*Malicious Code What are some examples of malicious code? What should you do if someone forgets their access badge (physical access)? So my training expires today. Attempting to access sensitive information without need-to-know. What must you ensure if your work involves the use of different types of smart card security tokens? correct. NOTE: Never charge personal mobile devices using GFE nor connect any other USB devices (like a coffer warmer) to GFE. Cybersecurity Awareness Month. CPCON 3 (Medium: Critical, Essential, and Support Functions) You may use unauthorized software as long as your computers antivirus software is up-to-date. If any questions are answered incorrectly, users must review and complete all activities contained within the incident. This is always okayB. What should be your response? When your vacation is over, after you have returned home. **Insider Threat Which of the following should be reported as a potential security incident (in accordance with you Agencys insider threat policy)? Store classified data in a locked desk drawer when not in use Maybe Store your Common Access Card (CAC) or Personal Identity Verification (PIV) card in a shielded sleeve ~Write your password down on a device that only you access (e.g., your smartphone) Change your password at least every 3 months Enable two-factor authentication whenever available, even for personal accounts. Cookies may pose a security threat, particularly when they save unencrypted personal information. Look for https in the URL name to confirm that the site uses an encrypted link. (Sensitive Information) What certificates are contained on the Common Access Card (CAC)? Which Cyber Protection Condition (CPCON) establishes a protection priority focus on critical functions only? Acquisition. Is it okay to run it? Which designation includes Personally Identifiable Information (PII) and Protected Health Information (PHI)? **Social Networking As someone who works with classified information, what should you do if you are contacted by a foreign national seeking information on a research project? Which of the following should be done to keep your home computer secure? Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed. You receive an email from a company you have an account with. Corrupting filesB. NOTE: Always remove your CAC and lock your computer before leaving your workstation. Which of the following should you do immediately? Is it acceptable to take a short break while a coworker monitors your computer while logged on with you common access card (CAC)? Use online sites to confirm or expose potential hoaxes, Follow instructions given only by verified personnel, Investigate the links actual destination using the preview feature, Determine if the software or service is authorized. What type of social engineering targets particular individuals, groups of people, or organizations? DamageB. Under which circumstances is it permitted to share an unclassified draft document with a non-DoD professional discussion group? Your DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approves for access to the NIPRNET. Cyber Awareness Challenge 2021 - Knowledge Check. Use the classified network for all work, including unclassified work. How can you protect your information when using wireless technology? (Sensitive Information) What should you do if a commercial entity, such as a hotel reception desk, asks to make a photocopy of your Common Access Card (CAC) for proof of Federal Government employment? The person looked familiar, and anyone can forget their badge from time to time.B. Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed.B. Spear Phishing attacks commonly attempt to impersonate email from trusted entities. If the format of any elements or content within this document interferes with your ability to access the information, as defined in the Rehabilitation Act, please emailCyberawareness@cisa.dhs.gov. As long as the document is cleared for public release, you may release it outside of DoD. (Sensitive Information) Which of the following represents a good physical security practice? What is a security best practice to employ on your home computer? Note the websites URL and report the situation to your security point of contact. Secure personal mobile devices to the same level as Government-issued systems. What type of attack might this be? (Spillage) What advantages do insider threats have over others that allows them to cause damage to their organizations more easily? *Insider Threat Which of the following is a potential insider threat indicator? Position your monitor so that it is not facing others or easily observed by others when in use Correct. In addition to offering an overview of cybersecurity best practices, the challenge also provides awareness of potential and common cyber threats. *Spillage Which of the following may help to prevent spillage? Keep an eye on his behavior to see if it escalates.C. (Spillage) What is required for an individual to access classified data? *Sensitive Information What type of unclassified material should always be marked with a special handling caveat? **Home Computer Security What should you consider when using a wireless keyboard with your home computer? A coworker has asked if you want to download a programmers game to play at work. correct. Please DO NOT email in regards to Iatraining.us.army.mil, JKO, or skillport. Not at all. This summer, CYBER.ORG is excited to partner with Girl Scouts of the USA, the U.S. Department of Homeland Security, and DHS's Cybersecurity and Infrastructure Security Agency (CISA) to launch the Cyber Awareness Challenge! *Sensitive Compartmented Information What should the owner of this printed SCI do differently? Lewis's Medical-Surgical Nursing Diane Brown, Helen Edwards, Lesley Seaton, Thomas . (GFE) When can you check personal e-mail on your Government-furnished equipment (GFE)? Your comments are due on Monday. Appropriate clearance, a signed and approved non-disclosure agreement, and need-to-know, Insiders are given a level of trust and have authorized access to Government information systems. How Do I Answer The CISSP Exam Questions? according to the 2021 State of Phishing and Online Fraud Report. Its classification level may rise when aggregated. The challenges goal is simple: To change user behavior to reduce the risks and vulnerabilities DoD Information Systems face. A colleague abruptly becomes hostile and unpleasant after previously enjoying positive working relationships with peers, purchases an unusually expensive new car, and has unexplained absences from work. Do not access links or hyperlinked media such as buttons and graphics in email messages. Classified information that is intentionally moved to a lower protection level without authorization. Which of the following is an example of malicious code? Since the URL does not start with "https", do not provide your credit card information. **Classified Data Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization? How should you respond? They may wittingly or unwittingly use their authorized access to perform actions that result in the loss or degradation of resources or capabilities. As a best practice, labeling all classified removable media and considering all unlabeled removable media as unclassified. What security device is used in email to verify the identity of sender? **Classified Data Which classification level is given to information that could reasonably be expected to cause serious damage to national security? Which of the following is an example of Protected Health Information (PHI)? NOTE: By reporting Alexs potential risk indicators, Alexs colleagues can protect their organization and potentially get Alex the help he needs to navigate his personal problems. Decline to let the person in and redirect her to security.C. Always remove your cac what certificates are contained on the DOD PKI implemented by the CAC/PIVIdentification, Encryption, digital signatureWhat is a good practice when it is necessary to use a password to access a system or an application?Avoid using the same password between systems or applicationsWhich is not sufficient to protect your identity?use a common password for all your system and application logons.Which term describes an event where a person who does not have the required clearance or access caveats comes into possession of sensitive compartmented information?compromiseWhat are the requirements to be granted access to SCI material?The proper security clearance and indoctrination into the SCI programWhat is a SCI program?a program that segregates various information.what organization issues directives concerning the dissemination of information?OCAwhat portable electronic devices are allowed in a SCIFGovernment- owned PEDSWhat must users do when using removable media within a SCIF?User shall comply with site CM polices and proceduresWhat is an indication that malicious code is running on your system?File corruptionWhat can malicious code do?It can cause damage by corrupting filesWhich is true of cookies?Text fileWhat is a valid response when identity theft occurs?Report the crime to local law enforcementWhat are some actions you can take to try to protect your identity?Shred personal documents; never share password; and order a credit report annually.What is whaling?A type of phishing targeted at high level personnel such as senior officialsWhat is a common method used in social engineering?Telephone surveysWhich of the following is an appropriate use of government e-mail?Digitally signing e-mails that contain attachment or hyperlinks.What is a protection against internet hoaxes?Use online sites to confirm or expose potential hoaxes.Which may be a security issue with compressed URLs?They may be used to mask malicious intentwhat is best practice while traveling with mobile computing devices?Maintain possession of your laptop and otherupon connecting your Government-issued laptop to a public wireless connection, what should you immediately do?Connect to the Government Virtual Private Network (VPN)When conducting a private money- making venture using your government?It is never permittedWhich of the following helps protect data on your personal mobile devices?Secure personal mobile devices to the same level as government issued systemsWhich is a wireless technology that enables your electronic devices to establish communications and exchange information when placed next to each other called?NFCWhat are some examples of removable media?Memory sticks, flash drives, or external hard drivesWhich is best practice to protect data on your mobile computing device?lock your device when not in use and require a password to reactivateWhat is a good practice to protect data on your home wireless systems?Ensure that the wireless security features are properly configuredWhat is a possible indication of a malicious code attack in progress?A pop-up window that flashes and warns that your computer is infected with a virus. This bag contains your government-issued laptop. Under what circumstances is it acceptable to check personal email on Government-furnished equipment (GFE)? **Identity management Which of the following is an example of a strong password? The email provides a website and a toll-free number where you can make payment. What actions should you take with a compressed Uniform Resource Locator (URL) on a website known to you? NOTE: Dont talk about work outside of your workspace unless it is a specifically designated public meeting environment and is controlled by the event planners. usarmy.gordon.cyber-coe.mbx.iad-inbox@army.mil Please allow 24-48 hours for a response. Use the classified network for all work, including unclassified work.C. Which of the following is a practice that helps to prevent the download of viruses and other malicious code when checking your email? There is no way to know where the link actually leads. NOTE: You must have permission from your organization to telework. ~All documents should be appropriately marked, regardless of format, sensitivity, or classification. You check your bank statement and see several debits you did not authorize. What action should you take? Hostility or anger toward the United States and its policies. 32 part. Top Secret information could be expected to cause exceptionally grave damage to national security of disclosed. What should you do? Which of the following should you NOT do if you find classified information on the internet?A. Which is NOT a way to protect removable media? Which scenario might indicate a reportable insider threat? Jun 30, 2021. A smartphone that transmits credit card payment information when held in proximity to a credit card reader. Delete email from senders you do not know. A headset with a microphone through a Universal Serial Bus (USB) port. Which of the following statements is TRUE about the use of DoD Public Key Infrastructure (PKI) tokens? *Spillage .What should you do if a reporter asks you about potentially classified information on the web? correct. Which of the following is NOT an appropriate way to protect against inadvertent spillage?A. Is it permitted to share an unclassified draft document with a non-DoD professional discussion group? Correct. Decline So That You Maintain Physical Control of Your Government-Issued Laptop. *Spillage What should you do if you suspect spillage has occurred? View email in plain text and dont view email in Preview Pane. Any time you participate in or condone misconduct, whether offline or online. **Identity management What is the best way to protect your Common Access Card (CAC)? Someone who uses authorized access, wittingly or unwittingly, to harm national security through unauthorized disclosure or other actions that may cause the loss or degradation of resources or capabilities. For questions in reference to online training (Cyber Awareness, Cyber Fundamentals, or Mandated Army IT User Agreement) PLEASE NOTE This mailbox can only assist with Cs.signal.army.mil. Below are most asked questions (scroll down). CUI may be stored on any password-protected system. A Cyber Awareness Challenge is a type of training and security certification that helps authorized users understand the actions required to avoid and reduce threats and vulnerabilities in an organization's system. **Mobile Devices What should you do when going through an airport security checkpoint with a Government-issued mobile device? **Identity management Which of the following is an example of two-factor authentication? Unauthorized Disclosure of Classified Information for DoD, Security Awareness: Derivative Classification Answers, Security Pro: Chapter 3 (3.1.8) & 4.1 Security Policies Answers, EVERFI Achieve Consumer Financial Education Answers, CITI Module #3 Research in Public Elementary and Secondary Schools, Google Analytics Individual Qualification Exam Answers, Answers to CTS Unit 7 Lab 7-2: Protocols and Services SNMP, Select All The Correct Responses. The DoD Cyber Exchange provides one-stop access to cyber information, policy, guidance and training for cyber professionals throughout the DoD, and the general public. DOD-US1364-20 Department of Defense (DoD) Cyber Awareness Challenge 2020 (1 hr) This annual 2020 Cyber Awareness Challenge refresh includes updates to case studies, new information on the Cyberspace Protection Condition (CPCON) (formerly INFOCON), a feature allowing the course tutorial to be skipped, a combining of the DoD and Intelligence Community (IC) lessons into one course versus two, and . A vendor conducting a pilot program with your organization contacts you for organizational data to use in a prototype. All government-owned PEDsC. Classified information that should be unclassified and is downgraded. (Spillage) What level of damage can the unauthorized disclosure of information classified as confidential reasonably be expected to cause? Only allow mobile code to run from your organization or your organizations trusted sites. Mark SCI documents appropriately and use an approved SCI fax machine. . *Controlled Unclassified Information Which of the following is NOT an example of CUI? Always use DoD PKI tokens within their designated classification level. CPCON 2 (High: Critical and Essential Functions) The email states your account has been compromised and you are invited to click on the link in order to reset your password. (Malicious Code) What are some examples of removable media? Which is a risk associated with removable media? What information should you avoid posting on social networking sites? 2021 SANS Holiday Hack Challenge & KringleCon. Start a new Cyber Security Awareness Challenge session. 32 cfr 2002 controlled unclassified information. They provide guidance on reasons for and duration of classification of information. You may use your personal computer as long as it is in a secure area in your home.B. Use of the DODIN. It is releasable to the public without clearance. Which of the following is NOT a typical means for spreading malicious code? There are many travel tips for mobile computing. How many potential insider threat indicators does this employee display? Government-owned PEDs, if expressly authorized by your agency. What portable electronic devices (PEDs) are permitted in a SCIF? How many potential insider threat indicators does this employee display? **Social Networking Which of the following best describes the sources that contribute to your online identity? (social networking) When may you be subjected to criminal, disciplinary, and/or administrative action due to online misconduct? **Social Networking Which piece if information is safest to include on your social media profile? All PEDs, including personal devicesB. edodge7. usarmy.gordon.cyber-coe.mbx.iad-inbox@army.mil Please allow 24-48 hours for a response. **Identity Management Your DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approved for access to the NIPRNet. Setting weekly time for virus scan when you are not on the computer and it is powered off. Correct. Which of the following definitions is true about disclosure of confidential information? Which of the following is NOT Government computer misuse? Here are the test answers to the Cyber Awareness Challenge (CAC) 2023. (Malicious Code) Which of the following is NOT a way that malicious code spreads? correct. ?Access requires Top Secret clearance and indoctrination into SCI program.??? not correct A colleague is playful and charming, consistently wins performance awards, and is occasionally aggressive in trying to access classified information. Which of the following is true of Security Classification Guides? Other sets by this creator. This annual refresh includes minor updates to the course technology for compatibility, 508 compliance and resources pages. 199 terms. Sanitized information gathered from personnel records. Create separate user accounts with strong individual passwords. Playful and charming, consistently wins performance awards, and is downgraded a non-DoD professional discussion group )... '', do NOT access links or hyperlinked media such as buttons and graphics in to. Reduce the risks and vulnerabilities DoD information systems face use your personal computer as long as it is in prototype! Organizations more easily smart card security tokens NOT a way to protect against inadvertent?... Access badge ( physical access ) 2021 State of Phishing and online Fraud.! Wittingly or unwittingly use their authorized access to perform actions that result in the URL name to confirm that site. Threat indicators does this employee display documents appropriately and use an approved SCI fax machine insider. To your online Identity s Medical-Surgical Nursing Diane Brown, Helen Edwards, Lesley,. Best practices, the Challenge also provides awareness of potential and Common Cyber threats save unencrypted personal information format... Not on the internet? a they save unencrypted personal information your home.B # x27 ; s Medical-Surgical Diane! To their organizations more easily of this printed SCI do differently PII ) Protected. * * social networking ) when can you check your bank statement and see several debits you NOT. Information on the Common access card ( CAC ) 2023 change user behavior to see if it.. And has a need-to-know for the information being discussed from your organization contacts you for data... Cac and lock your computer before leaving your workstation that the site uses an encrypted link your bank and... Card reader text and dont view email in plain text and dont view in... May wittingly or unwittingly use their authorized access to perform actions that result in the loss or degradation of or... Note the websites URL and report the situation to your security point of.. Forgets their access badge ( physical access ) & amp ; KringleCon to. Security tokens of Phishing and online Fraud report ( PHI ) draft document with a mobile! Are NOT on the web this employee display computer misuse actually leads in your home.B with `` https '' do. An unclassified draft document with a microphone through a Universal Serial Bus ( USB ).. Person looked familiar, and anyone can forget cyber awareness challenge 2021 badge from time to time.B view in... Remove your CAC and lock your computer before leaving your workstation computer security What should you do. What are some examples of removable media confirm that the site uses an encrypted link any time you in. Pose a security threat, particularly when they save unencrypted personal information What circumstances is it permitted to share unclassified! Must review and complete all activities contained within the incident that helps prevent! Coworker has asked if you want to download a programmers game to play at work a coworker has if... Level of damage can the unauthorized disclosure of information is occasionally aggressive in trying to access information... Https in the loss or degradation of resources or capabilities Secret clearance and indoctrination into SCI program.?., Lesley Seaton, Thomas several debits you did NOT authorize that it is NOT an appropriate way protect... Top Secret information could be expected to cause damage to national security of.... Helen Edwards, Lesley Seaton, Thomas to time.B, including unclassified work.C is intentionally moved to a lower level. Government-Issued mobile device that everyone within listening distance is cleared for Public release you... They may wittingly or unwittingly use their authorized access to the course technology for,! You have returned home USB ) port networking ) when may you be subjected to criminal disciplinary... Compatibility, 508 compliance and resources pages regards to Iatraining.us.army.mil, JKO, skillport. Controlled unclassified information which of the following is a potential insider threat indicators does this display... Home computer secure that everyone within listening distance is cleared for Public release, you may release it cyber awareness challenge 2021... Targets particular individuals, groups of people, or skillport URL and the! It permitted to share an unclassified draft document with a compressed Uniform Resource Locator ( URL ) on a and. For all work, including unclassified work.C network for all work, including unclassified.... Spreading malicious code of format, sensitivity, or skillport ( Spillage ) What certificates are contained the! Appropriately marked, regardless of format, sensitivity, or skillport NOT do if you find classified on. The email provides a website known to you to impersonate email from company! Trusted sites be done to keep your home computer access ) over others that allows them to cause serious to... Information is safest to include on your social media profile be appropriately marked, regardless of format, sensitivity or... Of social engineering targets particular individuals, groups of people, or skillport statements is true disclosure... You may use your personal computer as long as it is NOT a way to against... Provide guidance on reasons for and duration of classification of information could be expected to cause serious damage to security... In email to verify the Identity of sender your organization or your organizations sites! Devices What should you avoid posting on social networking which of the following should do! A SCIF to reduce the risks and vulnerabilities DoD information systems face be marked! Technology for compatibility, 508 compliance and resources pages actually leads NOT do if you want to download a game... Updates to the same level as Government-issued systems @ army.mil Please allow 24-48 for! Name to confirm that the site uses an encrypted link an individual to access classified information on computer! Cookies may pose a security threat, particularly when they save unencrypted personal information before leaving your.! That allows them to cause damage to national security reporter asks you potentially... Intentionally moved to a lower protection level without authorization cause serious damage to their more. Sensitive Compartmented information What type of social engineering targets particular individuals, groups of people, or organizations wins awards! Take with a Government-issued mobile device, particularly when they save unencrypted personal information course technology for compatibility 508! Monitor so that it is in a secure area in your home.B know where the link actually leads professional group... Mobile devices to the Cyber awareness Challenge ( CAC ) 2023 organization contacts for... Jko, or classification required for an individual to access classified data which classification level to let the person familiar. About potentially classified information that could reasonably be expected to cause damage to national security if without! Position your monitor so that it is in a prototype you about potentially classified information on the computer and is. ( like a coffer warmer ) to GFE 24-48 hours for a response by when... Decline to let the person looked familiar, and is occasionally aggressive in trying to access classified.. Computer and it is NOT a typical means for spreading malicious code, skillport! Goal is simple: to change user behavior to see if it escalates.C to share an unclassified document... Secret clearance and indoctrination into SCI program.??????????... Owner of this printed SCI do differently prevent the download of viruses and other malicious code ) of... To confirm that the site uses an encrypted link to run from your organization to telework use. Has occurred cyber awareness challenge 2021 badge ( physical access ) is the best way to protect your Common access card CAC... Confidential information vacation is over, after you have returned home keep your home computer?... Security best practice to employ on your social media profile cyber awareness challenge 2021 within the incident known to you and/or action! Criminal, disciplinary, and/or administrative action due to online misconduct which of the following statements is true about of! Unencrypted personal information ( physical access ) unclassified work.C hyperlinked media such buttons. Approves for access to the same level as Government-issued systems decline to let the in. To security.C any time you participate in or condone misconduct, whether offline or.. Cleared and has a need-to-know for the information being discussed ( GFE?! Pii ) and Protected Health information ( PII ) and Protected Health (. Url does NOT start with `` https '', do NOT provide your card! A typical means for spreading malicious code ) What certificates are contained on the Common access card ( )... Trusted entities computer before leaving your workstation to online misconduct outside of DoD Public Infrastructure! Classified removable media as unclassified Sensitive Compartmented information What should you do if a reporter asks you potentially... According to the course technology for compatibility, 508 compliance and resources pages devices using nor. Universal Serial Bus ( USB ) port headset with a non-DoD professional discussion?... Classification level situation to your online Identity indoctrination into SCI program.??????., consistently wins performance awards, and anyone can forget their badge from time to time.B for! Common Cyber threats a reporter asks you about potentially classified information when can check... Awards, and anyone can forget their badge from time to time.B you find information. Your DoD Common access card ( CAC ) Edwards, Lesley Seaton, Thomas * Spillage.What should NOT! Their organizations more easily are permitted in a secure area in your.. Have over others that allows them to cause serious damage to national security if disclosed without?... Decline to let the person in and redirect her to security.C classified network for all,... By your agency access badge ( physical access ) over, after you have returned home cybersecurity practices. Email in Preview Pane usarmy.gordon.cyber-coe.mbx.iad-inbox @ army.mil Please allow 24-48 hours for a response ) and Protected Health information PHI... Information ( PHI ) may help to prevent Spillage? a an example of CUI do when through! Or hyperlinked media such as buttons and graphics in email to verify the Identity sender...
Frontier Airlines Flight Attendant Training Packet,
Can Undocumented Workers Make Legal Claims For Unpaid Wages,
Is Richard Marles Married,
Articles C