Cyber Awareness Challenge 2022 Knowledge Check

*IDENTITY MANAGEMENT* Which of the following is an example of a strong password?

eA1xy2!P

*CLASSIFIED DATA* What is a good practice to protect classified information?

Ensure proper labeling by appropriately marking all classified material and, when required, sensitive material.

*MOBILE DEVICES* Which of the following is an example of removable media?

Flash Drive

*SOCIAL ENGINEERING* How can you protect yourself from social engineering?

Follow instructions given only by verified personnel

Select the information on the data sheet that is personally identifiable information (PII) But not protected health information (PHI)

Jane Jones Social security number: 123-45-6789

Select the information on the data sheet that is protected health information (PHI)

Jane has been Dr...ect patient..ect.

*SPILLAGE* Which of the following may be helpful to prevent spillage?

Label all files, removable media, and subject headers with appropriate classification markings.

*SENSITIVE COMPARTMENTED INFORMATION* When faxing Sensitive Compartmented Information (SCI), what actions should you take?

Mark SCI documents appropriately and use an approved SCI fax machine.

*UNCONTROLLED CLASSIFIED INFORMATION* Which of the following is NOT an example of CUI?

Press release data

* CLASSIFIED DATA* Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization?

Secret

*UNCONTROLLED CLASSIFIED INFORMATION* Which of the following is NOT a correct way to protect CUI?

Sensitive information may be stored on any password-protected system.

*INSIDER THREAT* Based on the description below how many potential insider threat indicators are present? A colleague often makes others uneasy by being persistent in trying to obtain information about classified projects to which he has no access, is boisterous about his wife putting them in credit card debt, and often complains about anxiety and exhaustion display?

3 or more indicators

*SOCIAL NETWORKING* When is the safest time to post details of your vacation activities on your social networking profile?

After you have returned home following the vacation.

*PHYSICAL SECURITY* Within a secure area, you see an individual who you do not know and is not wearing a visible badge

Ask the individual to see an identification badge.

*USE OF GFE* What is a critical consideration on using cloud-based file sharing and storage applications on your Government-furnished equipment (GFE)?

Determine if the software or service is authorized

*MOBILE DEVICES* Which of the following is an example of near field communication (NFC)?

A smartphone that transmits credit card payment information when held in proximity to a credit card reader.

*SENSITIVE COMPARTMENTED INFORMATION* When is it appropriate to have your security badge visible within a sensitive compartmented information facility (SCIF)?

At all times while in the facility.

*SPILLAGE* Which of the following may be helpful to prevent spillage?

Be aware of classification markings and all handling caveats.

*HOME COMPUTER SECURITY* Which of the following is a best practice for securing your home computer?

Create separate accounts for each user.

*IDENTITY MANAGEMENT* What certificates does the Common Access Card (CAC) or Personal Identity Verification (PIV) card contain?

Identification, encryption, and digital signature

*REMOVABLE MEDIA IN A SCIF* What action should you take when using removable media in a Sensitive Compartmented Information Facility (SCIF)?

Identify and disclose it with local Configuration/Change Management Control and Property Management authorities

*SOCIAL NETWORKING* When may you be subject to criminal, disciplinary, and/or administrative action due to online misconduct?

If you participate in or condone it at any time.

*SOCIAL ENGINEERING* What action should you take with an e-mail from a friend containing a compressed Uniform Resource Locator (URL)?

Investigate the link's actual destination using the preview feature

*MALICIOUS CODE* Which of the following is NOT a way malicious code spreads?

Legitimate software updates

*INSIDER THREAT* Which of the following is NOT considered a potential insider threat indicator?

New interest in learning a foregin language.

*TRAVEL* Which of the following is a concern when using your Government-issued laptop in public?

Others may be able to view your screen.

*INSIDER THREAT* What threat do insiders with authorized access to information or information systems pose?

They may wittingly or unwittingly use their authorized access to perform actions that result in the loss or degradation of resources or capabilities.

*SOCIAL NETWORKING* Which of the following is a security best practice when using social networking sites?

Understanding and using the available privacy settings.

*SOCIAL ENGINEERING* How can you protect yourself from internet hoaxes?

Use online sites to confirm or expose potential hoaxes

*WEBSITE USE* Which of the following statements is true of cookies?

You should only accept cookies from reputable, trusted websites.