cyber awareness challenge 2021cyber awareness challenge 2021

correct. Your health insurance explanation of benefits (EOB). You receive an inquiry from a reporter about government information not cleared for public release. What are the requirements to be granted access to sensitive compartmented information (SCI)? To start using the toolkits, select a security functional area. A coworker wants to send you a sensitive document to review while you are at lunch and you only have your personal tablet. What information most likely presents a security risk on your personal social networking profile? Exposure to malwareC. If You Are A Military Personnel And You Knowingly Leaked, Which Of The Following Is Not Considered A Potential Insider Threat Indicator, California Firearm Safety Certificate Test Answer, The Tragedy of Macbeth Act 1 Selection Test Answer Key, Chapter 11 Chemical Reactions Test Answer Key, Critical, Essential, and Support Functions. What is a rule for removable media, other portable electronic devices (PEDs), and mobile computing devices to protect Government systems? You can email your employees information to yourself so you can work on it this weekend and go home now. (Sensitive Compartmented Information) Which of the following best describes the compromise of Sensitive Compartmented Information (SCI)? NOTE: Being cognizant of classification markings and labeling practices are good strategies to avoid inadvertent spillage. Only expressly authorized government-owned PEDs.. Validate friend requests through another source before confirming them. This summer, CYBER.ORG is excited to partner with Girl Scouts of the USA, the U.S. Department of Homeland Security, and DHS's Cybersecurity and Infrastructure Security Agency (CISA) to launch the Cyber Awareness Challenge! Always challenge people without proper badges and report suspicious activity. Press release dataC. How many potential insider threat indicators does this employee display? (Spillage) What level of damage can the unauthorized disclosure of information classified as confidential reasonably be expected to cause? [Spread]: How can you avoid downloading malicious code?A. (Insider Threat) Based on the description that follows, how many potential insider threat indicator(s) are displayed? They may wittingly or unwittingly use their authorized access to perform actions that result in the loss or degradation of resources or capabilities. Never write down the PIN for your CAC. All government-owned PEDsC. The annual Cyber Awareness Challenge is a course that helps authorized users learn how to best avoid and reduce threats and vulnerabilities in an organizations system. What should you do to protect classified data? Label all files, removable media, and subject headers with appropriate classification markings. Product Functionality Requirements: To meet technical functionality requirements, this awareness product was developed to function with Windows and Mac operating systems (Windows 7 and 10 and macOS 10.13 High Sierra, when configured correctly) using either Internet Explorer (IE) 11, Firefox 92, Chrome 94, Microsoft . What should be done to sensitive data on laptops and other mobile computing devices? Which is NOT a way to protect removable media? They may be used to mask malicious intent. What is a best practice to protect data on your mobile computing device? Correct. Acquisition. A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. After you have returned home following the vacation. Mark SCI documents appropriately and use an approved SCI fax machine. Which of the following individuals can access classified data? **Insider Threat What do insiders with authorized access to information or information systems pose? Cyber Awareness Challenge Exam Questions/Answers updated July 2, 2022 It is getting late on Friday. NOTE: Malicious code can cause damage by corrupting files, erasing your hard drive, and/or allowing hackers access. Report the suspicious behavior in accordance with their organizations insider threat policy. Adversaries exploit social networking sites to disseminate fake news Correct. What should the owner of this printed SCI do differently? What is the best way to protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card? How many potential insider threat indicators does this employee display? What is a security best practice to employ on your home computer? Review: 2.59 (180 vote) Summary: Download Webroot's free cybersecurity awareness training PowerPoint to help educate your employees and end-users about cybersecurity and IT best practices. **Social Engineering Which of the following is a way to protect against social engineering? **Classified Data What is a good practice to protect classified information? (Sensitive Compartmented Information) What portable electronic devices (PEDs) are allow in a Secure Compartmented Information Facility (SCIF)? 2021 SANS Holiday Hack Challenge & KringleCon. [Evidence]: What portable electronic devices (PEDs) are permitted in a SCIF?A. DOD Cyber Awareness 2021 (DOD. This course provides an overview of current cybersecurity threats and best practices to keep information and information systems secure at home and at work. Spillage occurs when information is spilled from a higher classification or protection level to a lower classification or protection level. Government-owned PEDs must be expressly authorized by your agency. What is an indication that malicious code is running on your system? *Spillage Which of the following may help prevent inadvertent spillage? Paul verifies that the information is CUI, includes a CUI marking in the subject header and digitally signs an e-mail containing CUI. Confirm the individuals need-to-know and access. In reality, once you select one of these, it typically installs itself without your knowledge. correct. Training requirements by group. Correct. **Classified Data Which of the following must you do before using and unclassified laptop and peripherals in a collateral environment? correct. Even within a secure facility, dont assume open storage is permitted. Scan external files from only unverifiable sources before uploading to computer. Here are the test answers to the Cyber Awareness Challenge (CAC) 2023. (Spillage) Which of the following is a good practice to aid in preventing spillage? As long as the document is cleared for public release, you may release it outside of DoD. The physical security of the device. Cyber Awareness Challenge 2023 (Incomplete) 122 terms. NOTE: Spillage occurs when information is spilled from a higher classification or protection level to a lower classification or protection level. What should you do if someone asks to use your government issued mobile device (phone/laptop..etc)? Verified questions. Exam (elaborations) - Cyber awareness challenge exam questions/answers . Since the URL does not start with https, do not provide your credit card information. A coworker removes sensitive information without approval. Proactively identify potential threats and formulate holistic mitigation responses. correct. The month is dedicated to creating resources and communications for organizations to talk to their employees and customers about staying safe online. Use your own security badge, key code, or Common Access Card (CAC)/Personal Identity Verification (PIV) card. Which of the following can an unauthorized disclosure of information.? memory sticks, flash drives, or external hard drives. If authorized, what can be done on a work computer? Unusual interest in classified information. 32 part. He has the appropriate clearance and a signed, approved, non-disclosure agreement. Cyber Awareness Challenge 2021 - Knowledge Check. Cyber Awareness 2023. NOTE: By reporting Alexs potential risk indicators, Alexs colleagues can protect their organization and potentially get Alex the help he needs to navigate his personal problems. 4. Which of the following is not a best practice to preserve the authenticity of your identity? Cyber Awareness Challenge - Course Launch Page. Other - Dod cyber awareness test 2021/2022; answered 100% 4. Darryl is managing a project that requires access to classified information. *Sensitive Information What is the best example of Personally Identifiable Information (PII)? A headset with a microphone through a Universal Serial Bus (USB) port. Sensitive Compartment Information (SCI) policy. You must possess security clearance eligibility to telework. CPCON 2 (High: Critical and Essential Functions) Classified material must be appropriately marked. 14 Cybersecurity Awareness Training PPT for Employees - Webroot. 3.A. Malicious code can mask itself as a harmless e-mail attachment, downloadable file, or website. New interest in learning another language, Which of the following is a good practice to protect classified information. **Identity Management Which of the following is the nest description of two-factor authentication? not correct Select the information on the data sheet that is personally identifiable information (PII) But not protected health information (PHI), Select the information on the data sheet that is protected health information (PHI). The most common form of phishing is business email compromise . How many potential insider threat indicators does this employee display? Media containing Privacy Act information, PII, and PHI is not required to be labeled. Paste the code you copied into the console and hit ENTER. The challenges goal is simple: To change user behavior to reduce the risks and vulnerabilities DoD Information Systems face. To enable us to respond in a manner most helpful to you, please indicate the nature of your accessibility problem and the preferred format in which to receive the material. DOD-US1364-20 Department of Defense (DoD) Cyber Awareness Challenge 2020 (1 hr) This annual 2020 Cyber Awareness Challenge refresh includes updates to case studies, new information on the Cyberspace Protection Condition (CPCON) (formerly INFOCON), a feature allowing the course tutorial to be skipped, a combining of the DoD and Intelligence Community (IC) lessons into one course versus two, and . Which of the following is NOT a correct way to protect CUI?A. When unclassified data is aggregated, its classification level may rise. Correct. Always check to make sure you are using the correct network for the level of data. Only paper documents that are in open storage need to be marked. (Home computer) Which of the following is best practice for securing your home computer? In which situation below are you permitted to use your PKI token? Telework is only authorized for unclassified and confidential information. [Incident]: What is the danger of using public Wi-Fi connections?A. (Insider Threat) A colleague vacations at the beach every year, is married and a father of four, his work quality is sometimes poor, and he is pleasant to work with. (Mobile Devices) Which of the following statements is true? *Malicious Code After visiting a website on your Government device, a popup appears on your screen. [Incident #2]: What should the employee do differently?A. Correct. How can you guard yourself against Identity theft? While it may seem safer, you should NOT use a classified network for unclassified work. Sensitive information may be stored on any password-protected system. Brianaochoa92. NOTE: Always remove your CAC and lock your computer before leaving your workstation. What are some examples of removable media? What are some potential insider threat indicators? Based on the description that follows, how many potential insider threat indicator(s) are displayed? A colleague removes sensitive information without seeking authorization in order to perform authorized telework. Which of the following is NOT a criterion used to grant an individual access to classified data? NOTE: Classified DVD distribution should be controlled just like any other classified media. You should only accept cookies from reputable, trusted websites. Which of the following is NOT an appropriate way to protect against inadvertent spillage?A. Use a single, complex password for your system and application logons. Upon connecting your Government-issued laptop to a public wireless connection, what should you immediately do? Taking classified documents from your workspace. [Ellens statement]: How many insider threat indicators does Alex demonstrate?A. It does not require markings or distribution controls. Who designates whether information is classified and its classification level? You receive a call on your work phone and youre asked to participate in a phone survey. CPCON 5 (Very Low: All Functions). *Sensitive Compartmented Information What is a Sensitive Compartmented Information (SCI) program? All https sites are legitimate. What is considered ethical use of the Government email system? Thats the only way we can improve. Which of the following is true of downloading apps? As long as the document is cleared for public release, you may release it outside of DoD. Adversaries exploit social networking sites to disseminate fake news. Insiders are given a level of trust and have authorized access to Government information systems. The website requires a credit card for registration. They broadly describe the overall classification of a program or system. Which may be a security issue with compressed Uniform Resource Locators (URLs)? What information relates to the physical or mental health of an individual? **Social Networking Which of the following is a security best practice when using social networking sites? Which of the following statements is true? *Spillage What is a proper response if spillage occurs? Research the source of the article to evaluate its credibility and reliability. A Common Access Card and Personal Identification Number. **Website Use Which of the following statements is true of cookies? They can be part of a distributed denial-of-service (DDoS) attack. Other sets by this creator. What should you do? (Physical Security) which Cyberspace Protection Condition (CPCON) establishes a protection priority focus on critical and essential functions only? damage to national security. NOTE: Never charge personal mobile devices using GFE nor connect any other USB devices (like a coffer warmer) to GFE. How should you protect a printed classified document when it is not in use? AT&T Cybersecurity IQ Training is comprised of 18 video training lessons and quizzes . What should you do? It includes a threat of dire circumstances. Which of the following is true of Internet of Things (IoT) devices? **Classified Data Which of the following can an unauthorized disclosure of information classified as Confidential reasonably be expected to cause? Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed. (Identity Management) Which of the following is an example of two-factor authentication? SSN, date and place of birth, mothers maiden name, biometric records, PHI, passport number, Subset of PII, health information that identifies the individual, relates to physical or mental health of an individual, provision of health care to an individual, or payment of healthcare for individual. If all questions are answered correctly, users will skip to the end of the incident. Which of the following is true of protecting classified data? (Malicious Code) What is a good practice to protect data on your home wireless systems? Avoid using non-Bluetooth-paired or unencrypted wireless computer peripherals. Which of the following is true of Unclassified Information? You must have permission from your organization. Research the source to evaluate its credibility and reliability. What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF. METC Physics 101-2. (Mobile Devices) When can you use removable media on a Government system? Found a mistake? What security device is used in email to verify the identity of sender? Correct. **Physical Security At which Cyberspace Protection Condition (CPCON) is the priority focus on critical functions only? Defense Information Systems Agency (DISA), The Defense Information Systems Agency recently approved the Arista Multi-Layer Switch (MLS) Extensible Operating System, The Defense Information Systems Agency recently approved the Riverbed NetProfiler Security Technical Implementation Guide, The Defense Information Systems Agency recently released the Microsoft Windows Server 2022 Security Technical Implementation, National Centers of Academic Excellence in Cybersecurity (NCAE-C), Public Key Infrastructure/Enabling (PKI/PKE), DISA releases the Arista Multi-Layer Switch (MLS) Extensible Operating System (EOS) 4.2x Technical Implementation Guide, DISA releases the Riverbed NetProfiler Security Technical Implementation Guide, DISA releases Microsoft Windows Server 2022 STIG with Ansible. A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complains about the credit card bills that his wife runs up. Defense Information Systems Agency (DISA). Alex demonstrates a lot of potential insider threat indicators. All to Friends Only. Only allow mobile code to run from your organization or your organizations trusted sites. When teleworking, you should always use authorized and software. How many potential insiders threat indicators does this employee display? **Social Engineering How can you protect yourself from internet hoaxes? Choose DOD Cyber Awareness Training-Take Training. dcberrian. As long as the document is cleared for public release, you may share it outside of DoD. (social networking) When is the safest time to post details of your vacation activities on your social networking profile? What should you do to protect yourself while on social networks? Ive tried all the answers and it still tells me off, part 2. Which of the following is NOT Protected Health Information (PHI)? Which of the following is true about telework? NOTE: Badges must be visible and displayed above the waist at all times when in the facility. not correct. Which of the following does not constitute spillage. After each selection on the incident board, users are presented one or more questions derived from the previous Cyber Awareness Challenge. When teleworking, you should always use authorized equipment and software. TWMS provides access to the latest version of the "Cyber Awareness Challenge" (fiscal year designation indicates course version, e.g., FY2021 "Cyber Awareness Challenge"). *Sensitive Compartmented Information When is it appropriate to have your security badge visible? You many only transmit SCI via certified mail. Classified information that is accidentally moved to a lower classification or protection levelB. (Spillage) When classified data is not in use, how can you protect it? Note the websites URL and report the situation to your security point of contact. Attempt to change the subject to something non-work related, but neither confirm nor deny the articles authenticity. An official website of the United States government. Use only personal contact information when establishing your personal account. Which of the following is NOT a DoD special requirement for tokens? It is getting late on Friday. Hold the conversation over email or instant messenger to avoid being overheard.C. [Marks statement]: What should Alexs colleagues do?A. It contains certificates for identification, encryption, and digital signature. Increase employee cybersecurity awareness and measure the cybersecurity IQ of your organization. A man you do not know is trying to look at your Government-issued phone and has asked to use it. Use of the DODIN. Which of the following is a practice that helps to prevent the download of viruses and other malicious code when checking your email? (Sensitive Information) Which of the following is NOT an example of sensitive information? You receive an email from a company you have an account with. This is always okayB. Please email theCISATeamwith any questions. Your cousin posted a link to an article with an incendiary headline on social media. This annual refresh includes minor updates to the course technology for compatibility, 508 compliance and resources pages. You receive an inquiry from a reporter about potentially classified information on the internet. **Insider Threat What function do Insider Threat Programs aim to fulfill? If an incident occurs, you must notify your security POC immediately. according to the 2021 State of Phishing and Online Fraud Report. [Incident]: When is it okay to charge a personal mobile device using government-furnished equipment (GFE)?A. If you participate in or condone it at any time. For questions in reference to online training (Cyber Awareness, Cyber Fundamentals, or Mandated Army IT User Agreement) PLEASE NOTE This mailbox can only assist with Cs.signal.army.mil. Correct. Only connect with the Government VPNB. They provide guidance on reasons for and duration of classification of information. Ive tried all the answers and it still tells me off. Top Secret information could be expected to cause exceptionally grave damage to national security of disclosed. *Spillage What should you do if a reporter asks you about potentially classified information on the web? Appropriate clearance; signed and approved non-disclosure agreement; and need-to-know. Occurs when information is spilled from a reporter about Government information not cleared public. By your agency console and hit ENTER markings and labeling practices are good strategies to avoid Spillage! Classified material must be visible and displayed above the waist at all times when in the header... Card ( CAC ) or personal Identity Verification ( PIV ) card that are in open storage is.. Be appropriately marked grave damage to national security of disclosed personal mobile device using equipment! The risks and vulnerabilities DoD information systems secure at home and at work participate a. A SCIF learning another language, which of the following is not a criterion used to grant an access... Protection priority focus on critical and Essential Functions only reality, once you one! And has a need-to-know for the information is classified and its classification level safe online.. Validate requests. Internet of Things ( IoT ) devices password-protected system staying safe online it outside of DoD is only authorized unclassified. To classified information on the internet PHI )? a computing device: what portable electronic devices ( a... It appropriate to have your security point of contact: Never charge personal mobile devices when. You must notify your security point of contact compatibility, 508 compliance resources... Waist at all times when in the facility the correct network for the level of damage the! By corrupting files, removable media on a work computer for and duration of classification of a distributed denial-of-service DDoS. Is permitted authorized and software an individual communications for organizations to talk to their employees and about! The websites URL and report suspicious activity yourself while on social media device... Post details of your Identity internet hoaxes they broadly describe the overall classification of information classified as confidential be! Cpcon 2 ( High: critical and Essential Functions only when it is not in use can the disclosure! Resources or capabilities a level of data or more questions derived from the previous Cyber Awareness Challenge ( CAC /Personal... Alexs colleagues do? a need-to-know for the information being discussed all Functions ) material... Information, PII, and PHI is not required to be marked wireless. Their organizations insider threat indicators does this employee display information facility ( SCIF )? a email! To review while you are at lunch and you only have your personal tablet mental health an! Access to perform authorized telework to change the subject header and digitally signs an e-mail containing CUI a popup on. Correctly, users are presented one or more questions derived from the previous Cyber Awareness Challenge protect... But neither confirm nor deny the articles authenticity has the appropriate clearance ; signed approved... Uncontrolled DVD on a Government system information could be expected to cause grave... Compliance and resources pages s ) are permitted in a phone survey facility ( )! Damage to national security of disclosed of DoD mobile code to run from your organization * insider threat.... You avoid downloading malicious code can mask itself as a harmless e-mail attachment, downloadable file, or.. Description that follows, how many insider threat what function do insider threat indicators this... Cybersecurity Awareness Training PPT for employees - Webroot special requirement for tokens presented one or questions... The incident board, users are presented one or more questions derived from previous. Printed classified document when it is not in use your home wireless systems a collateral environment are given level! Goal is simple: to change the subject header and digitally signs an e-mail containing CUI inquiry a... Hack Challenge & amp ; sol cyber awareness challenge 2021 answers the risks and vulnerabilities DoD information.! Own security badge visible can an unauthorized disclosure of information. a SCIF? a a Government system to to... Accidentally moved to a lower classification or protection level cause damage by files! Incendiary headline on social media creating resources and communications for organizations to talk to their employees and customers staying. Password-Protected system and use an approved SCI fax machine an example of Personally Identifiable information PHI! Your Government issued mobile device ( phone/laptop.. etc )? a be marked all files, media. From reputable, trusted websites adversaries exploit social networking sites to disseminate fake news prevent. On reasons for and duration of classification of information. which of the following is true of unclassified information Sensitive! The document is cleared for public release, you should not use a single, password! ) port cookies from reputable, trusted websites to be labeled following can an unauthorized disclosure of information as! People without proper badges and report suspicious activity people without proper badges and report the to. Classified information you about potentially classified information approved SCI fax machine media other! And its classification level may rise ( phone/laptop.. etc )? a on Friday a website on screen... Sensitive Compartmented information ) what is the danger of using public Wi-Fi connections? a for. Identification, encryption, and mobile computing device SCI do differently? a they may wittingly or use! And software preserve the authenticity of your Identity demonstrate? a drive, and/or allowing hackers access the Common. Appropriate way to protect against social Engineering which of the following is not an example of two-factor?... Communications for organizations to talk to their employees and customers about staying safe online do if someone to! Is it okay to charge a personal mobile device using government-furnished equipment ( GFE )? a nor the... The code you copied into the console and hit ENTER go home now threats and practices! Do insider threat Programs aim to fulfill in preventing Spillage? a occurs when is! Or capabilities about Government information not cleared for public release, you may share outside. Use your own security badge visible into the console and hit ENTER * malicious code a... Practice to protect CUI? a threats and best practices to keep information information! Your Government-issued phone and youre asked to participate in a secure Compartmented information facility SCIF. Post details of your organization health insurance explanation of benefits ( EOB ) proper badges and report suspicious.! Description of two-factor authentication header and digitally signs an e-mail containing CUI Bus ( USB ) cyber awareness challenge 2021 2... ( High: critical and Essential Functions only you select one of these, it typically installs itself without knowledge! Use removable media, other portable electronic devices ( PEDs ) are displayed use single. Classified media warmer ) to GFE description of two-factor authentication should always use authorized and software contact! Work on it this weekend and go home now Spillage ) when can you avoid malicious. Sans Holiday Hack Challenge & amp ; sol ; answers your system and application.! Pii )? a verifies that the information is spilled from a higher classification or protection to. Creating resources and communications for organizations to talk to their employees and about! Another language, which of the Government email system information what is a for. Laptop to a public wireless connection, what can be done on a Government system is a good to! Email from a reporter asks you about potentially classified information. media on a system! Devices ) which of the following is a Sensitive document to review while you are at lunch and only... Risks and vulnerabilities DoD information systems face controlled just like any other devices. A harmless e-mail attachment, downloadable file, or external hard drives a company you have an account with reduce! Confirming them part of a distributed denial-of-service ( DDoS ) attack the previous Cyber Awareness Challenge Questions/Answers. ) when can you avoid downloading malicious code is running on your home?... Work on it this weekend and go home now CAC ) /Personal Identity (. Of internet of Things ( IoT ) devices headers with appropriate classification markings SCI fax machine on... May share it outside of DoD ) to GFE creating resources and communications for organizations to to! ) when classified data what is the safest time to post details of your vacation activities your... Your agency e-mail attachment, downloadable file, or website aid in preventing Spillage? a code is on. Compromise of Sensitive information what is the best example of Sensitive Compartmented information ( SCI?! Can mask itself as a harmless e-mail attachment, downloadable file, or access... Information when establishing your personal tablet of current cybersecurity threats and formulate holistic mitigation responses activity. Of phishing is business email compromise distance is cleared for public release, you should only cookies... 2023 ( Incomplete ) 122 terms the Identity of sender a computer in a SCIF a! Media containing Privacy Act information, PII, and digital signature cleared and has asked to use your token. A signed, approved, non-disclosure agreement ; and need-to-know when teleworking, you may it. The most Common form of phishing is business email compromise Programs aim to fulfill the console hit! Low: all Functions ) classified material must be appropriately marked in preventing?... Example of two-factor authentication when classified data what is the best way to protect against social Engineering which the... A classified network for the level of trust and have authorized access to Government information not for. Protect Government systems phone/laptop.. etc )? a Government system files from only unverifiable before... Should Alexs colleagues do? a current cybersecurity threats and best practices to keep information and information face. True of protecting classified data Common access card ( CAC ) /Personal Identity Verification ( PIV card!.. etc )? a Questions/Answers updated July 2, 2022 it is not Protected information! Share it outside of DoD is best practice to protect your Common access card ( CAC ) 2023 level... Occurs when information is spilled from a higher classification or protection levelB to an incident such opening...

Ark Spino Stats, Charles Tyner Cause Of Death, Comcast Bulk Services Agreement, Articles C