DoD Cyber Awareness 2023 (Knowledge Check)
(Insider Threat) What is an insider threat?
Someone who uses authorized access, wittingly or unwittingly, to harm national security through unauthorized disclosure or other actions that may cause the loss or degradation of resources or capabilities.
(Controlled Unclassified Information) Which is a best practice for protecting Controlled Unclassified Information (CUI)?
Store it in a locked desk drawer after working hours
(Identity Management) What is the best way to protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card?
Store it in a shielded sleeve
(Controlled Unclassified Information) Which of the following is true of Controlled Unclassified Information (CUI)?
CUI must be handled using safeguarding or dissemination controls.
(Use of GFE) Which of the following represents an ethical use of your Government-furnished equipment (GFE)?
Checking personal e-mail when allowed by your organization
(Classified Data) What is the basis for the handling and storage of classified data?
Classification markings and handling caveats
(Social Engineering) Which of the following is true?
Digitally signed e-mails are more secure.
(Website Use) Which of the following actions ean help to protect your identity?
Shred personal documents
(Sensitive Compartmented Information) Which of the following is true of Security Classification Guides?
The provide guidance on reasons for and duration of classification of information.
(Controlled Unclassified Information) Which designation marks information that does not have potential to damage national security?
Unclassified
(Insider Threat) Which of the following is a potential insider threat indicator?
Unusual interest in classified information
(Social Engineering) Which is an appropriate use of govemment e-mail?
Use a digital signature when sending attachments or hyperlinks
(Physical Security) Which Cyber Protection Condition (CPCON) establishes a protection priority focus on critical functions only?
CPCON 1
(Social Networking) Which of the following statements is true?
Adversaries exploit social networking sites to disseminate fake news.
(Insider Threat) Based on the description that follows, how many potential insider threat indicator(s) are displayed? A colleague abruptly becomes hostile and unpleasant after previously enjoying positive working relationship with peers, purchases an unusually expensive new car, and has unexplained absences from work.
3 or more indicators
(Identity Management) Which of the following is an example of two-factor authentication?
A Common Access Card and Personal Identification Number
(Insider Threat) Which scenario might indicate a reportable insider threat?
A colleague removes sensitive information without seeking authorization in order to perform authorized telework.
(Spillage) Which of the following is a good practice to prevent spillage?
Always check to make sure you are using the correct network for the level of data
(Insider Threat) Which of the following is a reportable insider threat activity?
Attempting to access sensitive information without need-to-know
(Sensitive Compartmented Information) What must authorized personnel do before permitting another individual to enter a Sensitive Compartmented Information Facility (SCIF)?
Confirm the individual's need-to-know and access
(Controlled Unclassified Information) Which designation includes Personally Identifiable Information (PlI) and Protected Health Information (PHI)?
Controlled Unclassified Information (CUI)
(Removable Media in SCIF) Which of the following is NOT a potential consequence of using removable media unsafely in a Sensitive Compartmented Information Facility (SCIF)?
Damage to the removable media
(Classified Data) Which of the following is a good practice to protect classified information?
Don't assume open storage in a secure facility is authorized
(Mobile Devices) How can you protect data on your mobile computing and portable electronic devices (PEDs)?
Enable automatic screen locking after a pekod of inactivity
(Classified Data) Which of the following must you do before using an unclassified laptop and peripherals in a collateral classified environment?
Ensure that any cameras, microphones, and Wi-Fi embedded in the laptop are physically disabled
(Social Networking) How can you protect your organization on social networking sites?
Ensure there are no identifiable landmarks visible in any photos taken in a work setting that you post
(Malicious Code) Which of the following is NOT a type of malicious code?
Executables
(Mobile Devices) Which of the following is an example of removable media?
Flash Drive / External hard drive
(Spillage) Which of the following may help to prevent spillage?
Follow procedures for transferring data to and from outside agency and non-Government networks
(Controlled Unclassified Information) Which of the following is NOT an example of Personally Identifiable Information (PII)?
High school attended
(Social Networking) When may you be subject to criminal, disciplinary, and/or administrative action due to online harassment, bullying, stalking, hazing, discrimination, or retaliation?
If you participate in or condone it at any time
(Home Computer Security) How should you secure your home wireless network for teleworking?
Implement Wi-Fi Protected Access 2 (WPA2) Personal encryption at a minimum
(Sensitive Compartmented Information) Which of the following is true of sharing information in a Sensitive Compartmented Information Facility (SCIF)?
Individuals must avoid referencing derivatively classified reports classified higher than the recipient.
(Spillage) What does "spillage" refer to?
Information improperly moved from a higher protection level to a lower protection level
(Identity Management) Which of the following is true of the Common Access Card (CAC)?
It contains certificates for identification, encryption, and digital signature.
(Controlled Unclassified Information) Which of the following is true of Protected Health Information (PHI)?
It is created or received by a healthcare provider, health plan, or employer.
(Travel) What security risk does a public Wi-Fi connection pose?
It may expose the information sent to theft.
(Identity Management) Which of the following is true of using a DoD Public Key Infrastructure (PKI) token?
It should only be in a system while actively using it for a PKI-required task.
(Physical Security) Which of the following best describes good physical security?
Lionel stops an individual in his secure area who is not wearing a badge.
(Spillage) You find information that you know to be classified on the Internet. What should you do?
Note the website's URL and report the situation to your security point of contact
(Removable Media in a SCIF) Which of the following is true of portable electronic devices (PEDs) in a Sensitive Compartmented Information Facility (SCIF)?
Only connect government-owned PEDs to the same level classification information system when authorized
(Controlled Unclassified Information) Which of the following is a security best practice for protecting Personally Identifiable Information (PII)?
Only use Government-furnished or Government-approved equipment to process PIl.
(Classified Data) Who designates whether information is classification level?
Original classification authority
(Spillage) A vendor conducting a pilot program with your organization contacts you for organizational data to use in a prototype. How should you respond?
Refer the vendor to the appropriate personnel
(Spillage) You receive an inquiry from a reporter about government information not cleared for public release. How should you respond?
Refer to reporter to your organization's public affairs office
(Physical Security) Which of the following is a best practice for physical security?
Report suspicious activity
(Malicious Code) Which of the following is a way to prevent the spread of malicious code?
Scan all external files before uploading to your computer
(Social Engineering) What type of social engineering targets senior officials?
Whaling