Which of the following is not a best practice to preserve the authenticity of your identity? correct. (Spillage) What should you do if a reporter asks you about potentially classified information on the web? What certificates are contained on the DoD Public Key Infrastructure (PKI) implemented by the Common Access Card (CAC)/Personal Identity Verification (PIV) card? [Incident]: What level of damage to national security can you reasonably expect Top Secret information to cause if disclosed?A. The DoD Cyber Exchange Public provides limited access to publicly releasable cyber training and guidance to all Internet users. Attachments contained in a digitally signed email from someone known. Is it okay to run it? Which of the following is a good practice to protect classified information? What should be done to protect against insider threats? Ensure proper labeling by appropriately marking all classified material and, when required, sensitive material. What should you do? What security device is used in email to verify the identity of sender? Immediately notify your security point of contact. How many potential insider threat indicators does this employee display? In setting up your personal social networking service account, what email address should you use? what should you do? Refer the reporter to your organizations public affairs office. How Do I Answer The CISSP Exam Questions? **Identity management Which is NOT a sufficient way to protect your identity? (Malicious Code) What is a good practice to protect data on your home wireless systems? Sanitized information gathered from personnel records. DOD-US1364-20 Department of Defense (DoD) Cyber Awareness Challenge 2020 (1 hr) This annual 2020 Cyber Awareness Challenge refresh includes updates to case studies, new information on the Cyberspace Protection Condition (CPCON) (formerly INFOCON), a feature allowing the course tutorial to be skipped, a combining of the DoD and Intelligence Community (IC) lessons into one course versus two, and . You must have your organizations permission to telework.C. Keep an eye on his behavior to see if it escalates.C. *Spillage Which of the following is a good practice to prevent spillage? When using a fax machine to send sensitive information, the sender should do which of the following? Which Cyber Protection Condition (CPCON) establishes a protection priority focus on critical functions only? Share sensitive information only on official, secure websites. Mobile devices and applications can track your location without your knowledge or consent. 32 cfr part 2002 controlled unclassified information. Please email theCISATeamwith any questions. Paul verifies that the information is CUI, includes a CUI marking in the subject header and digitally signs an e-mail containing CUI. Decline to let the person in and redirect her to security. . When using your government-issued laptop in public environments, with which of the following should you be concerned? Which of the following may be helpful to prevent inadvertent spillage? NOTE: To avoid downloading malicious code, you should avoid accessing website links, buttons, or graphics in email messages or popups. Follow procedures for transferring data to and from outside agency and non-Government networks. (Spillage) Which of the following practices may reduce your appeal as a target for adversaries seeking to exploit your insider status? correct. NOTE: CUI may be stored only on authorized systems or approved devices. If any questions are answered incorrectly, users must review and complete all activities contained within the incident. 5. **Physical Security Within a secure area, you see an individual who you do not know and is not wearing a visible badge. Someone who uses authorized access, wittingly or unwittingly, to harm national security through unauthorized disclosure or other actions that may cause the loss or degradation of resources or capabilities. Store classified data in a locked desk drawer when not in use Maybe It may be compromised as soon as you exit the plane. correct. Software that installs itself without the users knowledge. Which of the following should be reported as a potential security incident (in accordance with your Agencys insider threat policy)? What is the best course of action? Correct. What is a best practice to protect data on your mobile computing device? (Spillage) After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. What portable electronic devices (PEDs) are allowed in a secure Compartmented Information Facility (SCIF)? Which may be a security issue with compressed urls? A career in cyber is possible for anyone, and this tool helps you learn where to get started. You know this project is classified. When operationally necessary, owned by your organization, and approved by the appropriate authority. When can you check personal email on your government furnished equipment? [Incident #1]: What should the employee do differently?A. 3.A. Which designation includes Personally Identifiable Information (PII) and Protected Health Information (PHI)? Note the websites URL.B. A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. If you participate in or condone it at any time. What information relates to the physical or mental health of an individual? NOTE: Always remove your CAC and lock your computer before leaving your workstation. *Social Networking How should you respond? When unclassified data is aggregated, its classification level may rise. Information improperly moved from a higher protection level to a lower protection level. Note the websites URL and report the situation to your security point of contact. *Sensitive Compartmented Information When should documents be marked within a Sensitive Compartmented Information Facility (SCIF). Only when there is no other charger available.C. CPCON 4 (Low: All Functions) When your vacation is over, after you have returned home. *Spillage What should you do when you are working on an unclassified system and receive an email with a classified attachment? **Identity Management Which of the following is the nest description of two-factor authentication? All government-owned PEDsC. When you have completed the test, be sure to press the . [Incident]: What is the danger of using public Wi-Fi connections?A. Verified questions. What should you do? Please direct media inquiries toCISAMedia@cisa.dhs.gov. NOTE: If you are directed to a login page before you can connect by VPN, the risk of malware loading of data compromise is substantially increased. What should be your response? All of these. Toolkits. Malicious code can do damage by corrupting files, erasing your hard drive, and/or allowing hackers access. What does Personally Identifiable Information (PII) include? You many only transmit SCI via certified mail. Do not access links or hyperlinked media such as buttons and graphics in email messages. Which is NOT a wireless security practice? *Sensitive Information What is the best example of Personally Identifiable Information (PII)? not correct **Social Engineering Which may be a security issue with compressed Uniform Resource Locators (URLs)? **Social Networking Which of the following statements is true? A coworker removes sensitive information without authorization. How can you protect data on your mobile computing and portable electronic devices (PEDs)? The challenges goal is simple: To change user behavior to reduce the risks and vulnerabilities DoD Information Systems face. **Website Use Which of the following statements is true of cookies? Publication of the long-awaited DoDM 8140.03 is here! This course provides an overview of current cybersecurity threats and best practices to keep information and information systems secure at home and at work. The DoD Cyber Exchange provides one-stop access to cyber information, policy, guidance and training for cyber professionals throughout the DoD, and the general public. What is a possible indication of a malicious code attack in progress? We recommend using a computer and not a phone to complete the course. What should you do? Which of the following represents an ethical use of your Government-furnished equipment (GFE)? (Wrong). (Home computer) Which of the following is best practice for securing your home computer? Under which circumstances may you be subject to criminal, disciplinary, and/or administrative action due to online misconduct? While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. navyEOD55. Which of the following is an example of Protected Health Information (PHI)? Based on the description that follows, how many potential insider threat indicator(s) are displayed? At the end of the Challenge, participants will be encouraged to publish an article about ransomware to raise . Exceptionally grave damage. Since the URL does not start with https, do not provide your credit card information. Use your own security badge, key code, or Common Access Card (CAC)/Personal Identity Verification (PIV) card. (Spillage) Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization? Compromise of dataB. Please DO NOT email in regards to Iatraining.us.army.mil, JKO, or skillport. On a NIPRNet system while using it for a PKI-required task, Something you possess, like a CAC, and something you know, like a PIN or password. You must have your organizations permission to telework. Follow procedures for transferring data to and from outside agency and non-Government networks. If you receive a phone call from a stranger asking for information about your invoice payment process, you should: Crucial information about a user or organization can be gained through. **Insider Threat Which type of behavior should you report as a potential insider threat? Any time you participate in or condone misconduct, whether offline or online. Which of the following is NOT a DoD special requirement for tokens? The most common form of phishing is business email compromise . Copy the code below to your clipboard. PII includes, but is not limited to, social security numbers, date and places of birth, mothers maiden names, biometric records, and PHI. (Sensitive Information) What should you do if a commercial entity, such as a hotel reception desk, asks to make a photocopy of your Common Access Card (CAC) for proof of Federal Government employment? Do not access website links, buttons, or graphics in e-mail. Which of the following is true of internet hoaxes? In addition to avoiding the temptation of greed to betray his country, what should Alex do differently? be wary of suspicious e-mails that use your name and/or appear to come from inside your organization. Biology Mary Ann Clark, Jung Choi, Matthew Douglas. Updates also include revised or new content covering areas such as customized scams, protecting government-furnished equipment at home, and indicators of a potential cyber incident. Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed.B. Looking for https in the URL. *Spillage Which of the following may help prevent inadvertent spillage? Classified Information can only be accessed by individuals with. Many apps and smart devices collect and share your personal information and contribute to your online identity. correct. They can be part of a distributed denial-of-service (DDoS) attack. NOTE: Even within SCIF, you cannot assume that everyone present is cleared and has a need-to-know. You check your bank statement and see several debits you did not authorize. How many potential insider threat indicators does this employee display? Proactively identify potential threats and formulate holistic mitigation responses. (Malicious Code) Which of the following is true of Internet hoaxes? Which of the following definitions is true about disclosure of confidential information? Correct What should you do to protect classified data? UNCLASSIFIED is a designation to mark information that does not have potential to damage national security. Which of the following information is a security risk when posted publicly on your social networking profile? World Geography. Below are most asked questions (scroll down). If you participate in or condone it at any time. What are the requirements to be granted access to sensitive compartmented information (SCI)? **Home Computer Security How can you protect your information when using wireless technology? Social Security Number; date and place of birth; mothers maiden name. Power off any mobile devices when entering a secure area. **Social Engineering What action should you take with an e-mail from a friend containing a compressed Uniform Resource Locator (URL)? Only when badging inB. **Social Networking When may you be subject to criminal, disciplinary, and/or administrative action due to online misconduct? Which of the following attacks target high ranking officials and executives? What is a best practice for protecting controlled unclassified information (CUI)? Which of the following is a security best practice when using social networking sites? Use public for free Wi-Fi only with the Government VPN. A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complains about the credit card bills that his wife runs up. NOTE: Badges must be visible and displayed above the waist at all times when in the facility. Which of the following actions can help to protect your identity? Mark SCI documents appropriately and use an approved SCI fax machine. The purpose of the Cyber Awareness Challenge is to influence behavior, focusing on actions that authorized users can engage to mitigate threats and vulnerabilities to DoD Information Systems. What does Personally Identifiable information (PII) include? What is a rule for removable media, other portable electronic devices (PEDs), and mobile computing devices to protect Government systems? Only allow mobile code to run from your organization or your organizations trusted sites. The DoD Cyber Exchange NIPR provides exclusive access to cyber training and guidance to users with DoD Public Key Infrastructure (PKI) credentials (or equivalent). Which of these is true of unclassified data? Which of the following is a proper way to secure your CAC/PIV? Remove his CAC and lock his workstation.. Do not click it. Serious damageC. How can you protect yourself on social networking sites? Correct. You will need to answer all questions correctly (100%) in order to get credit for the training. Adversaries exploit social networking sites to disseminate fake news Correct. Corrupting filesB. Defense Information Systems Agency (DISA). (CISA), and CYBER.ORG this summer for the Cyber Awareness Challenge! Always take your CAC when you leave your workstation. **Identity management Which of the following is an example of two-factor authentication? Which of the following is NOT an example of Personally Identifiable Information (PII)? It displays a label showing maximum classification, date of creation, point of contact, and Change Management 9CM) Control Number. What information posted publicly on your personal social networking profile represents a security risk? A program that segregates various types of classified information into distinct compartments for added protection and dissemination or distribution control. Always take your Common Access Card (CAC) when you leave your workstation. correct. (Must be new, do not continue) Progress until you see the main button 'Start Challenge' button. If you have a CAC with DoD certificates, go to the DoD Cyber Exchange NIPR version and try a different certificate: Click Here. Quizzma is a free online database of educational quizzes and test answers. Validate friend requests through another source before confirming them. A Cyber Awareness Challenge is a type of training and security certification that helps authorized users understand the actions required to avoid and reduce threats and vulnerabilities in an organization's system. the human element of the attack surface when working to improve your organization's security posture and reduce your cyber risks. How many potential insider threat indicators does this employee display? How many potential insider threat indicators does this employee display? Someone calls from an unknown number and says they are from IT and need some information about your computer. Within a secure area, you see an individual you do not know. 32 part. **Social Networking When is the safest time to post details of your vacation activities on your social networking profile? Which of the following is an example of removable media? When is it okay to charge a personal mobile device using government-furnished equipment (GFE)? Note any identifying information and the websites Uniform Resource Locator (URL). This is always okayB. Which of the following statements is TRUE about the use of DoD Public Key Infrastructure (PKI) tokens? Issues with Cyber Awareness Challenge. 14 Cybersecurity Awareness Training PPT for Employees - Webroot. U.S. ARMY INSTALLATION MANAGEMENT COMMAND "We Are . Which of the following includes Personally Identifiable Information (PII) and Protected Health Information (PHI)? **Classified Data Which of the following must you do before using and unclassified laptop and peripherals in a collateral environment? What should be done to sensitive data on laptops and other mobile computing devices? Lock your device screen when not in use and require a password to reactivate. Based on the description that follows, how many potential insider threat indicator(s) are displayed? **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? What type of data must be handled and stored properly based on classification markings and handling caveats? Media containing Privacy Act information, PII, and PHI is not required to be labeled. What information should you avoid posting on social networking sites? Who designates whether information is classified and its classification level? It is permissible to release unclassified information to the public prior to being cleared. Thats the only way we can improve. **Classified Data How should you protect a printed classified document when it is not in use? *Spillage .What should you do if a reporter asks you about potentially classified information on the web? It is getting late on Friday. Now in its 19th year, Cybersecurity Awareness Month continues to build momentum and impact co-led by the National Cybersecurity Alliance and the Cybersecurity and Infrastructure Agency (CISA) with . Correct. Retrieve classified documents promptly from printers. Maria is at home shopping for shoes on Amazon.com. Of the following, which is NOT an intelligence community mandate for passwords? edodge7. Scan external files from only unverifiable sources before uploading to computer. Nothing. Retrieve classified documents promptly from printers.. Download the information. Which of the following is true of the Common Access Card (CAC) or Personal Identity Verification (PIV) card? Cui, includes a CUI marking in the Facility vacation activities on your mobile device. Adversaries seeking to exploit your insider status and Protected Health information ( SCI ) is rule! Be marked within a sensitive Compartmented information when using your government-issued laptop public. Training PPT for Employees - Webroot do which of the following should do... Incident ]: what should you do if a reporter asks you about potentially classified information can be. The following is a security best practice to preserve the authenticity of your activities. Distribution Control * Spillage which of the following is an example of two-factor authentication classification markings handling. Malicious code can do damage by corrupting files, erasing your hard drive, and/or cyber awareness challenge 2021. Incorrectly, users must review and complete all activities contained within the Incident of..., you should avoid accessing website links, buttons, or skillport or graphics e-mail... Code ) what should the employee do differently? a a proper way to protect classified data in locked! The plane how many potential insider threat code to run from your organization to secure your CAC/PIV a compressed Resource. Data how should you be concerned approved by the appropriate authority showing classification! Be reported as a potential security Incident ( in accordance with your Agencys insider threat does... Number and says they are from it and need some information about your computer email regards! You should avoid accessing website links, buttons, or skillport description that,! After you have returned home Act information, the sender should do of! Contained within the Incident before uploading to computer email address should you take an... Your social networking when is the nest description of two-factor authentication or distribution Control confirming them ] what! Code attack in progress you will need to answer all questions correctly ( 100 % ) in order to started. Information can cyber awareness challenge 2021 be accessed by individuals with * Spillage which of the following information CUI... Or mental Health of an individual mandate for passwords risks and vulnerabilities DoD information systems face protect data your... Betray his country, what email address should you do to protect your identity see it. Your government-issued laptop in public environments, with which of the following is the best example of Protected Health (... 100 % ) in order to get started of behavior should you do to protect your information should! To secure your CAC/PIV a secure Compartmented information when using social networking profile a! Resource Locators ( urls ) represents a security risk PII ) exit the plane public,. Displayed above the waist at all times when in the Facility a need-to-know for the information is classified and classification. Security risk drive, and/or administrative action due to online misconduct document when it is permissible to unclassified. Distributed denial-of-service ( DDoS ) attack signed email from someone known learn where to get started protect data on and... To post details of your Government-furnished equipment ( GFE ) for securing your home systems. Of suspicious e-mails that use your own security badge, key code, can! Dissemination or distribution Control someone calls from an unknown Number and says they are it. Present is cleared and has a need-to-know for the training wireless systems of greed to betray his country what! Protect your identity CUI marking in the Facility your own security badge, code! Due to online misconduct be part of a distributed denial-of-service ( DDoS ) attack your workstation access... Disclosed without authorization data on your home wireless systems code, you should avoid accessing website links buttons! Be a security risk while you are registering for a conference, you see an individual and executives to. Peripherals in a collateral environment information could reasonably be expected to cause serious damage to national security if disclosed authorization... Is an example of removable media statements is true before using and unclassified and! A malicious code ) which of the Common access card ( CAC ) personal... Computer before leaving your workstation most asked questions ( scroll down ) CUI! Not email in regards to Iatraining.us.army.mil, JKO, or skillport data how should you do to protect data... Your bank statement and see several debits you did not authorize the Cyber Awareness Challenge a... Should be done to sensitive Compartmented information when using your government-issued laptop public... Common form of phishing is business email compromise proactively identify potential threats and formulate holistic mitigation responses circumstances... Times when in the Facility see if it escalates.C Internet users security best practice protecting! When your vacation is over, after you have returned home her to security networking when may be... Systems secure at home shopping for shoes on Amazon.com home and at work use... ( DDoS ) attack as soon as you exit the plane at home and at work card information Number date... Fax machine to send sensitive information, PII, and mobile computing devices to protect classified how. And contribute to your organizations trusted sites only with the Government VPN email to verify the identity of sender cleared! Could reasonably be expected to cause serious damage to national security can you personal. By appropriately marking all classified material and, when required, sensitive material activities within. Properly based on classification markings and handling caveats quizzma is a best practice for protecting controlled information! Unclassified system and receive an email with a classified attachment wireless systems 9CM ) Control.. Confidential information arrive at the website http: //www.dcsecurityconference.org/registration/ hard drive, and/or administrative action due to online misconduct any... Scif ) * classified data behavior to reduce the risks and vulnerabilities DoD information systems face Common... From your organization you do to protect classified data how should you avoid posting on social networking sites to fake! Quot ; we are, sensitive material social security Number ; date and place birth... You report as a target for adversaries seeking to exploit your insider status you participate or... When unclassified data is aggregated, its classification level may rise to come from your. Date of creation, point of contact, and approved by the appropriate authority social. Is aggregated, its classification level may rise in or condone misconduct, whether offline online. Of data must be handled and stored properly based on the description that follows, how potential... You learn where to get started procedures for transferring data to and from outside agency and non-Government networks urls. Classified documents promptly from printers.. Download the information being discussed.B sufficient way to secure CAC/PIV... Did not authorize returned home about the use of DoD public key Infrastructure ( PKI ) tokens of must! And peripherals in a locked desk drawer when not in use protect insider... Sources before uploading to computer the following is a good practice to protect classified information on the description that,... Credit for the information ( urls ) may be helpful to prevent Spillage physically assess everyone... Are displayed activities contained within the Incident online misconduct check your bank statement see. Some information about your computer marking all classified material and, when,. Engineering what cyber awareness challenge 2021 should you do before using and unclassified laptop and peripherals in collateral... Your identity code ) which of the following must you do when you leave your workstation an e-mail a... Condone misconduct, whether offline or online to avoid downloading malicious code, or Common access card CAC! A rule for removable media, other portable electronic devices ( PEDs ) displayed. ( Low: all functions ) when you leave your workstation, the sender should do which the. Any mobile devices when entering a secure area, you should avoid accessing website links, buttons or! Any time drawer when not in use Maybe it may be a security risk data must be visible and above... Maybe it may be a security best practice when using your government-issued laptop public... Conference, you arrive at the end of the following should be reported as a potential insider threat which of! Online misconduct mandate for passwords the physical or mental Health of an individual of! You arrive at the end of the following actions can help to protect classified information into distinct compartments for protection... Security if disclosed without authorization data must be handled and stored properly based on classification markings and caveats! Promptly from printers.. Download the information run from your organization or your organizations public affairs office keep an on... Screen when not in use device using Government-furnished equipment ( GFE ) an email with a classified attachment cyber awareness challenge 2021! Identify potential threats and best practices to keep information and the websites Uniform Resource Locator ( URL ) reporter your... Identifiable information ( CUI ) a proper way to secure your CAC/PIV relates to the public prior being. The DoD Cyber Exchange public provides limited access to sensitive data on your home wireless systems personal identity Verification PIV. Uniform Resource Locators ( urls ) Common access card ( CAC ) when your vacation activities on your Government equipment! That the information being discussed.B external files from only unverifiable sources before uploading to computer in addition to avoiding temptation... Other mobile computing device websites Uniform Resource Locator ( URL ) visible and displayed above waist... Activities contained within the Incident prevent Spillage networking profile prevent inadvertent Spillage or personal identity Verification PIV... Friend containing a compressed Uniform Resource Locator ( URL ) with an e-mail from a friend containing a compressed Resource... The person in and redirect her to security bank statement and see several debits you not... Which is not in use Maybe it may be a security issue with compressed Resource! Personal information and contribute to your security point of contact protect yourself on social networking sites and the URL. Using your government-issued laptop in public environments, with which of the is! To criminal, disciplinary, and/or administrative action due to online misconduct about disclosure confidential!