DoD Cyber Awareness Challenge (FY22)
What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF?
- Notify your security POC - Analyze the media for viruses or malicious code - Analyze the other workstations in the SCIF for viruses or malicious code
How can malicious code cause damage?
- corrupting files - erasing your hard drive - allowing hackers access
Based on the description that follows, how many potential insider threat indicator(s) are displayed? A colleague is playful and charming, consistently wins performance awards, and is occasionally aggressive in trying to access classified information.
1 indicator
What actions should you take with an e-mail from a friend containing a compressed Uniform Resource Locator (URL)? - Open the link using your browser's privacy mode - Investigate the link's actual destination using the preview feature - Quarantine the e-mail and open the link at a later date - Forward the e-mail to another friend
?
Which of the following is an example of near field communication (NFC)? - A pair of people talking via hand-held, two-way radio transceivers (i.e., walkie talkies) - An internal chat message sent between team members on a workforce collaboration platform (e.g., Teams) - A smartphone that transmits credit card payment information when held in proximity to a credit card reader - An e-mail transmitted between a sender and recipient who are on the same e-mail server
?
What is the safest time to post details of your vacation activities on your social networking profile?
After you have returned home following the vacation
When is it appropriate to have your security badge visible?
At all times when in the facility
Which of the following is NOT a correct way to protect CUI? - CUI may be stored on any password-protected system. - CUI may be stored in a locked desk after working hours. - CUI may be e-mailed if encrypted.
CUI may be stored on any password-protected system.
How can you avoid downloading malicious code?
Do not access website links in e-mail messages
Which of the following represents an ethical use of your Government-furnished equipment (GFE)? - Downloading a pirated episode of your favorite television show - Listing a piece of furniture for sale on your neighborhood buy/sell group - Placing a bet on your Final Four bracket - E-mailing your co-workers to let them know you are taking a sick day
E-mailing your co-workers to let them know you are taking a sick day
What action should you take when using removable media in a Sensitive Compartmented Information Facility (SCIF)?
Identify and disclose it with local Configuration/Change Management Control and Property Management authorities
What security risk does a public Wi-Fi connection pose?
It may expose the connected device to malware
Your DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approved for access to the Non-classified Internet Protocol Router network (NIPRNet). In which situation below are you permitted to use your PKI token? - On a system of a higher classification level, such as the Secret Internet protocol Router Network (SIPRNet) - On a computer displaying a notification to update the antivirus software - On a NIPRNet system while using it for a PKI-required task - On a computer at the public library to check your DoD e-mail
On a NIPRNet system while using it for a PKI-required task
What should the participants in this conversation involving SCI do differently?
Physically assess that everyone within listening distance is cleared and has need-to-know for the information being discussed
Which of the following practices may reduce your appeal as a target for adversaries seeking to exploit your insider status? - Discuss classified information freely within your closed work environment - Talk about your work only at a high level when attending public networking events - Retrieve messages from your smartphone immediately, regardless of your surroundings - Remove your security badge after leaving your controlled area or office building
Remove your security badge after leaving your controlled area or office building
What should the owner of this printed SCI do differently?
Retrieve classified documents promptly from printers
What should you consider when using a wireless keyboard with your home computer?
Reviewing and configuring the available security features, including encryption
Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization? - Secret - Top Secret - Controlled Unclassified - Confidential
Secret
Which of the following is an example of malicious code? - A system reminder to install security updates - Software that installs itself without the user's knowledge - A firewall that monitors and controls network traffic
Software that installs itself without the user's knowledge
What threat do insiders with authorized access to information or information systems pose?
They may wittingly or unwittingly use their authorized access to perform actions that result in the loss or degradation of resources or capabilities.
Which of the following is a security best practice when using social networking sites?
Understanding and using the available privacy settings
Which of the following is a best practice for physical security? - Assume that people without badges are escorted - Hold the door open for your personnel you know - Post a copy of the access roster on the door - Use your own facility access badge or key code
Use your own facility access badge or key code
When can you use removable media on a Government system?
When operationally necessary, owned by your organization, and approved by the appropriate authority
Which of the following is NOT a best practice to preserve the authenticity of your identity? - Write your password down on a device that only you access (e.g., your smartphone) - Store your Common Access Card (CAC) or Personal Identity Verification (PIV) card in a shielded sleeve - Enable two-factor authentication whenever available, even for personal accounts - Change your password at least every 3 months
Write your password down on a device that only you access (e.g., your smartphone)
Which of the following information is a security risk when posted publicly on your social networking profile? - Your personal e-mail address - Your hobbies - Your birthday - Pictures of your pet
Your birthday
Example of information that is protected health information (PHI)
medical record or information of medical visit/history
Example of information that is personally identifiable information (PII)
social security number
When is it okay to charge a personal mobile device using government-furnished equipment (GFE)?
this is never okay
What action should you take if you become aware that Sensitive Compartmented Information (SCI) has been compromised? - contact your security point of contact to report the incident - evaluate the causes of the compromise - e-mail detailed information about the incident to your security point of contact - access the amount of damage that could be caused by the compromise
?
What guidance is available for marking Sensitive Compartmented Information (SCI)? Security Classification Guides Your supervisor Original Classification Authority Sensitive Compartmented Information Guides
?
What type of social engineering targets particular individuals, groups of people, or organizations? - phishing - spear phishing - whaling - group phishing
?
Which is the best practice that can prevent viruses and other malicious code from being downloaded when checking your e-mail? - Do not access website links, buttons, or graphics in e-mail - Use the Preview Pane to view e-mails without opening them - View e-mails as rich text or HTML rather than plain text - Detail all e-mails that have digital signature without opening them
?
Which of the following individuals can access classified data? - Darryl is managing a project that requires access to classified information. He has the appropriate clearance and a signed, approved non-disclosure agreement. - Theodore is seeking access to classified information that eh does not need to know to perform his job duties. He has the appropriate clearance and a signed, approved non-disclosure agreement. - Maria received an assignment to support a project that requires access to classified information. She has recently been granted the appropriate clearance but has not yet signed the non-disclosure agreement. - Elsa is joining a project that required access to information that is classified t a higher level than her current clearance level. For her current clearance, she has a signed and approved non-disclosure agreement.
Darryl is managing a project that requires access to classified information. He has the appropriate clearance and a signed, approved non-disclosure agreement.
Which of the following is NOT a way that malicious code spreads? - Legitimate software updates - Infected websites - E-mail attachments - File downloads
Infected websites
Which of the following demonstrates proper protection of mobile devices? - Sally stored her government-furnished laptop in her checked luggage using a TSA approved luggage lock. - Linda encrypts all of the sensitive data on her government-issued mobile devices. - Alan uses password protection as required on his government-issued smartphone but prefers the ease of no password on his personal smartphone.
Linda encrypts all of the sensitive data on her government-issued mobile devices.
Which of the following actions is appropriate after finding classified information on the Internet? - Contact the owner of the website to remove the information - Download the information so that you have a copy of it - Note any identifying information and the website's Uniform Resource Locator (URL) - Assume that you must be mistaken and ignore it
Note any identifying information and the website's Uniform Resource Locator (URL)
What portable electronic devices (PEDs) are permitted in a SCIF?
Only expressly authorized government-owned PEDs
Which of the following is NOT an example of CUI? - Proprietary data - Press release data - Financial information
Press release data
You receive an inquiry from a reporter about potentially classified information on the Internet. How should you respond?
Refer the reporter to your organization's public affairs office.
How should you respond to the theft of your identity?
Report the crime to local law enforcement
