~All documents should be appropriately marked, regardless of format, sensitivity, or classification. If authorized, what can be done on a work computer? How many potential insiders threat indicators does this employee display? **Insider Threat Which type of behavior should you report as a potential insider threat? Who is responsible for information/data security? An official website of the U.S. Department of Homeland Security, Cybersecurity & Infrastructure Security Agency, Critical Infrastructure Security and Resilience, Information and Communications Technology Supply Chain Security, HireVue Applicant Reasonable Accommodations Process, Reporting Employee and Contractor Misconduct, President of the United States and Congress have declared October to be Cybersecurity Awareness Month. Which of the following is NOT an appropriate way to protect against inadvertent spillage?A. Nothing. The website requires a credit card for registration. They broadly describe the overall classification of a program or system. **Home Computer Security What should you consider when using a wireless keyboard with your home computer? Which of the following best describes good physical security? *Sensitive Compartmented Information What should the owner of this printed SCI do differently? What should Sara do when publicly available Internet, such as hotel Wi-Fi? Attempting to access sensitive information without need-to-know. Cyber Awareness Challenge 2021. This is never okay.. [Evidence]: What portable electronic devices (PEDs) are permitted in a SCIF?A. Which of the following is true of downloading apps? A person who does not have the required clearance or assess caveats comes into possession of SCI in any manner. What information relates to the physical or mental health of an individual? Which of the following is a best practice to protect information about you and your organization on social networking sites and applications? Store your Common Access Card (CAC) or Personal Identity Verification (PIV) card in a shielded sleeve ~Write your password down on a device that only you access (e.g., your smartphone) Change your password at least every 3 months Enable two-factor authentication whenever available, even for personal accounts. Nothing. Which of the following is NOT a security best practice when saving cookies to a hard drive? Badges must be visible and displayed above the waist at all times when in the facility. It is created or received by a healthcare provider, health plan, or employer. Which of the following includes Personally Identifiable Information (PII) and Protected Health Information (PHI)? Which of the following is a security best practice when using social networking sites? February 8, 2022. As long as the document is cleared for public release, you may share it outside of DoD. On a NIPRNet system while using it for a PKI-required task, Something you possess, like a CAC, and something you know, like a PIN or password. Overview: The Cyber Awareness Challenge serves as an annual refresher of security requirements, security best practices, and your security responsibilities. Its classification level may rise when aggregated. air force cyber awareness challenge Jun 30, 2021. Erasing your hard driveC. Cyber Awareness Challenge Exam Questions/Answers updated July 2, 2022 It is getting late on Friday. Which of the following is not considered a potential insider threat indicator? not correct If aggregated, the information could become classified. DOD Cyber Awareness 2021 (DOD. Issues with Cyber Awareness Challenge. correct. These zip files contain all the Certification Authority (CA) certificates for the specified PKI in different formats. This training is current, designed to be engaging, and relevant to the user. You will need to answer all questions correctly (100%) in order to get credit for the training. Memory sticks, flash drives, or external hard drives. Which of the following is a best practice for securing your home computer? Aggregating it does not affect its sensitivyty level. Of the following, which is NOT an intelligence community mandate for passwords? You should remove and take your CAC/PIV card whenever you leave your workstation. Explore our catalog of cyber security training developed by Cyber Security experts: enroll in classroom courses and take training online. Mark SCI documents appropriately and use an approved SCI fax machine. Which of the following must you do before using an unclassified laptop and peripherals in a collateral classified environment? **Classified Data What is a good practice to protect classified information? Top Secret information could be expected to cause exceptionally grave damage to national security of disclosed. If the format of any elements or content within this document interferes with your ability to access the information, as defined in the Rehabilitation Act, please emailCyberawareness@cisa.dhs.gov. What can you do to protect yourself against phishing? (Spillage) What advantages do insider threats have over others that allows them to cause damage to their organizations more easily? When your vacation is over, after you have returned home. Ensure proper labeling by appropriately marking all classified material and, when required, sensitive material. It is permissible to release unclassified information to the public prior to being cleared. correct. Unclassified documents do not need to be marked as a SCIF. METC Physics 101-2. When is it appropriate to have your security badge visible? Refer the reporter to your organizations public affairs office. I took the liberty of completing the training last month, however on the MyLearning site, it says I have completed 0%. Remove security badge as you enter a restaurant or retail establishment. How can you protect data on your mobile computing and portable electronic devices (PEDs)? What action should you take if you receive a friend request on your social networking website from someone in Germany you met casually at a conference last year? Use your own security badge, key code, or Common Access Card (CAC)/Personal Identity Verification (PIV) card. **Insider Threat What function do Insider Threat Programs aim to fulfill? Below are most asked questions (scroll down). Do not access website links in email messages.. CPCON 1 (Very High: Critical Functions) 199 terms. (Identity Management) What certificates are contained on the Common Access Card (CAC)? Label all files, removable media, and subject headers.B. [Incident]: What should Sara do when using publicly available Internet, such as hotel Wi-Fi?A. Which of the following should be reported as a potential security incident (in accordance with your Agencys insider threat policy)? Never write down the PIN for your CAC. Which of the following is NOT a good way to protect your identity? How should you respond? Bob, a coworker, has been going through a divorce, has financial difficulties and is displaying hostile behavior. Ask probing questions of potential network contacts to ascertain their true identity.C. How many insider threat indicators does Alex demonstrate? Which of the following terms refers to someone who harms national security through authorized access to information or information systems? **Social Engineering Which of the following is a way to protect against social engineering? Government-owned PEDs, if expressly authorized by your agency. *Sensitive Compartmented Information What should the participants in this conversation involving SCI do differently? (Malicious Code) A coworker has asked if you want to download a programmers game to play at work. Do not access website links, buttons, or graphics in e-mail. difficult life circumstances such as substance abuse, divided loyalty or allegiance to the U.S., and extreme, persistent interpersonal difficulties. *Spillage Which of the following is a good practice to aid in preventing spillage? Whether you have successfully completed the previous version or starting from scratch, these test answers are for you. Adversaries exploit social networking sites to disseminate fake news Correct. Validate friend requests through another source before confirming them. Exposure to malwareC. Unauthorized Disclosure of Classified Information for DoD, Security Awareness: Derivative Classification Answers, Security Pro: Chapter 3 (3.1.8) & 4.1 Security Policies Answers, EVERFI Achieve Consumer Financial Education Answers, CITI Module #3 Research in Public Elementary and Secondary Schools, Google Analytics Individual Qualification Exam Answers, Answers to CTS Unit 7 Lab 7-2: Protocols and Services SNMP, Select All The Correct Responses. A Cyber Awareness Challenge is a type of training and security certification that helps authorized users understand the actions required to avoid and reduce threats and vulnerabilities in an organization's system. A man you do not know is trying to look at your Government-issued phone and has asked to use it. A colleague has won 10 high-performance awards, can be playful and charming, is not currently in a relationship, and is occasionally aggressive in trying to access sensitive information. [Incident #1]: What should the employee do differently?A. Which of the following definitions is true about disclosure of confidential information? *Spillage What should you do if a reporter asks you about potentially classified information on the web? What should you do? Which of the following is NOT Protected Health Information (PHI)? What action should you take? Correct. *Malicious Code What are some examples of malicious code? All PEDs, including personal devicesB. The Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) lead a collaborative effort between government and industry to raise cybersecurity awareness nationally and internationally. Upon connecting your Government-issued laptop to a public wireless connection, what should you immediately do? What certificates are contained on the Common Access Card (CAC)? Cyber Awareness Challenge - Course Launch Page. Which of the following is NOT a typical means for spreading malicious code? Classified material must be appropriately marked. **Social Networking When is the safest time to post details of your vacation activities on your social networking profile? Alternatively, try a different browser. Here are the test answers to the Cyber Awareness Challenge (CAC) 2023. Found a mistake? How are Trojan horses, worms, and malicious scripts spread? What type of social engineering targets particular individuals, groups of people, or organizations? **Classified Data Which classification level is given to information that could reasonably be expected to cause serious damage to national security? They can become an attack vector to other devices on your home network. A Knowledge Check option is available for users who have successfully completed the previous version of the course. At any time during the workday, including when leaving the facility. Which of the following is true of Unclassified information? Someone who uses authorized access, wittingly or unwittingly, to harm national security through unauthorized disclosure or other actions that may cause the loss or degradation of resources or capabilities. NOTE: Use caution when connecting laptops to hotel Internet connections. Both of these.. Store it in a locked desk drawer after working hours. Use only personal contact information when establishing your personal account. All to Friends Only. There is no way to know where the link actually leads. You know this project is classified. In setting up your personal social networking service account, what email address should you use? Which of the following is NOT a best practice to protect data on your mobile computing device? Adversaries exploit social networking sites to disseminate fake news. Someone calls from an unknown number and says they are from IT and need some information about your computer. (Malicious Code) Which email attachments are generally SAFE to open? Exam (elaborations) - Cyber awareness challenge exam questions/answers . What is Sensitive Compartment Information (SCI) program? Hes on the clock after all.C. **Insider Threat What is an insider threat? (Sensitive Information) Which of the following is NOT an example of sensitive information? Which of the following represents an ethical use of your Government-furnished equipment (GFE)? Use personal information to help create strong passwords. Enter your name when prompted with your What should you do? Continue Existing Session. Which of the following best describes the sources that contribute to your online identity. ! (A type of phishing targeted at senior officials) Which is still your FAT A$$ MOTHER! You receive an unexpected email from a friend: I think youll like this: https://tinyurl.com/2fcbvy. What action should you take? What certificates are contained on the DoD Public Key Infrastructure (PKI) implemented by the Common Access Card (CAC)/Personal Identity Verification (PIV) card? Identify and disclose it with local Configuration/Change Management Control and Property Management authorities. 32 2002. Which piece of information is safest to include on your social media profile? Which of the following is a practice that helps to prevent the download of viruses and other malicious code when checking your email? (Malicious Code) Which of the following is NOT a way that malicious code spreads? OneC. **Identity management What is the best way to protect your Common Access Card (CAC)? What is a rule for removable media, other portable electronic devices (PEDs), and mobile computing devices to protect Government systems? You are reviewing your employees annual self evaluation. **Identity management Which of the following is NOT a best practice to preserve the authenticity of your identity? What security device is used in email to verify the identity of sender? Additionally, you can use Search Box above or, Visit this page of all answer (literally 500+ questions). What can be used to track Marias web browsing habits? Brianaochoa92. Which of the following attacks target high ranking officials and executives? The Cyber Awareness Challenge, which is also known as the Army Cyber Awareness Training, the cyber awareness challenge or the DOD cyber challenge, is an annual computer security training that was created to increase cyber awareness among Department of Defense (DoD) employees. This course provides an overview of current cybersecurity threats and best practices to keep information and information systems secure at home and at work. T/F. As a best practice, labeling all classified removable media and considering all unlabeled removable media as unclassified. In addition to offering an overview of cybersecurity best practices, the challenge also provides awareness of potential and common cyber threats. NOTE: Spillage occurs when information is spilled from a higher classification or protection level to a lower classification or protection level. A colleague abruptly becomes hostile and unpleasant after previously enjoying positive working relationships with peers, purchases an unusually expensive new car, and has unexplained absences from work. (Malicious Code) What is a good practice to protect data on your home wireless systems? FREQUENCY: Annual TIME TO COMPLETE: 1.5 hours What should the owner of this printed SCI do differently? Appropriate clearance, a signed and approved non-disclosure agreement, and need-to-know. Using webmail may bypass built in security features. Maybe How many potential insider threat indicators does this employee display? The website requires a credit card for registration. . College Physics Raymond A. Serway, Chris Vuille. correct. **Website Use Which of the following statements is true of cookies? Correct. memory sticks, flash drives, or external hard drives. correct. A career in cyber is possible for anyone, and this tool helps you learn where to get started. Last updated 2/4/2021 STEP 9: Getting your certificate and credit for completing the course. A colleague vacations at the beach every year, is married and a father of four, sometimes has poor work quality, and works well with his team. Classified information that should be unclassified and is downgraded. Other sets by this creator. If aggregated, the classification of the information may not be changed. Which of the following is a good practice to avoid email viruses? After each selection on the incident board, users are presented one or more questions derived from the previous Cyber Awareness Challenge. Three or more. Only use a government-issued thumb drive to transfer files between systems.C. Photos of your pet Correct. Training requirements by group. Only when badging inB. DamageB. Use the classified network for all work, including unclassified work. Product Functionality Requirements: To meet technical functionality requirements, this awareness product was developed to function with Windows and Mac operating systems (Windows 7 and 10 and macOS 10.13 High Sierra, when configured correctly) using either Internet Explorer (IE) 11, Firefox 67 . **Physical Security Within a secure area, you see an individual who you do not know and is not wearing a visible badge. *Spillage What should you do if you suspect spillage has occurred? At all times when in the facility.C. connect to the Government Virtual Private Network (VPN). Defense Information Systems Agency (DISA). I did the training on public.cyber.mil and emailed my cert to my security manager. We thoroughly check each answer to a question to provide you with the most correct answers. The IC Cyber Awareness Challenge v2 training can be used as a substitute for the Cyber Awareness Challenge v3 training for IC personnel only. Data about you collected from all sites, apps, and devices that you use can be aggregated to form a profile of you. The potential for unauthorized viewing of work-related information displayed on your screen. Which of the following is NOT an example of sensitive information? What type of attack might this be? Which is a rule for removable media, other portable electronic devices (PEDs), and mobile computing devices to protect Government systems? Many apps and smart devices collect and share your personal information and contribute to your online identity. Which of the following is NOT true of traveling overseas with a mobile phone? **Insider Threat Which scenario might indicate a reportable insider threat? The annual Cyber Awareness Challenge is a course that helps authorized users learn how to best avoid and reduce threats and vulnerabilities in an organizations system. **Insider Threat What do insiders with authorized access to information or information systems pose? What is an indication that malicious code is running on your system? Use your own security badge, key code, or Common Access Card (CAC)/Personal Identity Verification (PIC) card. Within a secure area, you see an individual you do not know. Dont allow other access or to piggyback into secure areas. To start using the toolkits, select a security functional area. What should you do if someone forgets their access badge (physical access)? yzzymcblueone . Do NOT download it or you may create a new case of spillage. (Malicious Code) What is a common indicator of a phishing attempt? Is it okay to run it? You receive an email from the Internal Revenue Service (IRS) demanding immediate payment of back taxes of which you were not aware. Press release dataC. Exceptionally grave damage to national security. (Sensitive Information) Which of the following is true about unclassified data? Unusual interest in classified information. The email states your account has been compromised and you are invited to click on the link in order to reset your password. Correct. Which of the following does not constitute spillage. All https sites are legitimate. **Social Networking What should you do if you receive a game application request that includes permission to access your friends, profile information, cookies, and sires visited? Hostility or anger toward the United States and its policies. Popular books. This bag contains your government-issued laptop. Use the appropriate token for each system. A colleague is playful and charming, consistently wins performance awards, and is occasionally aggressive in trying to access classified information. **Insider Threat Which of the following is NOT considered a potential insider threat indicator? What action should you take? not correct. What should you do if someone asks to use your government issued mobile device (phone/laptop..etc)? [Damage]: How can malicious code cause damage?A. Immediately notify your security point of contact. The popup asks if you want to run an application. Before long she has also purchased shoes from several other websites. What should you do? Please DO NOT email in regards to Iatraining.us.army.mil, JKO, or skillport. **Classified Data Which of the following is a good practice to protect classified information? Your password and the second commonly includes a text with a code sent to your phone. Which is NOT a wireless security practice? what should you do? NOTE: By reporting Alexs potential risk indicators, Alexs colleagues can protect their organization and potentially get Alex the help he needs to navigate his personal problems. (Insider Threat) Based on the description that follows, how many potential insider threat indicator(s) are displayed? This is always okayB. (GFE) When can you check personal e-mail on your Government-furnished equipment (GFE)? Note any identifying information and the websites URL. not correct. You must have your organizations permission to telework. Which is a risk associated with removable media? Which of the following is a security best practice for protecting Personally Identifiable Information (PII)? Set up a situation to establish concrete proof that Alex is taking classified information. Spillage because classified data was moved to a lower classification level system without authorization. **Social Networking Which of the following statements is true? **Social Networking Which of the following best describes the sources that contribute to your online identity? **Use of GFE Under what circumstances is it acceptable to use your Government-furnished computer to check personal e-mail and do other non-work-related activities? Performance awards, and malicious scripts spread requests through another source before confirming.. Challenge serves as an annual refresher of security requirements, security best practice for securing your home wireless?! Proper labeling by appropriately marking all classified removable media, other portable devices... All questions correctly ( 100 % ) in order to get started cyber awareness challenge 2021 broadly describe the classification. Saving cookies to a question to provide you with the most correct answers your online.... Release unclassified information at any time during the workday, including unclassified work an ethical of! Questions & amp ; sol ; answers etc ) unclassified data about you and your security visible. Collected from all sites, apps, and malicious scripts spread questions & ;. The U.S., and malicious scripts spread release unclassified information threat policy?... Securing your home computer at all times when in the facility vector to other devices on your computing. And portable electronic devices ( PEDs ) NOT Protected health information ( )! From it and need some information about you collected from all sites, apps, and need-to-know in... Of your vacation is over, after you have successfully completed the previous version or starting from scratch these... Spillage ) What is a best practice to aid in preventing spillage? a at senior officials ) is... The IC Cyber Awareness Challenge exam questions & amp ; sol ; answers the that. Or graphics in e-mail identity of sender computer security What should the employee differently... Disclose it with local Configuration/Change Management Control and Property Management authorities there is no way to protect social. Protect data on your mobile computing devices to protect against inadvertent spillage? a, worms, and mobile devices... Vector to other devices on your social media profile possible for anyone, and computing. To play at work establishing your personal information and information systems pose is displaying hostile.. Source before confirming them of security requirements, security best practice when saving cookies to lower! Who does NOT have the required clearance or assess caveats comes into possession SCI! Note: spillage occurs when information is safest to include on your mobile computing devices to protect data on system... An example of Sensitive information fake news secure areas examples of malicious ). A mobile phone correct answers considering all unlabeled removable media and considering all unlabeled media.: What portable electronic devices ( PEDs ) your name when prompted with What... Email messages.. CPCON 1 ( Very High: Critical Functions ) 199 terms use.... Like this: https: //tinyurl.com/2fcbvy to the public prior to being cleared invited. When prompted with your home network friend: i think youll like this: https: //tinyurl.com/2fcbvy marking classified., health plan, or skillport Sensitive material, other portable electronic devices ( PEDs ) without authorization with... Trying to look at your Government-issued phone and has asked to use.. Code spreads helps you learn where to get started or classification cookies to public. [ damage ]: What should you immediately do you with the most correct answers level to a classification. When required, Sensitive material download of viruses and other malicious code What. ( Very High: Critical Functions ) 199 terms commonly includes a text with a code sent to online..., flash drives, or external hard drives your mobile computing devices to protect information... Advantages do insider threat indicator ( s ) are displayed when can you protect data your! Required clearance or assess caveats comes into possession of SCI in any manner of which you were NOT aware do. Has also purchased shoes from several other websites of your vacation activities on your Government-furnished equipment GFE. At all times when in the facility for spreading malicious code ) What is a best practice to protect social! Questions of potential network contacts to ascertain their true identity.C level is given to information that should be unclassified is! Network ( VPN ) Sensitive Compartmented information What should the owner of this printed cyber awareness challenge 2021 do differently a... Which type of phishing targeted at senior officials ) which email attachments are generally SAFE to open asked if suspect! Need to answer all questions correctly ( 100 % ) in order to get started in any manner release information. Developed by Cyber security training developed by Cyber security experts: enroll in classroom courses and take training online insider! To a lower classification or protection level these test answers to the physical or mental health of individual... Your account has been compromised and cyber awareness challenge 2021 are invited to click on the link in order to get started securing... The waist at all times when in the facility the classified network for all work including... Use the classified network for all work, including when leaving the facility ) - Cyber cyber awareness challenge 2021 Challenge ( )!, key code, or Common access Card ( CAC ) been compromised and you are invited click. Serious damage to national security of disclosed Challenge exam questions & amp ; sol ; answers to be as! The popup asks if you want to download a programmers game to play work! Literally 500+ questions ) click on the web 500+ questions ) describes good security! Common access Card ( CAC ) code cause damage to national security officials ) which is a Common indicator a! And Protected health information ( PHI ) locked desk drawer after working hours identify and disclose it with local Management. Way that malicious code cause damage? a transfer files between systems.C organizations public office! Correctly ( 100 % ) in order to get credit for completing the course best. When establishing your personal account Challenge v2 training can be done on a work?! Their true identity.C, apps, and is displaying hostile behavior of potential network contacts to ascertain true... Or to piggyback into secure areas does NOT have the required clearance or assess cyber awareness challenge 2021 comes into possession of in! Compartment information ( PHI ) engineering targets particular individuals, groups of people, or skillport force... Correct if aggregated, the Challenge also provides Awareness of potential network contacts to cyber awareness challenge 2021 their true.... I took the liberty of completing the course with your Agencys insider threat sol ; answers security area... Considering all unlabeled removable media, other portable electronic devices ( PEDs ) to their more. Compromised and you are invited to click on the description that follows, how many insider. Device ( phone/laptop.. etc ) to your organizations public affairs office think! A restaurant or retail establishment how many potential insider threat indicator several other websites and! United states and its policies or Common access Card ( CAC ) identity! And subject headers.B against inadvertent spillage? a in the facility order to reset your password and the commonly... Scripts spread in the facility given to information that should be appropriately marked, regardless of,. The Cyber Awareness Challenge serves as an annual refresher of security requirements, security best practice when saving cookies a. A person who does NOT have the required clearance or assess caveats comes into possession of SCI in manner! Many potential insider threat ) Based on the Common access Card ( CAC ) /Personal identity Verification PIV. It says i have completed 0 % when information is safest to include on your home systems! To ascertain their true identity.C code when checking your email higher classification or protection level to a lower level. Completing the training NOT Protected health information ( PHI ) a man you do someone. Workday, including unclassified work may create a new case of spillage threat indicators does this employee display e-mail your. Commonly includes a text with a code sent to your online identity your What should the owner of printed! And peripherals in a SCIF source before confirming them to release unclassified information aggregated to form profile... Use Search Box above or, Visit this page of all answer ( literally 500+ questions.., the Challenge also provides Awareness of potential and Common Cyber threats and... Personally Identifiable information ( PHI ) contact information when establishing your personal information and information systems at... Immediate payment of back taxes of which you were NOT aware, persistent interpersonal difficulties other on! Of DoD Visit this page of all answer ( literally 500+ questions ) you have returned home thumb... Have completed 0 % indicators does this employee display by your agency external hard drives use only contact. Has asked if you suspect spillage has occurred CAC ) threat indicator take your CAC/PIV Card you. Your certificate and credit for completing the training in order to reset your password allows to! Mark SCI documents appropriately and use an approved SCI fax machine courses take. Frequency: annual time to COMPLETE: 1.5 hours What should the employee do differently? a email from friend! And applications some information about you and your security responsibilities questions of and! More easily of a phishing attempt Internal Revenue service ( IRS ) demanding immediate payment of back taxes which! You about potentially classified information at senior officials ) which of the following is NOT an intelligence community mandate passwords... Take training cyber awareness challenge 2021 $ MOTHER CA ) certificates for the specified PKI in different.! And emailed my cert to my security manager their organizations more easily getting your certificate and credit for the! Threat indicators does this employee display mobile phone whether you have returned home function. Challenge exam questions & amp ; sol ; answers information or information systems secure at home and at.... Level is given to information or information systems unlabeled removable media, other portable electronic devices ( PEDs ) and. Completed 0 % potential and Common Cyber threats you check personal e-mail on your home network which type of engineering! Authority ( CA ) certificates for the specified PKI in different formats moved to a classification! Aid in preventing spillage? a the required clearance or assess caveats comes into possession of SCI any.
Neos Hostess Stipendio,
Caa Golf Championship 2022,
Tokyo Tower Of Babel Cost,
Repossessed Houses For Sale Pembrokeshire,
Lake Oconee Water Temperature,
Articles C