Cyber Awareness Challenge Knowledge Check
Which of the following should be reported as a potential security incident?
A coworker removes sensitive information without authorization
What is required for an individual to access classified data?
Appropriate clearance; signed and approved non-disclosure agreement; and need-to-know.
Which is it appropriate to have your security badge visible within a Sensitive Compartmented Information Facility (SCIF)
At all times when in the facility
Which of the following is true of protecting classified data?
Classified material must be appropriately marked.
What is a security best practice to employ on your home computer?
Create separate user accounts with strong individual passwords.
A man you do not know is trying to look at your Government-issued phone and has asked to use it. What should you do?
Decline to lend the man your phone.
Which of the following is a practice that helps to prevent the download of viruses and other malicious code when checking your email?
Do not access links or hyperlinked media such as buttons and graphics in email messages.
What is a rule for removable media, other portable electronic devices (PEDs), and mobile computing devices to protect Government systems?
Do not use any personally owned/non-organizational removable media on your organization's systems.
A Coworker has asked if you want to download a programmers game to play at work. what should be your response be?
I'll pass
What certificates are contained on the Common Access Card (CAC)?
Identification, encryption, and digital signature
Which of the following may help to prevent inadvertent spillage?
Label all files, removable media, and subject headers with appropriate classification markings.
What is best practice while traveling with mobile computing devices?
Maintain possession of your laptop and other government-furnished equipment (GFE) at all times.
Which of the following actions is appropriate after finding classified Government information on the internet?
Note any identifying information and the website's URL
You have reached the office door to exit your controlled area. As a security best practice, what should you do before exiting?
Remove your security badge, common access card (CAC), or personal identity verification (PIV) card.
While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. The website requires a credit card for registration. What should you do?
Since the URL does not start with "https," do not provide your credit card information.
What does Personally Identifiable information (PII) include?
Social Security Number, date and place of birth, mother's maiden name
Which is a risk associated with removable media?
Spillage of classified information.
How should you protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card?
Store it in a shielded sleeve to avoid chip cloning.
What are the requirements to be granted access to sensitive compartmented information (SCI)?
The proper security clearance and indoctrination into the SCI program
Which of the following is a best practice to protect information about you and your organization on social networking sites and applications?
Use only personal contact information when establishing personal social networking accounts, never use Government contact information.
What is a way to prevent the download of viruses and other malicious code when checking your e-mail?
View email in plain text and don't view email in Preview Pane.
When is the best time to post details of your vacation activities on your social networking website?
When your vacation is over, and you have returned home.
What helps protect from spear phishing?
be wary of suspicious e-mails that use your name and/or appear to come from inside your organization.
What are some potential insider threat indicators?
difficult life circumstances such as substance abuse, divided loyalty or allegiance to the U.S., and extreme, persistent interpersonal difficulties
What is an indication that malicious code is running on your system?
file corruption
Which of the following is NOT an example of sensitive information?
press release data
A colleague asks to leave a report containing protected health information (PHI) on his desk overnight so he can continue working on it the next day. How do you respond?
tell your colleague that it needs to be secured in a cabinet or container
Which of the following is not considered a potential insider threat indicator?
treated mental health issues
