DOD Cyber Awareness Challenge 2025 Knowledge check
Which of the following is a best practice for protecting your home wireless network for telework or remote work?
Implement, as a minimum, Wi-Fi Protected Access 2 (WPA2) Personal encryption. (Correct) Ref: Cyber Awareness Challenge 2025 / Wireless Network
Which of the following is true of Controlled Unclassified Information (CUI)?
It belongs to a defined category established in the DoD CUI Registry. (Correct) Ref: Cyber Awareness Challenge 2025 / Controlled Unclassified Information (CUI)
Which of the following is true of spillage?
It can be either inadvertent or intentional. (Correct) Ref: Cyber Awareness Challenge 2025 / Spillage
When allowed, which of the following is an appropriate use of removable media?
Labeling media that contains personally identifiable information (PII) (Correct) Ref: Cyber Awareness Challenge 2025 / Appropriate Use of Removable Media
Which of the following is a best practice when browsing the Internet?
Look for h-t-t-p-s in the URL name. (Correct) Ref: Cyber Awareness Challenge 2025 / Web Use and Your Safety
As you browse a social media site, you come across photos of information with classified markings. What should you do?
Notify your security point of contact. (Correct) Ref: Cyber Awareness Challenge 2025 / Responding to Spillage
Which of the following is a best practice for physical security?
Report suspicious activity. (Correct) Ref: Cyber Awareness Challenge 2025 / Physical Security
You receive an e-mail with a link to run an anti-virus scan. Your IT department has not sent links like this in the past. The e-mail is not digitally signed. What action should you take?
Report the e-mail to your security POC or help desk. (Correct) Ref: Cyber Awareness Challenge 2025 / Phishing
How can you prevent viruses and malicious code?
Scan all e-mail attachments (Correct) Ref: Cyber Awareness Challenge 2025 / Protecting Against Malicious Code
Which of the following provides, comprehensive guidance regarding specific program, system, operation, or weapon system elements of information to be classified?
Security Classification Guide. (Correct) Ref: Cyber Awareness Challenge 2025 / Marking SCI
When linked to a specific individual, which of the following is NOT an example of Personally Identifiable Information (PII)?
Smartphone brand and model (Correct) Ref: Cyber Awareness Challenge 2025 / Personally Identifiable Information (PII)
Which of the following is NOT an appropriate use of your Common Access Card (CAC)?
Exchanging it for a visitor pass in another building. (Correct) Ref: Cyber Awareness Challenge 2025 / CAC/PIV Card Protection
Based on the description provided, how many insider threat indicators are present? Edward has worked for the DoD agency for 2 years. He is an analyst who takes a great deal of interest in his work. He occasionally takes a somewhat aggressive interest in others' work as well, including asking for classified details of their projects. He otherwise gets along well with his colleagues.
1 (Correct) Ref: Cyber Awareness Challenge 2025 / Detecting Insider Threats
Which of the following personally owned peripherals can you use with government furnished equipment (GFE)?
A wired keyboard connection via USB. (Correct) Ref: Cyber Awareness Challenge 2025 / Peripherals
When is the safest time to post on social media about your work-related travel?
After the trip (Correct) Ref: Common Sense
Which of the following poses a security risk while teleworking in an environment where Internet of Things (IoT) devices are present?
All of these. (Correct) Ref: Cyber Awareness Challenge 2025 / Internet of Things (IoT)
How can malicious code do damage?
All of these. (Correct) Ref: Cyber Awareness Challenge 2025 / Malicious Code
Which of the following can be used to catalogue information about you?
All of these. (Correct) Ref: Cyber Awareness Challenge 2025 / Online Identity
Which of the following is permitted within a Sensitive Compartmented Information Facility (SCIF)?
An authorized Government-owned Portable Electronic Device (PED) (Correct) Ref: Cyber Awareness Challenge 2025 / SCIFs and Portable Electronic Devices (PEDs)
Which of these is NOT a potential indicator that your device may be under a malicious code attack?
An operating system update (Correct) Ref: Cyber Awareness Challenge 2025 / Incident Indicators
Which of the following is a best practice to protect your identity?
Ask how information will be used before giving it out. (Correct) Ref: Cyber Awareness Challenge 2025 / Identity Protection
Which of the following is true of working within a Sensitive Compartmented Information Facility (SCIF)?
Badges must be worn while in the facility and removed when leaving the facility. (Correct) Ref: Cyber Awareness Challenge 2025 / Sensitive Compartmented Information Facilities (SCIFs)
Which of the following is a potential Insider threat indicator?
Death of spouse. (Correct) Ref: Cyber Awareness Challenge 2025 / personnel Detecting Insider Threats
You receive a text message from a vendor notifying you that your order is on hold due to needing updated payment information from you. It provides a shortened link for you to provide the needed information. What is the best course of action?
Delete the message (Correct) Ref: Cyber Awareness Challenge 2025 / Smishing
Which of the following is a best practice for using government e-mail?
Do not solicit sales. (Correct) Ref: Cyber Awareness Challenge 2025 / Use of Government E-mail
You receive a phone call from an unknown person asking for a directory name on your government furnished laptop so that a software update can be made. Which course of action should you take?
Document the interaction and contact your security POC or help desk. (Correct) Ref: Cyber Awareness Challenge 2025 / Social Engineering
Which of the following is an allowed use of government furnished equipment (GFE)?
E-mailing your supervisor (Correct) Ref: Cyber Awareness Challenge 2025 / Ethical Use of Government-Furnished Equipment (GFE)
Matt is a government employee who needs to share a document containing source selection data with his supervisor. Which of the following describes the most appropriate way for Matt to do this?
Encrypt it and send it via digitally signed Government e-mail. (Correct) Ref: Cyber Awareness Challenge 2025 / Protecting PII/PHI
John receives an e-mail about a potential shutdown of a major social service unless a petition receives enough signatures. Which of the following actions should John NOT take with the e-mail?
Forward it (Correct) Ref: Cyber Awareness Challenge 2025 / Phishing
Which of the following statements about Protected Health Information (PHI) is true?
It is health information that identifies the individual. (Correct) Ref: Cyber Awareness Challenge 2025 / Protected Health Information (PHI)
Which of the following is an appropriate use of a DoD Public Key Infrastructure (PKI) token?
Only leave it in a system while actively using it for a PKI-required task. (Correct) Ref: Cyber Awareness Challenge 2025 / DoD PKI Tokens
Who designates whether information is classified and its classification level?
Original classification authority (Correct) Ref: Cyber Awareness Challenge 2025 / Classified Data
Which of the following is true of Sensitive Compartmented Information Facilities (SCIFs)?
Personnel should physically assess whether everyone within listening distance has a need-to-know before starting conversations involving classified information. (Correct) Ref: Cyber Awareness Challenge 2025 / SCIF Situational Awareness
How can you protect yourself from identity theft?
Review your credit report annually. (Correct) Ref: Cyber Awareness Challenge 2025 / Identity Protection
Which of the following describes Sensitive Compartmented Information (SCI)?
SCI introduces an overlay of security to Top Secret, Secret, and Confidential information. (Correct) Ref: Cyber Awareness Challenge 2025 / Sensitive Compartmented Information (SCI)
Which of the following uses of removable media is allowed?
Sam uses approved Government owned removable media to transfer files between government systems as authorized. (Correct) Ref: Cyber Awareness Challenge 2025 / Appropriate Use of Removable Media
What is an insider threat?
Someone who uses authorized access, either wittingly or unwittingly, to harm national security. (Correct) Ref: Cyber Awareness Challenge 2025 / Insider Threat
Which of the following is a way to protect classified data?
Store it in a GSA-approved container. (Correct) Ref: Cyber Awareness Challenge 2025 / Protecting Classified Data
How can you protect your home computer?
Use legitimate, known antivirus software (Correct) Install spyware protection software. (Correct) Ref: Cyber Awareness Challenge 2025 / Best Practices for Home Computer Security
How can you protect data on a mobile device?
Use two-factor authentication (Correct) Ref: Cyber Awareness Challenge 2025 / Protecting Data on Mobile Devices and PEDs
Which of the following is an appropriate use of government e-mail?
Using a digital signature when sending hyperlinks (Correct) Ref: Cyber Awareness Challenge 2025 / Use of Government E-mail
Tessa is processing payroll data that includes employees' names, home addresses, and salary. Which of the following is Tessa prohibited from doing with the data?
Using her home computer to print the data while working remotely. (Correct) Ref: Cyber Awareness Challenge 2025 / Telework and Home Computer Security
How can you protect yourself on social networking sites?
Validate connection requests through another source if possible. (Correct) Ref: Cyber Awareness Challenge 2025 / Social Networking: Protect Yourself
As you scroll through your social media feed, a news headline catches your eye. What should you consider before sharing it with your connections?
Whether the source is credible and reliable. (Correct) Ref: Cyber Awareness Challenge 2025 / Disinformation
Does it pose a risk to tap your smartwatch to pay for a purchase at a store?
Yes, there is a risk that the signal could be intercepted and altered. (Correct) Ref: Cyber Awareness Challenge 2025 / Near Field Communication (NFC)
Steve occasionally runs errands during virtual meetings. He joins the meetings using his approved government device. Does this pose a security concern?
Yes. Eavesdroppers may be listening to Steve's conversation (Correct) Ref: Common Sense
Which of the following is true of transmitting or transporting Sensitive Compartmented Information (SCI)?
You must be courier-briefed for SCI to transport it. (Correct) Ref: Cyber Awareness Challenge 2025 / Transmitting SCI
Which of the following is the safest to share on a social networking site?
Your favorite movie. (Correct) Ref: Cyber Awareness Challenge 2025 / Social Networking: Protect Yourself
Which is an example of a strong password?
bRobr@79I*P (Correct) Ref: Cyber Awareness Challenge 2025 / Passwords
Which of the following is permitted when using an unclassified laptop within a collateral classified space?
A personally-owned wired headset without a microphone (Correct) Ref: Cyber Awareness Challenge 2025 / Collateral Classified Spaces
Which of the following is an example of behavior that you should report?
Bringing a phone into a prohibited area. (Correct) Ref: Cyber Awareness Challenge 2025 / Reporting Requirements
Under which Cyberspace Protection Condition (CAPCON) is the priority focus limited to critical functions?
CPCON 1 (Correct) Ref: Cyber Awareness Challenge 2025 / Cyberspace Protection Conditions (CPCON)
Which of the following would work in combination for two-factor authentication?
Common Access Card (CAC) and Personal Identification Number (PIN) (Correct) Ref: Cyber Awareness Challenge 2025 / Identity Authentication
Which of the following is an example of removable media?
Compact disc (Correct) Ref: Cyber Awareness Challenge 2025 / Removable Media, PEDs, and Mobile Devices
Which type of data could reasonably be expected to cause damage to national security?
Confidential (Correct) Ref: Cyber Awareness Challenge 2025 / Classified Data
Which of the following is a best practice for telework and remote work?
Connect to your Government Virtual Private Network (VPN) (Correct) Ref: Cyber Awareness Challenge 2025 / Telework and Home Computer Security
How can you protect a mobile device while traveling?
Connect with a Government VPN. (Correct) Ref: Cyber Awareness Challenge 2025 / Traveling with Mobile Devices
Adam sees a coworker who does not have the required clearance with a printed document marked as Sensitive Compartmented Information (SCI). What should he do?
Contact his security POC and report the incident. (Correct) Ref: Common Sense
What is a best practice for creating user accounts for your home computer?
Create separate accounts for each user and have each user create their own password. (Correct) Ref: Cyber Awareness Challenge 2025 / Best Practices for Home Computer Security
Which of the following statements is true of DoD Unclassified data?
It must be cleared before being released to the public. (Correct) Ref: Cyber Awareness Challenge 2025 / Unclassified Information
Which of the following is true of removable media and portable electronic devices (PEDs)
The risk associated with them may lead to loss of life. (Correct) Ref: Cyber Awareness Challenge 2025 / Removable Media, PEDs, and Mobile Devices
Which of the following is true of compressed URLs (e.g., TinyURL, goo.gl)?
They may be used to mask malicious intent. (Correct) Ref: Cyber Awareness Challenge 2025 / Compressed URLs
You receive an e-mail marked important from your agency head asking you to call them using a number you do not recognize. The e-mail was sent from a personal e-mail address that you do not recognize, but it addresses you by name. What action should you take?
This may be a spear phishing attempt. Report it to your security POC or help desk. (Correct) Ref: Cyber Awareness Challenge 2025 / Spear Phishing
What are the requirements for access to Sensitive Compartmented Information (SCI)?
Top Secret clearance and indoctrination into the SCI program. (Correct) Ref: Cyber Awareness Challenge 2025 / Sensitive Compartmented Information (SCI)
