cyber awareness challenge 2021
Delete email from senders you do not know. Download the information. Not correct. Be careful not to discuss details of your work with people who do not have a need-to-know. Insiders are given a level of trust and have authorized access to Government information systems. Debra ensures not correct (Spillage) When is the safest time to post details of your vacation activities on your social networking website? What type of security is part of your responsibility and placed above all else?, If your wireless device is improperly configured someone could gain control of the device? The Cybersecurity and Infrastructure Security Agency (CISA) and the National . What should be done to sensitive data on laptops and other mobile computing devices? Secure it to the same level as Government-issued systems. Issues with Cyber Awareness Challenge. Defense Information Systems Agency (DISA), The Defense Information Systems Agency recently approved the Arista Multi-Layer Switch (MLS) Extensible Operating System, The Defense Information Systems Agency recently approved the Riverbed NetProfiler Security Technical Implementation Guide, The Defense Information Systems Agency recently released the Microsoft Windows Server 2022 Security Technical Implementation, National Centers of Academic Excellence in Cybersecurity (NCAE-C), Public Key Infrastructure/Enabling (PKI/PKE), DISA releases the Arista Multi-Layer Switch (MLS) Extensible Operating System (EOS) 4.2x Technical Implementation Guide, DISA releases the Riverbed NetProfiler Security Technical Implementation Guide, DISA releases Microsoft Windows Server 2022 STIG with Ansible. Which of the following is a proper way to secure your CAC/PIV? [Incident]: Which of the following demonstrates proper protection of mobile devices?A. Always take your CAC when you leave your workstation. The month is dedicated to creating resources and communications for organizations to talk to their employees and customers about staying safe online. Based on the description that follows, how many potential insider threat indicator(s) are displayed? Individual Combat Equipment (ICE) Gen III/IV Course. Social Security Number; date and place of birth; mothers maiden name. Government-owned PEDs must be expressly authorized by your agency. Dofficult life circumstances, such as death of spouse. Always challenge people without proper badges and report suspicious activity. The purpose of the Cyber Awareness Challenge is to influence behavior, focusing on actions that authorized users can engage to mitigate threats and vulnerabilities to DoD Information Systems. Classified information that is accidentally moved to a lower classification or protection levelB. Which of the following best describes a way to safely transmit Controlled Unclassified Information (CUI)? What should you do if a reporter asks you about potentially classified information on the web? Government-owned PEDs, if expressly authorized by your agency. Which of the following is NOT an example of CUI? A colleague is playful and charming, consistently wins performance awards, and is occasionally aggressive in trying to access classified information. Ask the individual to see an identification badge. What type of data must be handled and stored properly based on classification markings and handling caveats? Store classified data appropriately in a GSA-approved vault/container. The DoD Cyber Exchange SIPR provides access to cyber training and guidance to users with a SIPRNet token. If the format of any elements or content within this document interferes with your ability to access the information, as defined in the Rehabilitation Act, please emailCyberawareness@cisa.dhs.gov. Cyber Awareness Challenge Exam Questions/Answers updated July 2, 2022 It is getting late on Friday. NOTE: Remember that leaked classified or controlled information is still classified or controlled even if it has already been compromised. The DoD Cyber Exchange provides one-stop access to cyber information, policy, guidance and training for cyber professionals throughout the DoD, and the general public. Correct, Someone who uses authorized access, wittingly or unwittingly, to harm national security through unauthorized disclosure or other actions that may cause the loss or degradation of resources or capabilities. Which of the following is NOT a typical means for spreading malicious code? METC Physics 101-2. Your comments are due on Monday. Is it okay to run it? Updates also include revised or new content covering areas such as customized scams, protecting government-furnished equipment at home, and indicators of a potential cyber incident. Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed. Ensure there are no identifiable landmarks visible in any photos taken in a work setting that you post. Between now and October 24, 6th- 12th grade girls can work through the Challenge Guide and complete 10 . If you participate in or condone it at any time. In reality, once you select one of these, it typically installs itself without your knowledge. A colleague asks to leave a report containing protected health information (PHI) on his desk overnight so he can continue working on it the next day. Continue Existing Session. Ensure proper labeling by appropriately marking all classified material and, when required, sensitive material. Which may be a security issue with compressed Uniform Resource Locators (URLs)? How should you protect a printed classified document when it is not in use? Directives issued by the Director of National Intelligence. ~All documents should be appropriately marked, regardless of format, sensitivity, or classification. On a NIPRNet system while using it for a PKI-required task, Something you possess, like a CAC, and something you know, like a PIN or password. Be aware of classified markings and all handling caveats. How many potential insider threat indicators does this employee display? As long as the document is cleared for public release, you may share it outside of DoD. CPCON 2 (High: Critical and Essential Functions) Verify the identity of all individuals.??? **Identity Management Your DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approved for access to the NIPRNet. Have your permissions from your organization, follow your organization guideline, use authorized equipment and software, employ cyber security best practice, perform telework in dedicated when home. DISA is mandated to support and sustain the DoD Cyber Exchange (formerly the Information Assurance Support Environment (IASE)) as directed by DoDI 8500.01 and DODD 8140.01. The potential for unauthorized viewing of work-related information displayed on your screen. What is the best response if you find classified government data on the internet? Label all files, removable media, and subject headers with appropriate classification markings. What should you do? Her badge is not visible to you. Alan uses password protection as required on his government-issued smartphone but prefers the ease of no password on his personal smartphone. Which of the following is true of telework? Three or more. Individuals must avoid referencing derivatively classified reports classified higher than the recipient.??? Which of the following personally-owned computer peripherals is permitted for use with Government-furnished equipment? Do not access website links in email messages.. (Sensitive Information) What guidance is available from marking Sensitive Information information (SCI)? A Common Access Card and Personal Identification Number. *Sensitive Compartmented Information When is it appropriate to have your security badge visible? Classified Information can only be accessed by individuals with. A coworker has left an unknown CD on your desk. (controlled unclassified information) Which of the following is NOT correct way to protect CUI? You can email your employees information to yourself so you can work on it this weekend and go home now. Reviewing and configuring the available security features, including encryption. Proprietary dataB. [Incident]: What level of damage to national security can you reasonably expect Top Secret information to cause if disclosed?A. Immediately notify your security point of contact. What can you do to protect yourself against phishing? T/F. **Insider Threat A colleague vacations at the beach every year, is married and a father of four, his work quality is sometimes poor, and he is pleasant to work with. 4. Always use DoD PKI tokens within their designated classification level. Which must be approved and signed by a cognizant Original Classification Authority (OCA)? Use online sites to confirm or expose potential hoaxes, Follow instructions given only by verified personnel, Investigate the links actual destination using the preview feature, Determine if the software or service is authorized. Verified questions. As long as the document is cleared for public release, you may release it outside of DoD. A colleague enjoys playing video games online, regularly use social media, and frequently forgets to secure her smartphone elsewhere before entering areas where it is prohibited. Do not click it. At all times when in the facility.C. Which of the following should you NOT do if you find classified information on the internet? Exceptionally grave damage. As part of the survey the caller asks for birth date and address. Which of the following actions can help to protect your identity? We are developing toolkits to quickly point you to the resources you need to help you perform your roles. When is it okay to charge a personal mobile device using government-furnished equipment (GFE)? *Controlled Unclassified Information Which of the following best describes a way to safely transmit Controlled Unclassified Information (CUI)? Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed.B. Which of the following statements is NOT true about protecting your virtual identity? Which of the following is NOT a typical result from running malicious code? Since the URL does not start with https, do not provide your credit card information. Which of the following is a good practice for telework? What should you do if someone forgets their access badge (physical access)? A firewall that monitors and controls network traffic. A trusted friend in your social network posts a link to vaccine information on a website unknown to you. Which is it appropriate to have your security badge visible within a Sensitive Compartmented Information Facility (SCIF). (social networking) When may you be subjected to criminal, disciplinary, and/or administrative action due to online misconduct? (Sensitive Compartmented Information) What describes how Sensitive Compartmented Information is marked? Retrieve classified documents promptly from printers. It includes a threat of dire circumstances. *Spillage Which of the following may help prevent inadvertent spillage? Linda encrypts all of the sensitive data on her government issued mobile devices. Which of the following should be reported as a potential security incident (in accordance with your Agencys insider threat policy)? 3.A. A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complains about the credit card bills that his wife runs up. Why do economic opportunities for women and minorities vary in different regions of the world? *Spillage A user writes down details marked as Secret from a report stored on a classified system and uses those details to draft a briefing on an unclassified system without authorization. He has the appropriate clearance and a signed, approved, non-disclosure agreement. [Incident #1]: When is it appropriate to have your security badge visible?A. Which of the following is NOT Protected Health Information (PHI)? Classified information that should be unclassified and is downgraded. Annual DoD Cyber Awareness Challenge Training - 20 35 terms. (Wrong). When your vacation is over, and you have returned home. What should be done to protect against insider threats? What should be your response? Below are most asked questions (scroll down). **Identity management Which is NOT a sufficient way to protect your identity? When using your government-issued laptop in public environments, with which of the following should you be concerned? If classified information were released, which classification level would result in Exceptionally grave damage to national security? Unclassified information cleared for public release. Malicious code can mask itself as a harmless e-mail attachment, downloadable file, or website. Ask for information about the website, including the URL. Coworker making consistent statements indicative of hostility or anger toward the United States in its policies. The CAC/PIV is a controlled item and contains certificates for: An individual who has attempted to access sensitive information without need-to-know and has made unusual requests for sensitive information is displaying indicators of what? Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed. Which of the following is true of downloading apps? Lundholm, Inc., which reports financial statements each December 31, is authorized to issue $500,000 of 9%, 15-year bonds dated May 1, 2018, with interest payments on October 31 and April 30. Bob, a coworker, has been going through a divorce, has financial difficulties and is displaying hostile behavior. What should the owner of this printed SCI do differently? The annual Cyber Awareness Challenge is a course that helps authorized users learn how to best avoid and reduce threats and vulnerabilities in an organization's system. *Spillage Which of the following may help to prevent spillage? Store classified data in a locked desk drawer when not in use Maybe dcberrian. *Insider Threat Which of the following is a potential insider threat indicator? Official websites use .gov All to Friends Only. Senior government personnel, military or civilian. After work hours, storing sensitive information in unlocked containers, desks, or cabinets if security is not present. Please email theCISATeamwith any questions. Spillage because classified data was moved to a lower classification level system without authorization. CUI may be stored in a locked desk after working hours.C. It is created or received by a healthcare provider, health plan, or employer. **Physical Security Within a secure area, you see an individual who you do not know and is not wearing a visible badge. How many insider threat indicators does Alex demonstrate? Of the following, which is NOT a security awareness tip? (controlled unclassified information) Which of the following is NOT an example of CUI? *Sensitive Compartmented Information When faxing Sensitive Compartmented Information (SCI), what actions should you take? **Classified Data Which of the following is true of protecting classified data? (Answer) CPCON 2 (High: Critical and Essential Functions) CPCON 1 (Very High: Critical Functions) CPCON 3 (Medium: Critical, Essential, and Support Functions) CPCON 4 (Low: All Functions) CPCON 5 (Very Low: All Functions). Brianaochoa92. *Malicious Code What are some examples of malicious code? You receive an email from a company you have an account with. correct. Popular books. What action should you take if you receive a friend request on your social networking website from someone in Germany you met casually at a conference last year? Which of the following statements is TRUE about the use of DoD Public Key Infrastructure (PKI) tokens? Which of the following is a best practice to protect information about you and your organization on social networking sites and applications? Which of the following is true of transmitting Sensitive Compartmented Information (SCI)? If any questions are answered incorrectly, users must review and complete all activities contained within the incident. How many potential insiders threat indicators does this employee display? How can you protect your information when using wireless technology? NOTE: If you are directed to a login page before you can connect by VPN, the risk of malware loading of data compromise is substantially increased. Cyber Awareness Challenge 2023 is Online! **Classified Data What is a good practice to protect classified information? . What should you do if someone asks to use your government issued mobile device (phone/laptop..etc)? . Reviewing and configuring the available security features, including encryption. Connect to the Government Virtual Private Network (VPN). Which of the following is NOT a best practice to protect data on your mobile computing device? They may wittingly or unwittingly use their authorized access to perform actions that result in the loss or degradation of resources or capabilities. After you have returned home following the vacation. CPCON 5 (Very Low: All Functions). E-mailing your co-workers to let them know you are taking a sick day. *Sensitive Compartmented Information What should the owner of this printed SCI do differently? Now in its 19th year, Cybersecurity Awareness Month continues to build momentum and impact co-led by the National Cybersecurity Alliance and the Cybersecurity and Infrastructure Agency (CISA) with . (Sensitive Information) Which of the following is NOT an example of sensitive information? yzzymcblueone. Classification markings and handling caveats. Maybe. Make note of any identifying information and the website URL and report it to your security office. He let his colleague know where he was going, and that he was coming right back.B. Contact the IRS using their publicly available, official contact information. **Classified Data Which of the following must you do before using and unclassified laptop and peripherals in a collateral environment? (Physical Security) which Cyberspace Protection Condition (CPCON) establishes a protection priority focus on critical and essential functions only? **Physical Security At which Cyberspace Protection Condition (CPCON) is the priority focus on critical functions only? Let the person in but escort her back to her workstation and verify her badge. Choose DOD Cyber Awareness Training-Take Training. Retrieve classified documents promptly from printers. All PEDs, including personal devicesB. A coworker brings a personal electronic device into prohibited areas. You many only transmit SCI via certified mail. Based on the description that follows, how many potential insider threat indicator(s) are displayed? Memory sticks, flash drives, or external hard drives. What is a way to prevent the download of viruses and other malicious code when checking your e-mail? **Insider Threat Which type of behavior should you report as a potential insider threat? Product Functionality Requirements: To meet technical functionality requirements, this awareness product was developed to function with Windows and Mac operating systems (Windows 7 and 10 and macOS 10.13 High Sierra, when configured correctly) using either Internet Explorer (IE) 11, Firefox 92, Chrome 94, Microsoft . Store it in a GSA approved vault or container. Use only personal contact information when establishing your personal account. *Controlled Unclassified Information Which of the following is NOT an example of CUI? Of the following, which is NOT a characteristic of a phishing attempt? Adversaries exploit social networking sites to disseminate fake news Correct. tell your colleague that it needs to be secured in a cabinet or container. Only friends should see all biographical data such as where Alex lives and works. Which of the following is a potential insider threat indicator? *Spillage You find information that you know to be classified on the Internet. Lewis's Medical-Surgical Nursing Diane Brown, Helen Edwards, Lesley Seaton, Thomas . Nothing. Any time you participate in or condone misconduct, whether offline or online. Start a new Cyber Security Awareness Challenge session. **Insider Threat What advantages do insider threats have over others that allows them to cause damage to their organizations more easily? Hold the conversation over email or instant messenger to avoid being overheard.C. Your favorite movie. Which of the following is not a best practice to preserve the authenticity of your identity? (Spillage) After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. What is the danger of using public Wi-Fi connections? Your comments are due on Monday. Which of the following is a reportable insider threat activity? What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF. A lock (LockA locked padlock) or https:// means youve safely connected to the .gov website. (Spillage) What type of activity or behavior should be reported as a potential insider threat? Power off any mobile devices when entering a secure area. *Social Networking Based on the description that follows how many potential insider threat indicators are displayed? Create separate user accounts with strong individual passwords. Do not use any personally owned/ non-organizational removable media on your oranizations systems. Sensitive Compartment Information (SCI) policy. Which of the following is true of internet hoaxes? What action should you take? This summer, CYBER.ORG is excited to partner with Girl Scouts of the USA, the U.S. Department of Homeland Security, and DHS's Cybersecurity and Infrastructure Security Agency (CISA) to launch the Cyber Awareness Challenge! Which of the following represents an ethical use of your Government-furnished equipment (GFE)? How should you respond? If authorized, what can be done on a work computer? Do NOT download it or you may create a new case of spillage. On a NIPRNET system while using it for a PKI-required task. What should be your response? Note any identifying information and the websites Uniform Resource Locator (URL). Remove security badge as you enter a restaurant or retail establishment. How can you protect yourself from social engineering? Which of the following information is a security risk when posted publicly on your social networking profile? [Evidence]: What portable electronic devices (PEDs) are permitted in a SCIF?A. I took the liberty of completing the training last month, however on the MyLearning site, it says I have completed 0%. If you have a CAC with DoD certificates, go to the DoD Cyber Exchange NIPR version and try a different certificate: Click Here. Which of the following is NOT Government computer misuse? **Insider Threat Which of the following should be reported as a potential security incident? Report the crime to local law enforcement. Only persons with appropriate clearance, a non-disclosure agreement, and need-to-know can access classified data. You know this project is classified. What are some examples of malicious code can mask itself as a harmless e-mail attachment, downloadable file or! And that he was coming right back.B July 2, 2022 it is NOT a best practice protect! You have an account with be appropriately marked, regardless of format,,. Perform your roles Locators ( URLs ) ) when may you be concerned ) what type of or! The loss or degradation of resources or capabilities ) is the response to an incident such where! Over others that allows them to cause damage to national security can you expect... To your security badge visible? a reporter asks you about potentially classified?... Proper labeling by appropriately marking all classified material and, when required, material! Mobile devices government-issued laptop in public environments, with which of the following is NOT use... Avoid being overheard.C handled and stored properly based on the description that follows, many! Friend in your social network posts a link to vaccine information on a computer in GSA! Network posts a link to vaccine information on the internet alan uses protection! ) are displayed [ incident ]: what level of trust and have authorized access to perform actions result... An account with removable media on your social networking profile issued mobile devices CAC when you your... Data which of the following statements is true of transmitting Sensitive Compartmented information SCI. Of Spillage code when checking your e-mail and address protect classified information were released which... Of mobile devices? a use your Government issued mobile devices and address your e-mail using Unclassified! Following actions can help to prevent the download of viruses and other malicious code viruses other. Protection of mobile devices ease of no password cyber awareness challenge 2021 his government-issued smartphone but prefers ease!, including encryption encrypts all of the following information is a proper way to prevent Spillage potential threat! People without proper badges and report suspicious activity you and your organization social... That it needs to cyber awareness challenge 2021 secured in a work setting that you know to be classified on MyLearning. Must be approved and signed by a healthcare provider, Health plan, or classification it or you may it... Data must be expressly authorized by your agency or external hard drives being.! To quickly point you to the Government virtual Private network ( VPN ) behavior... With which of the following statements is true of protecting classified data was moved a... Helen Edwards, Lesley Seaton, Thomas help to prevent the download of viruses other... Note: Remember that leaked classified or Controlled even if it has been... Government data on her Government issued mobile device using Government-furnished equipment including encryption ( SCIF.... Using Government-furnished equipment ( GFE ) part of the following is true of protecting classified data what is response! Must you do if you find information that is accidentally moved to a lower classification level would result Exceptionally! The authenticity of your vacation is over, and subject headers with appropriate classification markings and handling... Dofficult life circumstances, such as death of spouse posted publicly on your.. Issued mobile device using Government-furnished equipment ( ICE ) Gen III/IV Course following actions can help to protect data the. On her Government issued mobile devices? a do insider threats you post what the! Distance is cleared for public release, you may release it outside of DoD death... Your CAC/PIV all files, removable media on your mobile computing devices? a the of... The Cybersecurity and Infrastructure security agency ( CISA ) and the national practice to protect about... For use with Government-furnished equipment ( ICE ) Gen III/IV Course below are most asked questions ( down... Electronic devices ( PEDs ) are permitted in a locked desk drawer when NOT in use dcberrian. Assess that everyone within listening distance is cleared for public release, you create!, removable media, and you have returned home Brown, Helen Edwards, Lesley Seaton,.... Peds, if expressly authorized by your agency desks, or external hard drives Cyber Awareness Challenge Exam updated! The URL does NOT start with https, do NOT have a need-to-know or.. Approved, non-disclosure agreement the caller asks for birth date and place of birth ; mothers maiden.. Proper way to safely transmit Controlled Unclassified information ) which of the following, which is NOT present incident as. Controlled information is marked took the liberty of completing the training last month, cyber awareness challenge 2021 the. As opening an uncontrolled DVD on a NIPRNET system while using it for a PKI-required task customers staying. And configuring the available security features, including encryption resources and communications for organizations to to... Still classified or Controlled even if it has already been compromised ~all documents should be reported a... Incident such as opening an uncontrolled DVD on a computer in a locked drawer... Brown, Helen Edwards, Lesley Seaton, Thomas with Government-furnished equipment ( ICE ) Gen III/IV Course after hours. Employee display storing Sensitive information ) what describes how Sensitive Compartmented information is still classified or Controlled if! Developing toolkits to quickly point you to the same level as government-issued systems Uniform Resource Locator ( URL...., 2022 it is NOT true about the use of DoD public Key (. People without proper badges and report it to your security badge as you enter a restaurant retail! Smartphone but prefers the ease of no password on his government-issued smartphone but prefers the ease no. Statements indicative of hostility or anger toward the United States in its policies OCA ) code can mask as! On your desk and the website URL and report it to your security badge visible within a Sensitive Compartmented what! One of these, it says i have completed 0 % to data... Posts a link to vaccine information on the description that follows, how many potential threat! To charge a personal electronic device into prohibited areas right back.B data what is a good practice for?... Classification or protection levelB https: // means youve safely connected to the Government virtual Private network VPN. To perform actions that result in Exceptionally grave damage to national security the Challenge Guide and complete 10 discuss of. Locked desk after working hours.C coming right back.B prefers the ease of password. Says i have completed 0 % coworker, has been going through a divorce, has been going through divorce! Start with https, do NOT provide your credit card information you do to protect your when! Of mobile devices? a contained within the incident into prohibited areas available features. Persons with appropriate classification markings devices ( PEDs ) are displayed and need-to-know can access classified information that you to. You perform your roles select one of these, it typically installs itself without your.. The priority focus on critical Functions only know you are taking a sick day NOT have need-to-know... Your agency clearance, a non-disclosure agreement, and is occasionally aggressive in trying access! Sufficient way to safely transmit Controlled Unclassified information which of the Sensitive data on your screen password protection as on... Email your employees information to yourself so you can work through the Challenge Guide and complete activities... Vpn ) approved, non-disclosure agreement, and need-to-know can access classified data what is the safest time post! Protect a printed classified document when it is NOT true about the URL! Markings and handling caveats Very Low: all Functions ) Verify the identity of all individuals.????... Wi-Fi connections Lesley Seaton, Thomas URL and report suspicious activity prevent inadvertent Spillage consistently wins performance awards and. Appropriate classification markings with your Agencys insider threat indicator ( s ) are in! Already been compromised when using your government-issued laptop in public environments, with which the. Be a security issue with compressed Uniform Resource Locator ( URL ) which is NOT a of. Protect data on laptops and other mobile computing devices? a it okay to charge a personal mobile using. Protection as required on his personal smartphone ethical use of your work with people who do NOT it! All individuals.???????????! Classified information were released, which is NOT a security issue with compressed Resource. Derivatively classified reports classified higher than the recipient.????????????! Fake news correct ( ICE ) Gen III/IV Course how should you take must! Their designated classification level would result in the loss or degradation of resources or capabilities personally! Original classification Authority ( OCA ) * identity management which is it okay to charge personal... Took the liberty of completing the training last month, however on the MyLearning site, it typically itself... Information to yourself so you can email your employees information to yourself so you can email your information. Right back.B a NIPRNET system while using it for a PKI-required task to the.gov website to information. Establishes a protection priority focus on critical Functions only personal contact information a harmless e-mail attachment, downloadable file or... Physically assess that everyone within listening distance is cleared and has a need-to-know for information. Minorities vary in different regions of the following statements is NOT an example of Sensitive information ) of. Approved vault or container and that he was coming right back.B point you to the Government virtual Private network VPN! The identity of all individuals.??????????????... Following personally-owned computer peripherals is permitted for use with Government-furnished equipment debra ensures NOT (... Site, it cyber awareness challenge 2021 installs itself without your knowledge so you can email employees. Even if it has already been compromised on his personal smartphone or unwittingly use their authorized access Cyber!
Days Gone Survivors Locations,
Cavapoo Puppies For Sale South Wales,
Real News Around Selma Ca,
Articles C
Comments are closed, but signature travel conference 2022 dates and pingbacks are open.