DOD Cyber Awareness Challenge 2026
What is a best practice for user accounts on your home computer?
Each user should have their own account —> Accountability and proper access control.
Travis is processing travel reimbursements for the past quarter and needs to share travel rosters containing passport numbers with his supervisor for approval. Which is an approved way to transmit this information?
Encrypted Government e-mail with a digital signature —> Secure, verifiable transmission.
Which of the following is an example of two-factor authentication?
Fingerprint and face identification (ID) —> Biometric plus something you are/own aligns with 2FA concepts.
Which of the following is a best practice for physical security?
Hold the door for coworkers you know when entering your facility —> Controlled access with known individuals.
How do Insider Threat Programs defend against insider threats?
Intervening early to help individuals with issues —> Proactive mitigation prevents escalation.
What should you do with your badge within a Sensitive Compartmented Information Facility (SCIF)?
Keep it in your wallet —> Securely carry badge to prevent loss/misuse.
How to prevent spillage?
Label all files with appropriate classification markings —> Proper markings reduce accidental disclosure; other options are less effective.
Which of the following is a best practice when browsing the Internet?
Look for an https:// in the URL name —> Indicates a secure site.
How can you identify the separation of Sensitive Compartmented Information (SCI) classified material from collateral classified material?
Markings that identify the compartment with which it is affiliated —> Physical labeling ensures proper handling.
Which of the following is a best practice to protect your identity?
Monitor your financial statements and credit reports —> Early detection of identity theft is effective.
Evelyn is a system administrator at her agency. As part of her duties, she occasionally uses a thumb drive to perform necessary system tasks, as outlined in her agency's procedures. The thumb drive is provided by the Government for this purpose. Is this an appropriate use of removable media?
No. Removable media are never permitted for use in the DoD, per policy —> Policy protects data.
Oliver uses his phone to look up information about a jacket he might want to purchase. Later, he notices ads for the jacket appearing on websites that he views using his laptop. Why would he see this happen?
Oilver's apps and devices collect and share information about him —> Cross-device data sharing explains targeted ads, not device compromise or jacket popularity.
You receive a text message from a commercial shipping company notifying you that they need an updated address to deliver a package to you. It provides a link for you to provide the Information needed. What is the best course of action?
Open the link —> (Quiz logic) Verify legitimacy before acting; in real life, be cautious.
Which of the following is a best practice for working offsite during official travel?
Position your monitor so that it is not easily observed by others while in use —> Prevents visual disclosure; other options are weaker safeguards.
Which of the following is an allowed use of a government-furnished smartphone?
Responding to e-mails on your government e-mail account —> Maintains official communications channel.
How should you approach a compressed URL, such as Tiny URL?
Right-click the link to see where the link leads —> Verifies destination before opening to avoid malicious redirects.
You have been Issued a new Government-owned mobile device. What is a step you should take to secure It?
Set up a passcode to unlock it —> Establishes initial security baseline.
You receive a suspicious e-mail that appears to have come from an organization that partners with your agency. Your co-workers have received a similar e-mail. What might this be?
Spear phishing —> Targeted phishing by a known contact.
Which of the following e-mail practices can help to prevent inadvertently downloading viruses?
Use the Preview Pane instead of opening e-mails —> Reduces risk from malicious attachments/scripts.
Which of the following formats may be considered official records for Government communications?
All of these —> Official records can be email, chat, SMS, etc.
Which of the following personally owned peripherals can you use with government furnished equipment (GFE)?
All peripherals, regardless of ownership, are authorized for use —> Authorized peripherals for official use.
Under which Cyberspace Protection Condition (CPCON) is the priority focus limited to critical and essential functions?
CPCON 1 —> Highest priority for essential operations.
What is a Security Classification Guide?
A person who determines whether information is classified and at what level —> Defines classification responsibility.
While taking a break at your workstation, you switch to your computer's web browser intending to look up the evening's weather forecast. You notice open tabs In your web browser that you don't recall opening. Is this a concern?
Yes, changes could indicate a cybersecurity incident —> Could signal malware or unwanted software.
Consider this social media post. Are there any security concerns in it? "I'm hosting a family reunion for my mom's side of the family, the Smiths. Come b my place at 1234 Mockingbird Lane on the 8th...and grab a slice of birthday cake for me while you're there!"
Yes, it contains sensitive personal information (PII) and is not appropriate to share publicly —> Protects identifiable data.
