Annual DoD Training - Cyber Awareness/Information Assurance Challenge - 4/2024
On your home computer, how can you best establish passwords when creating separate user accounts? A. Do not require passwords for the user accounts. B. Tailor each password to what will be easy for the individual user to remember. C. Have each user create their own, strong password. D. Set the same, strong password for each user account.
C
What conditions are necessary to be granted access to Sensitive Compartmented Information (SCI)? A. The access caveats as defined in the appropriate category of the DoD Controlled Unclassified Information (CUI) Registry B. Special access authorization and indoctrination into the SCI program C. Top Secret clearance and indoctrination into the SCI program D. The appropriate level of security clearance eligibility and a need-to-know
C
Which of the following is NOT a way that malicious code can spread? A. Visiting infected websites B. Downloading files C. Running a virus scan D. E-mail attachments
C
Beth taps her phone at a payment terminal to pay for a purchase. Does this pose a security risk? A. Only if Beth does not have two-factor authentication enabled on her phone. B. Only if Beth does not have the data on her phone encrypted. C. No, there is no security risk associated with this. D. Yes, there is a risk that the signal could be intercepted and altered.
D
How can an adversary use information available in public records to target you? A. Sign you up for junk mail to make you less critical in your evaluation of communications. B. Information in public records cannot be used to target you, as any sensitive information must be redacted. C. Take verifiable information stolen from others to establish bona fides with you. D. Combine it with information from other data sources to learn how best to bait you with a scam.
D
Which of the following contributes to your online identity? A. Social networking sites B. Audio-enabled digital assistants (e.g., Siri, Alexa) C. Fitness trackers D. All of these
D
Annabeth becomes aware that a conversation with a co-worker that involved Sensitive Compartmented Information (SCI) may have been overheard by someone who does not have the required clearance. What action should Annabeth take? A. Contact her security POC to report the incident. B. Nothing. Verbally overhearing SCI is not considered compromise. C. Swear the person who overheard to secrecy. D. Contact her security POC with detailed information about the incident.
A
Based on the description provided, how many insider threat indicators are present? Elyse has worked for a DoD agency for more than 10 years. She is a diligent employee who receives excellent performance reviews and is a valued team member. She has two children and takes them on a weeklong beach vacation every summer. She spent a semester abroad in France as a teenager and plans to take her children to visit France when they are older. A. 0 B. 1 C. 2 D. 3+
A
Sylvia commutes to work via public transportation. She often uses the time to get a head start on work by making phone calls or responding to e-mails on her government approved mobile device. Does this pose a security concern? A. Yes. Eavesdroppers may be listening to Sylvia's phone calls, and shoulder surfers may be looking at her screen. Sylvia should be aware of these risks. B. No, because Sylvia is using a government approved device. C. No. No one else is going to be paying attention to what Sylvia is doing, as they will be focused on their own business. D. Yes, but only the phone calls. Sylvia should speak softly and only make calls when no one is sitting next to her.
A
The defense contractor's information system was made vulnerable by outdated and unpatched software. How does your organization handle this? A. System administrators are on top of it and we have a strict policy. I pay close attention to notices to upgrade and apply patches. B. We use what works; we're not necessarily concerned with upgrading to the latest and greatest thing. C. I have no idea; I'm busy enough as it is. I see notices about upgrades and patches, but I don't have time to worry about software versions or if my computer has every software patch installed.
A
Which of the following is NOT a best practice for teleworking in an environment where Internet of Things (IoT) devices are present? A. Use the devices' default security settings B. Set strong passwords for the devices C. Remove any voice-enabled device D. Check the devices periodically for Bluetooth connections
A
Which of the following is an allowed use of government furnished equipment (GFE)? A. Checking personal e-mail if your organization allows it B. Lending it to your child to complete schoolwork C. Viewing family photos from your shared DropBox D. Placing a bet in your fantasy football league
A
Which of the following is true of telework? A. You must have permission from your organization to telework. B. You may use classified data while teleworking if your monitor is positioned so that others cannot see it. C. You may use your own wireless mouse and keyboard. D. You may telework anywhere.
A
Which of the following personally owned peripherals can you use with government furnished equipment (GFE)? A. A USB hub B. A monitor connected via USB C. A Bluetooth headset D. A wired keyboard that requires installed drivers
A
Which of the following uses of removable media is allowed? A. Government owned removable media that is approved as operationally necessary B. Personally owned removable media on Unclassified government laptops C. Unclassified government owned removable media on a personal laptop D. Connecting a personal phone to an Unclassified government laptop to charge only
A
You receive a text message from a package shipper notifying you that your package delivery is delayed due to needing updated delivery instructions from you. It provides a shortened link for you to provide the needed information. You are not expecting a package. What is the best course of action? A. Delete the message B. Open the link to inspect the website C. Open the link to provide the information D. Reply to the message and ask for more information
A
Carl receives an e-mail about a potential health risk caused by a common ingredient in processed food. Which of the following actions should Carl NOT take with the e-mail? A. Research the claim B. Forward it C. Delete it D. Mark it as junk
B
How can you protect your home computer? A. Decline security updates B. Turn on the password feature C. Use the administrator account for all users D. Disable any pre-installed antivirus software
B
If you received an email asking for personal information, how would you respond? A. If the email is from within my organization, there's no harm in providing the information. I'd provide the requested information. B. I'm not sure why my user name and password would be required. I'd notify my security point of contact or help desk. C. I don't care who is requesting my password, I would never provide it. I'd delete the e-mail.
B
Selecting the link downloaded malicious code. Would you have selected the link? A. Definitely, my organization has strong anti-virus software. I'd open the link. B. No, I wouldn't open a link from an unknown forum poster. C. It depends. If I was on a reputable site, I'd have no problem opening it.
B
The defense contractor was targeted via removable media. What is your organization's policy on thumb drives and other removable media? A. We use removable media; it's convenient and is an efficient way of sharing and transferring information. B. Removable media is strictly prohibited. C. I'm not sure.
B
What philosophy do you follow when creating passwords? A. I use the same, very secure password for everything. It's 8 characters and includes lower and upper case letters, numbers, and special characters. There's no way a password cracker is getting my information. B. I change passwords frequently and always use a combination of numbers, letters, and special characters. I'm fairly confident my passwords are secure. C. I don't worry about my password; my organization's security is strong enough to defeat a hacker. I make sure to use something I can remember like a significant date or name.
B
Which of the following is LEAST likely to pose a risk to share on a social networking site? A. Your current location B. Your pet's name C. Your birthdate D. Your mother's maiden name
B
Which of the following is a best practice when browsing the Internet? A. Look for h-t-t-p in the URL name B. Only accept cookies from reputable, trusted websites C. Confirm that the site uses an unencrypted link D. Set your browser to automatically accept all cookies
B
Which of the following is an example of a strong password? A. P@55w0rd B. d+Uf_4RimUz C. 123Maple D. 1970June30!
B
Which of the following is permitted within a Sensitive Compartmented Information Facility (SCIF)? A. A Government-issued webcam B. An authorized Government-owned Portable Electronic Device (PED) C. A Government-issued smartphone D. A personal wearable device, such as a smartwatch
B
Which of the following is true of transmitting or transporting Sensitive Compartmented Information (SCI)? A. Anyone with eligibility to access SCI may hand-courier SCI. B. Printed SCI must be retrieved promptly from the printer. C. SCI does not require a coversheet in an open storage environment. D. A collateral classified fax machine may be used to fax SCI with the appropriate coversheet.
B
Which of the following uses of removable media is appropriate? A. Discarding unneeded removable media in the trash B. Encrypting data stored on removable media C. Avoiding attaching labels to removable media D. Downloading data from classified networks
B
You receive an e-mail marked important from your boss asking for data that they need immediately for a meeting starting now. The e-mail was sent from a personal e-mail address that you do not recognize, but it addresses you by name. What concern does this e-mail pose? A. This poses no concern. The e-mail addresses you by name, so it is probably legitimate. B. This may be a spear phishing attempt. Contact your boss using contact information that you know to be legitimate. C. This is an important request that requires your immediate attention. You may not be able to send the data in time. D. The data must be encrypted before you can send it to a non-government e-mail address.
B
What is the goal of an Insider Threat Program? A. Enable the firing or arrest of individuals susceptible to taking insider threat actions. B. Compile annual reports about insider threat incidents within DoD. C. Deter, detect, and mitigate the risks associated with insider threats. D. Design situations to entrap people vulnerable to becoming insider threats.
C
Which of the following is a best practice for managing connection requests on social networking sites? A. Make your posts publicly available so that everyone can view them without connecting with you B. Assume that people are who they say they are on social networking sites C. Validate connection requests through another source if possible D. Accept connection requests from people with whom you share mutual connections
C
Which of the following is a best practice to protect your identity? A. Carry your social security card with you at all times B. Shred credit card and bank statements without opening them C. Order a credit report annually D. Enable data aggregation on sites when possible
C
Which of the following is a step you should NOT take to protect against spillage? A. Purge any device's memory before connecting it to a classified network B. Verify that you are using the correct network for the level of data C. Follow procedures for transferring data to non-Government networks D. Label all files with appropriate classification markings
C
Which of the following is permitted when using an unclassified laptop within a collateral classified space? A. A Government-issued wireless headset without microphone. B. Wi-Fi. C. A Government-issued wired headset with microphone. D. A personally-owned wired headset with microphone.
C
Which of the following statements is true of DoD Unclassified data? A. It does not require classification markings. B. It may be released to the public at any time. C. It may require access and distribution controls. D. It poses no risk to the safety of government personnel, missions, or systems.
C
You receive an e-mail with a link to schedule a time to update software on your government furnished laptop. Your IT department has not scheduled software updates like this in the past and has not announced this software update. The e-mail is not digitally signed. What action should you take? A. Select the link to schedule the software update. B. Reply to the e-mail to request more information. C. Report the e-mail to your security POC or help desk. D. Look for a phone number in the e-mail to schedule the update by phone.
C
The question is asking to identify the appropriate use of removable media. The given options are: A. Downloading data from classified networks B. Discarding unneeded removable media in the trash C. Avoiding attaching labels to removable media D. Encrypting data stored on removable media
D
Under which Cyberspace Protection Condition (CPCON) is the priority focus limited to critical and essential functions? A. CPCON 1 B. CPCON 2 C. CPCON 3 D. CPCON 4
D
When linked to a specific individual, which of the following is NOT an example of Personally Identifiable Information (PII)? A. Passport number B. Payment for the provision of healthcare C. Fingerprint records D. Automobile make and model
D
Which best describes an insider threat? Someone who uses ________ access, ________ , to harm national security through unauthorized disclosure, data modification, espionage, terrorism, or kinetic actions. A. authorized; with good intentions B. unauthorized; detected or undetected C. unauthorized; undetected D. authorized; wittingly or unwittingly
D
Which of the following is NOT a best practice for protecting data on a mobile device? A. Maintain visual or physical control of your device at all times B. Lock your device when not in use C. Use two-factor authentication D. Disable automatic screen locking after a period of inactivity
D
Which of the following is a risk associated with removable media? A. Introduction of malicious code B. Compromise of systems' confidentiality, availability, or integrity C. Spillage of classified information D. All of these
D
Which of the following is an appropriate use of a DoD Public Key Infrastructure (PKI) token? A. Only use it on a publicly accessible computer with up-to-date antivirus software B. Leave it in the system for all tasks you perform C. Use a SIPRNet token for NIPRNet access as well D. Do not use a token approved for NIPRNet on SIPRNet
D
Which of the following is true of spillage? A. It refers to classified information that has been downgraded. B. It describes when unclassified information is processed on a classified network to avoid disclosure under the Freedom of Information Act (FOIA). C. It refers specifically to classified information that becomes publicly available. D. It can be either inadvertent or intentional.
D
You receive a phone call offering you a $50 gift card if you participate in a survey. Which course of action should you take? A. Participate in the survey and take detailed notes about the interaction. B. Participate in the survey and provide your address to receive the gift card. C. Participate in the survey, as phone surveys pose no risk. D. Decline to participate in the survey. This may be a social engineering attempt.
D
