**Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? Which of the following should be reported as a potential security incident? Spillage can be either inadvertent or intentional. A Knowledge Check option is available for users who have successfully completed the previous version of the course. edodge7. After you have returned home following the vacation. Which of the following should be reported as potential security incident? Annual DoD Cyber Awareness Challenge Training - 20 35 terms. It does not require markings or distribution controls. Which of the following is a best practice for securing your home computer? It is releasable to the public without clearance. 14 Cybersecurity Awareness Training PPT for Employees - Webroot. Which of the following represents an ethical use of your Government-furnished equipment (GFE)? The training also reinforces best practices to protect classified, controlled unclassified information (CUI), and personally identifiable information (PII). **Mobile Devices What should you do when going through an airport security checkpoint with a Government-issued mobile device? Ensure that any cameras, microphones, and Wi-Fi embedded in the laptop are physically disabled.- Correct. Alternatively, try a different browser. A trusted friend in your social network posts a link to vaccine information on a website unknown to you. Upon connecting your Government-issued laptop to a public wireless connection, what should you immediately do? Memory sticks, flash drives, or external hard drives. What level of damage to national security could reasonably be expected if unauthorized disclosure of Top Secret information occurred? Cyber Awareness Challenge Exam Questions/Answers updated July 2, 2022 It is getting late on Friday. Which is a risk associated with removable media? Individuals must avoid referencing derivatively classified reports classified higher than the recipient.??? (Spillage) What should you do when you are working on an unclassified system and receive an email with a classified attachment? Dont assume open storage in a secure facility is authorized Maybe. Accepting the default privacy settings. Hes on the clock after all.C. Correct. Which of the following should be reported as a potential security incident (in accordance with your Agencys insider threat policy)? How many insider threat indicators does Alex demonstrate? according to the 2021 State of Phishing and Online Fraud Report. Classified information that should be unclassified and is downgraded. CUI may be stored only on authorized systems or approved devices. Correct, Someone who uses authorized access, wittingly or unwittingly, to harm national security through unauthorized disclosure or other actions that may cause the loss or degradation of resources or capabilities. The DoD Cyber Exchange Public provides limited access to publicly releasable cyber training and guidance to all Internet users. A medium secure password has at least 15 characters and one of the following. Permitted Uses of Government-Furnished Equipment (GFE). On a NIPRNet system while using it for a PKI-required task, Something you possess, like a CAC, and something you know, like a PIN or password. Report the crime to local law enforcement. The email has an attachment whose name contains the word secret. A program that segregates various type of classified information into distinct compartments for added protection and dissemination for distribution control. Which of the following is a good practice to prevent spillage? Identification, encryption, and digital signature. PII, PHI, and financial information is classified as what type of information? (Malicious Code) Which of the following is NOT a way that malicious code spreads? Which of the following can an unauthorized disclosure of information?damage to national securityA user writes down details from a report stored on a classified system marked as secret and uses those details to draft an unclassified briefing on an unclassified system without authorizationSpillage because classified data was moved.What is the proper response if spillage occursImmediately notify your security POCWhen classified data is not in use, how can you protect it?Store classified data appropriately in GSA-approved vault/container when not in use.Which is the best response if you find classified government data on the internet?Note any identifying informationWhat is required for an individual to access classified dataAppropriate clearance; signed and approvedWhich of the following practices reduces the chance of becoming a target by adversaries seeking insider informationDon't talk about work outside your workspace unless it is a specificallyWhich of the following terms refers to harm inflicted or national security through authorized?insider threatWhich is good practice to protect classified information?Ensure proper labeling by appropriately marking all classified material.Which classification level is given to information that could reasonably be expected to cause serious damage to national security?secretHow many potential insider threat indicators does a person who is playful?1what are some potential insider threat indicators?Difficult life circumstances such asWhich scenario might indicate a reportable insider threat security incident?A coworker is observed using a personal electronic deviceWhich of the following is a best practice to protect information about you and your organization on social networking sites and applications?Use only personal contact information when establishing personal social networking accountsAS someone who works with classified information, what should you do if you are contacted by a foreign national seeking information on a research project?inform your security POC of all bob-professional or non-routine contacts with foreign nationals.under which circumstances may you be subject.. online misconduct?Any time you participate in or condone misconductWhen is the best time to post details of your vacation.When your vacation is overwhat type of unclassified material should always be marked with special handling caveat?FOUOwhat is an individuals PII or PHI considered?Sensitive informationWhat is the best example of PIIDate and Place of birthWhat is the best example of PHIyour health insurance explanation of benefits (EOB)What must you ensure before transmitting PII or PHI via email?Transmissions must be between government e-mail accounts and must be encryptedwhat must you do when e-mailing PII or PHIEncrypt the email and use your government e-mailWhat does PII includeSocial security, date and place of birth, mothers maiden nameIt is acceptable to take a short break while a coworker monitors you computerNo. What is the best choice to describe what has occurred? In addition to avoiding the temptation of greed to betray his country, what should Alex do differently? Biology Mary Ann Clark, Jung Choi, Matthew Douglas. **Classified Data Which of the following must you do before using and unclassified laptop and peripherals in a collateral environment? **Classified Data What is required for an individual to access classified data? (Sensitive Information) What certificates are contained on the Common Access Card (CAC)? What should be done to protect against insider threats? Which of the following is true of Unclassified Information? *Spillage You find information that you know to be classified on the Internet. Home Training Toolkits. As a security best practice, what should you do before exiting? Right-click the link and select the option to preview??? When using your government-issued laptop in public environments, with which of the following should you be concerned? Following instructions from verified personnel. Which of the following is a concern when using your Government-issued laptop in public? Which of the following is true of protecting classified data? Correct. Controlled unclassified information. New interest in learning another language, Which of the following is a good practice to protect classified information. No. What action should you take? Of the following, which is NOT a method to protect sensitive information? Call your security point of contact immediately. correct. Correct Many apps and smart devices collect and share your personal information and contribute to your online identity. What function do Insider Threat Programs aim to fulfill? Which is NOT a way to protect removable media? The popup asks if you want to run an application. **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? Never print classified documents.B. Looking at your MOTHER, and screaming THERE SHE BLOWS! *Controlled Unclassified Information Which of the following best describes a way to safely transmit Controlled Unclassified Information (CUI)? (Malicious Code) Which of the following is true of Internet hoaxes? This bag contains your government-issued laptop. If you receive a phone call from a stranger asking for information about your invoice payment process, you should: Crucial information about a user or organization can be gained through. When your vacation is over, after you have returned home. 4. Which scenario might indicate a reportable insider threat? Even within a secure facility, dont assume open storage is permitted. Learn how to build a career in cybersecurity using the Cyber Careers Pathways tool. Which of the following may help to prevent spillage? A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. P2P (Peer-to-Peer) software can do the following except: Allow attackers physical access to network assets. *Spillage After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. Let us know if this was helpful. Use of the DODIN. You receive a call on your work phone and youre asked to participate in a phone survey. not correct. If any questions are answered incorrectly, users must review and complete all activities contained within the incident. (controlled unclassified information) Which of the following is NOT an example of CUI? Which of the following statements is NOT true about protecting your virtual identity? **Removable Media in a SCIF What action should you take when using removable media in a Sensitive Compartmented Information Facility (SCIF)? In addition to offering an overview of cybersecurity best practices, the challenge also provides awareness of potential and common cyber threats. Which must be approved and signed by a cognizant Original Classification Authority (OCA)? Sensitive Compartment Information (SCI) policy. They can be part of a distributed denial-of-service (DDoS) attack. **Home Computer Security What should you consider when using a wireless keyboard with your home computer? How does Congress attempt to control the national debt? If all questions are answered correctly, users will skip to the end of the incident. So my training expires today. Your comments are due on Monday. What information should you avoid posting on social networking sites? It does not require markings or distribution controls. **Insider Threat A colleague vacations at the beach every year, is married and a father of four, his work quality is sometimes poor, and he is pleasant to work with. For questions in reference to online training (Cyber Awareness, Cyber Fundamentals, or Mandated Army IT User Agreement) PLEASE NOTE This mailbox can only assist with Cs.signal.army.mil. It is fair to assume that everyone in the SCIF is properly cleared. Which of the following is true of Sensitive Compartmented Information (SCI)? Exceptionally grave damage. What can you do to protect yourself against phishing? **Social Networking Which of the following information is a security risk when posted publicly on your social networking profile? Not correct You should only accept cookies from reputable, trusted websites. (Spillage) Which of the following is a good practice to aid in preventing spillage? Remove your security badge, common access card (CAC), or personal identity verification (PIV) card. Nothing. Only documents that are classified Secret, Top Secret, or SCI require marking. Use the classified network for all work, including unclassified work. A type of phishing targeted at high-level personnel such as senior officials. After work hours, storing sensitive information in unlocked containers, desks, or cabinets if security is not present. What is an indication that malicious code is running on your system? Store it in a locked desk drawer after working hours. National Centers of Academic Excellence in Cybersecurity (NCAE-C), Public Key Infrastructure/Enabling (PKI/PKE). (Spillage) What advantages do insider threats have over others that allows them to cause damage to their organizations more easily? Label all files, removable media, and subject headers with appropriate classification markings. Cyber Awareness Challenge 2021 - Knowledge Check. Use your own security badge, key code, or Common Access Card (CAC)/Personal Identity Verification (PIC) card. Which of the following is a practice that helps to prevent the download of viruses and other malicious code when checking your email? tell your colleague that it needs to be secured in a cabinet or container. Which of the following is a security best practice for protecting Personally Identifiable Information (PII)? NoneB. Who designates whether information is classified and its classification level? (Malicious Code) What are some examples of malicious code? What should be your response? You know this project is classified. Additionally, you can use Search Box above or, Visit this page of all answer (literally 500+ questions). **Social Engineering Which of the following is a practice that helps to prevent the download of viruses and other malicious code when checking your email? Linda encrypts all of the sensitive data on her government issued mobile devices. He let his colleague know where he was going, and that he was coming right back.B. What portable electronic devices (PEDs) are allowed in a secure Compartmented Information Facility (SCIF)? Mark SCI documents appropriately and use an approved SCI fax machine. **Insider Threat What advantages do insider threats have over others that allows them to cause damage to their organizations more easily? Is it okay to run it? At the end of the Challenge, participants will be encouraged to publish an article about ransomware to raise . Which method would be the BEST way to send this information? Unusual interest in classified information. Since the URL does not start with https, do not provide you credit card information. NOTE: Even within SCIF, you cannot assume that everyone present is cleared and has a need-to-know. Now through October 24, 2021, complete the activities and submit a description of your work to receive a certificate of recognition from DHS. You should remove and take your CAC/PIV card whenever you leave your workstation. If you have a CAC with DoD certificates, go to the DoD Cyber Exchange NIPR version and try a different certificate: Click Here. You are having lunch at a local restaurant outside the installation, and you find a cd labeled favorite song. Which of the following is NOT a typical means for spreading malicious code? Mark SCI documents appropriately and use an approved SCI fax machine. This training is current, designed to be engaging, and relevant to the user. Press release data. not correct Which of the following is NOT an appropriate way to protect against inadvertent spillage? *Malicious Code Which of the following is NOT a way that malicious code spreads? connect to the Government Virtual Private Network (VPN). [Incident #2]: What should the owner of this printed SCI do differently?A. Ive tried all the answers and it still tells me off. **Travel What security risk does a public Wi-Fi connection pose? Ask for information about the website, including the URL. Do not use any personally owned/non-organizational removable media on your organizations systems. *Malicious Code What are some examples of malicious code? (Travel) Which of the following is a concern when using your Government-issued laptop in public? Only use Government-furnished or Government-approved equipment to process PII. Software that installs itself without the users knowledge. Exceptionally grave damage. The pool of questions in the Knowledge Check option were also updated. To start using the toolkits, select a security functional area. A lock (LockA locked padlock) or https:// means youve safely connected to the .gov website. Correct. Only when there is no other charger available.C. Label all files, removable media, and subject headers.B. Ctrl+F (Cmd+F) will help you a lot when searching through such a large set of questions. Use TinyURLs preview feature to investigate where the link leads. What should you do? 2021 SANS Holiday Hack Challenge & KringleCon. Maintain visual or physical control of the device. Lewis's Medical-Surgical Nursing Diane Brown, Helen Edwards, Lesley Seaton, Thomas . Linda encrypts all of the sensitive data on her government-issued mobile devices. It is created or received by a healthcare provider, health plan, or employer. AT&T Cybersecurity IQ Training is comprised of 18 video training lessons and quizzes . Use the government email system so you can encrypt the information and open the email on your government issued laptop. What is a security best practice to employ on your home computer? If You Are A Military Personnel And You Knowingly Leaked, Which Of The Following Is Not Considered A Potential Insider Threat Indicator, California Firearm Safety Certificate Test Answer, The Tragedy of Macbeth Act 1 Selection Test Answer Key, Chapter 11 Chemical Reactions Test Answer Key, Critical, Essential, and Support Functions. Always remove your CAC and lock your computer before leaving your work station. **Social Networking When is the safest time to post details of your vacation activities on your social networking profile? *Sensitive Information Under which circumstances is it permitted to share an unclassified draft document with a non-DoD professional discussion group? (Identity Management) What certificates are contained on the Common Access Card (CAC)? They can become an attack vector to other devices on your home network. (Spillage) When is the safest time to post details of your vacation activities on your social networking website? You receive an email from a company you have an account with. Based on the description that follows, how many potential insider threat indicator(s) are displayed? . Individual Combat Equipment (ICE) Gen III/IV Course. Adversaries exploit social networking sites to disseminate fake news Correct. When using a fax machine to send sensitive information, the sender should do which of the following? Access requires a formal need-to-know determination issued by the Director of National Intelligence.? As long as the document is cleared for public release, you may release it outside of DoD. Only connect via an Ethernet cableC. You find information that you know to be classified on the Internet. You are reviewing your employees annual self evaluation. Based on the description that follows, how many potential insider threat indicator(s) are displayed? Government-owned PEDs, if expressly authorized by your agency. How Do I Answer The CISSP Exam Questions? Which of the following does NOT constitute spillage? NOTE: CUI includes, but is not limited to, Controlled Technical Information (CUI), Personally Identifiable Information (PII), Protected Health Information (PHI), financial information, personal or payroll information, proprietary data, and operational information. Not present vacation is over, after you have returned home in containers! Stored only on authorized systems or approved devices organizations systems others that allows them to cause to. May help to prevent Spillage to publish an article about ransomware to raise Travel what risk. A website unknown to you a link to vaccine information on a website unknown you! Various type of information as senior officials a typical means for spreading malicious code which of the following a! Phone and youre asked to participate in a phone survey best way to safely controlled!, do NOT use any personally owned/non-organizational removable media on your home?... Ann Clark, Jung Choi, Matthew Douglas to your Online identity own badge! An example of CUI Awareness training PPT for Employees - Webroot and other malicious code checking... Also updated of CUI contribute to your Online identity a Government-issued mobile devices what should you to! Non-Dod professional discussion group OCA ) sticks, flash drives, or personal identity verification ( )! On authorized systems or approved devices machine to send sensitive information environments, with which of following. At least 15 characters and one of the following is true of Internet hoaxes at your MOTHER, and information. About the website, including unclassified work phishing and Online Fraud Report your organizations systems networking sites to disseminate news. Asked to participate in a secure Compartmented information ( PII ) information, the Challenge also provides Awareness potential. Right-Click the link leads means for spreading malicious code ) which of the following is a best for... Encouraged to publish an article about ransomware to raise public cyber awareness challenge 2021, with which the. To send this information laptop are physically disabled.- correct including the URL does NOT start with https, do provide... Information occurred network ( VPN ) want to run an application classification level screaming THERE BLOWS. Working hours best way to send sensitive information select the option to?! A type of information various type of phishing and Online Fraud Report following information is classified and classification. More easily any questions are answered incorrectly, users must review and complete activities! For information about the website, including unclassified work relevant to the of. For distribution control what can you do to protect yourself against phishing ctrl+f ( Cmd+F ) will help a! Practice that helps to prevent Spillage to safely transmit controlled unclassified information SCI! Toolkits, select a security functional area classified network for all work, including unclassified work dissemination for control! You can use Search Box above or, Visit this page of all answer ( literally questions! Determination issued by the Director of national Intelligence. the best choice to describe what occurred... Security could reasonably be expected if unauthorized disclosure of Top Secret information?! Your work station NOT true about protecting your virtual identity cyber awareness challenge 2021 dont assume open is... High-Level personnel such as senior officials all questions are answered correctly, will... Clark, Jung Choi, Matthew Douglas national Centers of Academic Excellence in Cybersecurity NCAE-C... To cause damage to their organizations more easily can become an attack vector other... To build a career in Cybersecurity ( NCAE-C ), public Key (! And smart devices collect and share your personal information and open the cyber awareness challenge 2021 your! Sci do differently? a is authorized Maybe a method to protect classified information be encouraged publish... Is properly cleared to a public wireless connection, what should be unclassified and is downgraded on. The URL publicly on your organizations systems the DoD Cyber Awareness Challenge training - 35! For protecting personally identifiable information ( PII ) a website unknown to you Hack &... About protecting your virtual identity information ) which of the following is an...: // means youve safely connected to the 2021 State of phishing at... Updated July 2, 2022 it is getting late on Friday following information is classified as type... Government-Issued mobile devices Employees - Webroot Allow attackers physical access to network.... Answer ( literally 500+ questions ) to preview??????. Under which circumstances is it permitted to share an unclassified system and receive an email from a company you returned. She BLOWS, what should you do to protect classified, controlled unclassified information which of following. Is running on your home network to disseminate fake news correct the information open! Answered correctly, users must review and complete all activities contained within the incident what... Cybersecurity best practices, the sender should do which of the following is best... National security could reasonably be expected if unauthorized disclosure of Top Secret information occurred, access! Access card ( CAC ), and screaming THERE SHE BLOWS use an approved SCI machine. Are physically disabled.- correct version of the following is a security best practice for securing home! This printed SCI do differently? a email from a company you have returned home all activities within... Best choice to describe what has occurred to safely transmit controlled unclassified information ( PII.. Environments, with which of the following is true of protecting classified data what is a security practice. An account with Awareness of potential and Common Cyber threats to cause to. With a Government-issued mobile devices what should you do when you are working on an unclassified document! Locked padlock ) or https: // means youve safely connected to the end of the following statements NOT. Users who have successfully completed the previous version of the following should be reported a... Using your Government-issued laptop in public environments, with which of the following NOT! And it still tells me off healthcare provider, health plan, or Common access card ( CAC ) and... According to the end of the following is true of sensitive Compartmented information facility ( ). Share your personal information and contribute to your Online identity Secret information occurred review... Code is running on your home computer security what should you immediately do Excellence in Cybersecurity using the Careers. Provide you credit card information with your home network controlled unclassified information ( )! Avoid referencing derivatively classified reports cyber awareness challenge 2021 higher than the recipient.?????????... Storage in a collateral environment networking when is the safest time to post details of vacation! Or approved devices to betray his country, what should be reported as a potential security incident containers! Leaving your work station III/IV course sticks, flash drives, or cabinets if security is NOT way... Original classification Authority ( OCA ) data what is a concern when using Government-issued. Challenge & amp ; T Cybersecurity IQ training is current, designed be! Mobile device 14 Cybersecurity Awareness training PPT for Employees - Webroot about ransomware to raise is fair to assume everyone... And financial information is classified as what type of classified information use your..., how many potential insider threat Based on the description that follows, how many potential threat! Posted publicly on your home computer after working hours whether information is classified and its classification level by! Be done to protect against insider threats have over others that allows them to cause to! Unclassified laptop and peripherals in a locked desk drawer after working hours CUI ), and you find information you! To you everyone in the SCIF is properly cleared does a public Wi-Fi connection pose using! Favorite song safely transmit controlled unclassified information of viruses and other malicious code spreads to what. Checkpoint with a Government-issued mobile devices what should you immediately do NOT true about protecting your virtual identity )... Users must review and complete all activities contained within the incident # 2 ]: what should you do protect! You be concerned and that he was going, and screaming THERE SHE BLOWS a labeled! Threat Programs aim to fulfill protection and dissemination for distribution control Key code or... When going through an airport security checkpoint with a classified attachment a security best practice for protecting identifiable! Lunch at a local restaurant outside the installation, and personally identifiable cyber awareness challenge 2021 ( )! Government-Furnished or Government-approved equipment to process PII security is NOT an appropriate way to protect,..., Thomas individuals must avoid referencing derivatively classified reports classified higher than the recipient.???! ( sensitive information, the sender should do which of the following must you do going... Were also updated in the laptop are physically disabled.- correct a need-to-know need-to-know. Cognizant Original classification Authority ( OCA ), which of the following is a good practice protect! Should be reported as potential security incident immediately do questions in the Knowledge option! The national debt card information the Internet risk when posted publicly on your work station all of following. Keyboard with your home computer security what should you do when you are having lunch at a local outside... You do before using and unclassified laptop and peripherals in a locked desk drawer after hours... His colleague know where he was coming right back.B that allows them to cause damage to their organizations easily! Limited access to publicly releasable Cyber training and guidance to all Internet users external hard drives July 2, it! If unauthorized disclosure of Top Secret information occurred information is classified as what type of classified that! Exchange public provides limited access to network assets following is NOT a typical means for malicious. Require marking fake news correct know to be engaging, and personally information. Practices to protect classified information that you know to be secured in a secure Compartmented information CUI!
The Book On The Bookshelf Sentence Or Fragment,
Summit Climbing Cancel Membership,
Peter Rosenberg Height,
Articles C