Cyber Awareness Challenge
Which of the following is an example of a strong password?
%2ZN=Ugq
Based on the description that follows, how many potential insider threat indicator(s) are displayed? A colleague saves money for an overseas vacation every year, is a single father, and occasionally consumes alcohol.
0 indicators
How many potential insider threat indicators does a person who is playful and charming, consistently wins performance awards, but is occasionally aggressive in trying to access sensitive information display?
1 indicator
Based on the description that follows, how many potential insider threat indicator(s) are displayed? A colleague abruptly becomes hostile and unpleasant after previously enjoying positive working relationships with peers, purchases an unusually expensive new car, and has unexplained absences from work.
3 or more indicators
What is a possible indication of a malicious code attack in progress?
A pop-up window that flashes and warns that your computer is infected with a virus.
What is whaling?
A type of phishing targeted at high-level personnel such as senior officials.
Which of the following statements is true?
Adversaries exploit social networking sites to disseminate fake news.
What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF?
All of these
What describes how Sensitive Compartmented Information is marked?
Approved Security Classification Guide (SCG)
After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. You know this project is classified. What should be your response?
Attempt to change the subject to something non-work related, but neither confirm nor deny the article's authenticity.
Which of the following is NOT a correct way to protect CUI?
CUI may be stored on any password-protected system.
What is a good practice for physical security?
Challenge people without proper badges.
Which of the following is true of protecting classified data?
Classified material must be appropriately marked.
What type of activity or behavior should be reported as a potential insider threat?
Coworker making consistent statements indicative of hostility or anger toward the United States in its policies.
What is the best example of Personally Identifiable Information (PII)?
Date and place of birth
What level of damage can the unauthorized disclosure of information classified as Top Secret reasonably be expected to cause?
Exceptionally grave damage to national security
What is an indication that malicious code is running on your system?
File corruption
What certificates are contained on the DoD Public Key Infrastructure (PKI) implemented by the Common Access Card (CAC)/Personal Identity Verification (PIV) card?
Identification, encryption, and digital signature
Under what circumstances is it acceptable to use your Government-furnished computer to check personal e-mail and do other non-work-related activities?
If allowed by organizational policy
What does "spillage" refer to?
Information improperly moved from a higher protection level to a lower protection level
Who might "insiders" be able to cause damage to their organizations more easily than others?
Insiders are given a level of trust and have authorized access to Government information systems.
What is a best practice to protect data on your mobile computing device?
Lock your device screen when not in use and require a password to reactivate.
What is a best practice while traveling with mobile computing devices?
Maintain possession of your laptop and other government-furnished equipment (GFE) at all times.
What is the best response if you find classified government data on the internet?
Note any identifying information, such as the website's URL, and report the situation to your security POC.
What portable electronic devices (PEDs) are permitted in a SCIF?
Only expressly authorized government-owned PEDs
Which of the following is NOT an example of CUI?
Press release data
Which of the following is a best practice for physical activity?
Report suspicious activity
What is a valid response when identity theft occurs?
Report the crime to local law enforcement.
A trusted friend in your social network posts a link to vaccine information on a website unknown to you. What action should you take?
Research the source to evaluate its credibility and reliability
Which classification level is given to information that could reasonably be expected to cause serious damage to national security?
Secret
Which of the following helps protect data on your personal mobile devices?
Secure personal mobile devices to the same level as Government-issued systems.
Which must be approved and signed by a cognizant Original Classification Authority (OCA)?
Security Classification Guide (SCG)
What does Personally Identifiable Information (PII) include?
Social Security Number; date and place of birth; mother's maiden name
Which is a risk associated with removable media?
Spillage of classified information.
What is a good practice to protect classified information?
Store classified data in a locked desk drawer when not in use
Which is a best practice for protecting Controlled Unclassified Information (CUI)?
Store it in a locked desk drawer after working hours
Which of the following is true of Security Classification Guides?
They provide guidance on reasons for and duration of classification of information.
Which of the following is a potential insider threat indicator?
Unusual interest in classified information
Which is NOT sufficient to protect your identity?
Use a common password for all your system and application logons.
When is the best time to post details of your vacation activities on your social networking website?
When your vacation is over, and you have returned home
Which of the following is true about telework?
You must have your organization's permission to telework.
Which piece of information is safest to include on your social media profile?
Your favorite movie
What is the best example of Protected Health Information (PHI)?
Your health insurance explanation of benefits (EOB)
What information posted publicly on your personal social networking profile represents a security risk?
Your place of birth
A compromise of Sensitive Compartmented Information (SCI) occurs when a person who does not have the required clearance or access caveats comes into possession of SCI...
in any manner
