FY24 DOD Cyber Awareness Challenge Knowledge Check
Which of these is NOT a potential indicator that your device may be under a malicious code attack?
A notification for a system update that has been publicized
When is the safest time to post on social media about your vacation plans?
After the trip.
Which of the following contributes to your online identity?
All of these
Which of the following is true of working within a Sensitive Compartmented Information Facility (SCIF)?
Authorized personnel who permit another individual to enter the SCIF are responsible for confirming the individual's need-to-know and access.
You receive a phone call offering you a $50 gift card if you participate in a survey. Which course of action should you take?
Decline to participate in the survey. This may be a social engineering attempt.
What is the goal of an Insider Threat Program?
Deter, detect, and mitigate the risks associated with insider threats
Which of the following is NOT a best practice for protecting data on a mobile device?
Disable automatic screen locking after a period of inactivity.
Which of the following is a best practice for using government e-mail?
Do not send mass e-mails.
Mabel is a government employee who needs to share a document containing contractor proprietary information with her supervisor. Which of the following describes the most appropriate way for Mabel to do this?
Encrypt it and send it via digitally signed Government e-mail.
Which of the following uses of removable media is allowed?
Government owned removable media that is approved as operationally necessary.
Which of the following statements about Portected Health Information (PHI) is false?
It is created or received by a healthcare provider, health plan, or employer or a business associate of these.
Which of the following is true of Controlled Unclassified Information (CUI)?
It must be handled using safeguarding or dissemination controls.
Which of the following is a best practice to protect your identity?
Order a credit report annually.
Which of the following is true of Sensitive Compartmented Information Facilities (SCIFs)?
Personnel must position monitors so that they do not face windows or close the window blinds.
Which of the following is true of transmitting or transporting Sensitive Compartmented Information (SCI)?
Printed SCI must be retrieved promptly from the printer.
Which of the following is a step you should NOT take to protect against spillage?
Purge any device's memory before connecting it to a classified network
You receive an e-mail with a link to schedule a time to update software on your government furnished laptop. Your IT department has not scheduled software updates like this in the past and has not announced this software update. The e-mail is not digitally signed. What action should you take?
Report the e-mail to your security POC or help desk
How can you prevent viruses and malicious code?
Scan all external files before uploading to your computer.
Which type of data could reasonable be expected to cause serious damage to national security?
Secret
Which of the following is NOT a best practice for teleworking in an environment where Internet of Things (IoT) devices are present?
Use the devices' default security settings.
Which of the following is a best practice for physical security?
Use your own security badge or key code for facility access.
Which of the following is an appropriate use of government e-mail?
Using a digital signature when sending attachments.
Which of the following is true of telework?
You must have permission from you organization to telework.
After a classified document is leaked online, it makes national headlines. Which if the following statement is true of the leaked information that is now accessible by the public?
You should still treat it as classified even thought it has been compromised.
Annabeth becomes aware that a conversation with a co-worker that involved Sensitive Compartmented Information (SCI) may have been overheard by someone who does not have the required clearance. What action should Annabeth take?
Contact her security POC with detailed information about the incident.
Terry sees a post on her social media feed that says there is smoke billowing from the Pentagon. The post includes a video that shows smoke billowing from a building that is not readily identifiable as the Pentagon. Terry is not familiar with the source of the post. Which of the following describes what Terry has likely seen?
This is probably disinformation unless Terry can verify it on a legitimate news site.
You receive an e-mail marked important from your boss asking for data that they need immediately for a meeting starting now. The e-mail was sent from a personal e-mail address that you do not recognize, bit it addresses you by name. What concern does the e-mail pose?
This may be a spear phishing attempt. Contact your boss using contact information that you know to be legitimate.
Which of the following is NOT an appropriate use of your Common Access Card (CAC)?
Using it as photo identification with a commercial entity.
Which of the following is permitted when using an unclassified laptop within a collateral classified space?
A Government-issue wired headset with microphone
How can you mitigate the ptential rish associated with a compressed URL (e.g., TinyURL, goo.gl)?
Use the preview function to see where the link actually leads.
Beth taps her phone at a payment terminal to pay for a purchase. Does this pose a security risk?
Yes, there is a risk that signal could be intercepted and altered.
Which of the following is permitted within a Sensitive Compartmented Information Facility (SCIF)?
An authorized Government-owned PED
Which of the following is true of spillage?
It refers specially to classified information that becomes publicly available.
Which of the following is a best practice for managing connection requests on social networking sites?
Validate connection requests through another source if possible
Which best describes an insider threat? Someone who uses ______ access, ______, to harm national security through unauthorized disclosure, data modification, espionage, terrorism, or kinetic actions.
authorized; wittingly or unwittingly
Which of the following describes Sensitive Compartmented Information (SCI)? SCI is a program that ________ various types of classified information for ________ protection and dissemination or distribution control.
segregates; added
How can an adversary use information available in public records to target you?
Combine it with information from other data sources to learn how best to bait you with a scam.
Carl receives an e-mail about a potential health risk caused by a common ingredient in processed food. Which of the following actions should Carl NOT take with the e-mail?
Forward it.
How can you protect your home computer?
Regularly back up your files.
