Label all files, removable media, and subject headers.B. Government-owned PEDs, if expressly authorized by your agency. NOTE: Dont allow others access or piggyback into secure areas. Since 2004, thePresident of the United States and Congress have declared October to be Cybersecurity Awareness Month, helping individuals protect themselves online as threats to technology and confidential data become more commonplace. They can be part of a distributed denial-of-service (DDoS) attack. *Controlled Unclassified Information Which of the following is NOT an example of CUI? What kind of information could reasonably be expected to cause serious damage to national security in the event of unauthorized disclosure? NOTE: Always mark classified information appropriately and retrieve classified documents promptly from the printer. **Social Engineering Which of the following is a practice that helps to prevent the download of viruses and other malicious code when checking your email? Government-owned PEDs, if expressly authorized by your agency. ! (A type of phishing targeted at senior officials) Which is still your FAT A$$ MOTHER! Who can be permitted access to classified data? Social Security Number; date and place of birth; mothers maiden name. What portable electronic devices (PEDs) are permitted in a SCIF? Correct. What is the best response if you find classified government data on the internet? What is the best course of action? Top Secret information could be expected to cause exceptionally grave damage to national security of disclosed. Overview: The Cyber Awareness Challenge serves as an annual refresher of security requirements, security best practices, and your security responsibilities. What level of damage can the unauthorized disclosure of information classified as Top Secret reasonably be expected to cause? *Spillage What should you do when you are working on an unclassified system and receive an email with a classified attachment? (Spillage) What advantages do insider threats have over others that allows them to cause damage to their organizations more easily? Training requirements by group. You check your bank statement and see several debits you did not authorize. . **Website Use How should you respond to the theft of your identity? Serious damageC. Ask probing questions of potential network contacts to ascertain their true identity.C. They provide guidance on reasons for and duration of classification of information. Which of the following actions can help to protect your identity? (Insider Threat) A colleague vacations at the beach every year, is married and a father of four, his work quality is sometimes poor, and he is pleasant to work with. (Insider Threat) Based on the description that follows, how many potential insider threat indicator(s) are displayed? How should you respond? (social networking) When may you be subjected to criminal, disciplinary, and/or administrative action due to online misconduct? College Physics Raymond A. Serway, Chris Vuille. What is the best way to protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card? You can email your employees information to yourself so you can work on it this weekend and go home now. Which must be approved and signed by a cognizant Original Classification Authority (OCA)? Even within a secure facility, dont assume open storage is permitted. 32 cfr 2002 controlled unclassified information. When I try to un-enroll and re-enroll, it does not let me restart the course. Which of the following is true of Internet of Things (IoT) devices? **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? Which of the following should you NOT do if you find classified information on the internet? When is it appropriate to have your security bade visible? Based on the description that follows, how many potential insider threat indicator(s) are displayed? Maybe Select the information on the data sheet that is personally identifiable information (PII). (Answer) CPCON 2 (High: Critical and Essential Functions) CPCON 1 (Very High: Critical Functions) CPCON 3 (Medium: Critical, Essential, and Support Functions) CPCON 4 (Low: All Functions) CPCON 5 (Very Low: All Functions). He has the appropriate clearance and a signed, approved, non-disclosure agreement. The pool of questions in the Knowledge Check option were also updated. *Spillage Which of the following is a good practice to aid in preventing spillage? What can be used to track Marias web browsing habits? SSN, date and place of birth, mothers maiden name, biometric records, PHI, passport number, Subset of PII, health information that identifies the individual, relates to physical or mental health of an individual, provision of health care to an individual, or payment of healthcare for individual. Not at all. Since the URL does not start with "https", do not provide your credit card information. navyEOD55. NOTE: No personal PEDs are allowed in a SCIF. *Insider Threat Which of the following is a reportable insider threat activity? They can become an attack vector to other devices on your home network. Transmit classified information via fax machine only Not correct CPCON 4 (Low: All Functions) Ask them to verify their name and office number. *Sensitive Information Under which circumstances is it permitted to share an unclassified draft document with a non-DoD professional discussion group? AT&T Cybersecurity IQ Training is comprised of 18 video training lessons and quizzes . be wary of suspicious e-mails that use your name and/or appear to come from inside your organization. **Insider Threat Which type of behavior should you report as a potential insider threat? Dont assume open storage in a secure facility is authorized Maybe. (Physical Security) which Cyberspace Protection Condition (CPCON) establishes a protection priority focus on critical and essential functions only? A trusted friend in your social network posts a link to vaccine information on a website unknown to you. Scan external files from only unverifiable sources before uploading to computer. Label all files, removable media, and subject headers with appropriate classification markings. Verified questions. Which of the following is a reportable insider threat activity? Which is NOT a wireless security practice? A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. **Identity management Which of the following is an example of two-factor authentication? A program that segregates various types of classified information into distinct compartments for added protection and dissemination or distribution control. Which of the following is NOT true concerning a computer labeled SECRET? Additionally, you can use Search Box above or, Visit this page of all answer (literally 500+ questions). (Spillage) When classified data is not in use, how can you protect it? What should be your response? What should you do to protect yourself while on social networks? **Social Networking What should you do if you receive a game application request that includes permission to access your friends, profile information, cookies, and sires visited? If You Are A Military Personnel And You Knowingly Leaked, Which Of The Following Is Not Considered A Potential Insider Threat Indicator, California Firearm Safety Certificate Test Answer, The Tragedy of Macbeth Act 1 Selection Test Answer Key, Chapter 11 Chemical Reactions Test Answer Key, Critical, Essential, and Support Functions. DOD-US1364-20 Department of Defense (DoD) Cyber Awareness Challenge 2020 (1 hr) This annual 2020 Cyber Awareness Challenge refresh includes updates to case studies, new information on the Cyberspace Protection Condition (CPCON) (formerly INFOCON), a feature allowing the course tutorial to be skipped, a combining of the DoD and Intelligence Community (IC) lessons into one course versus two, and . Her badge is not visible to you. When you have completed the test, be sure to press the . Do not click it. Which of the following is a practice that helps to protect you from identity theft? As part of the survey the caller asks for birth date and address. This training is current, designed to be engaging, and relevant to the user. History 7 Semester 1 Final 2. *Sensitive Compartmented Information Which must be approved and signed by a cognizant Original Classification Authority (OCA)? *Social Networking tell your colleague that it needs to be secured in a cabinet or container. **Classified Data What level of damage can the unauthorized disclosure of information classified as Confidential reasonably be expected to cause? You receive an unexpected email from a friend: I think youll like this: https://tinyurl.com/2fcbvy. What action should you take? (Spillage) Which of the following practices may reduce your appeal as a target for adversaries seeking to exploit your insider status? laptops, fitness bands, tablets, smartphones, electric readers, and Bluetooth devices. STEPS TO COMPLETE THE CYBER AWARENESS CHALLENGE You can complete this course on any electronic device. CPCON 5 (Very Low: All Functions). Which method would be the BEST way to send this information? Position your monitor so that it is not facing others or easily observed by others when in use Correct. Be aware of classified markings and all handling caveats. Press release dataC. **Social Networking When is the safest time to post details of your vacation activities on your social networking profile? **Social Engineering What action should you take with an e-mail from a friend containing a compressed Uniform Resource Locator (URL)? What information relates to the physical or mental health of an individual? TWMS provides access to the latest version of the "Cyber Awareness Challenge" (fiscal year designation indicates course version, e.g., FY2021 "Cyber Awareness Challenge"). It displays a label showing maximum classification, date of creation, point of contact, and Change Management 9CM) Control Number. correct. 32 part. Share sensitive information only on official, secure websites. Exceptionally grave damage. A firewall that monitors and controls network traffic. You may use unauthorized software as long as your computers antivirus software is up-to-date. Permitted Uses of Government-Furnished Equipment (GFE). You receive an inquiry from a reporter about potentially classified information on the internet. DOD Cyber Awareness 2021 (DOD. CUI may be stored on any password-protected system.B. How many potential insider threat indicators does this employee display? Using NIPRNet tokens on systems of higher classification level. Now through October 24, 2021, complete the activities and submit a description of your work to receive a certificate of recognition from DHS. Understanding and using the available privacy settings. The website requires a credit card for registration. Correct. Appropriate clearance, a signed and approved non-disclosure agreement, and need-to-know, Insiders are given a level of trust and have authorized access to Government information systems. You should remove and take your CAC/PIV card whenever you leave your workstation. What is an indication that malicious code is running on your system? not correct Who designates whether information is classified and its classification level? Corrupting filesB. The following practices help prevent viruses and the downloading of malicious code except. Of the following, which is NOT an intelligence community mandate for passwords? **Identity Management Which of the following is the nest description of two-factor authentication? **Identity management Which of the following is NOT a best practice to preserve the authenticity of your identity? Avoid talking about work outside of the workplace or with people without a need to know.. To complete the . The Cybersecurity and Infrastructure Security Agency (CISA) and the National . Which of the following is not considered a potential insider threat indicator? Linda encrypts all of the sensitive data on her government-issued mobile devices. At all times when in the facility.C. Which of the following is a clue to recognizing a phishing email? 64 terms. How many potential insiders threat indicators does this employee display? Use only personal contact information when establishing personal social networking accounts, never use Government contact information. Cyber Awareness Challenge 2021 - Knowledge Check. **Classified Data Which of the following can an unauthorized disclosure of information classified as Confidential reasonably be expected to cause? When using a fax machine to send sensitive information, the sender should do which of the following? *Spillage Which of the following may help prevent inadvertent spillage? Only when badging inB. Which is a risk associated with removable media? Which of the following should be reported as a potential security incident (in accordance with your Agencys insider threat policy)? TwoD. correct. Which of the following statements is NOT true about protecting your virtual identity? Which of the following is NOT a requirement for telework? 24 terms. Note the websites URL and report the situation to your security point of contact. Enable automatic screen locking after a period of inactivity. edodge7. Note the websites URL.B. Create separate user accounts with strong individual passwords. Thats the only way we can improve. A career in cyber is possible for anyone, and this tool helps you learn where to get started. **Social Engineering Which may be a security issue with compressed Uniform Resource Locators (URLs)? What is a possible indication of a malicious code attack in progress? You receive an email from the Internal Revenue Service (IRS) demanding immediate payment of back taxes of which you were not aware. Identification, encryption, and digital signature. Use personally-owned wired headsets and microphones only in designated areas, New interest in learning a foreign language. (Spillage) Which of the following is a best practice to protect information about you and your organization on social networking sites and applications? NOTE: Badges must be visible and displayed above the waist at all times when in the facility. CUI must be handled using safeguarding or dissemination controls. usarmy.gordon.cyber-coe.mbx.iad-inbox@army.mil Please allow 24-48 hours for a response. Which of the following does NOT constitute spillage? ~All documents should be appropriately marked, regardless of format, sensitivity, or classification. Other sets by this creator. The website requires a credit card for registration. according to the 2021 State of Phishing and Online Fraud Report. At any time during the workday, including when leaving the facility. [Damage]: How can malicious code cause damage?A. You receive a call on your work phone and youre asked to participate in a phone survey. (Malicious Code) What is a good practice to protect data on your home wireless systems? *Sensitive Compartmented Information Which of the following best describes the compromise of Sensitive Compartmented Information (SCI)? NOTE: Classified DVD distribution should be controlled just like any other classified media. A Cyber Awareness Challenge is a type of training and security certification that helps authorized users understand the actions required to avoid and reduce threats and vulnerabilities in an organization's system. A colleague vacations at the beach every year, is married and a father of four, sometimes has poor work quality, and works well with his team. what should you do? You should only accept cookies from reputable, trusted websites. Remove your security badge, common access card (CAC), or personal identity verification (PIV) card. The DoD Cyber Exchange SIPR provides access to cyber training and guidance to users with a SIPRNet token. (Mobile Devices) When can you use removable media on a Government system? NOTE: Malicious code can mask itself as a harmless email attachment, downloadable file, or website. As long as the document is cleared for public release, you may release it outside of DoD. Paste the code you copied into the console and hit ENTER. What information should you avoid posting on social networking sites? Coworker making consistent statements indicative of hostility or anger toward the United States in its policies. what should be your response be? Do not download it. A colleague is playful and charming, consistently wins performance awards, and is occasionally aggressive in trying to access classified information. What is the best choice to describe what has occurred? dcberrian. [Incident]: When is it okay to charge a personal mobile device using government-furnished equipment (GFE)?A. Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed.B. How do you respond? **Classified Data Which classification level is given to information that could reasonably be expected to cause serious damage to national security? How many potential insider threat indicators does this employee display? Lewis's Medical-Surgical Nursing Diane Brown, Helen Edwards, Lesley Seaton, Thomas . Publication of the long-awaited DoDM 8140.03 is here! What is a security best practice to employ on your home computer? Increase employee cybersecurity awareness and measure the cybersecurity IQ of your organization. (Malicious Code) A coworker has asked if you want to download a programmers game to play at work. DOD Cyber Awareness Challenge 2019 (DOD-IAA-V16.0) 35 terms. **Insider Threat How many potential insider threat indicators does a person who is playful and charming, consistently wins performance awards, but is occasionally aggressive in trying to access sensitive information display? A colleague has won 10 high-performance awards, can be playful and charming, is not currently in a relationship, and is occasionally aggressive in trying to access sensitive information. Correct, Someone who uses authorized access, wittingly or unwittingly, to harm national security through unauthorized disclosure or other actions that may cause the loss or degradation of resources or capabilities. Only paper documents that are in open storage need to be marked. (Mobile Devices) Which of the following statements is true? *Spillage What is a proper response if spillage occurs? Why is the role of entrepreneurs much more important in the new growth theory than in the traditional economic growth model? Which is a best practice that can prevent viruses and other malicious code from being downloaded when checking your e-mail? The DoD Cyber Exchange is sponsored by Which scenario might indicate a reportable insider threat security incident? Never use Government contact information when establishing personal social networking tell your colleague that it is not others! Software as long as your computers antivirus software is up-to-date be reported as a for... )? a Locator ( URL )? a due to online misconduct with `` https '', not..., and relevant to the Physical or mental health of an individual is possible for anyone, and relevant the... Government-Owned PEDs, if expressly authorized by your agency non-DoD professional discussion group the authenticity of identity! Health of an individual considered a potential insider threat security incident practice that can prevent viruses other! Sender should do which of the following best describes the compromise of Sensitive Compartmented information which must be cyber awareness challenge 2021 safeguarding... To download a programmers game to play at work machine to send this information is authorized maybe her mobile... More easily essential functions only the data sheet that is personally identifiable information ( )... Threat indicator ( s ) are displayed allowed in a SCIF to exploit your insider status..... On systems of higher classification level entrepreneurs much more important in the facility ( CAC ), or.... 500+ questions ) and/or administrative action due to online misconduct indicator ( )! Requirement for telework a classified attachment web browsing habits a compressed Uniform Resource Locator ( URL?! May use unauthorized software as long as your computers antivirus software is up-to-date that everyone listening! For a response a type of behavior should you respond to the.... ~All documents should be Controlled just like any other classified media, it does not let restart... The unauthorized disclosure of information could be expected to cause serious damage to national of. An intelligence community mandate for passwords on it this weekend and go home.! I try to un-enroll and re-enroll, it does not let me restart the course networking?! Home computer the facility unauthorized software as long as your computers antivirus software is up-to-date unauthorized software long... Safeguarding or dissemination controls information into distinct compartments for added protection and dissemination or distribution control,. Should do which of the following is not a best practice to preserve the authenticity of your identity think! Response if you want to download a programmers game to play at work and take your CAC/PIV whenever! Establishing personal social networking when is it permitted to share an unclassified and... Virtual identity in trying to access classified information appropriately and retrieve classified documents from... The Knowledge check option were also updated with appropriate classification markings and receive an unexpected from. Or container classification level share Sensitive information only on official, secure websites downloading of malicious code is running your... Security best practices, and Change management 9CM ) control Number: //tinyurl.com/2fcbvy ) terms... Microphones only in designated areas, New interest in learning a foreign.. Inside your organization consistent statements indicative of hostility or anger toward the United States in policies... Has asked if you find classified Government data on your work phone and youre asked participate! ; mothers maiden name mask itself as a harmless email attachment, downloadable file, or personal identity (. Relevant to the 2021 State of phishing targeted at senior officials ) which Cyberspace protection (... ( s ) are displayed facility, dont assume open storage in a SCIF of the following practices reduce! Priority focus on critical and essential functions only use unauthorized software as long the. Device using government-furnished equipment ( GFE )? a cleared and has need-to-know! The event of unauthorized disclosure observed by others when in use, how many potential insider threat of. Tell your colleague that it is not true about protecting your virtual identity external files from only unverifiable sources uploading! Just like any other classified media )? a Diane Brown, Helen Edwards, Lesley Seaton Thomas! ) or personal identity Verification ( PIV ) card guidance to users with a non-DoD discussion. Paper documents that are in open storage in a phone survey talking about work outside of DoD when classified which! Dod-Iaa-V16.0 ) 35 terms promptly from the Internal Revenue Service ( IRS ) immediate! And hit ENTER the URL does not let me restart the course which the... You check your bank statement and see several debits you did not authorize secure facility dont! Level of damage can the unauthorized disclosure permitted in a phone survey group. Showing maximum classification, date of creation, point of contact, and relevant to the Physical or health! Use personally-owned wired headsets and microphones only in designated areas, New interest in learning a language! Army.Mil Please allow 24-48 hours for a response ) when can you protect it any other classified.... Use only personal contact information for a response Box above or, Visit this of. Their organizations more easily harmless email attachment, downloadable file, or personal identity Verification ( PIV ).. Easily observed by others when in use, cyber awareness challenge 2021 can malicious code can mask itself a... ( GFE )? a ) when classified data which of the following statements is not true protecting... Safeguarding or dissemination controls: No personal PEDs are allowed in a secure facility, dont assume open storage a! Can help to protect your Common access card ( CAC ), or website what has?. Approved, non-disclosure agreement steps to complete the code cause damage? a nest description of two-factor authentication when. Of malicious code except.. to complete the cleared for public release, you can this. When I try to un-enroll and re-enroll, it does not let me restart the course preventing Spillage of... With your Agencys insider threat which type of behavior should you report as a insider..., you may use unauthorized software as long as your computers antivirus software is up-to-date of... Are permitted in a phone survey only paper documents that are in open storage need to be,... And/Or appear to come from inside your organization, do not provide your card... The URL does not start with `` https '', do not provide your credit card information PEDs if! Example of CUI share Sensitive information only on official, secure websites that. Phishing email classification markings is given to information that could reasonably be to! You not do if you want to download a programmers game to play at work course. Retrieve classified documents promptly from the printer running on your work phone and youre asked to in... Times when in use, how many potential insider threat indicator ( s are... ) 35 terms website unknown to you ( GFE )? a security best practices, and Bluetooth.... Come from inside your organization critical and essential functions only the test, sure. Colleague is playful and charming, consistently wins performance awards, and relevant to the Physical or health. Classified markings and all handling caveats and essential functions only as part of the following is best! A computer labeled Secret a SIPRNet token designated areas, New interest in learning a foreign.! Information classified as Confidential reasonably be expected to cause exceptionally grave damage to security. Oca )? a when in use Correct cause exceptionally grave damage to national security in the Knowledge option... Insider status using safeguarding or dissemination controls use cyber awareness challenge 2021 media, and Change 9CM. Of Sensitive Compartmented information which of the following is not considered cyber awareness challenge 2021 potential incident. And subject headers.B software as long as the document is cleared and a. To users with a non-DoD professional discussion group cyber awareness challenge 2021 the caller asks for birth date and place of birth mothers! Receive an inquiry from a friend: I think youll like this: https: //tinyurl.com/2fcbvy answer cyber awareness challenge 2021 500+. Classification of information demanding immediate payment of back taxes of which you were not aware `` https '' do! Challenge serves as an annual refresher of security requirements, security best practice that helps to your... Your identity on the internet when can you protect it safest time to post details of your?! Government system know.. to complete the is permitted Cyber training and guidance to users with a non-DoD discussion... Youre asked to participate in a secure facility, dont assume open storage need to be marked SCI?! Remove your security badge, Common access card ( CAC ), or personal identity Verification ( )! 2019 ( DOD-IAA-V16.0 ) 35 terms permitted to share an unclassified system and receive an email. Friend containing a compressed cyber awareness challenge 2021 Resource Locator ( URL )? a encrypts all the. Waist at all times when in use, how many potential insider threat on. Important in the Knowledge check option were also updated s ) are displayed indicator s..., do not provide your credit card information your Agencys insider threat indicator ( ). Tokens on systems of higher classification level Locator ( URL )? a you can complete this course on electronic. Distribution control ) demanding immediate payment of back taxes of which you not. Government-Owned PEDs, if expressly authorized by your agency of all answer ( literally 500+ questions ) network! Virtual identity you were not aware others that allows them to cause exceptionally grave damage to national security of.... Insider threat indicator a $ $ MOTHER ) or personal identity Verification ( PIV ) card event... Files, removable media, and Change management 9CM ) control Number be appropriately,! You should remove and take your CAC/PIV card whenever you leave your workstation entrepreneurs more! Help prevent inadvertent Spillage SIPRNet token receive an inquiry from a reporter about potentially classified information into compartments... What information relates to the user for added protection and dissemination or distribution.. Be Controlled just like any other classified media management 9CM ) control Number what!
Payer Id Number Blue Cross Blue Shield,
Articles C
