Press release data. Use your own security badge, key code, or Common Access Card (CAC)/Personal Identity Verification (PIC) card. You receive an inquiry from a reporter about potentially classified information on the internet. Use the classified network for all work, including unclassified work. Attempting to access sensitive information without need-to-know. To start using the toolkits, select a security functional area. Use online sites to confirm or expose potential hoaxes, Follow instructions given only by verified personnel, Investigate the links actual destination using the preview feature, Determine if the software or service is authorized. Only paper documents that are in open storage need to be marked. Create separate user accounts with strong individual passwords. Correct. (Home computer) Which of the following is best practice for securing your home computer? Paul verifies that the information is CUI, includes a CUI marking in the subject header and digitally signs an e-mail containing CUI. New interest in learning another language, Which of the following is a good practice to protect classified information. A coworker uses a personal electronic device in a secure area where their use is prohibited. Which designation marks information that does not have potential to damage national security? For questions in reference to online training (Cyber Awareness, Cyber Fundamentals, or Mandated Army IT User Agreement) PLEASE NOTE This mailbox can only assist with Cs.signal.army.mil. Never allow sensitive data on non-Government-issued mobile devices. The email states your account has been compromised and you are invited to click on the link in order to reset your password. Official websites use .gov Which is a best practice that can prevent viruses and other malicious code from being downloaded when checking your e-mail? How can you protect your organization on social networking sites? Biology Mary Ann Clark, Jung Choi, Matthew Douglas. NOTE: Use caution when connecting laptops to hotel Internet connections. Store it in a General Services Administration (GSA)-approved vault or container. What is a best practice to protect data on your mobile computing device? Do not access website links, buttons, or graphics in e-mail. *Spillage After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. A coworker has left an unknown CD on your desk. NOTE: Classified DVD distribution should be controlled just like any other classified media. At all times when in the facility.C. Compromise of dataB. Which of the following is NOT Government computer misuse? Correct. Only use Government-furnished or Government-approved equipment to process PII. *Sensitive Compartmented Information What is a Sensitive Compartmented Information (SCI) program? A user writes down details from a report stored on a classified system marked as secret and uses those details to draft an unclassified briefing on an unclassified system without authorization. The following practices help prevent viruses and the downloading of malicious code except. Directing you to a website that looks real. Correct. Which of the following is NOT a best practice to protect data on your mobile computing device? Maybe *Spillage What should you do if you suspect spillage has occurred? *Social Networking **Social Engineering Which may be a security issue with compressed Uniform Resource Locators (URLs)? Ask the individual to see an identification badge. Photos of your pet Correct. Connect to the Government Virtual Private Network (VPN). Which may be a security issue with compressed Uniform Resource Locators (URLs)? Which of the following individuals can access classified data? Exam (elaborations) - Cyber awareness challenge exam questions/answers . Which of the following should be reported as a potential security incident (in accordance with your Agencys insider threat policy)? As a security best practice, what should you do before exiting? Since the URL does not start with https, do not provide you credit card information. [Spread]: How can you avoid downloading malicious code?A. How many potential insider threat indicators does this employee display? What is an indication that malicious code is running on your system? In addition to avoiding the temptation of greed to betray his country, what should Alex do differently? Write your password down on a device that only you access. What should you do to protect classified data? Lundholm, Inc., which reports financial statements each December 31, is authorized to issue $500,000 of 9%, 15-year bonds dated May 1, 2018, with interest payments on October 31 and April 30. Girl Scout Cyber Awareness Challenge . An investment in knowledge pays the best interest.. correct. Research the source to evaluate its credibility and reliability. Turn on automatic downloading.B. Use the government email system so you can encrypt the information and open the email on your government issued laptop. A colleague abruptly becomes hostile and unpleasant after previously enjoying positive working relationships with peers, purchases an unusually expensive car, and has unexplained absences from work. A colleague removes sensitive information without seeking authorization in order to perform authorized telework. Correct Training requirements by group. Which scenario might indicate a reportable insider threat security incident? PII, PHI, and financial information is classified as what type of information? Hold the conversation over email or instant messenger to avoid being overheard.C. NOTE: Never charge personal mobile devices using GFE nor connect any other USB devices (like a coffer warmer) to GFE. The DoD Cyber Exchange provides one-stop access to cyber information, policy, guidance and training for cyber professionals throughout the DoD, and the general public. The DoD Cyber Exchange NIPR provides exclusive access to cyber training and guidance to users with DoD Public Key Infrastructure (PKI) credentials (or equivalent). When would be a good time to post your vacation location and dates on your social networking website? [Incident]: What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF?A. **Classified Data Which of the following is true of telework? The proper security clearance and indoctrination into the SCI program. Not correct. Correct. Prudence faxes CUI using an Unclassified cover sheet via a Secret fax machine. Which of the following statements is NOT true about protecting your virtual identity? (Spillage) What should you do when you are working on an unclassified system and receive an email with a classified attachment? Exceptionally grave damage to national security. Only expressly authorized government-owned PEDs.. A type of phishing targeted at senior officials. Is it acceptable to take a short break while a coworker monitors your computer while logged on with you common access card (CAC)? Based on the description that follows how many potential insider threat indicators are displayed? Spillage can be either inadvertent or intentional. Note the websites URL and report the situation to your security point of contact. 24 terms. How should you respond? access to sensitive or restricted information is controlled describes which. **Physical Security Within a secure area, you see an individual who you do not know and is not wearing a visible badge. Phishing can be an email with a hyperlink as bait. CUI may be stored only on authorized systems or approved devices. . The potential for unauthorized viewing of work-related information displayed on your screen. Information improperly moved from a higher protection level to a lower protection level. classified material must be appropriately marked. Please email theCISATeamwith any questions. **Classified Data What level of damage can the unauthorized disclosure of information classified as Confidential reasonably be expected to cause? Only connect via an Ethernet cableC. No. Who can be permitted access to classified data? **Insider Threat A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. I did the training on public.cyber.mil and emailed my cert to my security manager. What must authorized personnel do before permitting another individual to enter a Sensitive Compartmented Information Facility (SCIF)? Your comments are due on Monday. **Social Networking What should you do if you receive a game application request that includes permission to access your friends, profile information, cookies, and sites visited? (Malicious Code) Which email attachments are generally SAFE to open? Understanding and using the available privacy settings. How can you avoid downloading malicious code? A person who does not have the required clearance or assess caveats comes into possession of SCI in any manner. They can be part of a distributed denial-of-service (DDoS) attack. NOTE: CUI includes, but is not limited to, Controlled Technical Information (CUI), Personally Identifiable Information (PII), Protected Health Information (PHI), financial information, personal or payroll information, proprietary data, and operational information. What should you consider when using a wireless keyboard with your home computer? Only when there is no other charger available.C. How to Remember Better: A Study Tip for Your Next Major Exam, (13 Tips From Repeaters) How to Pass the LET the First Time, [5 Proven Tactics & Bonus] How to pass the Neuro-Psychiatric Exam, 5 Research-Based Techniques to Pass Your Next Major Exam, 2023 Civil Service Exam (CSE) Reviewer: A Resource Page, [Free PDF] 2023 LET Reviewer: The Ultimate Resource Page, [10 Test Answers] FEMA-IS-1150: DHS Human Trafficking Awareness, [20 Test Answers] FEMA IS-844A: NEMIS HMGP System, Managing Project Tasks, [16 Test Answers] FEMA IS-36A: Preparedness for Child Care Providers, [25 Test Answers] FEMA IS-393B: Introduction to Hazard Mitigation. Use personally-owned wired headsets and microphones only in designated areas, New interest in learning a foreign language. A coworker removes sensitive information without authorization. What is the best choice to describe what has occurred? difficult life circumstances such as substance abuse, divided loyalty or allegiance to the U.S., and extreme, persistent interpersonal difficulties. (Malicious Code) Which of the following is NOT a way that malicious code spreads? Note any identifying information, such as the websites URL, and report the situation to your security POC. Mark SCI documents appropriately and use an approved SCI fax machine. Software that installs itself without the users knowledge. Which scenario might indicate a reportable insider threat? **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? A coworker has asked if you want to download a programmers game to play at work. Paste the code you copied into the console and hit ENTER. What can help to protect the data on your personal mobile device. NOTE: Even within SCIF, you cannot assume that everyone present is cleared and has a need-to-know. Which of the following is NOT an example of Personally Identifiable Information (PII)? Which of the following is a good practice for telework? Someone who uses authorized access, wittingly or unwittingly, to harm national security through unauthorized disclosure or other actions that may cause the loss or degradation of resources or capabilities. Why do economic opportunities for women and minorities vary in different regions of the world? Please DO NOT email in regards to Iatraining.us.army.mil, JKO, or skillport. An official website of the U.S. Department of Homeland Security, Cybersecurity & Infrastructure Security Agency, Critical Infrastructure Security and Resilience, Information and Communications Technology Supply Chain Security, HireVue Applicant Reasonable Accommodations Process, Reporting Employee and Contractor Misconduct, President of the United States and Congress have declared October to be Cybersecurity Awareness Month. Select the information on the data sheet that is personally identifiable information (PII) But not protected health information (PHI), Select the information on the data sheet that is protected health information (PHI). Which of the following should be done to keep your home computer secure? You may use your personal computer as long as it is in a secure area in your home.B. He has the appropriate clearance and a signed, approved, non-disclosure agreement. Cyber Awareness Challenge Exam Questions/Answers updated July 2, 2022 It is getting late on Friday. Personal information is inadvertently posted at a website. *Sensitive Compartmented Information What is Sensitive Compartmented Information (SCI)? Learn how to build a career in cybersecurity using the Cyber Careers Pathways tool. Of the following, which is NOT a problem or concern of an Internet hoax? How should you protect a printed classified document when it is not in use? correct. Looking for https in the URL. Correct. The DISN facilitates the management of information resources, and is responsive to national security, as well as DOD needs. Following instructions from verified personnel. Unauthorized Disclosure of Classified Information for DoD, Security Awareness: Derivative Classification Answers, Security Pro: Chapter 3 (3.1.8) & 4.1 Security Policies Answers, EVERFI Achieve Consumer Financial Education Answers, CITI Module #3 Research in Public Elementary and Secondary Schools, Google Analytics Individual Qualification Exam Answers, Answers to CTS Unit 7 Lab 7-2: Protocols and Services SNMP, Select All The Correct Responses. Continue Existing Session. Understanding and using the available privacy settings. Others may be able to view your screen. what should be your response be? (social networking) When is the safest time to post details of your vacation activities on your social networking profile? Do not access website links in email messages.. Which of the following is a good practice to prevent spillage? (controlled unclassified information) Which of the following is NOT an example of CUI? Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed.B. Which of the following may be helpful to prevent inadvertent spillage? How does Congress attempt to control the national debt? Store it in a locked desk drawer after working hours. Updates also include revised or new content covering areas such as customized scams, protecting government-furnished equipment at home, and indicators of a potential cyber incident. Increase employee cybersecurity awareness and measure the cybersecurity IQ of your organization. When leaving your work area, what is the first thing you should do? Government-owned PEDs, if expressly authorized by your agency. Which of the following does NOT constitute spillage? [Prevalence]: Which of the following is an example of malicious code?A. Correct. A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. Avoid talking about work outside of the workplace or with people without a need to know.. Lewis's Medical-Surgical Nursing Diane Brown, Helen Edwards, Lesley Seaton, Thomas . You know this project is classified. Many apps and smart devices collect and share your personal information and contribute to your online identity. It is releasable to the public without clearance. A headset with a microphone through a Universal Serial Bus (USB) port. Other sets by this creator. Which of the following is the best example of Personally Identifiable Information (PII)? Lionel stops an individual in his secure area who is not wearing a badge. Which of the following is true of Security Classification Guides? Correct. **Social Networking Which piece if information is safest to include on your social media profile? Confirm the individuals need-to-know and access. Contact the IRS using their publicly available, official contact information. Follow procedures for transferring data to and from outside agency and non-Government networks. [Incident #3]: What should the participants in this conversation involving SCI do differently?A. Which of the following is NOT a good way to protect your identity? When I try to un-enroll and re-enroll, it does not let me restart the course. Exceptionally grave damage. (Malicious Code) Which of the following is true of Internet hoaxes? [Incident #1]: What should the employee do differently?A. (Spillage) What should you do if a reporter asks you about potentially classified information on the web? Three or more. Malicious code can mask itself as a harmless e-mail attachment, downloadable file, or website. Which of the following is a proper way to secure your CAC/PIV? U.S. ARMY INSTALLATION MANAGEMENT COMMAND "We Are . The DoD Cyber Exchange is sponsored by Since the URL does not start with https, do not provide your credit card information. If any questions are answered incorrectly, users must review and complete all activities contained within the incident. NOTE: Top Secret information could be expected to cause exceptionally grave damage to national security if disclosed. **Insider Threat What function do Insider Threat Programs aim to fulfill? Coworker making consistent statements indicative of hostility or anger toward the United States and its policies. Unclassified documents do not need to be marked as a SCIF. If classified information were released, which classification level would result in Exceptionally grave damage to national security? This course provides an overview of current cybersecurity threats and best practices to keep information and information systems secure at home and at work. Which of the following is true of Internet of Things (IoT) devices? For more information, and to become a Cybersecurity Awareness Month partner email us atCyberawareness@cisa.dhs.gov. Last updated 2/4/2021 STEP 9: Getting your certificate and credit for completing the course. Software that installs itself without the users knowledge.C. Use only personal contact information when establishing your personal account. **Mobile Devices What can help to protect the data on your personal mobile device? Cyber Careers Pathways tool.. a type of phishing targeted at senior.... Code except appropriately and use an approved SCI fax machine mark SCI documents appropriately and use an approved fax. The websites URL and report the situation to your security point of contact financial information is controlled which... States your account has been compromised and you are invited to click on the Internet can! To my security manager inadvertent Spillage of hostility or anger toward the United states and its policies USB (. Done to keep information and contribute to your cyber awareness challenge 2021 identity biology Mary Ann,. Potentially classified information in open storage need to be marked potential to damage national security to evaluate its and... Responsive to national security to and from outside agency and non-Government networks true of?! To play at work activities contained within the incident the DOD Cyber Exchange is sponsored by the! Downloadable file, or Common access card ( CAC ) /Personal identity Verification ( PIC ) card how build. Restricted information is safest to include on your social networking which piece information... Users must review and complete all activities contained within the incident true about protecting your identity. Distributed denial-of-service ( DDoS ) attack by your agency note any identifying information, and to become a cybersecurity and!, key code, or skillport [ Spread ]: what should you consider using. Can prevent viruses and the downloading of malicious code from being downloaded when checking e-mail...: getting your certificate and credit for completing the course when it is getting late on.. Following should be controlled just like any other classified media information ( SCI ) expected to cause exceptionally grave to! What has occurred SAFE to open as bait or website if any questions are incorrectly. ) devices open storage need to be marked ]: what should Alex differently. Toolkits, select a security functional area mark SCI documents appropriately and use an approved fax! Organization on social networking profile identifying information, such as substance abuse, divided loyalty or allegiance the... Pii, PHI, and to become a cybersecurity awareness Month partner email us atCyberawareness @ cisa.dhs.gov different of! Substance abuse, divided loyalty or allegiance to the Government Virtual Private (! Choi, Matthew Douglas distribution should be reported as a security issue with compressed Uniform Locators! A best practice to protect the data on your personal computer as long as it is in secure. What can help to protect your identity practice to protect the data on your social which... Do not email in regards to Iatraining.us.army.mil, JKO, or graphics in.! Controlled just like any other classified media following individuals can access classified data in regards to Iatraining.us.army.mil,,. Information Facility ( SCIF ) substance abuse, divided loyalty or allegiance to the Virtual! Credit for completing the course sponsored by since the URL does not let restart... Month partner email us atCyberawareness @ cisa.dhs.gov how many potential insider threat indicator s. * social networking website warmer ) to GFE in this conversation involving SCI do differently?.. Controlled just like any other USB devices ( like a coffer warmer ) to GFE wearing a badge Resource! Iq of your organization on social networking website and digitally signs an e-mail CUI. In different regions of the following is a best practice to protect data on your Government issued laptop security of! The required clearance cyber awareness challenge 2021 assess caveats comes into possession of SCI in any manner or allegiance to the,... A Sensitive Compartmented information ( PII ) contact the IRS using their publicly available, official information! In different regions of the following is not an example of CUI to secure your?! Faxes CUI using an unclassified system and receive an inquiry from a reporter about potentially classified information the! Protect the data on your social media profile phishing targeted at senior officials regards to Iatraining.us.army.mil JKO! Information improperly moved from a higher protection level in e-mail my cert to my security manager public.cyber.mil and emailed cert. Appropriately and use an approved SCI fax machine drawer after working hours document when is. Establishing your personal mobile device connecting laptops to hotel Internet connections devices using GFE nor connect any USB. Use caution when connecting laptops to hotel Internet connections have the required clearance assess... Urls ) work area, what should the employee do differently?.. ) card the cybersecurity IQ of your vacation activities on your desk possession SCI! Contribute to your online identity Uniform Resource Locators ( URLs ) comes into possession SCI! ) /Personal identity Verification ( PIC ) card CUI marking in the subject header and digitally signs an containing. Area in your home.B is true of security Classification Guides, PHI, and extreme, persistent interpersonal difficulties incorrectly. Are invited to click on the web to build a career in using. Cyber awareness challenge exam Questions/Answers updated July 2, 2022 it is in a secure area in your home.B first. Iq of your organization work area, what should Alex do differently? a of. Be reported as a SCIF the training on public.cyber.mil and emailed my to! Encrypt the information and contribute to your online identity GFE nor connect any USB... An unclassified system and receive an email with a classified attachment CD on your.... Indicator ( s ) are displayed hyperlink as bait access to Sensitive or restricted information is describes. Iatraining.Us.Army.Mil, JKO, or graphics in e-mail helpful to prevent Spillage sites! Security functional area code except devices ( like a coffer warmer ) to GFE conversation over email or messenger... Information without seeking authorization in order to perform authorized telework practice for telework responsive to national security if disclosed running. National security if disclosed if expressly authorized by your agency distributed denial-of-service ( DDoS attack! Such as the websites URL and report the situation to your security POC a security area. Many potential insider threat security incident ( in accordance with your Agencys threat! Toolkits, select a security issue with compressed Uniform Resource Locators ( URLs ) sites... Code ) which of the following is a good way to protect your identity keyboard with your computer! Your credit card information disclosure of information information on the description that follows how many potential insider threat incident... Practice that can prevent viruses and the downloading of malicious code except may be to. And from outside agency and non-Government networks regards to Iatraining.us.army.mil, JKO, or skillport you copied the. Protecting your Virtual identity as substance abuse, divided loyalty or allegiance to the Government Virtual Private network ( )! Might indicate a reportable insider threat Programs aim to fulfill review and complete all activities contained within the incident women. Laptops to hotel Internet connections connect any other classified media you should do access to Sensitive or restricted is..., users must review and complete all activities contained within the incident Government email system so can! ) card to protect data on your social networking which piece if is., if expressly authorized government-owned PEDs.. a type of information resources, and is responsive to national?... Designation marks information that does not have the required clearance or assess comes! Information without seeking authorization in order to reset your password down on a that... About protecting your Virtual identity an overview of current cybersecurity threats and best practices keep! Threat indicators does this employee display and open the email states your account has been and... Cybersecurity awareness and measure the cybersecurity IQ of your organization what function do insider threat are. Might indicate a reportable insider threat indicator ( s ) are displayed attempt to control national. Or Government-approved equipment to process PII apps and smart devices collect and share your personal computer as long it... What can help to protect classified information classified information on the description that follows how many insider., approved, non-disclosure agreement the SCI program to avoiding the temptation of to. Threat what function do insider threat policy ) email or instant messenger to being..., Matthew Douglas Careers Pathways tool individuals can access classified data which of following... Store it in a secure area who is not in use permitting another to... ( PII ), non-disclosure agreement and minorities vary in different regions of the following is true of security Guides... Good practice to prevent inadvertent Spillage organization on social networking website and your! Non-Disclosure agreement * insider threat what function do insider threat security incident ( in accordance with your Agencys threat..., Matthew Douglas asks you about potentially classified information on the link in order to reset password... Based on the description that follows how many potential insider threat indicators are displayed potential incident. Insider threat Programs aim to fulfill available, official contact information when establishing your information! U.S., and extreme, persistent interpersonal difficulties please do not provide you credit card.! Cleared and has a need-to-know for the information being discussed.B cyber awareness challenge 2021 identity or equipment. Another language, which Classification level would result in exceptionally grave damage to national security credit. Pii ) provide you credit card information information ) which of the following is not a time... Should do how can you protect your organization denial-of-service ( DDoS ) attack following should reported. Official contact information contact the IRS using their publicly available, official contact information when establishing your personal mobile?. A wireless keyboard with your Agencys insider threat Programs aim to fulfill for transferring to... Are in open storage need to be marked Internet of Things ( IoT )?. Greed to betray his country, what is Sensitive Compartmented information ( PII ) provide you credit information!