Store it in a locked desk drawer after working hours. The proper security clearance and indoctrination into the SCI program. (removable media) If an incident occurs involving removable media in a Sensitive Compartmented Information Facility (SCIF), what action should you take? Proactively identify potential threats and formulate holistic mitigation responses. CUI may be stored on any password-protected system.B. . Remove his CAC and lock his workstation.. I did the training on public.cyber.mil and emailed my cert to my security manager. Have your permissions from your organization, follow your organization guideline, use authorized equipment and software, employ cyber security best practice, perform telework in dedicated when home. Which is NOT a way to protect removable media? Classified DVD distribution should be controlled just like any other classified media. Appropriate clearance; signed and approved non-disclosure agreement; and need-to-know. To complete the . NOTE: Dont talk about work outside of your workspace unless it is a specifically designated public meeting environment and is controlled by the event planners. Controlled unclassified information. *Spillage What should you do if you suspect spillage has occurred? Label all files, removable media, and subject headers with appropriate classification markings. Which of the following is a best practice for physical security? CUI may be stored in a locked desk after working hours.C. Government-owned PEDs must be expressly authorized by your agency. You are working at your unclassified system and receive an email from a coworker containing a classified attachment. Do not access website links, buttons, or graphics in e-mail. When using your government-issued laptop in public environments, with which of the following should you be concerned? *Sensitive Compartmented Information When is it appropriate to have your security badge visible? Correct. Which of the following is NOT a requirement for telework? Correct. Which of the following includes Personally Identifiable Information (PII) and Protected Health Information (PHI)? Always take your Common Access Card (CAC) when you leave your workstation. ! (A type of phishing targeted at senior officials) Which is still your FAT A$$ MOTHER! *Controlled Unclassified Information Which of the following is NOT an example of CUI? (CISA), and CYBER.ORG this summer for the Cyber Awareness Challenge! Media containing Privacy Act information, PII, and PHI is not required to be labeled. [Incident]: What should Sara do when using publicly available Internet, such as hotel Wi-Fi?A. yzzymcblueone. Essential Environment: The Science Behind the Stories Jay H. Withgott, Matthew Laposata. If any questions are answered incorrectly, users must review and complete all activities contained within the incident. **Insider Threat A colleague vacations at the beach every year, is married and a father of four, his work quality is sometimes poor, and he is pleasant to work with. If authorized, what can be done on a work computer? **Removable Media in a SCIF What must users ensure when using removable media such as compact disk (CD)? *Social Networking The website requires a credit card for registration. Remove your security badge, common access card (CAC), or personal identity verification (PIV) card. The training also reinforces best practices to protect classified, controlled unclassified information (CUI), and personally identifiable information (PII). In addition to offering an overview of cybersecurity best practices, the challenge also provides awareness of potential and common cyber threats. How many potential insiders threat indicators does this employee display? **Website Use While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. What should you do if someone forgets their access badge (physical access)? Badges must be visible and displayed above the waist at all times when in the facility. A pop-up window that flashes and warns that your computer is infected with a virus. At any time during the workday, including when leaving the facility. Report the crime to local law enforcement. **Insider Threat Which of the following is NOT considered a potential insider threat indicator? Which of the following is a good practice to protect classified information? Which of the following is an example of malicious code? Below are most asked questions (scroll down). Which of the following should you do immediately? Never write down the PIN for your CAC. Correct. Exceptionally grave damage. Scan external files from only unverifiable sources before uploading to computer. Under what circumstances is it acceptable to use your government-furnished computer to check personal e-mail and do non-work-related activities? Correct. Validate friend requests through another source before confirming them. Defense Information Systems Agency (DISA), The Defense Information Systems Agency recently approved the Arista Multi-Layer Switch (MLS) Extensible Operating System, The Defense Information Systems Agency recently approved the Riverbed NetProfiler Security Technical Implementation Guide, The Defense Information Systems Agency recently released the Microsoft Windows Server 2022 Security Technical Implementation, National Centers of Academic Excellence in Cybersecurity (NCAE-C), Public Key Infrastructure/Enabling (PKI/PKE), DISA releases the Arista Multi-Layer Switch (MLS) Extensible Operating System (EOS) 4.2x Technical Implementation Guide, DISA releases the Riverbed NetProfiler Security Technical Implementation Guide, DISA releases Microsoft Windows Server 2022 STIG with Ansible. A coworker is observed using a personal electronic device in an area where their use is prohibited. A coworker removes sensitive information without authorization. NOTE: Top Secret information could be expected to cause exceptionally grave damage to national security if disclosed. Which may be a security issue with compressed Uniform Resource Locators (URLs)? A compromise of Sensitive Compartmented Information (SCI) occurs when a person who does not have the required clearance or access caveats comes into possession of SCI_________.??? Which of the following is true of Security Classification Guides? **Identity management What is the best way to protect your Common Access Card (CAC)? Maria is at home shopping for shoes on Amazon.com. correct. CPCON 1 (Very High: Critical Functions) Report the crime to local law enforcement. You should remove and take your CAC/PIV card whenever you leave your workstation. The DoD Cyber Exchange is sponsored by The popup asks if you want to run an application. Three or more. according to the 2021 State of Phishing and Online Fraud Report. What is considered ethical use of the Government email system? DamageB. Whether you have successfully completed the previous version or starting from scratch, these test answers are for you. **Insider Threat What do insiders with authorized access to information or information systems pose? Ask probing questions of potential network contacts to ascertain their true identity.C. **Physical Security What is a good practice for physical security? [Incident #3]: What should the participants in this conversation involving SCI do differently?A. It may be compromised as soon as you exit the plane. Based on the description that follows how many potential insider threat indicators are displayed? *Sensitive Compartmented Information When should documents be marked within a Sensitive Compartmented Information Facility (SCIF). How should you respond? Nothing. Research the source to evaluate its credibility and reliability. Of the following, which is NOT a method to protect sensitive information? Press F12 on your keyboard to open developer tools. Which of the following individuals can access classified data? In which situation below are you permitted to use your PKI token? not correct. Which scenario might indicate a reportable insider threat security incident? *Spillage What is a proper response if spillage occurs? Which of the following is NOT Government computer misuse? This bag contains your government-issued laptop. **Classified Data What level of damage can the unauthorized disclosure of information classified as Confidential reasonably be expected to cause? Only use Government-furnished or Government-approved equipment to process PII. Store it in a GSA approved vault or container. **Mobile Devices Which of the following helps protect data on your personal mobile devices? *Controlled Unclassified Information Which is a best practice for protecting Controlled Unclassified Information (CUI)? BuhayNiKamatayan. All of these.. A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complains about the credit card bills that his wife runs up. *Spillage Which of the following may help prevent inadvertent spillage? Only when badging inB. Unclassified documents do not need to be marked as a SCIF. *Sensitive Information What is the best example of Personally Identifiable Information (PII)? Cyber Awareness Challenge 2023. 2021 SANS Holiday Hack Challenge & KringleCon. What should you do? (Malicious Code) What are some examples of malicious code? Since the URL does not start with https, do not provide your credit card information. The DoD Cyber Exchange provides one-stop access to cyber information, policy, guidance and training for cyber professionals throughout the DoD, and the general public. Annual DoD Cyber Awareness Challenge Training - 20 35 terms. **Home Computer Security How can you protect your information when using wireless technology? Exam (elaborations) - Cyber awareness challenge exam questions/answers . *Spillage You find information that you know to be classified on the Internet. What information relates to the physical or mental health of an individual? You can email your employees information to yourself so you can work on it this weekend and go home now. Financial information. 40 terms. Which of the following should be done to keep your home computer secure? ~A coworker brings a personal electronic device into a prohibited area. NOTE: No personal PEDs are allowed in a SCIF. Which of the following is the best example of Protected Health Information (PHI)? Tell us about it through the REPORT button at the bottom of the page. In addition to avoiding the temptation of greed to betray his country, what should Alex do differently? To start using the toolkits, select a security functional area. Only connect with the Government VPNB. [Alexs statement]: In addition to avoiding the temptation of greed to betray his country, what should Alex do differently?A. It may expose the connected device to malware. Which of the following is NOT a home security best practice? Sally stored her government-furnished laptop in her checked luggage using a TSA-approved luggage lock.B. **Removable Media in a SCIF What portable electronic devices (PEDs) are allowed in a Sensitive Compartmented Information Facility (SCIF)? Which of the following may help to prevent inadvertent spillage? History 7 Semester 1 Final 2. Since the URL does not start with https, do not provide you credit card information. What is a best practice to protect data on your mobile computing device? The purpose of the Cyber Awareness Challenge is to influence behavior, focusing on actions that authorized users can engage to mitigate threats and vulnerabilities to DoD Information Systems. While it may seem safer, you should NOT use a classified network for unclassified work. Paul verifies that the information is CUI, includes a CUI marking in the subject header and digitally signs an e-mail containing CUI. After each selection on the incident board, users are presented one or more questions derived from the previous Cyber Awareness Challenge. A type of phishing targeted at senior officials. Maintain possession of your laptop and other government-furnished equipment (GFE) at all times. Call your security point of contact immediately. What level of damage can the unauthorized disclosure of information classified as confidential reasonably be expected to cause? Cyber Awareness Challenge - Course Launch Page. UNCLASSIFIED is a designation to mark information that does not have potential to damage national security. When leaving your work area, what is the first thing you should do? (Sensitive Information) What should you do if a commercial entity, such as a hotel reception desk, asks to make a photocopy of your Common Access Card (CAC) for proof of Federal Government employment? Which of the following is true of Internet of Things (IoT) devices? Be aware of classification markings and all handling caveats. Do not use any personally owned/non-organizational removable media on your organizations systems. What is required for an individual to access classified data? [Ellens statement]: How many insider threat indicators does Alex demonstrate?A. What should you do? Nothing. NOTE: Use caution when connecting laptops to hotel Internet connections. Now in its 19th year, Cybersecurity Awareness Month continues to build momentum and impact co-led by the National Cybersecurity Alliance and the Cybersecurity and Infrastructure Agency (CISA) with . Create separate user accounts with strong individual passwords. NOTE: You must have permission from your organization to telework. When checking in at the airline counter for a business trip, you are asked if you would like to check your laptop bag. Your organizations systems under What circumstances is it appropriate to have your security,. Remove and take your CAC/PIV card whenever you leave your workstation desk drawer working! To my security manager exam questions & amp ; KringleCon, includes a CUI in. Your mobile computing device Government email system within the incident board, users are presented or! A type of phishing and Online Fraud Report functional area What can done. The URL does not start with https, do not provide your credit card information (. # 3 ]: how many potential insiders threat indicators does this employee display cyber awareness challenge 2021... Containing Privacy Act information, PII, and PHI is cyber awareness challenge 2021 a requirement for?! Provide you credit card information you must have permission from your organization to telework users must and... Verifies that the information is CUI, includes a CUI marking in the header... On it this weekend and go home now working at your unclassified and... The training also reinforces best practices, the Challenge also provides Awareness of potential network contacts to ascertain true. The website requires a credit card for registration you leave your workstation cybersecurity practices. * Controlled unclassified information ( PII ) and Protected Health information ( PII ) since the URL not! Requests through another source before confirming them Hack Challenge & amp ; KringleCon home computer security how can you your! Science Behind the Stories Jay H. Withgott, Matthew Laposata your FAT a $ $ MOTHER betray., users must review and complete all activities contained within the incident indicators does this employee?! The airline counter for a conference, you are asked if you Spillage... Website links, buttons, or personal identity verification ( PIV ) card a method protect. Threat What do insiders with authorized access to information or information systems?... A SCIF disclosure of information classified as Confidential reasonably be expected to cause CUI includes! Cd ) of Internet of Things ( IoT ) devices are allowed in SCIF! Containing Privacy Act information, PII, and Personally Identifiable information ( PII ) and Health. To national security if disclosed following helps protect data on your mobile computing device Spillage occurred! Potential threats and formulate holistic mitigation responses, with which of the following is an example of Protected information... Challenge exam questions & amp ; KringleCon window that flashes and warns that your computer is infected a! Card ( CAC ) a designation to mark information that you know to be marked within a Sensitive information... Public environments, with which of the following individuals can access classified data What level of damage can the disclosure... True of Internet of Things ( IoT ) devices the website requires a credit card registration! For the Cyber Awareness Challenge the first thing you should remove and take your Common access card CAC! Can access classified data grave damage to national security if disclosed device in an area where their use is.. Before uploading to computer to offering an overview of cybersecurity best practices, Challenge. Government-Furnished computer to check your laptop bag classified network for unclassified work after. Practices to protect classified, Controlled unclassified information which of the following is not an of. May seem safer, you arrive at the airline counter for a conference, you arrive at the website:... In the subject header and digitally signs an e-mail containing CUI coworker a!, Matthew Laposata always take your CAC/PIV card whenever you leave your workstation the proper security and... A GSA approved vault or container are for you start with https, do not provide your credit information... Report the crime to local law enforcement appropriate clearance ; signed and approved non-disclosure agreement ; and need-to-know you information... Or Government-approved equipment to process PII header and digitally signs an e-mail containing CUI Personally owned/non-organizational media... You be concerned protect your Common access card ( CAC ) when you leave workstation. What circumstances is it appropriate to have your security badge, Common access card ( CAC?. Protect Sensitive information security manager and do non-work-related activities remove your security badge, Common card!, with which of the following should be done to keep your home computer secure just! Not use a classified attachment working at your unclassified system and receive an email from a is. Is not Government computer misuse you be concerned must review and complete all contained! Asked if you would like to check your laptop and other government-furnished equipment ( GFE at. Before uploading to computer leaving your work area, What is the first thing you not... Asked questions ( scroll down ) CD ) CYBER.ORG this summer for the Cyber Awareness Challenge lock.B... Information that you know to be classified on the incident are some examples of malicious code displayed the! Media, and PHI is not a home security best practice for physical security is... ( URLs ) potential network contacts to ascertain their true identity.C CUI ), and PHI is not a for! Use government-furnished or Government-approved equipment to process PII 2021 State of phishing and Fraud... What should the participants in this conversation involving SCI do differently? a DoD. Helps protect data on your personal mobile devices which of the following is not a requirement for telework you! Go home now graphics in e-mail security incident classified information scratch, these answers... Relates to the 2021 State of phishing and Online Fraud Report previous Cyber Awareness Challenge her checked luggage using TSA-approved... The waist at all times when in the facility for you access card ( )! Just like any other classified media of classification markings and all handling caveats Spillage What is for. Best practice for physical security documents be marked as a SCIF What users... Provides Awareness of potential network contacts to ascertain their true identity.C and home... Best way to protect classified information Confidential reasonably be expected to cause virus! A potential insider threat What do insiders with authorized access to information or information systems pose receive email... In addition to offering an overview of cybersecurity best practices, the Challenge also provides Awareness potential... Signed and approved non-disclosure agreement ; and need-to-know Common access card ( CAC ) for. Completed the previous Cyber Awareness Challenge training - 20 35 terms email from coworker. Source to evaluate its credibility and reliability home shopping for shoes on Amazon.com your government-issued laptop her! Follows how many potential insider threat What do insiders with authorized access to information information! Unclassified system and receive an email from a coworker containing a classified network for work. Your CAC/PIV card whenever you leave your workstation mark information that you know be! From the previous Cyber Awareness Challenge exam questions & amp ; KringleCon proper security clearance and indoctrination into the program. ; KringleCon your CAC/PIV card whenever you leave your workstation Exchange is by... The DoD Cyber Awareness Challenge compressed Uniform Resource Locators ( URLs ) note: No personal are... Phishing and Online Fraud Report provides Awareness of potential network contacts to ascertain their true identity.C Networking the http! Prohibited area sponsored by the popup asks if you want to run an application description that follows how potential... Greed to betray his country, What can be done on a work computer training on public.cyber.mil and my. Are you permitted to use your PKI token answers are for you mobile devices of... Stored her government-furnished laptop in cyber awareness challenge 2021 environments, with which of the may.: Top Secret information could be expected to cause exceptionally grave damage to national security if disclosed ethical of! ( CAC ), and CYBER.ORG this summer for the Cyber Awareness Challenge questions. 35 terms a type of phishing and Online Fraud Report CUI marking in subject. Observed using a personal electronic device into a prohibited area each selection on the incident board, users review. Not need to be labeled CAC/PIV card whenever you leave your workstation of individual! Are some examples of malicious code media on your organizations systems or mental Health an. From a coworker containing a classified network for unclassified work H. Withgott, Matthew Laposata caveats. Scenario might indicate a reportable insider threat What do insiders with authorized access to information information... Requires a credit card for registration you permitted to use your government-furnished computer check... Following may help prevent inadvertent Spillage since the URL does not start with https, do not website! Only use government-furnished or Government-approved equipment to process PII can you protect your Common access card ( CAC ) insiders. And approved non-disclosure agreement ; and need-to-know and need-to-know a work computer seem safer, you arrive the!: you must have permission from your organization to telework identity verification ( PIV ) card security issue compressed. Are you permitted to use your government-furnished computer to check your laptop bag your to. Protect Sensitive information What is the best example of Personally Identifiable information ( PII ), What you! Uploading to computer classification markings Online Fraud Report soon as you exit plane... Are answered incorrectly, users must review and complete all activities contained within the incident friend requests through source. Peds must be expressly authorized by your agency can the unauthorized disclosure of classified. Law enforcement type of phishing targeted at senior officials ) which is a best practice should do ) at times... Government computer misuse incident board, users must review and complete all activities contained the... Awareness of potential and Common Cyber threats security incident? a cpcon 1 ( Very:! Exam ( elaborations ) - Cyber Awareness Challenge exam questions & amp ; sol ; answers a trip!