(Spillage) Which of the following is a good practice to aid in preventing spillage? You have reached the office door to exit your controlled area. Which of the following best describes the sources that contribute to your online identity. How many potential insider threat indicators does this employee display? Confirm the individuals need-to-know and access. Report the crime to local law enforcement. How many potential insider threat indicators does this employee display? Debra ensures not correct Notify your security POCB. What action should you take? Store classified data appropriately in a GSA-approved vault/container. DOD-US1364-21 Department of Defense (DoD) Cyber Awareness Challenge 2021 (1 hr) This course content is based on the requirements addressed in these policies and from community input from the DoD CIO chaired Cyber Workforce Advisory Group (CWAG). *Malicious Code What are some examples of malicious code? Maybe. Validate all friend requests through another source before confirming them. The answers here are current and are contained within three (3) incidents: spillage, Controlled Unclassified Information (CUI), and malicious codes. [Damage]: How can malicious code cause damage?A. (Spillage) What is required for an individual to access classified data? [Incident]: What level of damage to national security can you reasonably expect Top Secret information to cause if disclosed?A. Use the government email system so you can encrypt the information and open the email on your government issued laptop. Which of the following is a practice that helps to protect you from identity theft? **Social Networking Which piece if information is safest to include on your social media profile? Which of the following is an example of removable media? What is a best practice for protecting controlled unclassified information (CUI)? If all questions are answered correctly, users will skip to the end of the incident. All government-owned PEDsC. Which of the following is a security best practice for protecting Personally Identifiable Information (PII)? The answers here are current and are contained within three (3) incidents: spillage, Controlled Unclassified . A coworker removes sensitive information without authorization. *Sensitive Information Under what circumstances could classified information be considered a threat to national security? You are logged on to your unclassified computer and just received an encrypted email from a co-worker. Note the websites URL.B. Which of the following is a concern when using your Government-issued laptop in public? **Mobile Devices What should you do when going through an airport security checkpoint with a Government-issued mobile device? For instance, Cyber4Dev collaborated with eBotho, a Botswana NGO to launch CyberSmartBW and the CyberSmart challenge to raise awareness of Cyber hygiene and Cybersecurity through TV, webinar, and radio (Cyber4Dev, 2021) during the month of October which is recognized as cybersecurity month in many countries (The Midweek Sun, 2020). (GFE) When can you check personal e-mail on your Government-furnished equipment (GFE)? A coworker has asked if you want to download a programmers game to play at work. ~All documents should be appropriately marked, regardless of format, sensitivity, or classification. These resources are provided to enable the user to comply with rules, regulations, best practices and federal laws. What should you do? Which of the following is not a best practice to preserve the authenticity of your identity? Which of the following is a reportable insider threat activity? Cookies may pose a security threat, particularly when they save unencrypted personal information. Look for https in the URL name to confirm that the site uses an encrypted link. Store it in a GSA approved vault or container. Use the classified network for all work, including unclassified work.C. This training is current, designed to be engaging, and relevant to the user. The purpose of the Cyber Awareness Challenge is to influence behavior, focusing on actions that authorized users can engage to mitigate threats and vulnerabilities to DoD Information Systems. Directives issued by the Director of National Intelligence. FREQUENCY: Annual TIME TO COMPLETE: 1.5 hours How many potential insider threat indicators does this employee display? What is the best course of action? Hes on the clock after all.C. Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed. When using your government-issued laptop in public environments, with which of the following should you be concerned? 32 cfr 2002 controlled unclassified information. (controlled unclassified information) Which of the following is NOT an example of CUI? **Insider Threat Which of the following should be reported as a potential security incident? Immediately notify your security point of contact. **Identity management What is the best way to protect your Common Access Card (CAC)? Which of the following terms refers to someone who harms national security through authorized access to information or information systems? What are some examples of removable media? As a best practice, labeling all classified removable media and considering all unlabeled removable media as unclassified. Only paper documents that are in open storage need to be marked. **Social Networking As someone who works with classified information, what should you do if you are contacted by a foreign national seeking information on a research project? Here are the test answers to the Cyber Awareness Challenge (CAC) 2023. Request the users full name and phone number. be wary of suspicious e-mails that use your name and/or appear to come from inside your organization. How does Congress attempt to control the national debt? Carrying his Social Security Card with him, DoD employees are prohibited from using a DoD CAC in card-reader-enabled public device, Assigned a classification level by a supervisor. **Insider Threat What type of activity or behavior should be reported as a potential insider threat? Senior government personnel, military or civilian. Ensure proper labeling by appropriately marking all classified material and, when required, sensitive material. Malicious code can do the following except? Exceptionally grave damage. It does not require markings or distribution controls. **Social Engineering What is TRUE of a phishing attack? attempt to change the subject to something non-work related, but neither confirm nor deny the article's authenticity. What should the participants in this conversation involving SCI do differently? Software that installs itself without the users knowledge. NOTE: Dont talk about work outside of your workspace unless it is a specifically designated public meeting environment and is controlled by the event planners. What is the basis for the handling and storage of classified data? What is considered a mobile computing device and therefore shouldnt be plugged in to your Government computer? Ensure proper labeling by appropriately marking all classified material and, when required, sensitive material. Of the following, which is NOT a security awareness tip? Use the appropriate token for each system. What does Personally Identifiable Information (PII) include? I took the liberty of completing the training last month, however on the MyLearning site, it says I have completed 0%. Exceptionally grave damage. Which of the following is NOT an example of CUI?A. Which of the following does NOT constitute spillage? **Insider Threat A colleague vacations at the beach every year, is married and a father of four, his work quality is sometimes poor, and he is pleasant to work with. Which must be approved and signed by a cognizant Original Classification Authority (OCA)? **Mobile Devices Which is a rule for removable media, other portable electronic devices (PEDs), and mobile computing devices to protect Government systems? An investment in knowledge pays the best interest.. Software that installs itself without the users knowledge.C. It should only be in a system while actively using it for a PKI-required task. A medium secure password has at least 15 characters and one of the following. NOTE: Dont allow others access or piggyback into secure areas. What certificates are contained on the Common Access Card (CAC)? (Sensitive Compartmented Information) What portable electronic devices (PEDs) are allow in a Secure Compartmented Information Facility (SCIF)? CUI may be stored on any password-protected system. Original classification authority Correct. Here are some of the key takeaways for companies and individuals from the DoD Cyber Awareness Challenge 2020. [Prevalence]: Which of the following is an example of malicious code?A. How many potential insider threat indicators does this employee display? What action is recommended when somebody calls you to inquire about your work environment or specific account information? **Social Networking Which of the following statements is true? Bob, a coworker, has been going through a divorce, has financial difficulties and is displaying hostile behavior. Correct. Which of the following is a good practice to avoid email viruses? (Insider Threat) Based on the description that follows, how many potential insider threat indicator(s) are displayed? NoneB. After work hours, storing sensitive information in unlocked containers, desks, or cabinets if security is not present. A Common Access Card and Personal Identification Number. He let his colleague know where he was going, and that he was coming right back.B. February 8, 2022. Badges must be removed when leaving the facility. A colleague asks to leave a report containing protected health information (PHI) on his desk overnight so he can continue working on it the next day. correct. They can be part of a distributed denial-of-service (DDoS) attack. Which of the following is the best example of Protected Health Information (PHI)? Which of the following information is a security risk when posted publicly on your social networking profile? **Removable Media in a SCIF What portable electronic devices (PEDs) are allowed in a Sensitive Compartmented Information Facility (SCIF)? Use only personal contact information when establishing your personal account. Store it in a locked desk drawer after working hours. Which is NOT a wireless security practice? The training also reinforces best practices to protect classified, controlled unclassified information (CUI), and personally identifiable information (PII). Which of the following is NOT an example of Personally Identifiable Information (PII)? memory sticks, flash drives, or external hard drives. Attachments contained in a digitally signed email from someone known. (Spillage) Which of the following is a best practice to protect information about you and your organization on social networking sites and applications? The IC Cyber Awareness Challenge v2 training can be used as a substitute for the Cyber Awareness Challenge v3 training for IC personnel only. Please email theCISATeamwith any questions. Under which circumstances may you be subject to criminal, disciplinary, and/or administrative action due to online misconduct? Is it acceptable to take a short break while a coworker monitors your computer while logged on with you common access card (CAC)? *Spillage Which of the following may help to prevent spillage? Secure personal mobile devices to the same level as Government-issued systems. Which of the following is a practice that helps to prevent the download of viruses and other malicious code when checking your email? A colleague often makes others uneasy with her persistent efforts to obtain information about classified project where she has no need-to-know, is vocal about her husband overspending on credit cards, and complains about anxiety and exhaustion. It is permissible to release unclassified information to the public prior to being cleared. The physical security of the device. What should you do if someone asks to use your government issued mobile device (phone/laptop..etc)? Use a common password for all your system and application logons. Classified information that is accidentally moved to a lower classification or protection levelB. For more information, and to become a Cybersecurity Awareness Month partner email us atCyberawareness@cisa.dhs.gov. The annual Cyber Awareness Challenge is a course that helps authorized users learn how to best avoid and reduce threats and vulnerabilities in an organization's system. Which of the following is NOT true concerning a computer labeled SECRET? (Answer) CPCON 2 (High: Critical and Essential Functions) CPCON 1 (Very High: Critical Functions) CPCON 3 (Medium: Critical, Essential, and Support Functions) CPCON 4 (Low: All Functions) CPCON 5 (Very Low: All Functions). NOTE: Remember that leaked classified or controlled information is still classified or controlled even if it has already been compromised. Correct. CPCON 2 (High: Critical and Essential Functions) The website requires a credit card for registration. You must have permission from your organization. Which of the following statements is true? In addition to offering an overview of cybersecurity best practices, the challenge also provides awareness of potential and common cyber threats. Erasing your hard driveC. They can be part of a distributed denial-of-service (DDoS) attack. They broadly describe the overall classification of a program or system. What portable electronic devices (PEDs) are permitted in a SCIF? NOTE: Malicious code can cause damage by corrupting files, erasing your hard drive, and/or allowing hackers access. What should be your response? Which is a risk associated with removable media? Unauthorized Disclosure of Classified Information for DoD, Security Awareness: Derivative Classification Answers, Security Pro: Chapter 3 (3.1.8) & 4.1 Security Policies Answers, EVERFI Achieve Consumer Financial Education Answers, CITI Module #3 Research in Public Elementary and Secondary Schools, Google Analytics Individual Qualification Exam Answers, Answers to CTS Unit 7 Lab 7-2: Protocols and Services SNMP, Select All The Correct Responses. (Malicious Code) Which are examples of portable electronic devices (PEDs)? What is Sensitive Compartment Information (SCI) program? Your cousin posted a link to an article with an incendiary headline on social media. Identification, encryption, and digital signature. Not correct. You must have your organizations permission to telework. Understanding and using the available privacy settings. ~All documents should be appropriately marked, regardless of format, sensitivity, or classification. Lundholm, Inc., which reports financial statements each December 31, is authorized to issue $500,000 of 9%, 15-year bonds dated May 1, 2018, with interest payments on October 31 and April 30. correct. You find information that you know to be classified on the Internet. A type of phishing targeted at high-level personnel such as senior officials. They can become an attack vector to other devices on your home network. (Spillage) When is the safest time to post details of your vacation activities on your social networking website? *Sensitive Compartmented Information When should documents be marked within a Sensitive Compartmented Information Facility (SCIF). What should you do if a reporter asks you about potentially classified information on the web? If authorized, what can be done on a work computer? Use your own security badge, key code, or Common Access Card (CAC)/Personal Identity Verification (PIV) card. How can you protect data on your mobile computing and portable electronic devices (PEDs)? Only friends should see all biographical data such as where Alex lives and works. They may wittingly or unwittingly use their authorized access to perform actions that result in the loss or degradation of resources or capabilities. Only when badging inB. NOTE: Badges must be visible and displayed above the waist at all times when in the facility. *Controlled Unclassified Information Which of the following best describes a way to safely transmit Controlled Unclassified Information (CUI)? (Sensitive Information) What should you do if a commercial entity, such as a hotel reception desk, asks to make a photocopy of your Common Access Card (CAC) for proof of Federal Government employment? The potential for unauthorized viewing of work-related information displayed on your screen. Ensure there are no identifiable landmarks visible in any photos taken in a work setting that you post. What should you do to protect yourself while on social networks? Which of the following is true of the Common Access Card (CAC) or Personal Identity Verification (PIV) card? Which of the following is not considered a potential insider threat indicator? A .gov website belongs to an official government organization in the United States. You are leaving the building where you work. Have your permissions from your organization, follow your organization guideline, use authorized equipment and software, employ cyber security best practice, perform telework in dedicated when home. Which of the following is NOT an example of CUI? Under what circumstances is it acceptable to check personal email on Government-furnished equipment (GFE)? DOD Cyber Awareness Challenge 2019 (DOD-IAA-V16.0) 35 terms. What should the owner of this printed SCI do differently? If you receive a phone call from a stranger asking for information about your invoice payment process, you should: Crucial information about a user or organization can be gained through. Darryl is managing a project that requires access to classified information. Always take your Common Access Card (CAC) when you leave your workstation. CUI may be stored only on authorized systems or approved devices. classified material must be appropriately marked. Learn how to build a career in cybersecurity using the Cyber Careers Pathways tool. [Ellens statement]: How many insider threat indicators does Alex demonstrate?A. Assess your surroundings to be sure no one overhears anything they shouldnt. This is never okay.. what is required for an individual to access classified data? (Sensitive Information) Which of the following represents a good physical security practice? What actions should you take with a compressed Uniform Resource Locator (URL) on a website known to you? *Sensitive Compartmented Information What must the dissemination of information regarding intelligence sources, methods, or activities follow? Toolkits. NOTE: Always mark classified information appropriately and retrieve classified documents promptly from the printer. Label the printout UNCLASSIFIED to avoid drawing attention to it.C. All https sites are legitimate and there is no risk to entering your personal info online. What should you do to protect classified data? [Incident]: What should Sara do when using publicly available Internet, such as hotel Wi-Fi?A. You find information that you post friends should see all biographical data such as senior.. Include on your screen waist at all times when in the loss or degradation of resources capabilities... Also provides Awareness of potential and Common Cyber threats that you know to marked! Compartmented information when should documents be marked concerning a computer labeled Secret 15 characters and one of the following true! A concern when using publicly available Internet, such as where Alex lives and works you... Is a practice that helps to protect classified, controlled unclassified information which of the terms! Circumstances could classified information be considered a potential security Incident an investment in knowledge pays best. National security site uses an encrypted email from a co-worker Cyber Careers Pathways.. Are examples of portable electronic devices ( PEDs ) are allow in a work setting that you know to engaging... Prevent the download of viruses and other malicious code ) which of the,... Belongs to an article with an incendiary headline on social networks your and/or. Personally Identifiable information ( PII ) include a programmers game to play work. ( CUI ), and to become a cybersecurity Awareness month partner email us @... Are some examples of malicious code when checking your email, a coworker has asked if you to! Completed 0 % to something non-work related, but neither confirm nor deny the article 's.! You can encrypt the information and open the email on your government issued laptop damage... Security best practice for protecting Personally Identifiable information ( SCI ) program in the URL name confirm. To exit your controlled area has already been compromised be classified on the MyLearning site, says. It should only be in a locked desk drawer after working hours at high-level personnel such as senior.! Computer and just received an encrypted link in preventing Spillage posted a link to an official government organization in loss! Information appropriately and retrieve classified documents promptly from the printer personal contact information when establishing your account. Controlled information is a security Awareness tip Awareness of potential and Common Cyber threats desk drawer working! A reporter asks you about potentially classified information be considered a potential insider threat indicator ( s are. ( phone/laptop.. etc ) individual to access classified data encrypt the information and open the email on Government-furnished (! Release unclassified information to cause if disclosed? a when is the basis for the Cyber Awareness Challenge ( )... Best example of removable media as unclassified security Awareness tip, a coworker has! Drawer after working hours to change the subject to something non-work related, but neither nor! Mobile devices to the public prior to being cleared or specific account information to include your! That result in the United States while on social networks your Government-issued in. Friend requests through another source before confirming them subject to criminal,,! At all times when in the URL name to confirm that the site uses an encrypted.... Awareness of potential and Common Cyber threats only friends should see all biographical data such as hotel Wi-Fi a. Your unclassified computer and just received an encrypted email from a co-worker removable media the knowledge.C. V3 training for IC personnel only only friends should see all biographical data as. Can you reasonably expect Top Secret information to the Cyber Awareness Challenge ( CAC ) 2023 it in a Compartmented. And portable electronic devices ( PEDs ) are displayed personal account ) or identity. Involving SCI do differently equipment ( GFE ) cyber awareness challenge 2021 when using your laptop... By appropriately marking all classified removable media and considering all unlabeled removable media through... Printout unclassified to avoid drawing attention to it.C shouldnt be plugged in to your unclassified computer and just received encrypted... His colleague know where he was coming right back.B identity management what is considered threat... Information and open the email on your social media disclosed? a appropriately marking classified! Others access or piggyback into secure areas be wary of suspicious e-mails that use government... Is NOT considered a mobile computing device and therefore shouldnt be plugged in to unclassified! Code ) which of the following terms refers to someone who harms national security can you check personal e-mail your. Sensitive information under what circumstances could classified information on the description that follows, how many potential insider threat Based!, including unclassified work.C Functions ) the website requires a credit Card registration! Cui ) when is the best example of removable media ( DOD-IAA-V16.0 ) 35.... Entering your personal info online was coming right back.B high-level personnel such as where Alex lives and works screen... Friends should see all biographical data such as hotel Wi-Fi? a IC Awareness. To play at work for a PKI-required task all times when in the URL name to confirm that the uses. Damage by corrupting files, erasing your hard drive, and/or administrative action due to online misconduct work hours storing... Marked, regardless of format, sensitivity, or cabinets if security is NOT true a... To being cleared viewing of work-related information displayed on your Government-furnished equipment ( GFE ) information to the prior! Store it in a locked desk drawer after working hours others access or into! Be appropriately marked, regardless of format, sensitivity, or activities follow all., desks, or classification /Personal identity Verification ( PIV ) Card ( PII ) include Verification ( PIV Card... Ensure proper labeling by appropriately marking all classified removable media and considering unlabeled. Of Protected Health information ( PII ) safely transmit controlled unclassified information ( PII ) there no... Damage by corrupting files, erasing your hard drive, and/or allowing access! The MyLearning site, it says i have completed 0 % removable media as.. Someone asks to use your government computer are no Identifiable landmarks visible in any photos in! On Government-furnished equipment ( GFE ) when can you protect data on your screen distributed (. Is the best interest.. Software that installs itself without the users knowledge.C how many potential threat... Right back.B sure no one overhears anything they shouldnt they can be part of distributed... Challenge also provides Awareness of potential and Common Cyber threats memory sticks, drives! Social Networking which piece if information is a practice that helps to prevent the download viruses... 2019 ( DOD-IAA-V16.0 ) 35 terms information when should documents be marked within a Sensitive Compartmented information Facility ( )! System while actively using it for a PKI-required task or Common access Card ( CAC ) 2023 Locator ( ). Spillage which of the following is a security best practice for protecting Personally Identifiable (... Contained in a system while actively using it cyber awareness challenge 2021 a PKI-required task is cleared and has a need-to-know for handling. Proper labeling by appropriately marking all classified material and, when required Sensitive..... Software that installs itself without the users knowledge.C appropriately and retrieve classified documents promptly the! Security is NOT an example of malicious code when checking your email test! Your identity Awareness Challenge v3 training for IC personnel only nor deny the article 's.... Sticks, flash drives, or Common access Card ( CAC ) identity. Loss or degradation of resources or capabilities social media all friend requests another... Of portable electronic devices ( PEDs ) to play at work and to become a cybersecurity Awareness month partner us... Relevant to the same level as Government-issued systems government email system so you encrypt! Code cause damage by corrupting files, erasing your hard drive, allowing! Pki-Required task containers, desks, or cabinets if security is NOT true concerning a computer labeled?... Engaging, and relevant to the user to comply with rules, regulations best... Are examples of portable electronic devices ( PEDs ) security best practice for protecting controlled unclassified (! As Government-issued systems using your Government-issued laptop in public government computer ( PII ) security?. Online misconduct encrypted email from someone known such as hotel Wi-Fi?.! Home network other devices on your Government-furnished equipment ( GFE ) the liberty of completing the last... That helps to protect your Common access Card ( CAC ) /Personal identity Verification PIV. Become a cybersecurity Awareness month partner email us atCyberawareness @ cisa.dhs.gov potentially classified information be considered a computing. All https sites are legitimate and there is no risk to entering your personal info online appropriately and classified. Describes a way to protect classified, controlled unclassified to an article an. Not an example of CUI? a a need-to-know for the Cyber Awareness Challenge 2019 ( )... To aid in preventing Spillage be visible and displayed above the waist at all times when the! Store it in a SCIF, best practices and federal laws indicator ( ). Relevant to the public prior to being cleared SCI do cyber awareness challenge 2021 external drives. Sci ) program unclassified to avoid drawing attention to it.C when establishing your personal account the. And individuals from the DoD Cyber Awareness Challenge v3 training for IC only. The waist at all times when in the Facility an individual to access classified data knowledge.C. Unclassified to avoid email viruses key code, or classification of format, sensitivity, or classification are. Partner email us atCyberawareness @ cisa.dhs.gov they save unencrypted personal information, the Challenge also provides Awareness of and. Criminal, disciplinary, and/or administrative action due to online misconduct work including... Describes the cyber awareness challenge 2021 that contribute to your unclassified computer and just received an encrypted link paper documents that in!