DOD Cyber Awareness Challenge 2025 Knowledge check
Which of these is NOT a potential indicator that your device may be under a malicious code attack?
An operating system update
Which of the following is a way to protect classified data?
Store it in a GSA-approved container
Which of the following is an example of removable media?
Compact disc
Which of the following is NOT an appropriate use of your Common Access Card (CAC)?
Exchanging it for a visitor pass in another building.
How can you protect yourself from identity theft?
Review your credit report annually
How can you protect your home computer?
Install spyware protection software
What are the requirements for access to Sensitive Compartmented Information (SCI)?
Top Secret clearance and indoctrination into the SCI program
Which of the following is permitted when using an unclassified laptop within a collateral classified space?
A personally-owned wired headset without a microphone
Which of the following poses a security risk while teleworking in an environment where Internet of Things (IoT) devices are present?
All of these.
Which of the following is a best practice to protect your identity?
Ask how information will be used before giving it out.
Which of the following is an example of behavior that you should report?
Bringing a phone into a prohibited area
What is a best practice for creating user accounts for your home computer?
Create separate accounts for each user and have each user create their own password.
You receive a phone call from an unknown person asking for a directory name on your government furnished laptop so that a software update can be made. Which course of action should you take?
Document the interaction and contact your security POC or help desk
Matt is a government employee who needs to share a document containing source selection data with his supervisor. Which of the following describes the most appropriate way for Matt to do this?
Encrypt it and send it via digitally signed Government e-mail
John receives an e-mail about a potential shutdown of a major social service unless a petition receives enough signatures. Which of the following actions should John NOT take with the e-mail?
Forward it
Which of the following is an appropriate use of a DoD Public Key Infrastructure (PKI) token?
Only leave it in a system while actively using it for a PKI-required task
You receive an e-mail with a link to run an anti-virus scan. Your IT department has not sent links like this in the past. The e-mail is not digitally signed. What action should you take?
Report the e-mail to your security POC or help desk.
How can you prevent viruses and malicious code?
Scan all e-mail attachments
Which of the following is true of compressed URLs (e.g., TinyURL, goo.gl)?
They may be used to mask malicious intent
You receive an e-mail marked important from your agency head asking you to call them using a number you do not recognize. The e-mail was sent from a personal e-mail address that you do not recognize, but it addresses you by name. What action should you take?
This may be a spear phishing attempt. Report it to your security POC or help desk.
How can you protect your home computer?
Use legitimate, known antivirus software
How can you protect data on a mobile device?
Use two-factor authentication
Which of the following is an appropriate use of government e-mail?
Using a digital signature when sending hyperlinks
How can you protect yourself on social networking sites?
Validate connection requests through another source if possible
Steve occasionally runs errands during virtual meetings. He joins the meetings using his approved government device. Does this pose a security concern?
Yes. Eavesdroppers may be listening to Steve's conversation
