Cyber Awareness 2025 Knowledge Check Answers
Based on the description provided, how many insider threat indicators are present? Edward has worked for a DoD agency for 2 years. He is an analyst who takes a great deal of interest in his work. He occasionally takes a somewhat aggressive interest in others' work as well, including asking for classified details of their projects. He otherwise gets along well with his colleagues.
2
Which of the following is permitted when using an unclassified laptop within a collateral classified space?
A personally-owned wired headset without a microphone
Which of the following personally owner peripherals can you use with government furnished equipment (GFE)?
A wired keyboard connected via USB A monitor connected via USB
When is the safest time to post on social media about your work-related travel?
After the trip
How can malicious code do damage?
All of these
Which of the following can be used to catalogue information about you?
All of these
Which of the following poses a security risk while teleworking in an environment where Internet of Things (IoT) devices are present?
All of these
Which of these is NOT a potential indicator that your device may be under a malicious code attack?
An operating system update
Which of the following is a best practice to protect your identity?
Ask how information will be used before giving it out
Which of the following is true of working within a Sensitive Compartmented Information Facility (SCIF)?
Badges must be worn while in the facility and removed when leaving the facility.
Which of the following is an example of behavior that you should report?
Bringing a phone into a prohibited area
Which of the following would working in combination for two-factor authentication?
Common Access Card (CAC) and Personal Identification Number (PIN)
Which of the following is an example of removable media?
Compact disk
Which type of data could reasonably be expected to cause damage to national security?
Confidential
Which of the following is a best practice for telework and remote work?
Connect to your Government Virtual Private Network (VPN)
How can you protect a mobile device while traveling?
Connect with a Government VPN
Adam sees a coworker who does not have the required clearance with a printed document marked as Sensitive Compartmented Information (SCI). What should he do?
Contact his security POC to report the incident.
What is a best practice for creating user accounts for your home computer?
Create separate accounts for each user and have each user create their own password
Which of the following is a potential insider threat indicator?
Death of a spouse
Which of the following is a best practice for using government e-mail?
Do no solicit sales
You receive a phone call from an unknown person asking for a directory name on your government furnished laptop so that a software update can be made. Which course of action should you take?
Document the interaction and contact your security POC or help desk.
Which of the following is an allowed use of government furnished equipment (GFE)?
E-mailing your supervisor
Matt is a government employee who needs to share a document containing source selection data with his supervisor. Which of the following describes the most appropriate way for Matt to do this?
Encrypt it and send it via digitally signed Government e-mail.
Which of the following is NOT an appropriate use of your Common Access Card (CAC)?
Exchanging it for a visitor pass in another building
John receives an e-mail about a potential shutdown of a major social service unless a petition receives enough signatures. Which of the following actions should John NOT take with the e-mail?
Forward it
Which of the following is a best practice for protecting your home wireless network for telework or remote work?
Implement, as a minimum, Wi-Fi Protected Access 2 (WPA2) Personal encryption
How can you protect your home computer?
Install spyware protection software
Which of the following is true of Controlled Unclassified Information (CUI)?
It belongs to a defined category established in the DoD CUI Registry.
Which of the following is true of spillage?
It can be either inadvertent or intentional
Which of the following statements about Public Health Information (PHI) is true?
It is health information that identifies the individual.
Which of the following statements is true of DoD Unclassified data?
It must be cleared before being released to the public.
When allowed, which of the following is an appropriate use of removable media?
Labeling media that contains personally identifiable information (PII)
Which of the following is a best practice when browsing the internet?
Look for h-t-t-p-s in the URL name
As you browse a social media site, you come across photos of information with classification markings. What should you do?
Notify your security point of contact.
Which of the following is an appropriate use of a DoD Public Key Infrastructure (PKI) token?
Only leave it in a system while actively using it for a PKI-required task
Who designates whether information is classified and its classification level?
Original classification authority
Which of the following is true of Sensitive Compartmented Information Facilities (SCIFs)?
Personnel should physically assess whether everyone within listening distance has a need-to-know before starting conversations involving classified information.
Which of the following is a best practice for physical security?
Report suspicious activity
You receive an e-mail with a link to run an anti-virus scan. Your IT department has not sent links like this in the past. The e-mail is not digitally signed. What action should you take?
Report the e-mail to your security POC or help desk
How can you protect yourself from identity theft?
Review your credit report annually
Which of the following describes Sensitive Compartmented Information (SCI)?
SCI introduces an overlay of security to Top Secret, Secret, and Confidential information.
Which of the following uses of removable media is allowed?
Sam uses approved Government owned removable media to transfer files between government systems as authorized.
How can you prevent viruses and malicious code?
Scan all e-mail attachments
Which of the following provides precise, comprehensive guidance regarding specific program, system, operation, or weapon system elements of information to be classified?
Security Classification Guide
When linked to a specific individual, which of the following is NOT an example of Personally Identifiable Information (PII)?
Smartphone brand and model
What is an insider threat?
Someone who uses authorized access, either wittingly or unwittingly, to harm national security.
Which of the following is a way to protect classified data?
Store it in a GSA-approved container
Which of the following is true of compressed URLs (e.g. TinyURL, goo.gl)?
They may be used to mask malicious intent.
You receive an e-mail marked important from your agency head asking you to call them using a number you do not recognize. The e-mail was sent from a personal e-mail address that you do not recognize, but it addresses you by name. What action should you take?
This may be a spear phishing attempt. Report it to your security POC or help desk.
What are the requirements for access to Sensitive Compartmented Information (SCI)?
Top Secret clearance and indoctrination into the SCI program
How can you protect your home computer?
Use legitimate, known antivirus software
How can you protect data on a mobile device?
Use two-factor authentication
Which of the following is an appropriate use of government e-mail?
Using a digital signature when sending hyperlinks
Tessa is processing payroll data that includes employees' names, home addresses, and salary. Which of the following is Tessa prohibited from doing with the data?
Using her home computer to print the data while working remotely
How can you protect yourself on social networking sites?
Validate connection requests through another source if possible
As you scroll through your social media feed, a news headline catches your eye. What should you consider before sharing it with your connections?
Whether the source is credible and reliable
Steve occasionally runs errands during virtual meetings. He joins the meetings using his approved government device. Does this pose a security concern?
Yes. Eavesdroppers may be listening to Steve's conversation.
Does it pose a security risk to tap your smartwatch to pay for a purchase at a store?
Yes. There is a risk that the signal could be intercepted and altered.
Which of the following is true of transmitting or transporting Sensitive Compartmented Information (SCI)?
You must be courier-briefed for SCI to transport it.
Which of the following is the safest to share on a social networking site?
Your favorite movie
Which of the following is an example of a strong password?
bRobr@79l*P
Which of the following is permitted within a Sensitive Compartmented Information Facility (SCIF)?
A Bluetooth medical device, such as a glucose monitor
Under which Cyberspace Protection Condition (CPCON) is the priority focus limited to critical functions?
CPCON 1
Which of the following is true of removable media and portable electronic devices (PEDs)?
The risks associated with them may lead to loss of life.
