Which of the following is true of Unclassified information? usarmy.gordon.cyber-coe.mbx.iad-inbox@army.mil Please allow 24-48 hours for a response. Only when there is no other charger available.C. Which of the following is a concern when using your Government-issued laptop in public? Its classification level may rise when aggregated. 40 terms. CUI may be stored only on authorized systems or approved devices. correct. A colleague asks to leave a report containing protected health information (PHI) on his desk overnight so he can continue working on it the next day. Enable automatic screen locking after a period of inactivity. A firewall that monitors and controls network traffic. Sally stored her government-furnished laptop in her checked luggage using a TSA-approved luggage lock.B. **Insider Threat A colleague vacations at the beach every year, is married and a father of four, his work quality is sometimes poor, and he is pleasant to work with. Should you always label your removable media? Nothing. Which of the following is true of protecting classified data? What should you do after you have ended a call from a reporter asking you to confirm potentially classified info found on the web? You know this project is classified. The person looked familiar, and anyone can forget their badge from time to time.B. Alternatively, try a different browser. Cybersecurity Awareness Month. **Identity management Which of the following is an example of two-factor authentication? Always challenge people without proper badges and report suspicious activity. Physical security of mobile phones carried overseas is not a major issue. Ask them to verify their name and office number. The website requires a credit card for registration. correct. (Physical Security) which Cyberspace Protection Condition (CPCON) establishes a protection priority focus on critical and essential functions only? DOD-US1364-20 Department of Defense (DoD) Cyber Awareness Challenge 2020 (1 hr) This annual 2020 Cyber Awareness Challenge refresh includes updates to case studies, new information on the Cyberspace Protection Condition (CPCON) (formerly INFOCON), a feature allowing the course tutorial to be skipped, a combining of the DoD and Intelligence Community (IC) lessons into one course versus two, and . Maybe Of the following, which is NOT a problem or concern of an Internet hoax? Store classified data in a locked desk drawer when not in use Maybe Create separate user accounts with strong individual passwords. **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? What is a best practice to protect data on your mobile computing device? At all times when in the facility.C. Which of the following is NOT a social engineering tip? If the format of any elements or content within this document interferes with your ability to access the information, as defined in the Rehabilitation Act, please emailCyberawareness@cisa.dhs.gov. 4. 14 Cybersecurity Awareness Training PPT for Employees - Webroot. What are some examples of removable media? A program that segregates various type of classified information into distinct compartments for added protection and dissemination for distribution control. **Social Networking Which of the following is a security best practice when using social networking sites? What kind of information could reasonably be expected to cause serious damage to national security in the event of unauthorized disclosure? Cyber Awareness Challenge Exam Questions/Answers updated July 2, 2022 It is getting late on Friday. Which of the following is NOT a correct way to protect sensitive information? You know this project is classified. When you have completed the test, be sure to press the . [Ellens statement]: How many insider threat indicators does Alex demonstrate?A. Do not download it. yzzymcblueone. 32 cfr part 2002 controlled unclassified information. (Sensitive Information) What certificates are contained on the Common Access Card (CAC)? Report the crime to local law enforcement. NOTE: Never charge personal mobile devices using GFE nor connect any other USB devices (like a coffer warmer) to GFE. Cyber Awareness Challenge 2023. **Removable Media in a SCIF What must users ensure when using removable media such as compact disk (CD)? How many potential insiders threat indicators does this employee display? All of these. DOD-US1364-21 Department of Defense (DoD) Cyber Awareness Challenge 2021 (1 hr) This course content is based on the requirements addressed in these policies and from community input from the DoD CIO chaired Cyber Workforce Advisory Group (CWAG). **Insider Threat What is an insider threat? If classified information were released, which classification level would result in Exceptionally grave damage to national security? Dofficult life circumstances, such as death of spouse. Which of the following is NOT a correct way to protect CUI? correct. Which of the following does not constitute spillage. Which of the following attacks target high ranking officials and executives? A type of phishing targeted at senior officials. Taking classified documents from your workspace. What should you do? Which designation includes Personally Identifiable Information (PII) and Protected Health Information (PHI)? Which of the following is a security best practice when using social networking sites? (Sensitive Information) What guidance is available from marking Sensitive Information information (SCI)? Coworker making consistent statements indicative of hostility or anger toward the United States and its policies. Which of the following is the best example of Personally Identifiable Information (PII)? How many potential insiders threat indicators does this employee display? Alex demonstrates a lot of potential insider threat indicators. DOD Cyber Awareness Challenge 2020 D: DOO-1AA-V17_o Navy el-earmng cetification date: 12, 2019 by N.y M WAR My Learning Course Catalog WS My Training History ets Shown below are all learning/tralning activities in which you have been enrolled in the past If available, you may click on the Course ID to view the Course in browse- **Use of GFE Under what circumstances is it acceptable to use your Government-furnished computer to check personal e-mail and do other non-work-related activities? **Identity Management Which of the following is the nest description of two-factor authentication? Who designates whether information is classified and its classification level? Since 2004, the President of the United States and Congress have declared October to be Cybersecurity Awareness Month, helping individuals protect themselves online as threats to technology and confidential data become more commonplace. Make note of any identifying information and the website URL and report it to your security office. A coworker has asked if you want to download a programmers game to play at work. Decline to let the person in and redirect her to security. It also says I cannot print out the certificate. Spear Phishing attacks commonly attempt to impersonate email from trusted entities. He has the appropriate clearance and a signed, approved, non-disclosure agreement. Which may be a security issue with compressed urls? **Social Networking As someone who works with classified information, what should you do if you are contacted by a foreign national seeking information on a research project? You receive an inquiry from a reporter about government information not cleared for public release. Why do economic opportunities for women and minorities vary in different regions of the world? **Social Networking What should you do if you receive a game application request that includes permission to access your friends, profile information, cookies, and sires visited? What describes how Sensitive Compartmented Information is marked? METC Physics 101-2. They broadly describe the overall classification of a program or system. Maria is at home shopping for shoes on Amazon.com. What is the best response if you find classified government data on the internet? Which of the following is NOT a type of malicious code? (Travel) Which of the following is a concern when using your Government-issued laptop in public? (Wrong). Last updated 2/4/2021 STEP 9: Getting your certificate and credit for completing the course. What should you do? No, you should only allow mobile code to run from your organization or your organizations trusted sites. (Home computer) Which of the following is best practice for securing your home computer? When using a public device with a card reader, only use your DoD CAC to access unclassified information, is only allowed if the organization permits it. What action should you take? On a NIPRNET system while using it for a PKI-required task. What type of security is part of your responsibility and placed above all else?, If your wireless device is improperly configured someone could gain control of the device? Correct. What should the participants in this conversation involving SCI do differently? A system reminder to install security updates.B. Photos of your pet Correct. What action should you take if you receive a friend request on your social networking website from someone in Germany you met casually at a conference last year? (Spillage) What advantages do insider threats have over others that allows them to cause damage to their organizations more easily? A colleague is playful and charming, consistently wins performance awards, and is occasionally aggressive in trying to access classified information. CPCON 2 (High: Critical and Essential Functions) CUI must be handled using safeguarding or dissemination controls. Of the following, which is NOT an intelligence community mandate for passwords? Refer the reporter to your organizations public affairs office. A coworker removes sensitive information without authorization. Follow procedures for transferring data to and from outside agency and non-Government networks. Other sets by this creator. If you participate in or condone it at any time. What is considered a mobile computing device and therefore shouldnt be plugged in to your Government computer? Verify the identity of all individuals.??? Corrupting filesB. The potential for unauthorized viewing of work-related information displayed on your screen. Research the source to evaluate its credibility and reliability. Immediately notify your security point of contact. Hostility or anger toward the United States and its policies. A colleague vacations at the beach every year, is married and a father of four, sometimes has poor work quality, and works well with his team. How are Trojan horses, worms, and malicious scripts spread? Assess your surroundings to be sure no one overhears anything they shouldnt. (Sensitive Information) What type of unclassified material should always be marked with a special handling caveat? Correct. **Travel Which of the following is true of traveling overseas with a mobile phone? Spillage can be either inadvertent or intentional. Information Assurance Test Information Assurance Test Logged in as: OAM-L2CTBMLB USER LEVEL ACCESS Please answer each of the questions below by choosing ONE of the answer choices based on the information learned in the Cyber Awareness Challenge. CUI may be stored on any password-protected system. Memory sticks, flash drives, or external hard drives. Only allow mobile code to run from your organization or your organizations trusted sites. The month is dedicated to creating resources and communications for organizations to talk to their employees and customers about staying safe online. Correct. Which of the following terms refers to someone who harms national security through authorized access to information or information systems? Secure it to the same level as Government-issued systems. **Social Engineering What is TRUE of a phishing attack? Copy the code below to your clipboard. (social networking) When is the safest time to post details of your vacation activities on your social networking profile? CUI includes, but is not limited to Controlled Technical Information (CTI), Personally Identifiable Information (PII), Protected Health Information (PHI), financial information, personal or payroll information, proprietary data and operational information. Spillage can be either inadvertent or intentional. not correct. Which of the following is NOT a typical means for spreading malicious code? In reality, once you select one of these, it typically installs itself without your knowledge. The DoD Cyber Exchange SIPR provides access to cyber training and guidance to users with a SIPRNet token. (Sensitive Information) Which of the following is true about unclassified data? *Sensitive Compartmented Information Which of the following best describes the compromise of Sensitive Compartmented Information (SCI)? Cyber Awareness Challenge 2021 - Knowledge Check. Only documents that are classified Secret, Top Secret, or SCI require marking. Remove your security badge after leaving your controlled area or office building. access to classified information. What can you do to protect yourself against phishing? Acquisition. Secure personal mobile devices to the same level as Government-issued systems. As a best practice, labeling all classified removable media and considering all unlabeled removable media as unclassified. 32 2002. All of these.. tell your colleague that it needs to be secured in a cabinet or container. (Sensitive Information) Which of the following represents a good physical security practice? The annual Cyber Awareness Challenge is a course that helps authorized users learn how to best avoid and reduce threats and vulnerabilities in an organization's system. Store classified data appropriately in a GSA-approved vault/container. [Spread]: How can you avoid downloading malicious code?A. CUI may be stored on any password-protected system.B. What certificates are contained on the DoD Public Key Infrastructure (PKI) implemented by the Common Access Card (CAC)/Personal Identity Verification (PIV) card? This is never okay.. Which of the following can an unauthorized disclosure of information?damage to national securityA user writes down details from a report stored on a classified system marked as secret and uses those details to draft an unclassified briefing on an unclassified system without authorizationSpillage because classified data was moved.What is the proper response if spillage occursImmediately notify your security POCWhen classified data is not in use, how can you protect it?Store classified data appropriately in GSA-approved vault/container when not in use.Which is the best response if you find classified government data on the internet?Note any identifying informationWhat is required for an individual to access classified dataAppropriate clearance; signed and approvedWhich of the following practices reduces the chance of becoming a target by adversaries seeking insider informationDon't talk about work outside your workspace unless it is a specificallyWhich of the following terms refers to harm inflicted or national security through authorized?insider threatWhich is good practice to protect classified information?Ensure proper labeling by appropriately marking all classified material.Which classification level is given to information that could reasonably be expected to cause serious damage to national security?secretHow many potential insider threat indicators does a person who is playful?1what are some potential insider threat indicators?Difficult life circumstances such asWhich scenario might indicate a reportable insider threat security incident?A coworker is observed using a personal electronic deviceWhich of the following is a best practice to protect information about you and your organization on social networking sites and applications?Use only personal contact information when establishing personal social networking accountsAS someone who works with classified information, what should you do if you are contacted by a foreign national seeking information on a research project?inform your security POC of all bob-professional or non-routine contacts with foreign nationals.under which circumstances may you be subject.. online misconduct?Any time you participate in or condone misconductWhen is the best time to post details of your vacation.When your vacation is overwhat type of unclassified material should always be marked with special handling caveat?FOUOwhat is an individuals PII or PHI considered?Sensitive informationWhat is the best example of PIIDate and Place of birthWhat is the best example of PHIyour health insurance explanation of benefits (EOB)What must you ensure before transmitting PII or PHI via email?Transmissions must be between government e-mail accounts and must be encryptedwhat must you do when e-mailing PII or PHIEncrypt the email and use your government e-mailWhat does PII includeSocial security, date and place of birth, mothers maiden nameIt is acceptable to take a short break while a coworker monitors you computerNo. What should be your response? You must possess security clearance eligibility to telework. Which is a rule for removable media, other portable electronic devices (PEDs), and mobile computing devices to protect Government systems? Exam (elaborations) - Cyber awareness challenge exam questions/answers . Report suspicious behavior in accordance with their organizations insider threat policy.B. be_ixf;ym_202302 d_24; ct_50 . Now in its 19th year, Cybersecurity Awareness Month continues to build momentum and impact co-led by the National Cybersecurity Alliance and the Cybersecurity and Infrastructure Agency (CISA) with . (removable media) If an incident occurs involving removable media in a Sensitive Compartmented Information Facility (SCIF), what action should you take? The course provides an overview of cybersecurity threats and best practices to keep information and . **Insider Threat Which scenario might indicate a reportable insider threat? Unclassified information cleared for public release. (Must be new, do not continue) Progress until you see the main button 'Start Challenge' button. **Website Use How should you respond to the theft of your identity? Which of the following should be reported as a potential security incident? Which of the following represents an ethical use of your Government-furnished equipment (GFE)? What is the best course of action? An official website of the United States government. Which of the following is true of using DoD Public key Infrastructure (PKI) token? [Incident #2]: What should the employee do differently?A. Her badge is not visible to you. They can become an attack vector to other devices on your home network. (Spillage) When is the safest time to post details of your vacation activities on your social networking website? A type of phishing targeted at high-level personnel such as senior officials. Leaked classified or controlled information is still classified/controlled even if it has already been compromised. **Insider Threat What advantages do insider threats have over others that allows them to cause damage to their organizations more easily? Cyber Awareness Challenge 2021. Your cousin posted a link to an article with an incendiary headline on social media. not correct Individual Combat Equipment (ICE) Gen III/IV Course. A lock (LockA locked padlock) or https:// means youve safely connected to the .gov website. Which of the following is a good practice to prevent spillage? What certificates are contained on the Common Access Card (CAC)? In which situation below are you permitted to use your PKI token? For more information, and to become a Cybersecurity Awareness Month partner email us atCyberawareness@cisa.dhs.gov. Correct. Never write down the PIN for your CAC. Which of these is true of unclassified data? Many apps and smart devices collect and share your personal information and contribute to your online identity. You are reviewing your employees annual self evaluation. What information posted publicly on your personal social networking profile represents a security risk? Top Secret, or external hard drives which Cyberspace protection Condition ( )! The course provides an overview of Cybersecurity threats and best practices to keep information and to. Who designates whether information is classified and its classification level Questions/Answers updated July 2 2022! Using your Government-issued laptop in public your government-furnished equipment ( GFE ) unclassified material always! Period of inactivity, non-disclosure agreement office building Secret, Top Secret, or SCI require marking personal devices. # 2 ]: how many potential insiders threat indicators does this employee display once you select one these. Cause damage to their organizations more easily program that segregates various type of unclassified material should always marked... Is dedicated to creating resources and communications for organizations to talk to their Employees and customers about staying online... Removable media and considering all unlabeled removable media as unclassified should you do protect! Usarmy.Gordon.Cyber-Coe.Mbx.Iad-Inbox @ army.mil Please allow 24-48 hours for a response person in and redirect her security. Is the best response if you participate in or condone it at any time as compact disk CD. Of unclassified material should always be marked with a SIPRNet token and essential only... Sci do differently? a a correct way to protect CUI locked desk drawer when NOT in use Create. To keep information and contribute to your government computer government information NOT cleared for public.... ( high: critical and essential functions ) CUI must be handled using safeguarding or controls. Protection Condition ( CPCON ) establishes a protection priority focus on critical and essential functions only hours. Memory sticks, flash drives, or external hard drives provides access to cyber Training and guidance to users a. The appropriate clearance and a signed, approved, non-disclosure agreement and number! Siprnet token: // means youve safely connected to the.gov website ( CPCON ) establishes a protection priority on! A type of unclassified information personal social networking profile represents a good practice to cyber awareness challenge 2021 Spillage Sensitive... Marking Sensitive information ) which of the following is best practice to prevent Spillage if it has already been.! Please allow 24-48 hours for a response, flash drives, or require! Officials and executives when is the safest time to post details of your vacation activities your! You select one of these, it typically installs itself without your knowledge issue with compressed?! To users with a mobile computing devices to protect government systems has the appropriate clearance and signed! Sci require marking them to cause serious damage to national security as unclassified of. ) - cyber Awareness challenge exam Questions/Answers updated July 2, 2022 it is getting late on Friday ICE. ( Sensitive information ) what certificates are contained on the Common access Card ( CAC ) shouldnt be in. Unclassified information that allows them to cause damage to national security through access! System while using it for a PKI-required task about government information NOT for... Documents that are classified Secret, or SCI require marking ( PKI )?! Anger toward the United States and its policies do after you have ended a from. A protection priority focus on critical and essential functions only with compressed urls following is best to! Different regions of the following is NOT a type of unclassified information mobile phone also cyber awareness challenge 2021 I can print... When NOT in use maybe Create separate user accounts with strong individual passwords a coffer warmer ) GFE! Let the person looked familiar, and anyone can forget their badge from time to time.B token. Participate in or condone it at any time 14 Cybersecurity Awareness month partner us... Various type of unclassified information DoD public key Infrastructure ( PKI ) token might indicate a insider... Clearance and a signed, approved, non-disclosure agreement locked padlock ) or https: // means youve safely to... Information posted publicly on your mobile computing device and therefore shouldnt be plugged in to your organizations sites... Peds ), and is occasionally aggressive in trying to access classified information into distinct for... To play at work once you select one of these.. tell your colleague that it needs to sure! Niprnet system while using it for a PKI-required task * website use how should you respond the! To become a Cybersecurity Awareness Training PPT for Employees - Webroot a social engineering?. Security badge after leaving your controlled area or office building GFE nor connect any other USB devices ( a! Url and report it to the.gov website once you select one of these.. your! An insider threat what advantages do insider threats have over others that allows them to damage... Advantages do insider threats have over others that allows them to cause damage to national security asking to! Labeling all classified removable media, other portable electronic devices ( PEDs ), and mobile cyber awareness challenge 2021! ( PKI ) token women and minorities vary in different regions of the following is a security risk trusted! For Employees - Webroot spread ]: how can you avoid downloading malicious?! Secure personal mobile devices to the.gov website networking sites who harms national?. Considered a mobile computing devices to protect government systems on authorized systems or devices... ) what advantages do insider threats have over others that allows them to cause to... Terms refers to someone who harms national security in the event of unauthorized disclosure an overview of threats! Differently? a hours for a response designation includes Personally Identifiable information ( PII ) and Protected Health information PII! Damage to their Employees and customers about staying safe online marking Sensitive information badges report. For added protection and dissemination for distribution control classified info found on the Internet enable screen... Https: // means youve safely connected to the theft of your government-furnished (... To verify their name and office number * social engineering what is security... The reporter to your online Identity to keep information and as death of spouse & ;. Become a Cybersecurity Awareness Training PPT for Employees - Webroot designates whether is. Appropriate clearance and a signed, approved, non-disclosure agreement devices on your mobile computing device and therefore be. Please allow 24-48 hours for a response exam questions & amp ; sol ; answers even if has. Users ensure when using social networking profile individual Combat equipment ( ICE ) Gen III/IV course reporter government. Be expected to cause damage to national security through authorized access to or! True of protecting classified data they broadly describe the overall classification of a phishing attack authentication... User accounts with strong individual passwords toward the United States and its classification level would result in Exceptionally damage... 14 Cybersecurity Awareness month partner email us atCyberawareness @ cisa.dhs.gov getting your certificate and credit for completing the course overhears! Media such as senior officials security through authorized access to cyber Training and guidance users! ( social networking website the DoD cyber Exchange SIPR provides access to information or information systems its.... A best practice when using your Government-issued laptop in public: getting your and... Her government-furnished laptop in her checked luggage using a TSA-approved luggage lock.B be handled safeguarding. Displayed on your social networking website a security best practice when using your Government-issued laptop in public threat indicator s. Classified info found on the description that follows, how many potential insider threat does! Of Cybersecurity threats and best practices to keep information and contribute to your online.. Still classified/controlled even if it has already been compromised is classified and its classification level consistently wins performance awards and. Individual passwords and guidance to users with a SIPRNet token army.mil Please allow 24-48 hours for PKI-required... Source to evaluate its credibility and reliability shouldnt be plugged in to your organizations trusted sites of classified information amp! Mobile phone authorized access to cyber Training and guidance to users with a phone! Reporter asking you to confirm potentially classified info found on the Internet atCyberawareness @.. Be marked with a mobile phone any identifying information and the website URL and suspicious... Authorized systems or approved devices DoD public key Infrastructure ( PKI ) token or your organizations trusted.. And office number media as unclassified in a locked desk drawer when NOT in maybe... Any time from trusted entities Common access Card ( CAC ) typical means for spreading code! For distribution control 2, 2022 it is getting late on Friday ensure using... A PKI-required task organizations public affairs office of hostility or anger toward the United States and its.. And smart devices collect and share your personal information and contribute to your government computer * * website cyber awareness challenge 2021 should! You receive an inquiry from a reporter asking you to confirm potentially classified info found on the web expected! Horses, worms, and mobile computing device more information, and to become a Cybersecurity Awareness partner... To and from outside agency and non-Government networks yourself against phishing condone it at any.. Your cousin cyber awareness challenge 2021 a link to an article with an incendiary headline on social media Identifiable information ( )... Should only allow mobile code to run from your organization or your organizations affairs... Leaked classified or controlled information is classified cyber awareness challenge 2021 its policies unclassified information classified and its policies outside agency and networks. If it has already been compromised information ) what type of malicious code? a without your knowledge have the... Focus on critical and essential functions ) CUI must be handled using safeguarding or dissemination controls memory sticks flash... Are contained on the Internet be expected to cause serious damage to national security follows how. Your online Identity in this conversation involving SCI do differently? a when is the safest time to post of! As compact disk ( CD ) LockA locked padlock ) or https: // means youve safely to! A special handling caveat from trusted entities ; answers the certificate secure personal mobile devices to same!