00 DON Cyber Awareness Challenge
Based on description provided, how many insider threat indicators are present? Edward has worked for a DoD agency for 2 years. He is an analyst who takes a great deal of interest in his work. He occasionally takes a somewhat aggressive interest in others' work as well, including asking for classified details of their projects. He otherwise gets along well with his colleagues.
1
How can malicious code do damage?
All of these
Which of the following can be used to catalogue information about you?
All of these
Which of the following poses a security risk while teleworking in an environment where Internet of Things (IoT) devices are present?
All of these
Which of these is NOT a potential indicator that your device may be under a malicious code attack?
An operating system update
Which of the following is an example of behavior that you should report?
Bringing a phone into a prohibited area
Under which Cyberspace Protection Condition (CPCON) is the priority focus limited to critical functions?
CPCON 1
What is a best practice for creating user accounts for your home computer?
Create separate accounts for each user and have each user create their own password
Which of the following is an allowed use of government furnished equipment (GFE)?
E-mailing your supervisor
Matt is a government employee who needs to share a document containing source selection data with his supervisor. Which of the following describes the most appropriate way for Matt to do this?
Encrypt it and send it via digitally signed Government e-mail
I only had to retake "Unclassified Information" mission
I only had to retake "Unclassified Information" mission
How can you protect your home computer?
Install spyware protection software
Which of the following statements is true of DoD Unclassified data?
It poses no risk to the safety of government personnel, missions, or systems.
When allowed, which of the following is an appropriate use of removable media?
Labeling media that contains personally identifiable information (PII)
Which of the following is an appropriate use of a DoD Public Key Infrastructure (PKI) token?
Only leave it in a system while actively using it for a PKI-required task
Who designates whether information is classified and its classification level?
Original classification authority
You receive an e-mail with a link to run an anti-virus scan. Your IT department has not sent links like this in the past. The e-mail is not digitally signed. What action should you take?
Report the e-mail to your security POC or help desk.
What is insider threat?
Someone who uses authorized access, either wittingly or unwittingly, to harm national security
Which of the following is true of compressed URLs (e.g., TinyURL, goo.gl)?
They may be used to mask malicious intent
You receive an e-mail marked important from you agency head asking you to call them using a number you do not recognize. This e-mail was sent from a personal e-mail address that you do not recognize, but it addresses you by name. What action should you take?
This may be a spear phishing attempt. Report it to your security POC or help desk.
How can you protect your home computer?
Use legitimate, known antivirus software.
How can you protect date on a mobile device?
Use two-factor authentication
Steve occasionally runs errands during virtual meetings. He joins the meeting using his approved government device. Does this pose a security concern?
Yes. Eavesdroppers may be listening to Steve's conversation.
Which of the following is the safest to share on a social networking site?
Your favorite movie
Which of the following is an example of a strong password?
bRobr@79I*P
