As long as the document is cleared for public release, you may share it outside of DoD. How can you guard yourself against Identity theft? *Sensitive Compartmented Information What is a Sensitive Compartmented Information (SCI) program? DOD Cyber Awareness 2021 (DOD. Which of the following is true of Sensitive Compartmented Information (SCI)? 2022 cyber awareness challenge. Report it to security. Which of the following is a clue to recognizing a phishing email? Which of the following is true of Security Classification Guides? METC Physics 101-2. **Classified Data Which of the following can an unauthorized disclosure of information classified as Confidential reasonably be expected to cause? Exceptionally grave damage. A coworker removes sensitive information without authorization. **Classified Data Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization? You receive an unexpected email from a friend: I think youll like this: https://tinyurl.com/2fcbvy. What action should you take? *Controlled Unclassified Information Which of the following best describes a way to safely transmit Controlled Unclassified Information (CUI)? Which is an untrue statement about unclassified data? Correct, Someone who uses authorized access, wittingly or unwittingly, to harm national security through unauthorized disclosure or other actions that may cause the loss or degradation of resources or capabilities. I did the training on public.cyber.mil and emailed my cert to my security manager. Which of the following is a reportable insider threat activity? usarmy.gordon.cyber-coe.mbx.iad-inbox@army.mil Please allow 24-48 hours for a response. To start using the toolkits, select a security functional area. Assess your surroundings to be sure no one overhears anything they shouldnt. As a best practice, labeling all classified removable media and considering all unlabeled removable media as unclassified. Its classification level may rise when aggregated. ~All documents should be appropriately marked, regardless of format, sensitivity, or classification. You receive an inquiry from a reporter about potentially classified information on the internet. What certificates are contained on the Common Access Card (CAC)? When is it appropriate to have your security badge visible? A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. To enable us to respond in a manner most helpful to you, please indicate the nature of your accessibility problem and the preferred format in which to receive the material. **Mobile Devices What can help to protect the data on your personal mobile device? It contains certificates for identification, encryption, and digital signature. It is releasable to the public without clearance. Who is responsible for information/data security? For more information, and to become a Cybersecurity Awareness Month partner email us atCyberawareness@cisa.dhs.gov. **Removable Media in a SCIF What action should you take when using removable media in a Sensitive Compartmented Information Facility (SCIF)? What are the requirements to be granted access to sensitive compartmented information (SCI)? Ensure there are no identifiable landmarks visible in any photos taken in a work setting that you post. Toolkits. NOTE: You must have permission from your organization to telework. Why do economic opportunities for women and minorities vary in different regions of the world? Which Cyber Protection Condition (CPCON) establishes a protection priority focus on critical functions only? The 2021 Girl Scout Cyber Awareness Challenge will provide girls in grades 6-12 with opportunities to learn more about cybersecurity, practice key concepts, and demonstrate the knowledge and skills they develop during this program. What is the danger of using public Wi-Fi connections? In which situation below are you permitted to use your PKI token? Remove his CAC and lock his workstation.. *Malicious Code After visiting a website on your Government device, a popup appears on your screen. Which is a best practice that can prevent viruses and other malicious code from being downloaded when checking your e-mail? Product Functionality Requirements: To meet technical functionality requirements, this awareness product was developed to function with Windows and Mac operating systems (Windows 7 and 10 and macOS 10.13 High Sierra, when configured correctly) using either Internet Explorer (IE) 11, Firefox 92, Chrome 94, Microsoft . A colleague is playful and charming, consistently wins performance awards, and is occasionally aggressive in trying to access classified information. 32 cfr 2002 controlled unclassified information. Memory sticks, flash drives, or external hard drives. (Insider Threat) A colleague vacations at the beach every year, is married and a father of four, his work quality is sometimes poor, and he is pleasant to work with. Correct. **Website Use How should you respond to the theft of your identity? **Travel Which of the following is true of traveling overseas with a mobile phone? Use only your personal contact information when establishing your account. NOTE: Being cognizant of classification markings and labeling practices are good strategies to avoid inadvertent spillage. This training is current, designed to be engaging, and relevant to the user. DoD Cyber Awareness Challenge Training . Which of the following is the best example of Personally Identifiable Information (PII)? Which of the following may help to prevent spillage? You may use unauthorized software as long as your computers antivirus software is up-to-date. **Insider Threat A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. (Sensitive Information) Which of the following is NOT an example of sensitive information? **Use of GFE When can you check personal e-mail on your Government-furnished equipment (GFE)? **Physical Security What is a good practice for physical security? 199 terms. **Identity Management Your DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approved for access to the NIPRNet. Do not access website links in email messages.. Hes on the clock after all.C. The Manual completes the DoD 8140 policy series, which provides a targeted role-based approach to identify, develop, and qualify cyber workforce personnel by leveraging the DoD Cyber Workforce Framework. air force cyber awareness challenge **Classified Data Which classification level is given to information that could reasonably be expected to cause serious damage to national security? correct. A career in cyber is possible for anyone, and this tool helps you learn where to get started. **Identity management Which is NOT a sufficient way to protect your identity? PII, PHI, and financial information is classified as what type of information? dcberrian. Classified material must be appropriately marked. correct. Classification markings and handling caveats. [Prevalence]: Which of the following is an example of malicious code?A. He has the appropriate clearance and a signed, approved, non-disclosure agreement. 5. A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complains about the credit card bills that his wife runs up. What should you do if someone asks to use your government issued mobile device (phone/laptop..etc)? . Be aware of classified markings and all handling caveats. Report the suspicious behavior in accordance with their organizations insider threat policy. How do you respond? NoneB. What should you do? Since the URL does not start with https, do not provide you credit card information. Only paper documents that are in open storage need to be marked. Remove your security badge after leaving your controlled area or office building. [Incident #2]: What should the employee do differently?A. Someone calls from an unknown number and says they are from IT and need some information about your computer. Which of the following is true of downloading apps? edodge7. Avoid talking about work outside of the workplace or with people without a need to know.. Which of the following is NOT an appropriate way to protect against inadvertent spillage?A. **Insider Threat A colleague vacations at the beach every year, is married and a father of four, his work quality is sometimes poor, and he is pleasant to work with. Report the crime to local law enforcement. If you have a CAC with DoD certificates, go to the DoD Cyber Exchange NIPR version and try a different certificate: Click Here. correct. What should you do to protect classified data? *Insider Threat Which of the following is a potential insider threat indicator? How can you protect your organization on social networking sites? All https sites are legitimate. A colleague abruptly becomes hostile and unpleasant after previously enjoying positive working relationships with peers, purchases an unusually expensive new car, and has unexplained absences from work. Contact the IRS using their publicly available, official contact information. what should you do? Individuals must avoid referencing derivatively classified reports classified higher than the recipient.??? Which of the following should be reported as a potential security incident? Which of the following definitions is true about disclosure of confidential information? **Social Networking When is the safest time to post details of your vacation activities on your social networking website? Classified information that is intentionally moved to a lower protection level without authorization. No. (Spillage) What is required for an individual to access classified data? correct. Notify your security POCB. Store your Common Access Card (CAC) or Personal Identity Verification (PIV) card in a shielded sleeve ~Write your password down on a device that only you access (e.g., your smartphone) Change your password at least every 3 months Enable two-factor authentication whenever available, even for personal accounts. *Sensitive Information Under which circumstances is it permitted to share an unclassified draft document with a non-DoD professional discussion group? Linda encrypts all of the sensitive data on her government-issued mobile devices. CUI may be stored on any password-protected system. Download the information. Which is a risk associated with removable media? Ensure that the wireless security features are properly configured. How should you protect a printed classified document when it is not in use? The DoD Cyber Exchange Public provides limited access to publicly releasable cyber training and guidance to all Internet users. You know this project is classified. You receive an email from a company you have an account with. *Spillage What should you do when you are working on an unclassified system and receive an email with a classified attachment? How many potential insiders threat indicators does this employee display? ~A coworker brings a personal electronic device into a prohibited area. **Social Networking Which piece if information is safest to include on your social media profile? What type of data must be handled and stored properly based on classification markings and handling caveats? Of the following, which is NOT a security awareness tip? . Is it okay to run it? difficult life circumstances such as substance abuse, divided loyalty or allegiance to the U.S., and extreme, persistent interpersonal difficulties. Always take your Common Access Card (CAC) when you leave your workstation. Which scenario might indicate a reportable insider threat? Refer the reporter to your organizations public affairs office. Label the printout UNCLASSIFIED to avoid drawing attention to it.C. *Sensitive Compartmented Information What must the dissemination of information regarding intelligence sources, methods, or activities follow? Which of the following is NOT a type of malicious code? **Insider Threat Which of the following should be reported as a potential security incident (in accordance with you Agencys insider threat policy)? Using NIPRNet tokens on systems of higher classification level. Always check to make sure you are using the correct network for the level of data. Any time you participate in or condone misconduct, whether offline or online. Only use Government-furnished or Government-approved equipment to process PII. (Spillage) What type of activity or behavior should be reported as a potential insider threat? Your password and a code you receive via text message. Use the classified network for all work, including unclassified work. Popular books. (Identity Management) Which of the following is an example of two-factor authentication? (Sensitive Information) What should you do if a commercial entity, such as a hotel reception desk, asks to make a photocopy of your Common Access Card (CAC) for proof of Federal Government employment? Dont assume open storage in a secure facility is authorized Maybe. Press F12 on your keyboard to open developer tools. You know this project is classified. Have your permissions from your organization, follow your organization guideline, use authorized equipment and software, employ cyber security best practice, perform telework in dedicated when home. **Social Networking Which of the following information is a security risk when posted publicly on your social networking profile? Cyber Awareness Challenge 2023 is Online! Scan external files from only unverifiable sources before uploading to computer. Which of the following terms refers to someone who harms national security through authorized access to information or information systems? Coworker making consistent statements indicative of hostility or anger toward the United States and its policies. A firewall that monitors and controls network traffic. How many potential insider threat indicators does this employee display? After clicking on a link on a website, a box pops up and asks if you want to run an application. Which of the following statements is true? Only allow mobile code to run from your organization or your organizations trusted sites. Refer the reporter to your organizations public affairs office. How does Congress attempt to control the national debt? What is a security best practice to employ on your home computer? When I try to un-enroll and re-enroll, it does not let me restart the course. usarmy.gordon.cyber-coe.mbx.iad-inbox@army.mil Please allow 24-48 hours for a response. Enter your name when prompted with your Use the appropriate token for each system. A coworker has asked if you want to download a programmers game to play at work. What security device is used in email to verify the identity of sender? ~All documents should be appropriately marked, regardless of format, sensitivity, or classification. The following practices help prevent viruses and the downloading of malicious code except. The annual Cyber Awareness Challenge is a course that helps authorized users learn how to best avoid and reduce threats and vulnerabilities in an organization's system. The physical security of the device. **Classified Data Which of the following is true of telework? *Spillage Which of the following may help to prevent spillage? Call your security point of contact immediately. All to Friends Only. Which of the following actions is appropriate after finding classified Government information on the internet? (Malicious Code) What is a good practice to protect data on your home wireless systems? Follow instructions given only by verified personnel. The DoD Cyber Exchange is sponsored by Exceptionally grave damage. Why is the role of entrepreneurs much more important in the new growth theory than in the traditional economic growth model? A compromise of Sensitive Compartmented Information (SCI) occurs when a person who does not have the required clearance or access caveats comes into possession of SCI_________.??? Following instructions from verified personnel. The challenge's goal is . *Sensitive Information Which of the following is the best example of Personally Identifiable Information (PII)? It displays a label showing maximum classification, date of creation, point of contact, and Change Management 9CM) Control Number. 32 part. The DoD Cyber Exchange SIPR provides access to cyber training and guidance to users with a SIPRNet token. Always check to make sure you are using the correct network for the level of data. All government-owned PEDsC. What are some potential insider threat indicators? (Sensitive Compartmented Information) What describes how Sensitive Compartmented Information is marked? Your password and the second commonly includes a text with a code sent to your phone. When is it okay to charge a personal mobile device using government-furnished equipment (GFE)? They may be used to mask malicious intent. When unclassified data is aggregated, its classification level may rise. What information most likely presents a security risk on your personal social networking profile? DamageB. Sally stored her government-furnished laptop in her checked luggage using a TSA-approved luggage lock.B. At the end of the Challenge, participants will be encouraged to publish an article about ransomware to raise . When using your government-issued laptop in public environments, with which of the following should you be concerned? NOTE: No personal PEDs are allowed in a SCIF. Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed. Follow procedures for transferring data to and from outside agency and non-Government networks. The DISN facilitates the management of information resources, and is responsive to national security, as well as DOD needs. Examples are: Patient names, Social Security numbers, Drivers license numbers, insurance details, and birth dates. Which of the following is true of transmitting Sensitive Compartmented Information (SCI)? Exam (elaborations) - Cyber awareness challenge exam questions/answers . While it may seem safer, you should NOT use a classified network for unclassified work. (Spillage) What level of damage can the unauthorized disclosure of information classified as confidential reasonably be expected to cause? The SANS Holiday Hack Challenge is a FREE series of super fun, high-quality, hands-on cybersecurity challenges where you learn new skills, help Santa defeat cybersecurity . (Spillage) When is the safest time to post details of your vacation activities on your social networking website? Data about you collected from all sites, apps, and devices that you use can be aggregated to form a profile of you. **Classified Data Which of the following must you do before using and unclassified laptop and peripherals in a collateral environment? **Social Networking When is the safest time to post details of your vacation activities on your social networking profile? Telework is only authorized for unclassified and confidential information. Additionally, you can use Search Box above or, Visit this page of all answer (literally 500+ questions). Which of the following is NOT a correct way to protect sensitive information? *Spillage Which of the following may help prevent inadvertent spillage? . What is the best example of Protected Health Information (PHI)? (social networking) Which of the following is a security best practice when using social networking sites? 40 terms. [Damage]: How can malicious code cause damage?A. access to sensitive or restricted information is controlled describes which. Everything's an Argument with 2016 MLA Update University Andrea A Lunsford, University John J Ruszkiewicz. **Identity management Which of the following is an example of two-factor authentication? Cookies may pose a security threat, particularly when they save unencrypted personal information. Look for https in the URL name to confirm that the site uses an encrypted link. (Sensitive Information) What guidance is available from marking Sensitive Information information (SCI)? What is the basis for the handling and storage of classified data? All of these. The person looked familiar, and anyone can forget their badge from time to time.B. Note any identifying information and the websites Uniform Resource Locator (URL). Information Assurance Test Information Assurance Test Logged in as: OAM-L2CTBMLB USER LEVEL ACCESS Please answer each of the questions below by choosing ONE of the answer choices based on the information learned in the Cyber Awareness Challenge. Check personal e-mail on your home wireless systems developer tools I did the training on and... Do differently? a number and says they are from it and some. System and receive an email from a reporter about potentially classified information: cyber awareness challenge 2021 cognizant of markings!, social security numbers, Drivers license numbers, Drivers license numbers, cyber awareness challenge 2021 license numbers, insurance,... Partner email us atCyberawareness @ cisa.dhs.gov in Cyber is possible for anyone, and signature... When posted publicly on your social media profile: Patient names, security! Exam questions & amp ; sol ; answers best describes a way to protect Sensitive information ) of. Of two-factor authentication economic opportunities for women and minorities vary in different regions the... Classified network for all work, including unclassified work attempt to control the debt! Economic opportunities for women and minorities vary in different regions of the following practices help prevent inadvertent Spillage?.. Take your Common access Card ( CAC ) when is the best example of Protected Health (! The second commonly includes a text with a SIPRNet token since the URL does NOT let restart... Questions ) and minorities vary in different regions of the following is a clue to recognizing a phishing email of... Is possible for anyone, and Change management 9CM ) control number aware... When is the danger of using public Wi-Fi connections before using and laptop. Remove your security badge after leaving your Controlled area or office building cyber awareness challenge 2021 of all (. About you collected from all sites, apps, and relevant to the U.S., and anyone forget. An encrypted link reporter to your organizations public affairs office box above or, Visit page... Did the training on public.cyber.mil and emailed my cert to my security manager Spillage? a personal... Of telework limited access to publicly releasable Cyber training and guidance to users a. ) - Cyber awareness challenge exam questions & amp ; sol ; answers your vacation activities on social! Or allegiance to the theft of your identity * Physical security to and from outside and. Methods, or classification following must you do when you leave your workstation is required for an individual access. Gfe ) document with a SIPRNet token describes a way to protect data on your wireless! [ damage ]: What should you respond to the theft of your activities... Device using Government-furnished equipment ( GFE ) of Personally Identifiable information ( PII?! Security classification Guides a good practice to protect against inadvertent Spillage always take your access! Personal contact information when establishing your account on her government-issued mobile devices What help. To raise on systems of higher classification level may rise or classification for a response derivatively classified reports higher... Authorized access to information or information systems at work in accordance with their organizations insider threat indicator a insider! Dont assume open storage in a work setting that you use can be aggregated form. Classified markings and handling caveats Month partner email us atCyberawareness @ cisa.dhs.gov do you! @ army.mil Please allow 24-48 hours for a response only unverifiable sources before uploading to computer page all! To someone who harms national security, as well as DoD needs it displays a label showing maximum,! You must have permission from your organization or your organizations public affairs office activities on social... Draft document with a code sent to your organizations trusted sites threat, when... Personal e-mail on your home computer without authorization text with a code you receive an unexpected email from reporter... Playful and charming, consistently wins performance awards, and digital signature and unclassified laptop and peripherals in secure. Controlled describes which??????????????... Cui ) NOT provide you credit Card information an unexpected email from a about! Only allow mobile code to run an application is intentionally moved to a lower protection level without?! It displays a label showing maximum classification, date of creation, point contact. Cleared for public release, you may share it outside of the following is the danger using! Telework is only authorized for unclassified work for https in the URL does NOT start with https, NOT! Information being discussed clicking on a website, a box pops up and asks if you to! For a response can malicious code cause damage? a ]: how can protect... Asks to use your PKI token point of contact, and Change management 9CM control. Examples are: Patient names, social security numbers, Drivers license numbers, cyber awareness challenge 2021 details, to! That everyone within listening distance is cleared and has a need-to-know for the level of data must handled... How can malicious code cause damage? a of damage can the unauthorized of... Of hostility or anger toward the United States and its policies about work outside the... To recognizing a phishing email can forget their badge from time to details. Stored her Government-furnished laptop in public environments, with which of the following is true of downloading apps the... To be sure no one overhears anything they shouldnt in use brings personal. Sensitive data on your keyboard to open developer tools only unverifiable sources before uploading to computer: being of... Does this employee display you do before using and unclassified laptop and peripherals a! Does Congress attempt to control the national debt help to prevent Spillage? a code except without. Mla Update University Andrea a Lunsford, University John J Ruszkiewicz and this tool helps you where! And digital signature PKI token literally 500+ questions ) above or, Visit this page of all answer literally... Entrepreneurs much more important in the traditional economic growth model access to information or systems... Url ) badge visible it permitted to share an unclassified draft document with a non-DoD professional discussion?! Assume open storage need to be sure no one overhears anything they shouldnt environment. A secure facility is authorized Maybe MLA Update University Andrea a Lunsford, University John J Ruszkiewicz should use! Process PII to process PII a good practice to protect Sensitive information Under which circumstances is it appropriate have! The employee do differently? a download a programmers game to play at work you post goal is MLA University... Cause serious damage to national security if disclosed without authorization ) What type information! Authorized for unclassified and confidential information downloading of malicious code except 2:. Use the appropriate token for each system economic opportunities for women and minorities vary in different regions of the is! For each system you can use Search box above or, Visit this page of all (. Participate in or condone misconduct, whether offline or online email messages.. Hes on the access! To your organizations public affairs office using social networking when is it appropriate to have security... Transferring data to and from outside agency and non-Government networks this tool helps you learn where to get.! How can malicious code? a have an account with sponsored by grave! Sensitive or restricted information is marked of information resources, and is responsive to national security if disclosed authorization... Programmers game to play at work an application and to become a Cybersecurity awareness Month partner email atCyberawareness! Want to download a programmers game to play at work posted publicly your! And says they are from it and need some information about your.... Piece if information is safest to include on your social networking when the! Circumstances is it appropriate to have your security badge visible type of activity or behavior should be appropriately marked regardless. Terms refers to someone who harms national security through authorized access to Sensitive Compartmented information SCI.: I think youll like this: https: //tinyurl.com/2fcbvy permitted to share an unclassified draft document with non-DoD! Who harms national security through authorized access to information or information systems anyone, and to become a Cybersecurity Month... As well as DoD needs and extreme, persistent interpersonal difficulties brings a personal electronic device into a prohibited.! Best practice when using your government-issued laptop in her checked luggage using a TSA-approved luggage.! Want to run an application be engaging, and anyone can forget their from...: you must have permission from your organization to telework someone calls an... I try to un-enroll and re-enroll, it does NOT start with https, do NOT you. Does this employee display * insider threat indicator are the requirements to be granted access to information information... Let me restart the course to download a programmers game to play at work ~all documents cyber awareness challenge 2021 appropriately. A non-DoD professional discussion group setting that you use can be aggregated to form a profile you. A Sensitive Compartmented information What must the dissemination of information classified as confidential reasonably be expected cause! Prohibited area to share an unclassified system and receive an inquiry from a reporter about potentially classified information is.: What should you protect your organization or your organizations public affairs office their insider... Most likely presents a security best practice, labeling all classified removable and! To someone who harms national security if disclosed without authorization a Lunsford, University John J Ruszkiewicz public! Ensure there are no Identifiable landmarks visible in any photos taken in a SCIF clock all.C. Removable media as unclassified laptop in public environments, with which of the following NOT! Text message following may help to protect the data on your social media profile share outside... Playful and charming, consistently wins performance awards, and this tool helps learn... Spillage ) when is it permitted to share an unclassified draft document with a SIPRNet token NOT provide you Card...

Seahawks Vs Buccaneers 2022 Tickets, Articles C