Cyber Awareness Challenge 2022
What must the dissemination of information regarding intelligence resources, methods, or activities follow?
Directives issued by the Director of National Intelligence.
If an incident occurs involving removable media in a sensitive compartmented information facility, what action should you take?
Go to find your security point of contact.
Under what circumstances is it acceptable to check personal email on Government-furnished equipment (GFE)?
If your organization allows it.
What can help to protect the data on your personal mobile device?
Secure it to the same level as government-issued systems
You receive an unexpected email from a friend: "I think you'll like this: https://tinyurl.com/2fcbvy." What action should you take?
Use TinyURL's preview feature to investigate where the link leads.
Which of the following is NOT a good way to protect your identity?
Use a single, complex password for your system and application logons.
Which of the following represents a good physical security practice?
Use your own security badge, key code, or Common Access Card (CAC)/Personal Identity Verification (PIC) card.
How can you protect your information when using wireless technology?
Avoid using non-Bluetooth-paired or unencrypted wireless computer peripherals.
Which of the following best describes the sources that contribute to your online identity?
Data about you collected from all sites, apps, and devices that you use can be aggregated to form a profile of you.
Which of the following is a good practice to protect classified information?
Ensure proper labeling by appropriately marking all classified material and when required, sensitive material.
Which of the following is an example of removable media?
Flash drive.
What do you do if spillage occurs?
Immediately notify your security point of contact.
Which of the following prevent spillage?
Label all file, removable media, and subj headers with appropriate classification markings.
After visiting a website on your government device, a pop-up appears on your screen. A pop-up appears on your screen. The pop-up asks if you want to run an application. Is this safe?
No, you should only allow mobile code to run from your organization or your organization's trusted sites.
How should you respond to the theft of your identity?
Report the crime to local law enforcement.
What type of social engineering targets particular individuals, groups of people, or organizations?
Spear phishing
How should you protect a printed classified document when it is not in use?
Store it in a GSA approved vault or container.
A colleague has won 10 high-performance awards, can be playful and charming, is not currently in a relationship, and is occasionally aggressive in trying to access sensitive information. How many potential insiders threat indicators does this employee display?
1 indicator
A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complains about the credit card bills that his wife runs up. How many potential insiders threat indicators does this employee display?
3 or more indicators
A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. How many potential insiders threat indicators does this employee display?
3 or more indicators
What is a common indicator of a phishing attempt?
A threat of dire consequences
Which of the following statements is TRUE about the use of DoD Public Key Infrastructure (PKI) tokens?
Always use DoD PKI tokens within their designated classification level.
Is it permitted to share an unclassified draft document with a non-DoD professional discussion group?
As long as the document is cleared for public release, you may release it outside of DoD
Which CPCON is the priority focus on critical functions only?
CPCON 2
You receive an email from the Internal Revenue Service (IRS) demanding immediate payment of back taxes of which you were not aware. The email provides a website and a toll-free number where you can make payment. What action should you take?
Contact the IRS
What action should you take if you become aware that sensitive compartmented information has been compromised?
Contact your security point of contact to report the incident.
Which of the following is a practice that helps to prevent the download of viruses and other malicious code when checking your email?
Do not access links or hyperlinked media such as buttons and graphics in email messages.
Which is the best practice that can prevent viruses and other malicious code from being downloaded when checking your email?
Do not access website links, buttons, or Graphics in email.
Based on the description that follows, how many potential insider threat indicators are displayed?
Happily married etc = 0.
When checking in at the airline counter for a business trip, you are asked if you would like to check your laptop bag. This bag contains your government-issued laptop. What should you do?
I've tried all the answers and it still tells me off, part 2. Decline So That You Maintain Physical Control of Your Government-Issued Laptop.
Who can be permitted access to classified data?
Only persons with appropriate clearance, a non-disclosure agreement, and need-to-know can access classified data.
Which of the following is a concern when using your Government issued laptop in public?
Others may be able to view your screen.
Which of the following is NOT a typical means for spreading malicious code?
Patching from a trusted source
Your cousin posted a link to an article with an incendiary headline on a social media. What action should you take?
Research the source of the article to evaluate its credibility and reliability.
What should you consider when using a wireless keyboard with your home computer?
Reviewing and configuring the available security features, including encryption.
What should you do after you have ended a call from a reporter asking you to confirm potentially classified information found on the web?
Alert your security point of contact.
Which of the following is a practice that helps to protect you from identity theft?
Ordering a credit report annually
Which of the following is NOT a requirement for telework?
You must possess security clearance eligibility to telework.
What information most likely presents a security risk on your personal social networking profile?
Your place of birth
Which of the following is an example 2FA?
your password and a code via text.
Which of the following is an example of Protected Health Information (PHI)?
I've tried all the answers and it still tells me off. Examples are: Patient names, Social Security numbers, Driver's license numbers, insurance details, and birth dates
When can you check personal e-mail on your government-furnished equipment?
If allowed by organizational policy
Which of the following is NOT a best practice to protect data on your mobile computing device?
Lock your device screen when not in use and require a password to reactivate.
Which of the following is not considered a potential insider threat indicator?
New interest in learning a foreign language.
Your DoD CAC has a Public Key Infrastructure PKI token approved for access to the Non-classified Internet Protocol ROuter Network NIPRNet. In which situation are you permitted to use your PKI token?
On a NIPRNet system while using it for a PKI-required task.
Which of the following is NOT an example of sensitive information?
Press release data
When using your government-issued laptop in public environments, with which of the following should you be concerned?
The potential for unauthorized viewing of work-related information displayed on your screen.
Which of the following is a security best practice when using social networking sites?
Understanding and using the available privacy settings.
In setting up your personal social networking service account, what email address should you use?
Your personal email address