What level of damage can the unauthorized disclosure of information classified as confidential reasonably be expected to cause? Your DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approves for access to the NIPRNET. Spear Phishing attacks commonly attempt to impersonate email from trusted entities. When you have completed the test, be sure to press the . Only connect with the Government VPNB. (Spillage) Which of the following is a best practice to protect information about you and your organization on social networking sites and applications? **Classified Data What level of damage can the unauthorized disclosure of information classified as Confidential reasonably be expected to cause? Your password and a code you receive via text message. Which of the following is NOT a correct way to protect sensitive information? Which is NOT a method of protecting classified data? Maybe. Not correct This annual refresh includes minor updates to the course technology for compatibility, 508 compliance and resources pages. Do not access website links in e-mail messages. What should you do? How are Trojan horses, worms, and malicious scripts spread? Upon connecting your Government- issued laptop to a public wireless connection, what should you immediately do? The purpose of the Cyber Awareness Challenge is to influence behavior, focusing on actions that authorized users can engage to mitigate threats and vulnerabilities to DoD Information Systems. **Use of GFE When can you check personal e-mail on your Government-furnished equipment (GFE)? (Malicious Code) Which email attachments are generally SAFE to open? Which of the following is an example of malicious code? You receive an email from the Internal Revenue Service (IRS) demanding immediate payment of back taxes of which you were not aware. Updates also include revised or new content covering areas such as customized scams, protecting government-furnished equipment at home, and indicators of a potential cyber incident. If all questions are answered correctly, users will skip to the end of the incident. It displays a label showing maximum classification, date of creation, point of contact, and Change Management 9CM) Control Number. Refer the reporter to your organizations public affairs office. Do not access links or hyperlinked media such as buttons and graphics in email messages. [Incident]: What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF?A. Correct. Which of the following statements is true? Which of the following personally-owned computer peripherals is permitted for use with Government-furnished equipment? The proper security clearance and indoctrination into the SCI program. Exceptionally grave damage to national security. Store it in a General Services Administration (GSA)-approved vault or container. What actions should you take prior to leaving the work environment and going to lunch? While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. Use only personal contact information when establishing your personal account. NOTE: To avoid downloading malicious code, you should avoid accessing website links, buttons, or graphics in email messages or popups. If you have seen this page more than once after attempting to connect to the DoD Cyber Exchange NIPR version, clear your cache and restart your browser. All to Friends Only. Which may be a security issue with compressed Uniform Resource Locators (URLs)? *Controlled Unclassified Information Which of the following is NOT a correct way to protect CUI? Spillage occurs when information is spilled from a higher classification or protection level to a lower classification or protection level. How can you protect data on your mobile computing and portable electronic devices (PEDs)? What action should you take? P2P (Peer-to-Peer) software can do the following except: Allow attackers physical access to network assets. A colleague is playful and charming, consistently wins performance awards, and is occasionally aggressive in trying to access classified information. Classified information that should be unclassified and is downgraded. Exposure to malwareC. NOTE: CUI includes, but is not limited to, Controlled Technical Information (CUI), Personally Identifiable Information (PII), Protected Health Information (PHI), financial information, personal or payroll information, proprietary data, and operational information. Use the classified network for all work, including unclassified work.C. Its classification level may rise when aggregated. **Classified Data Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization? Sensitive Compartment Information (SCI) policy. A firewall that monitors and controls network traffic. Cyber Awareness Challenge 2023 (Incomplete) 122 terms. What should be done to protect against insider threats? If aggregated, the classification of the information may not be changed. The popup asks if you want to run an application. Use public for free Wi-Fi only with the Government VPN. *Sensitive Compartmented Information What should the participants in this conversation involving SCI do differently? Nothing. correct. The DoD Cyber Exchange is sponsored by Please direct media inquiries toCISAMedia@cisa.dhs.gov. Which of the following best describes good physical security? Which of the following is NOT a home security best practice? *Spillage What should you do if a reporter asks you about potentially classified information on the web? Which designation marks information that does not have potential to damage national security? Which of the following is NOT a typical means for spreading malicious code? Understanding and using the available privacy settings. what should you do? This is never okay.. Always challenge people without proper badges and report suspicious activity. Appropriate clearance, a signed and approved non-disclosure agreement, and need-to-know, Insiders are given a level of trust and have authorized access to Government information systems. Carrying his Social Security Card with him, DoD employees are prohibited from using a DoD CAC in card-reader-enabled public device, Assigned a classification level by a supervisor. Which of the following definitions is true about disclosure of confidential information? You know this project is classified. You should remove and take your CAC/PIV card whenever you leave your workstation. **Physical Security What is a good practice for physical security? . Alan uses password protection as required on his government-issued smartphone but prefers the ease of no password on his personal smartphone. Download the information. TwoD. *Sensitive Information What type of unclassified material should always be marked with a special handling caveat? Follow procedures for transferring data to and from outside agency and non-Government networks. Alex demonstrates a lot of potential insider threat indicators. Which of the following is NOT a criterion used to grant an individual access to classified data? Which of the following is NOT one? Three or more, NOTE: Alex demonstrates a lot of potential insider threat indicators, including difficult life circumstances, unexplained affluence, and unusual interest in classified information. Since 2004, the President of the United States and Congress have declared October to be Cybersecurity Awareness Month, helping individuals protect themselves online as threats to technology and confidential data become more commonplace. *Malicious Code Which of the following is NOT a way that malicious code spreads? **Insider Threat A colleague vacations at the beach every year, is married and a father of four, his work quality is sometimes poor, and he is pleasant to work with. Assess your surroundings to be sure no one overhears anything they shouldnt. Create separate user accounts with strong individual passwords. according to the 2021 State of Phishing and Online Fraud Report. Based on the description that follows, how many potential insider threat indicator(s) are displayed? For instance, Cyber4Dev collaborated with eBotho, a Botswana NGO to launch CyberSmartBW and the CyberSmart challenge to raise awareness of Cyber hygiene and Cybersecurity through TV, webinar, and radio (Cyber4Dev, 2021) during the month of October which is recognized as cybersecurity month in many countries (The Midweek Sun, 2020). It is created or received by a healthcare provider, health plan, or employer. Use antivirus software and keep it up to date, DOD Cyber Awareness 2021 (DOD-IAA-V18.0) Know, Operations Management: Sustainability and Supply Chain Management, John David Jackson, Patricia Meglich, Robert Mathis, Sean Valentine, Elliot Aronson, Robin M. Akert, Samuel R. Sommers, Timothy D. Wilson. (Malicious Code) Upon connecting your Government-issued laptop to a public wireless connection, what should you immediately do? **Removable Media in a SCIF What action should you take when using removable media in a Sensitive Compartmented Information Facility (SCIF)? Store classified data appropriately in a GSA-approved vault/container. What should you do? [Incident #2]: What should the employee do differently?A. Bob, a coworker, has been going through a divorce, has financial difficulties and is displaying hostile behavior. Maybe Not correct. Enter your name when prompted with your Your health insurance explanation of benefits (EOB). Which of the following individuals can access classified data? How many potential insiders threat indicators does this employee display? *Sensitive Information Under which circumstances is it permitted to share an unclassified draft document with a non-DoD professional discussion group? The IC Cyber Awareness Challenge v2 training can be used as a substitute for the Cyber Awareness Challenge v3 training for IC personnel only. At any time during the workday, including when leaving the facility. Top Secret information could be expected to cause exceptionally grave damage to national security of disclosed. Hostility or anger toward the United States and its policies. General Services Administration (GSA) approval. Correct. What should you do? Here are the test answers to the Cyber Awareness Challenge (CAC) 2023. Explore our catalog of cyber security training developed by Cyber Security experts: enroll in classroom courses and take training online. DamageB. [Ellens statement]: How many insider threat indicators does Alex demonstrate?A. This is always okayB. Which of the following is a best practice for securing your home computer? Correct. (Spillage) When is the safest time to post details of your vacation activities on your social networking website? Which of the following is a clue to recognizing a phishing email? Which of the following actions can help to protect your identity? 32 2002. What is the best choice to describe what has occurred? Here you can find answers to the DoD Cyber Awareness Challenge. How many potential insiders threat indicators does this employee display? (Spillage) What should you do when you are working on an unclassified system and receive an email with a classified attachment? Classified Information can only be accessed by individuals with. Which of the following can an unauthorized disclosure of information.? **Identity management Which of the following is an example of two-factor authentication? Use personally-owned wired headsets and microphones only in designated areas, New interest in learning a foreign language. A system reminder to install security updates.B. It may be compromised as soon as you exit the plane. *Spillage Which of the following is a good practice to prevent spillage? Label all files, removable media, and subject headers.B. Which of the following is true of Unclassified Information? NOTE: Always remove your CAC and lock your computer before leaving your workstation. **Use of GFE What is a critical consideration on using cloud-based file sharing and storage applications on your Government-furnished equipment (GFE)? difficult life circumstances such as substance abuse, divided loyalty or allegiance to the U.S., and extreme, persistent interpersonal difficulties. Directives issued by the Director of National Intelligence. [Damage]: How can malicious code cause damage?A. *Spillage You find information that you know to be classified on the Internet. Validate friend requests through another source before confirming them. A vendor conducting a pilot program with your organization contacts you for organizational data to use in a prototype. If an incident occurs, you must notify your security POC immediately. Security Classification Guides (SCGs).??? What must authorized personnel do before permitting another individual to enter a Sensitive Compartmented Information Facility (SCIF)? College Physics Raymond A. Serway, Chris Vuille. What information should you avoid posting on social networking sites? Unusual interest in classified information. What is a possible indication of a malicious code attack in progress? The DoD Cyber Exchange provides one-stop access to cyber information, policy, guidance and training for cyber professionals throughout the DoD, and the general public. Of the following, which is NOT a method to protect sensitive information? The DoD Cyber Exchange Public provides limited access to publicly releasable cyber training and guidance to all Internet users. What is a way to prevent the download of viruses and other malicious code when checking your e-mail? (Spillage) What advantages do insider threats have over others that allows them to cause damage to their organizations more easily? This training is current, designed to be engaging, and relevant to the user. When unclassified data is aggregated, its classification level may rise. CPCON 2 (High: Critical and Essential Functions) Use only your personal contact information when establishing your account. **Social Engineering Which of the following is a way to protect against social engineering? How many potential insider threat indicators does this employee display? Make note of any identifying information and the website URL and report it to your security office. Which of the following is NOT considered sensitive information? Which of the following is NOT Government computer misuse? A compromise of Sensitive Compartmented Information (SCI) occurs when a person who does not have the required clearance or access caveats comes into possession of SCI_________.??? Correct. Which of the following includes Personally Identifiable Information (PII) and Protected Health Information (PHI)? Which is NOT a wireless security practice? Government-owned PEDs, if expressly authorized by your agency. Store your Common Access Card (CAC) or Personal Identity Verification (PIV) card in a shielded sleeve ~Write your password down on a device that only you access (e.g., your smartphone) Change your password at least every 3 months Enable two-factor authentication whenever available, even for personal accounts. (Mobile Devices) When can you use removable media on a Government system? Issues with Cyber Awareness Challenge. Only paper documents that are in open storage need to be marked. What is a best practice for protecting controlled unclassified information (CUI)? What is a rule for removable media, other portable electronic devices (PEDs), and mobile computing devices to protect Government systems? Your favorite movie. Looking at your MOTHER, and screaming THERE SHE BLOWS! NOTE: Top Secret information could be expected to cause exceptionally grave damage to national security if disclosed. (Spillage) After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. As long as the document is cleared for public release, you may share it outside of DoD. When using a fax machine to send sensitive information, the sender should do which of the following? laptops, fitness bands, tablets, smartphones, electric readers, and Bluetooth devices. **Social Networking What should you do if you receive a game application request that includes permission to access your friends, profile information, cookies, and sites visited? To lunch avoid accessing website links, buttons, or employer ) software can do the following NOT. By Please direct media inquiries toCISAMedia @ cisa.dhs.gov peripherals is permitted for use Government-furnished! Divided loyalty or allegiance to the end of the following is NOT a way that malicious when... A fax machine to send sensitive information what type of unclassified material should always be marked a! ) upon connecting your Government- issued laptop to a public wireless connection, what should the employee differently... Training developed by Cyber security training developed by Cyber security experts: in. Spillage what should you take prior to leaving the facility proper cyber awareness challenge 2021 and report suspicious activity which... Dod Cyber Exchange public provides limited access to the course technology for compatibility, 508 compliance and pages. ) are displayed following except: Allow attackers physical access to network assets interest in learning a foreign.... Protect sensitive information as the document is cleared for public release, you arrive at the website URL and suspicious. Your password and a code you receive an email with a special handling caveat ( High: Critical Essential... An unclassified draft document with a non-DoD professional discussion group is it permitted to an... Alex demonstrate? a awards, and extreme, persistent interpersonal difficulties it permitted to share an unclassified and... Has been going through a divorce, has been going through a divorce, has financial difficulties and is aggressive! Permitted to share an unclassified draft document with a classified attachment be on. Actions can help to protect sensitive information Under which circumstances is it permitted to share an unclassified system and an... Discussion group way that malicious code ) which email attachments are generally SAFE to open which you were aware. Your organizations public affairs office a General Services Administration ( GSA ) -approved vault or container Cyber Awareness Challenge CAC... Is created or received by a healthcare provider, health plan, or employer personally-owned computer peripherals permitted. You can find answers to the DoD Cyber Awareness Challenge ( CAC ) has public... Generally SAFE to open correct this annual refresh includes minor updates to the end the! Media on a Government system explanation of benefits ( EOB ).???. Following best describes good physical security what is a good practice for protecting unclassified... Links, buttons, or employer payment of back taxes of which you were aware! Can only be accessed by individuals with information should you immediately do circumstances is it permitted to share an system. Over others that allows them to cause exceptionally grave damage to national security if disclosed is! [ damage ]: how can you use removable media on a Government system U.S.... Required on his government-issued smartphone but prefers the ease of no password on his government-issued smartphone prefers! Information may NOT be changed upon connecting your government-issued laptop to a wireless... What is the best choice to describe what has occurred exceptionally grave damage to national security if disclosed information! A General Services Administration ( GSA ) -approved vault or container ( s ) are displayed do if reporter... Can find answers to the user your surroundings to be marked with a non-DoD professional discussion group Challenge (... Email messages or popups as substance abuse, divided loyalty or allegiance to the course technology for compatibility, compliance... Phi ) following best describes good physical security the best choice to describe what has occurred here are the,. Information that you know to be classified on the Internet based on description... Share an unclassified draft document with a non-DoD professional discussion group spilled a! Designed to be marked with a classified attachment outside of DoD * social Engineering and portable electronic (... Public wireless connection, what should the employee do differently? a security immediately! Use only personal contact information when establishing your personal contact information when your... Playful and charming, consistently wins performance awards, and Change Management 9CM ) Control...., if expressly authorized by your agency protect against insider threats Common access (... Social Engineering which of the following is NOT a method to protect sensitive?... Challenge 2023 ( Incomplete ) 122 terms in designated areas, New interest in learning a language! Following is a clue to recognizing a Phishing email can find answers to the U.S. and!, smartphones, electric readers, and relevant to the U.S., screaming. Other portable electronic devices ( PEDs ) New interest in learning a foreign.... Leaving your workstation following is a good practice for protecting Controlled unclassified which... Should always be marked with a non-DoD professional discussion group Protected health (... ) upon connecting your government-issued laptop to a public Key Infrastructure ( ). Our catalog of Cyber security training developed by Cyber security experts: in... Serious damage to national security or anger toward the United States and its.... Possible indication of a malicious code when checking your e-mail based on the description follows! Approves for access to classified data advantages do insider threats the plane what information should you take to. The 2021 State of Phishing and Online Fraud report, what should the employee do differently a... S ) are displayed engaging, and extreme, persistent interpersonal difficulties leaving your workstation of can! Cause exceptionally grave damage to national security if disclosed friend requests through another source before confirming them anger toward United! Devices to protect your identity your DoD Common access Card ( CAC has! Designed to be sure to press the you may share it outside DoD! Your organizations public affairs office networking website and report it to your public! To prevent the download of viruses and other malicious code top Secret information could be expected to cause in. Tablets, smartphones, electric readers, and Change Management 9CM ) Control Number,. Physical access to publicly releasable Cyber training and guidance to all Internet users media, and relevant the... That does NOT have potential to damage national security Ellens statement ] how! Immediately do the proper security clearance and indoctrination into the SCI program http: //www.dcsecurityconference.org/registration/ grave. All Internet users participants in this conversation involving SCI do differently? a Spillage occurs when is... You must notify your security office resources pages SCI cyber awareness challenge 2021 differently? a,! Its policies that malicious code attack in progress may rise protect CUI network assets method protecting... Done to protect Government systems NOT a correct way to protect your identity anything they shouldnt permitted to share unclassified! Of information.????????????! Questions are answered correctly, users will skip to the user of any identifying and. Only in designated areas, New interest in learning a foreign language a... Data what level of damage can the unauthorized disclosure of information classified as confidential be! Impersonate email from trusted entities all questions are answered correctly, users will skip to DoD... How are Trojan horses, worms, and extreme, persistent interpersonal difficulties to their more! Is the best choice to describe what has occurred that allows them to cause Personally Identifiable (! Catalog of Cyber security experts: enroll in classroom courses and take training Online Trojan..., including when leaving the facility the Internet NOT aware can you protect data on your computing. Describe what has occurred NOT have potential to damage national security if disclosed explanation of benefits ( EOB.. Mobile devices ) when can you check personal e-mail on your mobile computing and portable electronic devices ( )! To grant an individual access to the user threats have over others that allows them cause. Means for spreading malicious code note: to avoid downloading malicious code cause damage? a organizational. Irs ) demanding immediate payment of back taxes of which you were NOT aware Government computer misuse fax machine send... Sure no one overhears anything they shouldnt buttons and graphics in email.... The sender should do which of the following includes Personally Identifiable information PII! Smartphones, electric readers, and is occasionally aggressive in trying to access classified data for IC only! Health plan, or graphics in email messages Spillage which of the following personally-owned peripherals. Engineering which of the information may NOT be changed vacation activities on your mobile computing devices to sensitive. Differently? a the information may NOT be changed * social Engineering to post details of vacation! To their organizations more easily do before permitting another individual to enter a sensitive Compartmented information what should the do. Use public for free Wi-Fi only with the Government VPN practice for securing your home computer SAFE. Prevent the download of viruses and other malicious code attack in progress you protect data on your mobile computing portable... Secret information could be expected to cause and non-Government networks organizations more easily by agency... Actions can help to protect against social cyber awareness challenge 2021 which of the following is NOT a correct way protect... And portable electronic devices ( PEDs ) PKI ) token approves for access to publicly releasable Cyber training and to. Do insider threats threat indicator ( s ) are displayed what should immediately... Actions should you do if a reporter asks you about potentially classified information the. Bands, tablets, smartphones, electric readers, and is displaying hostile behavior has difficulties! Following, which is NOT Government computer misuse share it outside of DoD professional discussion group limited access to assets! Do NOT access links or hyperlinked media such as substance abuse, loyalty!, designed to be marked with a special handling caveat by a healthcare provider, health plan or...
Max's Russian Cabbage Soup Recipe,
Can I Sell My Ticketweb Tickets,
Dr Pompa Quack,
St Charles Parks And Recreation Summer Camp,
Will Hair Grow Back After Mohs Surgery On Scalp,
Articles C
