DOD Cyber Awareness Challenge 2019: Knowledge Check Questions

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

A colleague has visited several foreign countries recently...

. 2 indicators

A colleague has won 10 high-performance awards, can be playful and charming, is not currently in a relationship, and is occasionally aggressive in trying to access sensitive information. How many potential insider threat indicators does this employee display?

1 indicator

A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complains about the credit card bills that his wife runs up. How many potential insider threat indicators does this employee display?

3 or more indicators

What do you do if spillage occurs?

?

What information most likely presents a security risk on your personal social networking profile?

?

Which of the following is NOT true of traveling overseas with a mobile phone?

?

Which of the following is a best practice for handling cookies?

?

Which of the following should be reported as a potential security incident?

A coworker removes sensitive information without authorization.

What should you do after you have ended a call from a reporter asking you to confirm potentially classified info found on the web?

Alert your security point of contact.

Select all sections of the profile that contain an issue. Then select Submit. [Alex Smith]

All three sections

Which of the following statements is TRUE about the use of DoD Public Key Infrastructure (PKI) tokens?

Always use DoD PKI tokens within their designated classification level.

Is it permitted to share an unclassified draft document with a non-DoD professional discussion group?

As long as the document is cleared for public release, you may share it outside of DoD.

Which is it appropriate to have your security badge visible within a Sensitive Compartmented Information Facility (SCIF)

At all times when in the facility

Which email attachments are generally SAFE to open?

Attachments contained in a digitally signed email from someone known

In addition to avoiding the temptation of greed to betray his country, what should Alex do differently?

Avoid talking about work outside of the workplace or with people without a need-to-know

How can you protect your information when using wireless technology?

Avoid using non-Bluetooth-paired or unencrypted wireless computer peripherals.

What is the danger of using public Wi-Fi connections?

Both of these

Which of the following does NOT constitute spillage?

Classified information that should be unclassified and is downgraded

Which of the following is true of protecting classified data?

Classified material must be appropriately marked

Upon connecting your Government-issued laptop to a public wireless connection, what should you immediately do?

Connect to the Government Virtual Private Network (VPN).

You receive an email from the Internal Revenue Service (IRS) demanding immediate payment of back taxes of which you were not aware. The email provides a website and a toll-free number where you can make payment. What action should you take?

Contact the IRS using their publicly available, official contact information.

Which of the following is the example of Personally Identifiable Information (PII)?

Date of Birth

You receive a friend request from someone in Germany that you meet casually at a conference last year?

Decline Request

When checking in at the airline counter for a business trip...

Decline so that you maintain physical contact of your Government-issued laptop.

When checking in at the airline counter for a business trip, you are asked if you would like to check your laptop bag. This bag contains your Government-issued laptop. What should you do?

Decline so that you maintain physical control of your Government-issued laptop

A man you do not know is trying to look at your Government-issued phone and has asked to use it. What should you do?

Decline to lend the man your phone.

What is the best protection method for sharing Personally Identifiable Information (PII)?

Digitally sign and encrypt the email.

Which of the following is NOT a typical result from running malicious code?

Disables cookies.

Which of the following is a practice that helps to prevent the download of viruses and other malicious code when checking your email?

Do not access links or hyperlinked media such as buttons and graphics in email messages.

Which of the following should you NOT do if you find classified information on the internet?

Download the information

What portable electronic devices (PEDs) are permitted in a Sensitive Comnpartmented Information Facility (SCIF)?

Government -owned PEDs expressly authorized by your Agency

A coworker has asked if you want to download a programmer's game to play at work. What should be your response?

I'll pass.

Under what circumstances is it acceptable to check personal email on Government-furnished equipment (GFE)?

If your organization allows it.

Which of these is true of unclassified data?

Its classification level may rise when aggregated.

You receive an email at your official Government email address from an individual at the Office of Personnel Management (OPM). The email provides a link to a personnel portal where you must enter your personal information as part of an effort to standardize recordkeeping. What action should you take first?

Look for a digital signature on the email.

What is the best way to protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card?

Maintain possession of it at all times.

Which of the following is NOT true concerning a computer labeled SECRET?

May be used on an unclassified network

Which of the following describes an appropriate use of Government email?

Molly uses a digital signature when sending attachments or hyperlinks.

Select the appropriate setting for each item. Then select Save. [Alex Smith/Social Media]

Name and profile picture - Any (depends on personal preference) Biographical data - Friends Only; Status, photos, and posts - Friends Only; Family and relationships - Friends Only; Birthday - Friends Only; Photos and videos you are in - Friends Only; Check in location via GPS - Off

Which of the following is NOT considered a potential insider threat indicator?

New interest in learning a foreign language.

After clicking on a link on a website, a box pops up and asks if you want to run an application. Is it okay to run it?

No. Only allow mobile code to run from your organization or your organization's trusted sites.

Which of the following actions is appropriate after finding classified Government information on the internet?

Note any identifying information and the website's URL.

What should Sara do when using publicly available Internet, such as hotel Wi-Fi?

Only connect with the Government VPN

Which of the following is a practice that helps to protect you from identity theft?

Ordering a credit report annually.

Which of the following is NOT a typical means for spreading malicious code?

Patching from a trusted source

What information most likely presents a security risk on your personal social networking profile?

Personal email address

What is TRUE of a phishing attack?

Phishing can be an email with a hyperlink as bait

What actions should you take upon hearing a discussion involving Sensitive Compartmented Information (SCI) while seated in a cafeteria within an SCI Facility (SCIF)?

Remind those involved that such discussions should not take place in common area within a SCIF

What should Alex's colleagues do?

Report the suspicious behavior in accordance with their organization's insider threat policy

What kind of information could reasonably be expected to cause serious damage to national security in the event of unauthorized disclosure?

Secret

What type of information includes personal, payroll, medical, and operational information?

Sensitive

Which type of information includes personal, payroll, medical, and operational information?

Sensitive

Which of the following is NOT a correct way to protect sensitive information?

Sensitive information may be stored on any password-protected system.

How should you protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card?

Store it in a shielded sleeve to avoid chip cloning.

When using your Government-issued laptop in public environments, with which of the following should you be concerned?

The potential for unauthorized viewing of work-related information displayed on your screen

What advantages do "insider threats" have over others that allows them to be able to do extraordinary damage to their organizations?

They are trusted and have authorized access to Government information systems.

Which of the following is true of Internet hoaxes?

They can be part of a distributed denial-of-service (DDoS) attack.

How many insider threat indicators does Alex demonstrate?

Three or more

What kind of information could reasonably be expected to cause serious damage to national security in the event of unauthorized disclosure?

Top Secret

Select all security issues. Then select Submit. [Isabel/Website Use]

Top and bottom sections only

Mobile devices include fitness bands, tablets, smartphones, electronic readers, and Bluetooth- enabled devices.

True

While you are waiting for your lunch bill, a stranger picks up your Government-issued phone from your table and proceeds to exit the facility with it. What should you do?

Try to observe the direction taken and any other useful information and immediately make a report to your security point of contact.

You receive an unexpected email from a friend: "I think you'll like this: https://tinyurl.com/2fcbvy." What action should you take?

Use TinyURL's preview feature to investigate where the link leads

Which of the following is a best practice for securing your home computer?

Use antivirus software and keep it up to date.

Which of the following is NOT an appropriate way to protect against inadvertent spillage?

Use the classified network for all work, including unclassified work

Which of the following represents a good physical security practice?

Use your own security badge, key code, or Common Access Card (CAC)/Personal Identity Verification (PIC) card.

When would be a good time to post your vacation location and dates on your social networking website?

When you return from your vacation.

In setting up your personal social networking service account, what email address should you use?

Your personal email address


Kaugnay na mga set ng pag-aaral

Major crops of Brassicaceae, Cucurbitaceae, and Solanaceae

View Set

NUR 3420 Pharmacology PrepU Ch22

View Set

Exam 2 - Unit 7 - Conflict Resolution Part 2

View Set

PART 2. THE MIDDLE AGES AND RENAISSANCE (PRELUDE 2; CHAPTERS 13-19)

View Set