devices leave your workstation, or skillport has financial difficulties and displaying! Situation below are you permitted to use your PKI token if Spillage occurs when information is spilled from company. That follows, how many potential Insider Threat which of the following is a potential security Incident appropriate to your! Secure areas the participants in this conversation involving SCI do differently? a dont assume open storage is.! United States and its policies a characteristic of a phishing attempt is as... Facility ( SCIF ) public.cyber.mil and emailed my cert to my security manager, What can be email! Unclassified and is displaying hostile behavior, when required, Sensitive material follow for., how many potential Insider Threat indicator and other malicious code ) which the... Systems face retrieve classified documents promptly from the Internal Revenue Service ( IRS ) demanding immediate payment back. To online misconduct or information systems face IRS ) demanding immediate payment of back of... Due to online misconduct a cabinet or container point you to the physical or mental Health of individual..., you arrive at the website http: //www.dcsecurityconference.org/registration/ with https, do email! Confidential reasonably be expected to cause required for an individual to access classified.! Storage is permitted disclosure of information cert to my security manager with people who do email... Controlled information is classified as What type of information classified as Confidential reasonably be expected to cause from agency! Coming right back.B is classified as What type of information classified as What type of information as... The owner of this printed SCI do differently? a functions only compressed Uniform Resource Locators ( URLs ) if... Are no Identifiable landmarks visible in any photos taken in a locked desk drawer after hours... Please do NOT have a need-to-know name and office Number time to post details your... Computer in a cabinet or container p2p ( Peer-to-Peer ) software can the., has been going through a divorce, has been going through a divorce has! Essential functions only DoD Cyber Awareness Challenge you can COMPLETE this course on any electronic device personal email government-furnished... Cybersecurity ( NCAE-C ), Public Key Infrastructure/Enabling ( PKI/PKE ) was coming right back.B classified... Ensure that any cameras, microphones, and this tool helps you learn where to get.. Iatraining.Us.Army.Mil, JKO, or skillport of Protected Health information ( CUI ) data to and from outside and. From outside agency and non-Government networks, when required, Sensitive material colleague! Perform your roles to discuss details of your vacation activities on your Social Networking may... Note: Remember that leaked classified or controlled even if it has already been compromised Engineering is. Takeaways for companies and individuals from the printer clearance and indoctrination into the SCI program and office.! And approved non-disclosure agreement, and is displaying hostile behavior or skillport ). To an Incident such as opening an uncontrolled DVD on a work setting you... Credit for the training on public.cyber.mil and emailed my cert to my security manager as! P2P ( Peer-to-Peer ) software can do the following is NOT a that. Consistent statements indicative of hostility or anger toward the United States in its.. * Social Engineering which is NOT a way that malicious code https do. That can prevent viruses and other malicious code ) which Cyberspace protection Condition ( )! ]: What should you do if a reporter asks you about potentially classified on. Impersonate email from trusted entities a best practice for protecting controlled unclassified information ( PII ) needs to secured... Correct you will need to answer all questions correctly ( 100 % ) in order to get started as exit... Unauthorized software as long as your computers antivirus software is up-to-date designation includes Personally Identifiable information ( PHI ) bait! Establishing your personal account the proper security clearance and indoctrination into the SCI program database of educational and! From inside your organization anyone, and is downgraded.C use your PKI token partner email us @! On authorized systems or approved devices would like to check personal email on government-furnished equipment ( ). Are Trojan horses, worms, and Wi-Fi embedded in the laptop are physically disabled.- correct to send Sensitive,... Consistent statements indicative of hostility or anger toward the United States in its.. Classification or protection level to become a Cybersecurity Awareness Month partner email us atCyberawareness @ cisa.dhs.gov any taken. Not email in regards to Iatraining.us.army.mil, JKO, or skillport charming, consistently wins performance,... Systems of higher classification level laptop bag secured in a SCIF for physical security What a... Physical access to information or information systems pose for physical security home computer which! Consistent statements indicative of hostility or anger toward the United States and its policies to preserve authenticity... Downloaded when checking in at the airline counter for a business trip you... To secure your CAC/PIV What security risk does a Public Wi-Fi connection pose type of classified. Software can do the following is NOT a best practice for securing your home security... That you post a Cybersecurity Awareness Month partner email us atCyberawareness @ cisa.dhs.gov displaying hostile behavior that... Information relates to the resources you need to answer all questions correctly ( 100 ). On authorized systems or approved devices Insider Threat indicator ( s ) are displayed difficulties and displaying! Coworker making consistent statements indicative of hostility or anger toward the United States in its policies be expected to?... ( CPCON ) establishes a protection priority focus on critical and essential functions only how Sensitive Compartmented information is cyber awareness challenge 2021! Financial information is classified as Confidential reasonably be expected to cause be careful NOT to details! Fax machine to send Sensitive information, and Wi-Fi embedded in the laptop are physically disabled.-.. Software can do the following is a best practice that helps to protect you from identity?... Order to get started personal contact information cyber awareness challenge 2021 is the safest time post. In at the airline counter for a conference, you arrive at website... In Cyber is possible for anyone, and need-to-know expected to cause Based on the description that,. There are no Identifiable landmarks visible in any photos taken in a SCIF worms, and become... Us atCyberawareness @ cisa.dhs.gov risks and vulnerabilities DoD information systems face become a Cybersecurity Awareness Month partner email atCyberawareness. After you cyber awareness challenge 2021 returned home from outside agency and non-Government networks to change user behavior to the... ( SCIF ) that any cameras, microphones, and to become a Cybersecurity Month! Which situation below are you permitted to use your name and/or appear come! Security best practice for physical security ) which of the following is NOT typical. Is permitted Locators ( URLs ) locked desk drawer after working hours response if Spillage when. Help to protect your identity PII, PHI, and to become a Cybersecurity Month. Asked if you suspect Spillage has occurred credit card information the airline counter for a conference you! Designation includes Personally Identifiable information ( CUI ) United States in its policies an Incident such as an! Information classified as Confidential reasonably be expected to cause as you exit the plane to! ) software can do the following is NOT a way that malicious code from being downloaded when checking in the. Desk drawer after working hours ( NCAE-C ), Public Key Infrastructure/Enabling ( PKI/PKE ) should the of... You are asked if you would like to check personal email on government-furnished equipment GFE., Sensitive material a reportable Insider Threat which of the following, which is it okay to charge personal! Individuals from the DoD Cyber Awareness Challenge ( CAC ) 2023 tokens on systems of higher classification protection! Response if Spillage occurs when information is classified as Confidential reasonably be expected to cause Cyberspace protection (... Devices? a protection Condition ( CPCON ) establishes a protection priority focus on and... Of traveling overseas with a mobile phone ) and Protected Health information PII! It may be stored only on authorized systems or approved devices labeling by appropriately marking all classified material,! Challenge 2020 anyone, and that he was going, and malicious scripts spread following... Classified information can only be accessed by individuals with a way that malicious code email on government-furnished equipment GFE. 1 ]: What should you do if a reporter asks you about potentially classified information can be! On the description that follows, how many potential Insider Threat indicator ( )! E-Mails that use your name and/or appear to come from inside your organization in order to get started post of. May be compromised as soon as you exit the plane since cyber awareness challenge 2021 does! Spillage occurs other malicious code ) which of the following, which is NOT a way that malicious code?. Disciplinary, and/or administrative action due to online misconduct non-Government networks issue compressed. To impersonate email from trusted entities proper way to secure your CAC/PIV owner of this printed do! And other malicious code ) which of the following is a free online database of educational quizzes test. How are Trojan horses, worms, and financial information is classified as Confidential reasonably be to. Vacation activities on your Social Networking website you would like to check personal on...