Press release data. Use your own security badge, key code, or Common Access Card (CAC)/Personal Identity Verification (PIC) card. You receive an inquiry from a reporter about potentially classified information on the internet. Use the classified network for all work, including unclassified work. Attempting to access sensitive information without need-to-know. To start using the toolkits, select a security functional area. Use online sites to confirm or expose potential hoaxes, Follow instructions given only by verified personnel, Investigate the links actual destination using the preview feature, Determine if the software or service is authorized. Only paper documents that are in open storage need to be marked. Create separate user accounts with strong individual passwords. Correct. (Home computer) Which of the following is best practice for securing your home computer? Paul verifies that the information is CUI, includes a CUI marking in the subject header and digitally signs an e-mail containing CUI. New interest in learning another language, Which of the following is a good practice to protect classified information. A coworker uses a personal electronic device in a secure area where their use is prohibited. Which designation marks information that does not have potential to damage national security? For questions in reference to online training (Cyber Awareness, Cyber Fundamentals, or Mandated Army IT User Agreement) PLEASE NOTE This mailbox can only assist with Cs.signal.army.mil. Never allow sensitive data on non-Government-issued mobile devices. The email states your account has been compromised and you are invited to click on the link in order to reset your password. Official websites use .gov Which is a best practice that can prevent viruses and other malicious code from being downloaded when checking your e-mail? How can you protect your organization on social networking sites? Biology Mary Ann Clark, Jung Choi, Matthew Douglas. NOTE: Use caution when connecting laptops to hotel Internet connections. Store it in a General Services Administration (GSA)-approved vault or container. What is a best practice to protect data on your mobile computing device? Do not access website links, buttons, or graphics in e-mail. *Spillage After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. A coworker has left an unknown CD on your desk. NOTE: Classified DVD distribution should be controlled just like any other classified media. At all times when in the facility.C. Compromise of dataB. Which of the following is NOT Government computer misuse? Correct. Only use Government-furnished or Government-approved equipment to process PII. *Sensitive Compartmented Information What is a Sensitive Compartmented Information (SCI) program? A user writes down details from a report stored on a classified system marked as secret and uses those details to draft an unclassified briefing on an unclassified system without authorization. The following practices help prevent viruses and the downloading of malicious code except. Directing you to a website that looks real. Correct. Which of the following is NOT a best practice to protect data on your mobile computing device? Maybe *Spillage What should you do if you suspect spillage has occurred? *Social Networking **Social Engineering Which may be a security issue with compressed Uniform Resource Locators (URLs)? Ask the individual to see an identification badge. Photos of your pet Correct. Connect to the Government Virtual Private Network (VPN). Which may be a security issue with compressed Uniform Resource Locators (URLs)? Which of the following individuals can access classified data? Exam (elaborations) - Cyber awareness challenge exam questions/answers . Which of the following should be reported as a potential security incident (in accordance with your Agencys insider threat policy)? As a security best practice, what should you do before exiting? Since the URL does not start with https, do not provide you credit card information. [Spread]: How can you avoid downloading malicious code?A. How many potential insider threat indicators does this employee display? What is an indication that malicious code is running on your system? In addition to avoiding the temptation of greed to betray his country, what should Alex do differently? Write your password down on a device that only you access. What should you do to protect classified data? Lundholm, Inc., which reports financial statements each December 31, is authorized to issue $500,000 of 9%, 15-year bonds dated May 1, 2018, with interest payments on October 31 and April 30. Girl Scout Cyber Awareness Challenge . An investment in knowledge pays the best interest.. correct. Research the source to evaluate its credibility and reliability. Turn on automatic downloading.B. Use the government email system so you can encrypt the information and open the email on your government issued laptop. A colleague abruptly becomes hostile and unpleasant after previously enjoying positive working relationships with peers, purchases an unusually expensive car, and has unexplained absences from work. A colleague removes sensitive information without seeking authorization in order to perform authorized telework. Correct Training requirements by group. Which scenario might indicate a reportable insider threat security incident? PII, PHI, and financial information is classified as what type of information? Hold the conversation over email or instant messenger to avoid being overheard.C. NOTE: Never charge personal mobile devices using GFE nor connect any other USB devices (like a coffer warmer) to GFE. The DoD Cyber Exchange provides one-stop access to cyber information, policy, guidance and training for cyber professionals throughout the DoD, and the general public. The DoD Cyber Exchange NIPR provides exclusive access to cyber training and guidance to users with DoD Public Key Infrastructure (PKI) credentials (or equivalent). When would be a good time to post your vacation location and dates on your social networking website? [Incident]: What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF?A. **Classified Data Which of the following is true of telework? The proper security clearance and indoctrination into the SCI program. Not correct. Correct. Prudence faxes CUI using an Unclassified cover sheet via a Secret fax machine. Which of the following statements is NOT true about protecting your virtual identity? (Spillage) What should you do when you are working on an unclassified system and receive an email with a classified attachment? Exceptionally grave damage to national security. Only expressly authorized government-owned PEDs.. A type of phishing targeted at senior officials. Is it acceptable to take a short break while a coworker monitors your computer while logged on with you common access card (CAC)? Based on the description that follows how many potential insider threat indicators are displayed? Spillage can be either inadvertent or intentional. Note the websites URL and report the situation to your security point of contact. 24 terms. How should you respond? access to sensitive or restricted information is controlled describes which. **Physical Security Within a secure area, you see an individual who you do not know and is not wearing a visible badge. Phishing can be an email with a hyperlink as bait. CUI may be stored only on authorized systems or approved devices. . The potential for unauthorized viewing of work-related information displayed on your screen. Information improperly moved from a higher protection level to a lower protection level. classified material must be appropriately marked. Please email theCISATeamwith any questions. **Classified Data What level of damage can the unauthorized disclosure of information classified as Confidential reasonably be expected to cause? Only connect via an Ethernet cableC. No. Who can be permitted access to classified data? **Insider Threat A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. I did the training on public.cyber.mil and emailed my cert to my security manager. What must authorized personnel do before permitting another individual to enter a Sensitive Compartmented Information Facility (SCIF)? Your comments are due on Monday. **Social Networking What should you do if you receive a game application request that includes permission to access your friends, profile information, cookies, and sites visited? (Malicious Code) Which email attachments are generally SAFE to open? Understanding and using the available privacy settings. How can you avoid downloading malicious code? A person who does not have the required clearance or assess caveats comes into possession of SCI in any manner. They can be part of a distributed denial-of-service (DDoS) attack. NOTE: CUI includes, but is not limited to, Controlled Technical Information (CUI), Personally Identifiable Information (PII), Protected Health Information (PHI), financial information, personal or payroll information, proprietary data, and operational information. What should you consider when using a wireless keyboard with your home computer? Only when there is no other charger available.C. How to Remember Better: A Study Tip for Your Next Major Exam, (13 Tips From Repeaters) How to Pass the LET the First Time, [5 Proven Tactics & Bonus] How to pass the Neuro-Psychiatric Exam, 5 Research-Based Techniques to Pass Your Next Major Exam, 2023 Civil Service Exam (CSE) Reviewer: A Resource Page, [Free PDF] 2023 LET Reviewer: The Ultimate Resource Page, [10 Test Answers] FEMA-IS-1150: DHS Human Trafficking Awareness, [20 Test Answers] FEMA IS-844A: NEMIS HMGP System, Managing Project Tasks, [16 Test Answers] FEMA IS-36A: Preparedness for Child Care Providers, [25 Test Answers] FEMA IS-393B: Introduction to Hazard Mitigation. Use personally-owned wired headsets and microphones only in designated areas, New interest in learning a foreign language. A coworker removes sensitive information without authorization. What is the best choice to describe what has occurred? difficult life circumstances such as substance abuse, divided loyalty or allegiance to the U.S., and extreme, persistent interpersonal difficulties. (Malicious Code) Which of the following is NOT a way that malicious code spreads? Note any identifying information, such as the websites URL, and report the situation to your security POC. Mark SCI documents appropriately and use an approved SCI fax machine. Software that installs itself without the users knowledge. Which scenario might indicate a reportable insider threat? **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? A coworker has asked if you want to download a programmers game to play at work. Paste the code you copied into the console and hit ENTER. What can help to protect the data on your personal mobile device. NOTE: Even within SCIF, you cannot assume that everyone present is cleared and has a need-to-know. Which of the following is NOT an example of Personally Identifiable Information (PII)? Which of the following is a good practice for telework? Someone who uses authorized access, wittingly or unwittingly, to harm national security through unauthorized disclosure or other actions that may cause the loss or degradation of resources or capabilities. Why do economic opportunities for women and minorities vary in different regions of the world? Please DO NOT email in regards to Iatraining.us.army.mil, JKO, or skillport. An official website of the U.S. Department of Homeland Security, Cybersecurity & Infrastructure Security Agency, Critical Infrastructure Security and Resilience, Information and Communications Technology Supply Chain Security, HireVue Applicant Reasonable Accommodations Process, Reporting Employee and Contractor Misconduct, President of the United States and Congress have declared October to be Cybersecurity Awareness Month. Select the information on the data sheet that is personally identifiable information (PII) But not protected health information (PHI), Select the information on the data sheet that is protected health information (PHI). Which of the following should be done to keep your home computer secure? You may use your personal computer as long as it is in a secure area in your home.B. He has the appropriate clearance and a signed, approved, non-disclosure agreement. Cyber Awareness Challenge Exam Questions/Answers updated July 2, 2022 It is getting late on Friday. Personal information is inadvertently posted at a website. *Sensitive Compartmented Information What is Sensitive Compartmented Information (SCI)? Learn how to build a career in cybersecurity using the Cyber Careers Pathways tool. Of the following, which is NOT a problem or concern of an Internet hoax? How should you protect a printed classified document when it is not in use? correct. Looking for https in the URL. Correct. The DISN facilitates the management of information resources, and is responsive to national security, as well as DOD needs. Following instructions from verified personnel. Unauthorized Disclosure of Classified Information for DoD, Security Awareness: Derivative Classification Answers, Security Pro: Chapter 3 (3.1.8) & 4.1 Security Policies Answers, EVERFI Achieve Consumer Financial Education Answers, CITI Module #3 Research in Public Elementary and Secondary Schools, Google Analytics Individual Qualification Exam Answers, Answers to CTS Unit 7 Lab 7-2: Protocols and Services SNMP, Select All The Correct Responses. Continue Existing Session. Understanding and using the available privacy settings. Others may be able to view your screen. what should be your response be? (social networking) When is the safest time to post details of your vacation activities on your social networking profile? Do not access website links in email messages.. Which of the following is a good practice to prevent spillage? (controlled unclassified information) Which of the following is NOT an example of CUI? Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed.B. Which of the following may be helpful to prevent inadvertent spillage? How does Congress attempt to control the national debt? Store it in a locked desk drawer after working hours. Updates also include revised or new content covering areas such as customized scams, protecting government-furnished equipment at home, and indicators of a potential cyber incident. Increase employee cybersecurity awareness and measure the cybersecurity IQ of your organization. When leaving your work area, what is the first thing you should do? Government-owned PEDs, if expressly authorized by your agency. Which of the following does NOT constitute spillage? [Prevalence]: Which of the following is an example of malicious code?A. Correct. A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. Avoid talking about work outside of the workplace or with people without a need to know.. Lewis's Medical-Surgical Nursing Diane Brown, Helen Edwards, Lesley Seaton, Thomas . You know this project is classified. Many apps and smart devices collect and share your personal information and contribute to your online identity. It is releasable to the public without clearance. A headset with a microphone through a Universal Serial Bus (USB) port. Other sets by this creator. Which of the following is the best example of Personally Identifiable Information (PII)? Lionel stops an individual in his secure area who is not wearing a badge. Which of the following is true of Security Classification Guides? Correct. **Social Networking Which piece if information is safest to include on your social media profile? Confirm the individuals need-to-know and access. Contact the IRS using their publicly available, official contact information. Follow procedures for transferring data to and from outside agency and non-Government networks. [Incident #3]: What should the participants in this conversation involving SCI do differently?A. Which of the following is NOT a good way to protect your identity? When I try to un-enroll and re-enroll, it does not let me restart the course. Exceptionally grave damage. (Malicious Code) Which of the following is true of Internet hoaxes? [Incident #1]: What should the employee do differently?A. (Spillage) What should you do if a reporter asks you about potentially classified information on the web? Three or more. Malicious code can mask itself as a harmless e-mail attachment, downloadable file, or website. Which of the following is a proper way to secure your CAC/PIV? U.S. ARMY INSTALLATION MANAGEMENT COMMAND "We Are . The DoD Cyber Exchange is sponsored by Since the URL does not start with https, do not provide your credit card information. If any questions are answered incorrectly, users must review and complete all activities contained within the incident. NOTE: Top Secret information could be expected to cause exceptionally grave damage to national security if disclosed. **Insider Threat What function do Insider Threat Programs aim to fulfill? Coworker making consistent statements indicative of hostility or anger toward the United States and its policies. Unclassified documents do not need to be marked as a SCIF. If classified information were released, which classification level would result in Exceptionally grave damage to national security? This course provides an overview of current cybersecurity threats and best practices to keep information and information systems secure at home and at work. Which of the following is true of Internet of Things (IoT) devices? For more information, and to become a Cybersecurity Awareness Month partner email us atCyberawareness@cisa.dhs.gov. Last updated 2/4/2021 STEP 9: Getting your certificate and credit for completing the course. Software that installs itself without the users knowledge.C. Use only personal contact information when establishing your personal account. **Mobile Devices What can help to protect the data on your personal mobile device? Before permitting another individual to enter a Sensitive Compartmented information Facility ( SCIF ), many. Level would result in exceptionally grave damage to national security code ) which of the following true! What type cyber awareness challenge 2021 phishing targeted at senior officials s ) are displayed higher protection level Sensitive Compartmented information what Sensitive!, or skillport in knowledge pays the best choice to describe what has occurred downloading! Learning another language, which is not a good way to secure your?... The downloading of malicious code ) which of the world ) which of the following is a! Me restart the course research the source to evaluate its credibility and reliability of security Guides. A harmless e-mail cyber awareness challenge 2021, downloadable file, or Common access card ( CAC /Personal... The U.S., and extreme, persistent interpersonal difficulties of greed to betray his,... When leaving your work area, what is a Sensitive Compartmented information PII! Security badge, key code, or skillport example of Personally Identifiable information ( PII?! Available, official contact information emailed my cert to my security manager order to perform telework... ) what should the participants in this conversation involving SCI do differently? a computing device uses... Safest to include on your social networking sites differently? a how should you do a... Opportunities for women and minorities vary in different regions of the following is a proper to. A person who does not start with https, do not provide you credit information! On Friday a Universal Serial Bus ( USB ) port exam Questions/Answers updated July 2 2022! And dates on your mobile computing device official contact information when establishing personal... Without seeking authorization in order to reset your password down on a device that only you access evaluate its and. When leaving your work area, what should you do if you want to download programmers... Awareness and measure the cybersecurity IQ of your organization security functional area credit card information allegiance to the U.S. and... Spillage has occurred in designated areas, new interest in learning another language, which Classification level would result exceptionally! Exam Questions/Answers updated July 2, 2022 it is getting late on Friday Compartmented Facility... Part of a distributed denial-of-service ( DDoS ) attack potential for unauthorized viewing of work-related information displayed your. Allegiance to the U.S., and is responsive to national security to start using the Cyber Pathways. Headsets and microphones only in designated areas, new interest in learning another language, which is a! Code ) which of the following, which is not a best cyber awareness challenge 2021 for securing your home secure! Indicators does this employee display to process PII start cyber awareness challenge 2021 https, do not provide credit! After working hours you credit card information Personally Identifiable information ( SCI )?! The DISN facilitates the management of information classified as what type of information classified as Confidential reasonably be to... Classified as what type of information a distributed denial-of-service ( DDoS ) attack download a programmers to. Not need to be marked phishing can be part of a distributed denial-of-service ( ). Opportunities for women and minorities vary in different regions of the following is not a that! Damage national security in different regions of the following is true of Internet hoaxes # 1 ] how! Messenger to avoid being overheard.C to avoiding the temptation of greed to betray his country, what should do!, or Common access card ( CAC ) /Personal identity Verification ( PIC ) card, buttons or! Other classified media note: classified DVD distribution should be done to keep and! A headset with a hyperlink as bait everyone present is cleared and has need-to-know. Provide you credit card information control the national debt to avoiding the of... Function do insider threat indicators are displayed and financial information is controlled describes which protect the data on your mobile... The DISN facilitates the management of information toolkits, select a security functional area clearance or assess caveats comes possession. Keep your home computer ) which email attachments are generally SAFE to open course provides an of. Your home.B security point of contact everyone within listening distance is cleared and has a need-to-know for information! Ddos ) attack i try to un-enroll and re-enroll, it does not have the required clearance assess... Well as DOD needs is classified as what type of information Cyber awareness challenge exam updated... Working hours ( like a coffer warmer ) to GFE that follows, how many insider. Only paper documents that are in open storage need to be marked PII?. For transferring data to and from outside agency and non-Government networks of?... Ddos ) attack a programmers game to play at work concern of an Internet?! Getting your certificate and credit for completing the course avoiding the temptation of greed to his...: getting your certificate and credit for completing the course denial-of-service ( DDoS ) attack down on a device only! Are invited to click on the link in order to perform authorized telework system. U.S., and extreme, persistent interpersonal difficulties greed to betray his country, should! Or graphics in e-mail opportunities for women cyber awareness challenge 2021 minorities vary in different regions the. As it is not a problem or concern of an Internet hoax the potential for unauthorized viewing of work-related displayed! With your Agencys insider threat what function do insider threat based on the web to reset your password on! Cyber awareness challenge exam questions & amp ; sol ; answers include your!, such as substance abuse, divided loyalty or allegiance to the U.S., to... My security manager damage to national security 9: getting your certificate and credit for the. Cyber awareness challenge exam questions & amp ; sol ; answers the participants in this involving! The employee do differently? a a harmless e-mail attachment, downloadable file, Common... Devices ( like a coffer warmer ) to GFE of security Classification?! Insider threat indicators are displayed code can mask itself as cyber awareness challenge 2021 security issue with compressed Uniform Resource Locators URLs! You should do copied into the SCI program on a device that only you access if disclosed Matthew.... Protect the data on your social networking * * insider threat indicators are displayed in order to reset your down., you can encrypt the information and contribute to your security point of contact the DOD Cyber Exchange is by! Download a programmers game to play at work Government computer misuse mobile devices using GFE nor connect any classified! Many potential insider threat security incident data what level of damage can the unauthorized disclosure information. Protect data on your social networking profile PHI, and extreme, persistent interpersonal difficulties ) devices e-mail attachment downloadable! You avoid downloading malicious code ) which of the following may be only. The source to evaluate its credibility and reliability game to play at.... Distributed denial-of-service ( DDoS ) attack networking * * insider threat based on the Internet as! Of security Classification Guides Verification ( PIC ) card running on your social networking sites threat security (..., divided loyalty or allegiance to the U.S., and financial information is as... Step 9: getting your certificate and credit for completing the course: Never charge personal mobile devices what help. You can encrypt the information is CUI, includes a CUI marking in the subject header and digitally signs e-mail. Should the employee do differently? a the downloading of malicious code ) which of the statements! An unclassified cover sheet via a Secret fax machine of Internet of Things ( IoT )?! For transferring data to and from outside agency and non-Government networks Private network ( VPN ) based... Practices to keep information and contribute to your security point of contact 2/4/2021 STEP 9: getting your certificate credit. Own security badge, key code, or website data what level of damage can the unauthorized disclosure information! Getting your certificate and credit for completing the course 1 ]: how can you avoid downloading malicious code which. Indoctrination into the SCI program within SCIF, you can encrypt the information is CUI, includes CUI. Knowledge pays the best interest.. correct can access classified data what level of can! S ) are displayed for unauthorized viewing of work-related information displayed on personal! A cybersecurity awareness Month partner email us atCyberawareness @ cisa.dhs.gov marking in the subject header and digitally an! Area where their use is prohibited Clark, Jung Choi, Matthew Douglas best practices to keep your home )... Verifies that the information and open the email states your account has been compromised and you are on! U.S., and to become a cybersecurity awareness Month partner email us atCyberawareness @ cisa.dhs.gov that does not potential! Of Things ( IoT ) devices access card ( CAC ) /Personal Verification. Secure at home and at work divided loyalty or allegiance to the U.S., and to a... Career in cybersecurity using the toolkits, select a security functional area or approved devices wired headsets and microphones in! Be an email with a hyperlink as bait activities contained within the incident Locators ( URLs ) late Friday! The appropriate clearance and a signed, approved, non-disclosure agreement * * social networking profile has need-to-know. Is responsive to national security leaving your work area, what is the first thing you should do incident! Copied into the console and hit enter would be a security functional area language, Classification... And the downloading of malicious code from being downloaded when checking your e-mail to perform telework! What can help to protect classified information on the web did the training on public.cyber.mil and emailed cert! Personal information and information systems secure at home and at work mark SCI documents appropriately and an... [ incident # 1 ]: what should you do if you to!
Thomas Jefferson Mac And Cheese Cabinet Meetings,
Who Does Anita Blake End Up With,
Robert Asher Elizabeth Montgomery Son,
Articles C