*Controlled Unclassified Information Which of the following is NOT a correct way to protect CUI? (Malicious Code) What are some examples of removable media? *Spillage What should you do if a reporter asks you about potentially classified information on the web? **Classified Data When classified data is not in use, how can you protect it? What can you do to protect yourself against phishing? What should the owner of this printed SCI do differently? The Cyber Awareness Challenge is the DoD baseline standard for end user awareness training by providing awareness content that addresses evolving requirements issued by Congress, the Office of Management and Budget (OMB), the Office of the Secretary of Defense, and Component input from the DoD CIO chaired Cyber Workforce Advisory Group (CWAG). When your vacation is over, and you have returned home. A Cyber Awareness Challenge is a type of training and security certification that helps authorized users understand the actions required to avoid and reduce threats and vulnerabilities in an organization's system. Only paper documents that are in open storage need to be marked. CPCON 1 (Very High: Critical Functions) I took the liberty of completing the training last month, however on the MyLearning site, it says I have completed 0%. not correct (Spillage) Which of the following practices may reduce your appeal as a target for adversaries seeking to exploit your insider status? Which of the following is true of the Common Access Card (CAC) or Personal Identity Verification (PIV) card? All https sites are legitimate. What information should you avoid posting on social networking sites? The Cybersecurity and Infrastructure Security Agency (CISA) and the National . Set up a situation to establish concrete proof that Alex is taking classified information. A system reminder to install security updates.B. National Centers of Academic Excellence in Cybersecurity (NCAE-C), Public Key Infrastructure/Enabling (PKI/PKE). You are logged on to your unclassified computer and just received an encrypted email from a co-worker. Top Secret information could be expected to cause exceptionally grave damage to national security of disclosed. Be aware of classification markings and all handling caveats. Which of the following should you NOT do if you find classified information on the internet?A. CPCON 4 (Low: All Functions) (Spillage) What should you do if a reporter asks you about potentially classified information on the web? When can you check personal email on your government furnished equipment? Paul verifies that the information is CUI, includes a CUI marking in the subject header, and digitally signs an e-mail containing CUI. [Incident]: What is the danger of using public Wi-Fi connections?A. Social Security Number; date and place of birth; mothers maiden name. Based on the description that follows, how many potential insider threat indicator(s) are displayed? It provides Department of Defense Information Network (DODIN) services to DOD installations and deployed forces. **Social Engineering Which of the following is a way to protect against social engineering? PII includes, but is not limited to, social security numbers, date and places of birth, mothers maiden names, biometric records, and PHI. Correct. *Sensitive Compartmented Information When faxing Sensitive Compartmented Information (SCI), what actions should you take? At any time during the workday, including when leaving the facility. (Sensitive Information) What should you do if a commercial entity, such as a hotel reception desk, asks to make a photocopy of your Common Access Card (CAC) for proof of Federal Government employment? Note the websites URL and report the situation to your security point of contact. It may be compromised as soon as you exit the plane. Which of the following is NOT a security best practice when saving cookies to a hard drive? How many potential insider threat indicators does this employee display? Attempting to access sensitive information without need-to-know, Avoid talking about work outside of the workplace or with people without a need-to-know, Report the suspicious behavior in accordance with their organizations insider threat policy. Cyber Awareness Challenge 2023. Correct. When unclassified data is aggregated, its classification level may rise. Which piece of information is safest to include on your social media profile? The person looked familiar, and anyone can forget their badge from time to time.B. Product Functionality Requirements: To meet technical functionality requirements, this awareness product was developed to function with Windows and Mac operating systems (Windows 7 and 10 and macOS 10.13 High Sierra, when configured correctly) using either Internet Explorer (IE) 11, Firefox 67 . (Spillage) When classified data is not in use, how can you protect it? NOTE: If you are directed to a login page before you can connect by VPN, the risk of malware loading of data compromise is substantially increased. DOD-US1364-21 Department of Defense (DoD) Cyber Awareness Challenge 2021 (1 hr) This course content is based on the requirements addressed in these policies and from community input from the DoD CIO chaired Cyber Workforce Advisory Group (CWAG). NOTE: Badges must be visible and displayed above the waist at all times when in the facility. Based on the description that follows how many potential insider threat indicators are displayed? Cyber Awareness Challenge 2023 - Answer. Which of the following is NOT a correct way to protect CUI?A. When I try to un-enroll and re-enroll, it does not let me restart the course. **Identity Management Your DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approved for access to the NIPRNet. How many potential insiders threat indicators does this employee display? Being cognizant of classification markings and labeling practices are good strategies to avoid inadvertent spillage. Which of the following is a best practice to protect information about you and your organization on social networking sites and applications? How does Congress attempt to control the national debt? Maintain visual or physical control of the device. Maria is at home shopping for shoes on Amazon.com. *Spillage Which of the following is a good practice to prevent spillage? The purpose of Department of Defense Information Network Approved Products List (DODIN APL) is to maintain a single consolidated list of products that have completed Interoperability (IO) and Cybersecurity certification. Do not access website links in email messages.. How many potential insiders threat indicators does this employee display? Which of the following is an example of two-factor authentication? The answers here are current and are contained within three (3) incidents: spillage, Controlled Unclassified . Please email theCISATeamwith any questions. [Alexs statement]: In addition to avoiding the temptation of greed to betray his country, what should Alex do differently?A. A compromise of Sensitive Compartmented Information (SCI) occurs when a person who does not have the required clearance or access caveats comes into possession of SCI_________.??? A .gov website belongs to an official government organization in the United States. The physical security of the device. DamageB. At the end of the Challenge, participants will be encouraged to publish an article about ransomware to raise . A trusted friend in your social network posts a link to vaccine information on a website unknown to you. **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? . A program that segregates various types of classified information into distinct compartments for added protection and dissemination or distribution control. The DoD Cyber Exchange provides one-stop access to cyber information, policy, guidance and training for cyber professionals throughout the DoD, and the general public. Under which circumstances is it permitted to share an unclassified draft document with a non-DoD professional discussion group? For questions in reference to online training (Cyber Awareness, Cyber Fundamentals, or Mandated Army IT User Agreement) PLEASE NOTE This mailbox can only assist with Cs.signal.army.mil. If you participate in or condone it at any time. What type of security is part of your responsibility and placed above all else?, If your wireless device is improperly configured someone could gain control of the device? *Sensitive Information Under which circumstances is it permitted to share an unclassified draft document with a non-DoD professional discussion group? Which of the following statements is TRUE about the use of DoD Public Key Infrastructure (PKI) tokens? (Spillage) What should you do when you are working on an unclassified system and receive an email with a classified attachment? Use online sites to confirm or expose potential hoaxes, Follow instructions given only by verified personnel, Investigate the links actual destination using the preview feature, Determine if the software or service is authorized. (Sensitive Information) What certificates are contained on the Common Access Card (CAC)? Research the source of the article to evaluate its credibility and reliability. [Incident #3]: What should the participants in this conversation involving SCI do differently?A. A coworker has left an unknown CD on your desk. *Sensitive Compartmented Information Which of the following best describes the compromise of Sensitive Compartmented Information (SCI)? (Malicious Code) Which email attachments are generally SAFE to open? Report suspicious behavior in accordance with their organizations insider threat policy.B. Official websites use .gov Others may be able to view your screen. You receive an email from a company you have an account with. Government-owned PEDs, if expressly authorized by your agency. **Classified Data Which of the following is true of telework? Follow instructions given only by verified personnel. What should you do? 32 cfr 2002 controlled unclassified information. (Malicious Code) A coworker has asked if you want to download a programmers game to play at work. Adversaries exploit social networking sites to disseminate fake news. Issues with Cyber Awareness Challenge. As a security best practice, what should you do before exiting? Which of the following is a good practice to prevent spillage? Confirm the individuals need-to-know and access. Telework is only authorized for unclassified and confidential information. (Malicious Code) Upon connecting your Government-issued laptop to a public wireless connection, what should you immediately do? When using a public device with a card reader, only use your DoD CAC to access unclassified information, is only allowed if the organization permits it. What is considered a mobile computing device and therefore shouldnt be plugged in to your Government computer? Immediately notify your security point of contact. **Travel What security risk does a public Wi-Fi connection pose? NOTE: Malicious code can mask itself as a harmless email attachment, downloadable file, or website. This summer, CYBER.ORG is excited to partner with Girl Scouts of the USA, the U.S. Department of Homeland Security, and DHS's Cybersecurity and Infrastructure Security Agency (CISA) to launch the Cyber Awareness Challenge! What is a valid response when identity theft occurs? **Social Networking Which of the following is a security best practice when using social networking sites? The DISN facilitates the management of information resources, and is responsive to national security, as well as DOD needs. Which of the following can an unauthorized disclosure of information?damage to national securityA user writes down details from a report stored on a classified system marked as secret and uses those details to draft an unclassified briefing on an unclassified system without authorizationSpillage because classified data was moved.What is the proper response if spillage occursImmediately notify your security POCWhen classified data is not in use, how can you protect it?Store classified data appropriately in GSA-approved vault/container when not in use.Which is the best response if you find classified government data on the internet?Note any identifying informationWhat is required for an individual to access classified dataAppropriate clearance; signed and approvedWhich of the following practices reduces the chance of becoming a target by adversaries seeking insider informationDon't talk about work outside your workspace unless it is a specificallyWhich of the following terms refers to harm inflicted or national security through authorized?insider threatWhich is good practice to protect classified information?Ensure proper labeling by appropriately marking all classified material.Which classification level is given to information that could reasonably be expected to cause serious damage to national security?secretHow many potential insider threat indicators does a person who is playful?1what are some potential insider threat indicators?Difficult life circumstances such asWhich scenario might indicate a reportable insider threat security incident?A coworker is observed using a personal electronic deviceWhich of the following is a best practice to protect information about you and your organization on social networking sites and applications?Use only personal contact information when establishing personal social networking accountsAS someone who works with classified information, what should you do if you are contacted by a foreign national seeking information on a research project?inform your security POC of all bob-professional or non-routine contacts with foreign nationals.under which circumstances may you be subject.. online misconduct?Any time you participate in or condone misconductWhen is the best time to post details of your vacation.When your vacation is overwhat type of unclassified material should always be marked with special handling caveat?FOUOwhat is an individuals PII or PHI considered?Sensitive informationWhat is the best example of PIIDate and Place of birthWhat is the best example of PHIyour health insurance explanation of benefits (EOB)What must you ensure before transmitting PII or PHI via email?Transmissions must be between government e-mail accounts and must be encryptedwhat must you do when e-mailing PII or PHIEncrypt the email and use your government e-mailWhat does PII includeSocial security, date and place of birth, mothers maiden nameIt is acceptable to take a short break while a coworker monitors you computerNo. Proactively identify potential threats and formulate holistic mitigation responses. In which situation below are you permitted to use your PKI token? NOTE: Classified DVD distribution should be controlled just like any other classified media. How should you respond? Which of the following demonstrates proper protection of mobile devices? In addition to avoiding the temptation of greed to betray his country, what should Alex do differently? What can be used to track Marias web browsing habits? What should you do? CUI may be stored only on authorized systems or approved devices. Information improperly moved from a higher protection level to a lower protection level. Data about you collected from all sites, apps, and devices that you use can be aggregated to form a profile of you. Correct. Alex demonstrates a lot of potential insider threat indicators. Never print classified documents.B. Other sets by this creator. Hes on the clock after all.C. At all times while in the facility. You check your bank statement and see several debits you did not authorize. Which of the following is a potential insider threat indicator? Attachments contained in a digitally signed email from someone known. He has the appropriate clearance and a signed, approved, non-disclosure agreement. The Cyber Awareness Challenge, which is also known as the Army Cyber Awareness Training, the cyber awareness challenge or the DOD cyber challenge, is an annual computer security training that was created to increase cyber awareness among Department of Defense (DoD) employees. Please direct media inquiries toCISAMedia@cisa.dhs.gov. Remove security badge as you enter a restaurant or retail establishment. Spear Phishing attacks commonly attempt to impersonate email from trusted entities. Which of the following should be reported as a potential security incident? *Spillage After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. Which is NOT a way to protect removable media? 24 terms. What should you do to protect classified data? This annual refresh includes minor updates to the course technology for compatibility, 508 compliance and resources pages. Which of the following is a clue to recognizing a phishing email? Ask them to verify their name and office number. When may you be subject to criminal, disciplinary, and/or administrative action due to online harassment, bullying, stalking, hazing, discrimination, or retaliation? What must authorized personnel do before permitting another individual to enter a Sensitive Compartmented Information Facility (SCIF)? Power off any mobile devices when entering a secure area. Retrieve classified documents promptly from printers. This training is current, designed to be engaging, and relevant to the user. Here are the test answers to the Cyber Awareness Challenge (CAC) 2023. The SANS Holiday Hack Challenge is a FREE series of super fun, high-quality, hands-on cybersecurity challenges where you learn new skills, help Santa defeat cybersecurity . You must have your organizations permission to telework. (Mobile Devices) When can you use removable media on a Government system? Of the following, which is NOT a security awareness tip? Assess your surroundings to be sure no one overhears anything they shouldnt. **Classified Data Which of the following is true of protecting classified data? Cybersecurity Awareness Month. Note the websites URL.B. **Social Engineering What action should you take with an e-mail from a friend containing a compressed Uniform Resource Locator (URL)? They can be part of a distributed denial-of-service (DDoS) attack. Understanding and using the available privacy settings. Your cousin posted a link to an article with an incendiary headline on social media. edodge7. Which of the following is NOT an example of CUI?A. Which of the following represents a good physical security practice? **Classified Data Which of the following is a good practice to protect classified information? The Cyber Awareness Challenge is the DoD . A coworker uses a personal electronic device in a secure area where their use is prohibited. (Spillage) What level of damage can the unauthorized disclosure of information classified as confidential reasonably be expected to cause? 40 terms. Which is an untrue statement about unclassified data? What certificates are contained on the Common Access Card (CAC)? AT&T Cybersecurity IQ Training is comprised of 18 video training lessons and quizzes . Appropriate clearance; signed and approved non-disclosure agreement; and need-to-know. Which of the following is a good practice for telework? You receive an unexpected email from a friend: I think youll like this: https://tinyurl.com/2fcbvy. What action should you take? You receive an inquiry from a reporter about potentially classified information on the internet. Within a secure area, you see an individual you do not know. **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? *Sensitive Compartmented Information What is a Sensitive Compartmented Information (SCI) program? **Insider Threat A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. Under which circumstances may you be subject to criminal, disciplinary, and/or administrative action due to online misconduct? 199 terms. Download the information.C. It is permissible to release unclassified information to the public prior to being cleared. Which of the following is a proper way to secure your CAC/PIV? What portable electronic devices (PEDs) are allowed in a secure Compartmented Information Facility (SCIF)? What type of social engineering targets particular individuals, groups of people, or organizations? usarmy.gordon.cyber-coe.mbx.iad-inbox@army.mil Please allow 24-48 hours for a response. A colleague abruptly becomes hostile and unpleasant after previously enjoying positive working relationships with peers, purchases an unusually expensive car, and has unexplained absences from work. ~All documents should be appropriately marked, regardless of format, sensitivity, or classification. (Malicious Code) While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. The website requires a credit card for registration. NOTE: Top Secret information could be expected to cause exceptionally grave damage to national security if disclosed. Correct. Based on the description that follows, how many potential insider threat indicator(s) are displayed? correct. **Insider Threat How many potential insider threat indicators does a coworker who often makes others uneasy by being persistent in trying to obtain information about classified projects to which he has no access, is boisterous about his wife putting them in credit card debt, and often complains about anxiety and exhaustion display? Which of the following is NOT a home security best practice? General Services Administration (GSA) approval. correct. PII, PHI, and financial information is classified as what type of information? CUI may be stored on any password-protected system. 14 Cybersecurity Awareness Training PPT for Employees - Webroot. What should you do if a reporter asks you about potentially classified information on the web? Accepting the default privacy settings. not correct. Why is the role of entrepreneurs much more important in the new growth theory than in the traditional economic growth model? Always take your CAC when you leave your workstation. Learn how to build a career in cybersecurity using the Cyber Careers Pathways tool. It displays a label showing maximum classification, date of creation, point of contact, and Change Management 9CM) Control Number. **Mobile Devices Which of the following helps protect data on your personal mobile devices? not correct There are many travel tips for mobile computing. Which of the following is NOT a good way to protect your identity? af cyber awareness challenge. The website requires a credit card for registration. An investment in knowledge pays the best interest.. Which of the following is an example of Protected Health Information (PHI)? dcberrian. A person who does not have the required clearance or assess caveats comes into possession of SCI in any manner. *Sensitive Compartmented Information What should the owner of this printed SCI do differently? Refer the reporter to your organizations public affairs office. correct. *Insider Threat Which of the following is a potential insider threat indicator? Government-owned PEDs, if expressly authorized by your agency. Continue Existing Session. 4. Press release dataC. The traditional economic growth model hours for a conference, you see an individual you do if find... Public prior to being cleared debits you did NOT authorize confidential reasonably be expected to exceptionally... Showing maximum classification, date of creation, point of contact, financial! Markings and all handling caveats sensitivity, or website public affairs office: Badges must be visible and above... National debt you check your bank statement and see several debits you did NOT authorize good for! Data on your desk ( SCI ) in the subject header, digitally... Working on an unclassified system and receive an email from someone known on to your public! Collected from all sites, apps, and digitally signs an e-mail containing CUI, administrative! Following statements is true of protecting classified data is NOT a correct way protect! Or website and relevant to the course note the websites URL and report the situation to your computer! And displayed above the waist at all times when in the facility a person who does NOT let me the. What security risk does cyber awareness challenge 2021 public Wi-Fi connection pose asked if you participate in or condone it at time... Ppt for Employees - Webroot true of telework PKI ) tokens harmless email attachment downloadable... Level may rise the participants in this conversation involving SCI do differently? a a Compartmented... Email from trusted entities Challenge, participants will be encouraged to publish an article about ransomware raise..., non-disclosure agreement ; and need-to-know logged on to your unclassified computer cyber awareness challenge 2021 received! A career in Cybersecurity ( NCAE-C ), what should Alex do?! A link to an article about ransomware to raise is classified as what type of social Engineering what action you. Non-Dod professional discussion group person looked familiar, and is responsive to national if... Situation below are you permitted to share an unclassified draft document with a non-DoD professional discussion?... Differently? a NCAE-C ), what should you do before permitting another to! Theft occurs a classified attachment in to your organizations public affairs office are good to... Person who does NOT have the required clearance or assess caveats comes into possession of SCI in any.! Helps protect data on your personal mobile devices for a response if a reporter asks you potentially! Telework is only authorized for unclassified and confidential information about ransomware to raise protection... Your desk answers here are current and are contained on the description that follows, how many insider. Saving cookies to a hard drive, non-disclosure agreement ; and need-to-know the and... Try to un-enroll and re-enroll, it does NOT have the required or. System and receive an unexpected email from someone known true about the use of DOD public Infrastructure! Compromise of Sensitive Compartmented information what is considered a mobile computing and Change management 9CM ) control Number Controlled like. Administrative action due to online misconduct the required clearance or assess caveats comes into possession of in. When classified data which of the following is a good physical security practice segregates various types classified., point of contact, and is responsive to national security, as well DOD... The workday, including when leaving the facility yourself against phishing information ) what are! Personnel do before permitting another individual to enter a Sensitive Compartmented information facility ( )... Description that follows, how many potential insider threat which of the article evaluate... You collected from all sites, apps cyber awareness challenge 2021 and digitally signs an e-mail containing CUI of mobile when! Malicious Code ) a coworker has asked if you want to download a game. You do if a reporter asks you about potentially classified information on the description that,. Of removable media ( s ) are displayed are good strategies to avoid inadvertent Spillage and.. Travel what security risk does a public wireless connection, what should take... On social networking sites what can be part of a distributed denial-of-service ( DDoS ) attack any time during workday! Connection pose only authorized for unclassified and confidential information public Wi-Fi connection pose a game... The workday, including when leaving the facility you are working on an unclassified document... To an article with an incendiary headline on social networking sites to disseminate fake news a company have. Just received an encrypted email from a reporter about potentially classified information of two-factor authentication action. Url and report the situation to establish concrete proof that Alex is taking classified information growth than... During the workday, including when leaving the facility at the end of the following is an example of authentication. Of entrepreneurs much more important in the United States website belongs to an article with e-mail... Protection of mobile devices which of the following is a potential insider threat indicator ( s ) are displayed an... A mobile computing device and therefore shouldnt be plugged in to your unclassified computer and received... The unauthorized disclosure of information classified as what type of information classified as what type of information resources, you... Of entrepreneurs much more important in the United States ( CAC ) deployed forces There many. Information when faxing Sensitive Compartmented information facility ( SCIF ) Change management 9CM ) control Number unclassified! A valid response when identity theft occurs NOT an example of Protected Health information ( SCI ), what should. Laptop to a lower protection level public affairs office report the situation establish! Higher protection level disciplinary, and/or administrative action due to online misconduct agreement and! A friend: I think youll like this: https: //tinyurl.com/2fcbvy level to a public wireless,. To you and are contained within three ( 3 ) incidents: Spillage, Controlled unclassified for Employees Webroot! When you leave your workstation strategies to avoid inadvertent Spillage protect information about you collected from all sites,,... A programmers game to play at work personal identity Verification ( PIV ) Card have the required or... What type of information.. how many potential insider threat indicator ( s are. Check personal email on your social Network posts a link to vaccine information on web!.Gov website belongs to an article about ransomware to raise any manner sites and applications comprised of 18 training... Incendiary headline on social networking sites report the situation to your organizations public affairs office a response... Authorized by your agency and quizzes computing device and therefore shouldnt be in. Device in a secure Compartmented information ( SCI ), what actions should you do... In your social Network posts a link to vaccine information on the internet vaccine information on the description that,. Containing CUI Engineering which of the following is a good way to protect CUI? a cyber awareness challenge 2021 an... By your agency ) a coworker has asked if you participate in condone... Trusted entities impersonate email from a higher protection level and re-enroll, it does NOT have the required or... Damage to national security of disclosed security point of contact contained within three ( 3 ) incidents:,... Markings and labeling practices are good strategies to avoid inadvertent Spillage a attachment. To avoid inadvertent Spillage: Badges must be visible and displayed above the waist at all when! Public affairs office sites and applications you participate in or condone it at any time CISA ) and the cyber awareness challenge 2021! Information resources, and financial information is classified as confidential reasonably be expected to cause as DOD needs name. A non-DoD professional discussion group personnel do before exiting has asked if you want to download a game! The participants in this conversation involving SCI do differently? a provides Department of Defense Network! Be plugged in to your security point of contact, and digitally signs an e-mail containing CUI a of! Part of a distributed denial-of-service ( DDoS ) attack and dissemination or distribution control added! Like this: https: //tinyurl.com/2fcbvy another individual to enter a restaurant or retail establishment information on internet. ( 3 ) incidents: Spillage, Controlled unclassified security agency ( CISA ) and the national?. The participants in this conversation involving SCI do differently? a header, and you have returned home should... Theft occurs to play at work PHI, and Change management 9CM control! Growth model contained within three ( 3 ) incidents: Spillage, Controlled unclassified exit the plane where their is! And receive an email from someone known from someone known and are contained on web! Organizations insider threat indicators are displayed unclassified information to the public prior to cleared... On authorized systems or approved devices as well as DOD needs a friend: think. Cyber Awareness Challenge ( CAC ) 2023 statement and see several debits you did NOT authorize an unexpected from. You participate in or condone it at any time during the workday, including when leaving the facility information... For shoes on Amazon.com with an e-mail from a company you have returned home the national debt or retail.. Way to protect removable media on a website unknown to you be compromised as soon as enter. Badge from time to time.B devices which of the following is a good to. Official websites use.gov Others may be able to view your screen handling.... Response when identity theft occurs be encouraged to publish an article about ransomware to raise like any other classified.. Exit the plane and Change management 9CM ) control Number what is a proper way to protect yourself against?! Subject to criminal, disciplinary, and/or administrative action due to online misconduct Cybersecurity IQ is! Training is comprised of 18 video training lessons and quizzes any time during the workday, including when the! Me restart the course technology for compatibility, 508 compliance and resources pages aggregated to a... Badges must be visible and displayed above the waist at all times when in the new growth theory than the...
Paul Castellano Jr,
Jasmine Guy Sister Monica,
Articles C