Cyber Awareness 2024
Based on the description provided, how many insider threat indicators are present? Edward has worked for a DoD agency for 2 years. He is an analyst who takes a great deal of interest in his work. He occasionally takes a somewhat aggressive interest in others' work as well, including asking for classified details of their projects. He otherwise gets along well with his colleagues
1
Which of these is NOT a potential indicator that your device may be under a malicious code attack?
A notification for a system update that has been publicized
Which of the following is permitted when using an unclassified laptop within a collateral classified space?
A personally-owned wired headset without a microphone
Which of the following personally owned peripherals can you use with government furnished equipment (GFE)?
A wired keyboard connected via USB
When is the safest time to post on social media about your vacation plans?
After the trip
When is the safest time to post on social media about your work-related travel?
After the trip
Which of the following contributes to your online identity?
All of these (Social networking sites, Audio-enabled digital assistants, Fitness trackers)
What does the Common Access Card (CAC) contain?
Certificates for identification, encryption, and digital signature
How can an adversary use information available in public records to target you?
Combine it with information from other data sources to learn how to best bait you with a scam
You receive a text message from a package shipper notifying you that your package delivery is delayed due to needing updated delivery instructions from you. It provides a shortened link for you to provide the needed information. You are not expecting a package. What is the best course of action?
Delete the message
What is the goal of an Insider Threat Program?
Deter, detect, and mitigate the risks associated with insider threats
Which of the following is NOT a best practice for protecting data on a mobile device?
Disable automatic screen locking after a period of inactivity
Which of the following is a best practice for using government e-mail?
Do not send mass e-mails
Which of the following is an allowed use of government furnished equipment (GFE)?
E-mailing your supervisor
Matt is a government employee who needs to share a dcoument containing source selection data with his supervisor. Which of the following describes the most appropriate way for Matt to do this?
Encrypt it and send it via digitally singed government e-mail.
Which of the following is NOT an appropriate use of your Common Access Card (CAC)?
Exchanging it for a visitor pass in another building
Which of the following is a best practice for protecting your home wireless network for telework or remote work?
Implement, as a minimum, Wi-Fi Protected Access 2 (WPA2) Personal encryption
How should government owned removable media be stored?
In a GSA-approved container according to the appropriate security classification
How can you protect your home computer?
Install spyware protection software
Which of the following is true of Controlled Unclassified Information (CUI)?
It belongs to a defined category established in the DoD CUI Registry.
Which of the following is true of spillage?
It can be either inadvertent or intentional.
Which of the following statements about Protected Health Information (PHI) is false?
It is a type of Controlled Unclassified Information (CUI)
Which of the following statements is true of DoD Unclassified data?
It may require access and distribution controls.
When allowed, which of the following is an appropriate use of removable media?
Labeling media that contains personally identifiable information (PII)
Where are you permitted to use classified data?
Only in a SCIF
Which of the following is a step you should NOT take to protect against spillage
Purge any device's memory before connecting it to a classified network
Which of the following describes Sensitive Compartmented Information?
SCI introduces an overlay of security to Top Secret, Secret, and Confidential information.
How can you prevent viruses and malicious code?
Scan all e-mail attachments
How can you prevent viruses and malicious code?
Scan all external files before uploading to your computer
Which of the following can be used to catalogue information about you?
Social networking sites Audio-enabled digital assistants (Siri, Alexa) Fitness trackers All of these (Correct choice)
How can you protect a mobile device while traveling?
Store the device in a hotel safe when sightseeing
Which of the following is an example of behavior that you should report?
Taking sensitive information home for telework without authorization
What conditions are necessary to be granted access to Sensitive Compartmented Information (SCI)?
The appropriate level of security clearance eligibility and a need-to-know
Which of the following is true of compressed URLs (e.g., TinyURL, goo.gl)?
They may be used to mask malicious intent.
Terry sees a post on her social media feed that says there is smoke billowing from the Pentagon. The post includes a video that shows smoke billowing from a building that is not readily identifiable as the Pentagon. Terry is not familiar with the source of the post. Which of the following describes what Terry has likely seen?
This is probably a post designed to attract Terry's attention to click on a link and steal her information.
How can you protect your home computer?
Turn on the password feature
How can you protect your home computer?
Use legitimate, known antivirus software
How can you mitigate the potential risk associated with a compressed URL (e.g., TinyURL, goo.gl)?
Use the preview function to see where the link actually leads
Which of the following is NOT a best practice for protecting your home wireless network for telework?
Use your router's pre-set Service Set Identifier (SSID) and password
Sylvia commutes to work via public transportation. She often uses the time to get a head start on work by making phone calls or responding to e-mails on her government approved mobile device. Does this pose a security concern?
Yes. Eavesdroppers may be listening to Sylvia's phone calls, and shoulder surfers may be looking at her screen. Sylvia should be aware of these risks.
Which of the following is true of transmitting or transporting Sensitive Compartmented Information (SCI)?
You must be courier-briefed for SCI to transport it.
Which of the following is an example of a strong password?
d+Uf_4RimUz
Which of the following is a best practice to protect your identity?
Ask how information will be used before giving it out
Which of the following is true of working within a Sensitive Compartmented Information Facility (SCIF)?
Badges must be worn while in the facility and removed when leaving the facility.
Which of the following would work in combination for two-factor authentication?
Common Access Card (CAC) and Personal Identification Number (PIN)
Which of the following is a best practice for telework and remote work?
Connect to your Government Virtual Private Network (VPN)
You receive an e-mail with a link to run an anti-virus scan. Your IT department has not sent links like this in the past. The e-mail is not digitally signed. What action should you take?
Report the e-mail to your security POC or help desk.
Which of the following is an appropriate use of government e-mail?
Using a digital signature when sending hyperlinks
Which of the following is NOT an appropriate use of your Common Access Card (CAC)?
Using it as photo identification with a commercial entity
