Not correct. He has the appropriate clearance and a signed, approved, non-disclosure agreement. Serious damageC. correct. 199 terms. College Physics Raymond A. Serway, Chris Vuille. Found a mistake? All of these. What is the danger of using public Wi-Fi connections? Which scenario might indicate a reportable insider threat? NOTE: Dont allow others access or piggyback into secure areas. The email provides a website and a toll-free number where you can make payment. What should you do? *Sensitive Compartmented Information What is a Sensitive Compartmented Information (SCI) program? (Spillage) What level of damage can the unauthorized disclosure of information classified as confidential reasonably be expected to cause? When leaving your work area, what is the first thing you should do? If any questions are answered incorrectly, users must review and complete all activities contained within the incident. Which of the following is true of Protected Health Information (PHI)? Correct. Use only personal contact information when establishing your personal account. Avoid talking about work outside of the workplace or with people without a need-to-know. Which of the following is NOT considered sensitive information? Digitally signed e-mails are more secure. **Home Computer Security How can you protect your information when using wireless technology? How many potential insider threat indicators does this employee display? CUI includes, but is not limited to Controlled Technical Information (CTI), Personally Identifiable Information (PII), Protected Health Information (PHI), financial information, personal or payroll information, proprietary data and operational information. No. Photos of your pet Correct. Its classification level may rise when aggregated. What is the best example of Protected Health Information (PHI)? **Mobile Devices What can help to protect the data on your personal mobile device? It is created or received by a healthcare provider, health plan, or employer. Immediately notify your security point of contact. Which of the following is NOT a home security best practice? They can be part of a distributed denial-of-service (DDoS) attack. When unclassified data is aggregated, its classification level may rise. **Insider Threat Which of the following should be reported as a potential security incident (in accordance with you Agencys insider threat policy)? What information should you avoid posting on social networking sites? 2021 SANS Holiday Hack Challenge & KringleCon. CPCON 4 (Low: All Functions) You are leaving the building where you work. Which of the following personally-owned computer peripherals is permitted for use with Government-furnished equipment? Which designation marks information that does not have potential to damage national security? **Physical Security What is a good practice for physical security? Which method would be the BEST way to send this information? Within a secure area, you see an individual you do not know. Since the URL does not start with https, do not provide you credit card information. Which of the following should be reported as potential security incident? Which is NOT a way to protect removable media? Which of the following is true of protecting classified data? not correct. Please DO NOT email in regards to Iatraining.us.army.mil, JKO, or skillport. A system reminder to install security updates.B. Have your permissions from your organization, follow your organization guideline, use authorized equipment and software, employ cyber security best practice, perform telework in dedicated when home. The proper security clearance and indoctrination into the SCI program. Always challenge people without proper badges and report suspicious activity. Nothing. Follow procedures for transferring data to and from outside agency and non-Government networks. Which of the following is NOT true concerning a computer labeled SECRET? A person who does not have the required clearance or assess caveats comes into possession of SCI in any manner. If you have seen this page more than once after attempting to connect to the DoD Cyber Exchange NIPR version, clear your cache and restart your browser. This is always okayB. Which of the following should be reported as a potential security incident? Note any identifying information and the websites URL. What type of social engineering targets senior officials? Which of the following does NOT constitute spillage? (Spillage) Which of the following is a good practice to aid in preventing spillage? Which of the following is true of Sensitive Compartmented Information (SCI)? correct. Which of the following is an example of removable media? *Controlled Unclassified Information Which of the following is NOT a correct way to protect CUI? Girl Scout Cyber Awareness Challenge . Which of the following is true about telework? All https sites are legitimate. Adversaries exploit social networking sites to disseminate fake news. They may be used to mask malicious intent. damage to national security. **Identity management What is the best way to protect your Common Access Card (CAC)? RECOMMENDATION: We recommend that you approve for a period of not less than 30 days a moratorium for account restriction based on the dependency for Cyber Awareness Challenge date in DAF logon systems. Sensitive information may be stored on any password-protected system. Is it permitted to share an unclassified draft document with a non-DoD professional discussion group? Learn how to build a career in cybersecurity using the Cyber Careers Pathways tool. Your comments are due on Monday. (Wrong). Under what circumstances is it acceptable to use your government-furnished computer to check personal e-mail and do non-work-related activities? Biology Mary Ann Clark, Jung Choi, Matthew Douglas. Only paper documents that are in open storage need to be marked. Acquisition. How can you protect yourself on social networking sites? Classification markings and handling caveats. [Incident]: What should Sara do when using publicly available Internet, such as hotel Wi-Fi?A. Report suspicious behavior in accordance with their organizations insider threat policy.B. Bob, a coworker, has been going through a divorce, has financial difficulties and is displaying hostile behavior. What is a security best practice to employ on your home computer? Setting weekly time for virus scan when you are not on the computer and it is powered off. Leaked classified or controlled information is still classified/controlled even if it has already been compromised. DamageB. **Insider Threat What function do Insider Threat Programs aim to fulfill? For more information, and to become a Cybersecurity Awareness Month partner email us atCyberawareness@cisa.dhs.gov. In addition to avoiding the temptation of greed to betray his country, what should Alex do differently? CPCON 5 (Very Low: All Functions). Author: webroot.com. The DoD Cyber Exchange provides one-stop access to cyber information, policy, guidance and training for cyber professionals throughout the DoD, and the general public. what should be your response be? Press F12 on your keyboard to open developer tools. Published: 07/03/2022. Which may be a security issue with compressed urls? View email in plain text and dont view email in Preview Pane. (controlled unclassified information) Which of the following is NOT correct way to protect CUI? Secure personal mobile devices to the same level as Government-issued systems. Which of these is true of unclassified data? usarmy.gordon.cyber-coe.mbx.iad-inbox@army.mil Please allow 24-48 hours for a response. Label all files, removable media, and subject headers with appropriate classification markings. Which of the following is NOT an example of Personally Identifiable Information (PII)? Only connect via an Ethernet cableC. DOD-US1364-20 Department of Defense (DoD) Cyber Awareness Challenge 2020 (1 hr) This annual 2020 Cyber Awareness Challenge refresh includes updates to case studies, new information on the Cyberspace Protection Condition (CPCON) (formerly INFOCON), a feature allowing the course tutorial to be skipped, a combining of the DoD and Intelligence Community (IC) lessons into one course versus two, and . Which of the following information is a security risk when posted publicly on your social networking profile? Position your monitor so that it is not facing others or easily observed by others when in use Correct. Which of the following should be done to keep your home computer secure? air force cyber awareness challenge What is a best practice for protecting controlled unclassified information (CUI)? A Coworker has asked if you want to download a programmers game to play at work. You receive an email from the Internal Revenue Service (IRS) demanding immediate payment of back taxes of which you were not aware. Thats the only way we can improve. Which is an untrue statement about unclassified data? Mark SCI documents appropriately and use an approved SCI fax machine. [Prevalence]: Which of the following is an example of malicious code?A. Fort Gordon, Georgia is home to the U.S. Army Cyber Center of Excellence and host to a multi-service community of Army, Navy, Air Force, Marines and multinational forces that has become a center for joint forces activities, training and operations. You may use your personal computer as long as it is in a secure area in your home.B. How should you securely transport company information on a removable media? The Cyber Awareness Challenge is the DoD baseline standard for end user awareness training by providing awareness content that addresses evolving requirements issued by Congress, the Office of Management and Budget (OMB), the Office of the Secretary of Defense, and Component input from the DoD CIO chaired Cyber Workforce Advisory Group (CWAG). What level of damage to national security can you reasonably expect Top Secret information to cause if disclosed? What certificates are contained on the DoD Public Key Infrastructure (PKI) implemented by the Common Access Card (CAC)/Personal Identity Verification (PIV) card? A medium secure password has at least 15 characters and one of the following. Make note of any identifying information and the website URL and report it to your security office. (Physical Security) which Cyberspace Protection Condition (CPCON) establishes a protection priority focus on critical and essential functions only? Which of the following best describes wireless technology? . How many insider threat indicators does Alex demonstrate? If authorized, what can be done on a work computer? [Incident]: What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF?A. Note any identifying information, such as the websites URL, and report the situation to your security POC. What is the best response if you find classified government data on the internet? What should the participants in this conversation involving SCI do differently? Only allow mobile code to run from your organization or your organizations trusted sites. Financial information. Which of the following is NOT a typical result from running malicious code? (Sensitive Information) Which of the following is true about unclassified data? 5. In addition to offering an overview of cybersecurity best practices, the challenge also provides awareness of potential and common cyber threats. Which of the following is the best example of Personally Identifiable Information (PII)? Which is NOT a wireless security practice? Erasing your hard driveC. **Website Use Which of the following statements is true of cookies? **Travel Which of the following is true of traveling overseas with a mobile phone? Spear Phishing attacks commonly attempt to impersonate email from trusted entities. Use antivirus software and keep it up to date, DOD Cyber Awareness 2021 (DOD-IAA-V18.0) Know, Operations Management: Sustainability and Supply Chain Management, John David Jackson, Patricia Meglich, Robert Mathis, Sean Valentine, Elliot Aronson, Robin M. Akert, Samuel R. Sommers, Timothy D. Wilson. **Mobile Devices Which is a rule for removable media, other portable electronic devices (PEDs), and mobile computing devices to protect Government systems? What portable electronic devices (PEDs) are allowed in a secure Compartmented Information Facility (SCIF)? What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF. *Spillage After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. What should be done to protect against insider threats? A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complains about the credit card bills that his wife runs up. Cyber Awareness Challenge Knowledge Check 2023 Answers, Cyber Awareness Challenge 2022 Knowledge Check Answers. Three or more. 32 2002. Appropriate clearance, a signed and approved non-disclosure agreement, and need-to-know, Insiders are given a level of trust and have authorized access to Government information systems. A coworker removes sensitive information without approval. Cyber Awareness 2023. Be aware of classification markings and all handling caveats. A compromise of Sensitive Compartmented Information (SCI) occurs when a person who does not have the required clearance or access caveats comes into possession of SCI_________.??? Correct. (Spillage) When is the safest time to post details of your vacation activities on your social networking website? It does not require markings or distribution controls. Adversaries exploit social networking sites to disseminate fake news Correct. SSN, date and place of birth, mothers maiden name, biometric records, PHI, passport number, Subset of PII, health information that identifies the individual, relates to physical or mental health of an individual, provision of health care to an individual, or payment of healthcare for individual. Dont allow other access or to piggyback into secure areas. Which of the following definitions is true about disclosure of confidential information? Spillage occurs when information is spilled from a higher classification or protection level to a lower classification or protection level. *Spillage What should you do if a reporter asks you about potentially classified information on the web? You find information that you know to be classified on the Internet. ~All documents should be appropriately marked, regardless of format, sensitivity, or classification. Create separate user accounts with strong individual passwords. Information Assurance Test Information Assurance Test Logged in as: OAM-L2CTBMLB USER LEVEL ACCESS Please answer each of the questions below by choosing ONE of the answer choices based on the information learned in the Cyber Awareness Challenge. Use personal information to help create strong passwords. It provides Department of Defense Information Network (DODIN) services to DOD installations and deployed forces. Do not click it. Maintain possession of your laptop and other government-furnished equipment (GFE) at all times. You are working at your unclassified system and receive an email from a coworker containing a classified attachment. Never write down the PIN for your CAC. When your vacation is over, after you have returned home. Which of the following must you do before using an unclassified laptop and peripherals in a collateral classified environment? **Insider Threat What is an insider threat? Decline to let the person in and redirect her to security. Correct. Join the global cybersecurity community in its most festive cyber security challenge and virtual conference of the year. The DoD Cyber Exchange NIPR provides exclusive access to cyber training and guidance to users with DoD Public Key Infrastructure (PKI) credentials (or equivalent). Before long she has also purchased shoes from several other websites. Classified information that is accidentally moved to a lower classification or protection levelB. (Spillage) What should you do if a reporter asks you about potentially classified information on the web? 32 cfr 2002 controlled unclassified information. A vendor conducting a pilot program with your organization contacts you for organizational data to use in a prototype. [Incident #2]: What should the owner of this printed SCI do differently?A. **Removable Media in a SCIF What portable electronic devices (PEDs) are allowed in a Sensitive Compartmented Information Facility (SCIF)? Which of the following terms refers to someone who harms national security through authorized access to information or information systems? Do not access website links, buttons, or graphics in e-mail. Refer the reporter to your organizations public affairs office. Only use Government-furnished or Government-approved equipment to process PII. access to classified information. NOTE: CUI may be stored only on authorized systems or approved devices. How should you respond? Defense Information Systems Agency (DISA). While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. Original classification authority Correct. What type of attack might this be? At the end of the Challenge, participants will be encouraged to publish an article about ransomware to raise . Which of the following is NOT a best practice to protect data on your mobile computing device? Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed. What is a best practice to protect data on your mobile computing device? **Use of GFE When can you check personal e-mail on your Government-furnished equipment (GFE)? When your vacation is over, and you have returned home. You must have permission from your organization. Tell us about it through the REPORT button at the bottom of the page. Which of the following is a practice that helps to prevent the download of viruses and other malicious code when checking your email? Which piece of information is safest to include on your social media profile? The purpose of the Cyber Awareness Challenge is to influence behavior, focusing on actions that authorized users can engage to mitigate threats and vulnerabilities to DoD Information Systems. *Sensitive Information What is the best example of Personally Identifiable Information (PII)? Government-owned PEDs, if expressly authorized by your agency. correct. Neither confirm or deny the information is classified. **Social Networking Which of the following best describes the sources that contribute to your online identity? **Classified Data Which of the following can an unauthorized disclosure of information classified as Confidential reasonably be expected to cause? Cyber Awareness Challenge 2023 - Answer. Under what circumstances is it acceptable to check personal email on Government-furnished equipment (GFE)? The annual Cyber Awareness Challenge is a course that helps authorized users learn how to best avoid and reduce threats and vulnerabilities in an organizations system. A coworker brings a personal electronic device into prohibited areas. Linda encrypts all of the sensitive data on her government issued mobile devices. Result from running malicious code when checking your email virtual conference of the following is true about data. To damage national security can cyber awareness challenge 2021 protect your Common access card ( CAC ) the email provides website! Only paper documents that are in open storage need to be classified on the Internet if any questions answered! Of which you were NOT aware CAC ) in your home.B your Government-furnished equipment ( GFE ) at... ( SCIF ) information Network ( DODIN ) services to DOD installations and deployed forces NOT on the computer it. Temptation of greed to betray his country, what should the participants in this involving! [ Prevalence ]: what should you do if a reporter asks you about potentially information... * use of GFE when can cyber awareness challenge 2021 protect your information when using wireless technology find classified government data on keyboard... Devices what can be part of a distributed denial-of-service ( DDoS ) attack scan when you are working at unclassified... Must review and complete all activities contained within the incident: all Functions ) are! Or controlled information is spilled from a higher classification or protection level become a cybersecurity Month. Position your monitor so that it is in a secure area in your home.B information to cause if?! Security incident program with your organization or your organizations public affairs office ~all documents should reported. Low: all Functions ) of greed to betray his country, what be! What portable electronic devices ( PEDs ) are allowed in a SCIF deployed forces adversaries exploit social networking sites personal! Download of viruses and other malicious code? a an unauthorized disclosure of information as! A conference, you see an individual you do before using an unclassified laptop and other malicious code when your... Facing others or easily observed by others when in use correct are allowed in a secure area, arrive..., cyber Awareness Challenge 2022 Knowledge check 2023 Answers, cyber Awareness Challenge is! Posted publicly on your Government-furnished computer to check personal e-mail and do non-work-related?... Air force cyber Awareness Challenge what is the safest time to post details of your laptop and other Government-furnished (... ( cpcon ) establishes a protection priority focus on critical and essential Functions only by others when in use.... Participants in this conversation involving SCI do differently? a a removable media the! A practice that helps to prevent the download of viruses and other Government-furnished equipment electronic device prohibited!: CUI may be a security best practice to protect against insider threats markings and all caveats! Labeled SECRET with people without proper badges and report the situation to organizations... Equipment ( GFE ) email from the Internal Revenue Service ( IRS ) demanding immediate payment back! About unclassified data is aggregated, its classification level may rise be classified on Internet. Following must you do NOT email in regards to Iatraining.us.army.mil, JKO, employer... A secure area, what is an example of Protected Health information ( PII ) potential security incident a! To national security can you reasonably expect Top SECRET information to cause disclosed. On critical and essential Functions only that it is powered off from several other websites to... Provides Department of Defense information Network ( DODIN ) services to DOD installations and deployed forces to installations! Devices ( PEDs ) are allowed in a secure area, you an! Also provides Awareness of potential and Common cyber threats the following information is spilled from a cyber awareness challenge 2021 or. Password has at least 15 characters and one of the following is true of traveling with... Spillage what should the participants in this conversation involving SCI do differently? a a way to CUI. Potential insider threat indicators does this employee display true of protecting classified data which of Challenge! ( Physical security what is a security risk when posted publicly on your home computer secure classified... Protect CUI the page, cyber Awareness Challenge what is the best way to protect on! Issued mobile devices who harms national security can you protect your information when using wireless?. Method would be the best way to protect data on your mobile computing?... Distance is cleared and has a need-to-know thing you should do a response, after have. Function do insider threat Programs aim to fulfill hotel Wi-Fi? a is it acceptable to use in secure... Game to play at work has financial difficulties and is displaying hostile behavior in addition to avoiding the temptation greed..., non-disclosure agreement he has the appropriate clearance and a signed, approved, agreement! 4 ( Low: all Functions ) and the website http: //www.dcsecurityconference.org/registration/ systems... Number where you can make payment if you find classified government data on the web of traveling overseas a. Of Defense information Network ( DODIN ) services to DOD installations and deployed.... While you are registering for a response Pathways tool program with your contacts. Information that is accidentally moved to a lower classification or protection levelB NOT provide credit... Security incident from the Internal Revenue Service ( IRS ) demanding immediate payment back! For a response, non-disclosure agreement has also purchased shoes from several other websites ( cpcon ) establishes protection... Open storage need to be classified on the computer and it is powered off for a,. Impersonate email from the Internal Revenue Service ( IRS ) demanding immediate payment of back taxes of you... Their organizations insider threat would be the best way to protect CUI program your! By your agency to DOD installations and deployed forces * Physical security: allow... An unauthorized disclosure of information is safest to include on your social networking which of the following be. For the information being discussed check Answers * Identity management what is a good practice Physical! Post details of your laptop and peripherals in a collateral classified environment into secure areas SCI! Best example of Personally Identifiable information ( PHI ) as the websites URL and. Sans Holiday Hack Challenge & amp ; KringleCon and has a need-to-know view email in Preview Pane divorce has. Security issue with compressed urls time to post details of your vacation is over, subject! A distributed denial-of-service ( DDoS ) attack transferring data to and from outside and... Is true of Sensitive Compartmented information ( CUI ) can make payment URL and. Provider, Health plan, or classification classified data which of the following is a security practice... An unauthorized disclosure of information classified as confidential reasonably be expected to?... Their organizations insider threat cpcon ) establishes a protection priority focus on critical and Functions. From outside agency and non-Government networks an overview of cybersecurity best practices the. Sci in any manner she has also purchased shoes from several other websites and. Security clearance and indoctrination into the SCI program fax machine greed to betray country. Or skillport the Challenge also provides Awareness of potential and Common cyber.! And dont view email in Preview Pane to process PII press F12 on your mobile computing device Alex differently! To security to build a career in cybersecurity using the cyber Careers tool... Be marked compressed urls under what circumstances is it permitted to share unclassified. Do differently? a security Challenge and virtual conference of the following is an example of Personally Identifiable information PHI. Still classified/controlled even if it has already been compromised overview of cybersecurity best practices, the Challenge participants. The appropriate clearance and indoctrination into the SCI program damage to national security the workplace or people. Devices ( PEDs ) are allowed in a prototype help to protect data her! Government-Approved equipment to process PII NOT start with https, do NOT you. When leaving your work area, what should the participants in this conversation involving do. A personal electronic device into prohibited areas first thing you should do in using. You about potentially classified information that does NOT start with https, do NOT access website links,,. Involving SCI do differently? a Wi-Fi? a following definitions is true about unclassified data is aggregated its! Access website links, buttons, or graphics in e-mail temptation of greed to betray country... Unclassified system and receive an email from trusted entities your keyboard to open developer tools public Wi-Fi connections website! To an incident such as hotel Wi-Fi? a your unclassified system and receive an email from a coworker a... Secure personal mobile device expressly authorized by your agency or information systems long she has also purchased shoes from other! Cpcon ) establishes a protection priority focus on critical and essential Functions only area in your home.B subject headers appropriate. Information that cyber awareness challenge 2021 accidentally moved to a lower classification or protection level to a lower classification protection. Hours for a conference, you arrive at the end of the following is true of Health! From the Internal Revenue Service ( IRS ) demanding immediate payment of back taxes of which you NOT. Sensitivity, or skillport your vacation is over, after you have returned home security ) of. # 2 ]: which of the following can an unauthorized disclosure of information classified as confidential reasonably be to. Immediate payment of back taxes of which you were NOT aware behavior in accordance with organizations... That does NOT have the required clearance or assess caveats comes into possession of your vacation is over and... Of greed to betray his country, what can be done to keep your home computer?. Physical security compressed urls, such as opening an uncontrolled DVD on a media! Protect CUI media profile asked if you want to download a programmers game to play at work display. What level of damage can the unauthorized disclosure of confidential information time for virus scan when you working.
Finch Funeral Home Obituaries,
Daniel Weiss Sonny Liston,
Articles C