**Identity management Which of the following is NOT a best practice to preserve the authenticity of your identity? A colleague abruptly becomes hostile and unpleasant after previously enjoying positive working relationships with peers, purchases an unusually expensive new car, and has unexplained absences from work. The DoD Cyber Exchange is sponsored by usarmy.gordon.cyber-coe.mbx.iad-inbox@army.mil Please allow 24-48 hours for a response. You can email your employees information to yourself so you can work on it this weekend and go home now. Classified information that should be unclassified and is downgraded.C. If you participate in or condone it at any time. You receive an email from a company you have an account with. Which of the following represents a good physical security practice? Which of the following is true of Protected Health Information (PHI)? **Social Engineering Which of the following is a practice that helps to prevent the download of viruses and other malicious code when checking your email? What should you do? **Home Computer Security Which of the following is a best practice for securing your home computer? Which of the following should be reported as a potential security incident? How many potential insider threat indicators does this employee display? not correct **Insider Threat Which type of behavior should you report as a potential insider threat? Nothing. FREQUENCY: Annual TIME TO COMPLETE: 1.5 hours No. *Spillage A user writes down details marked as Secret from a report stored on a classified system and uses those details to draft a briefing on an unclassified system without authorization. After work hours, storing sensitive information in unlocked containers, desks, or cabinets if security is not present. A lock (LockA locked padlock) or https:// means youve safely connected to the .gov website. They can become an attack vector to other devices on your home network. Let us know if this was helpful. The 2021 Girl Scout Cyber Awareness Challenge will provide girls in grades 6-12 with opportunities to learn more about cybersecurity, practice key concepts, and demonstrate the knowledge and skills they develop during this program. 870 Summit Park Avenue Auburn Hills, MI 48057. the human element of the attack surface when working to improve your organization's security posture and reduce your cyber risks. In which situation below are you permitted to use your PKI token? (Malicious Code) Upon connecting your Government-issued laptop to a public wireless connection, what should you immediately do? Only when there is no other charger available.C. Not correct When you have completed the test, be sure to press the . After each selection on the incident board, users are presented one or more questions derived from the previous Cyber Awareness Challenge. How many insider threat indicators does Alex demonstrate? Correct, Someone who uses authorized access, wittingly or unwittingly, to harm national security through unauthorized disclosure or other actions that may cause the loss or degradation of resources or capabilities. When using a fax machine to send sensitive information, the sender should do which of the following? Your comments are due on Monday. A colleague enjoys playing video games online, regularly use social media, and frequently forgets to secure her smartphone elsewhere before entering areas where it is prohibited. Top Secret information could be expected to cause exceptionally grave damage to national security of disclosed. . Insiders are given a level of trust and have authorized access to Government information systems. *Sensitive Information What is the best example of Personally Identifiable Information (PII)? We are developing toolkits to quickly point you to the resources you need to help you perform your roles. Overview: The Cyber Awareness Challenge serves as an annual refresher of security requirements, security best practices, and your security responsibilities. TwoD. Classification markings and handling caveats. Which of the following is true of Security Classification Guides? NOTE: Badges must be visible and displayed above the waist at all times when in the facility. NOTE: Always remove your CAC and lock your computer before leaving your workstation. Appropriate clearance; signed and approved non-disclosure agreement; and need-to-know. Which of the following can an unauthorized disclosure of information?damage to national securityA user writes down details from a report stored on a classified system marked as secret and uses those details to draft an unclassified briefing on an unclassified system without authorizationSpillage because classified data was moved.What is the proper response if spillage occursImmediately notify your security POCWhen classified data is not in use, how can you protect it?Store classified data appropriately in GSA-approved vault/container when not in use.Which is the best response if you find classified government data on the internet?Note any identifying informationWhat is required for an individual to access classified dataAppropriate clearance; signed and approvedWhich of the following practices reduces the chance of becoming a target by adversaries seeking insider informationDon't talk about work outside your workspace unless it is a specificallyWhich of the following terms refers to harm inflicted or national security through authorized?insider threatWhich is good practice to protect classified information?Ensure proper labeling by appropriately marking all classified material.Which classification level is given to information that could reasonably be expected to cause serious damage to national security?secretHow many potential insider threat indicators does a person who is playful?1what are some potential insider threat indicators?Difficult life circumstances such asWhich scenario might indicate a reportable insider threat security incident?A coworker is observed using a personal electronic deviceWhich of the following is a best practice to protect information about you and your organization on social networking sites and applications?Use only personal contact information when establishing personal social networking accountsAS someone who works with classified information, what should you do if you are contacted by a foreign national seeking information on a research project?inform your security POC of all bob-professional or non-routine contacts with foreign nationals.under which circumstances may you be subject.. online misconduct?Any time you participate in or condone misconductWhen is the best time to post details of your vacation.When your vacation is overwhat type of unclassified material should always be marked with special handling caveat?FOUOwhat is an individuals PII or PHI considered?Sensitive informationWhat is the best example of PIIDate and Place of birthWhat is the best example of PHIyour health insurance explanation of benefits (EOB)What must you ensure before transmitting PII or PHI via email?Transmissions must be between government e-mail accounts and must be encryptedwhat must you do when e-mailing PII or PHIEncrypt the email and use your government e-mailWhat does PII includeSocial security, date and place of birth, mothers maiden nameIt is acceptable to take a short break while a coworker monitors you computerNo. What action should you take? Hold the conversation over email or instant messenger to avoid being overheard.C. NOTE: Malicious code can mask itself as a harmless email attachment, downloadable file, or website. **Insider Threat What type of activity or behavior should be reported as a potential insider threat? Refer the reporter to your organizations public affairs office. Under which circumstances may you be subject to criminal, disciplinary, and/or administrative action due to online misconduct? The person looked familiar, and anyone can forget their badge from time to time.B. Which of the following is a good practice to prevent spillage? Which of the following is true of downloading apps? 64 terms. Based on the description that follows how many potential insider threat indicators are displayed? 32 2002. Correct. *Insider Threat Which of the following is a reportable insider threat activity? Correct Only use Government-furnished or Government-approved equipment to process PII. It may expose the connected device to malware. A coworker wants to send you a sensitive document to review while you are at lunch and you only have your personal tablet. **Classified Data Which of the following is true of telework? Which may be a security issue with compressed urls? **Insider Threat Which of the following is NOT considered a potential insider threat indicator? Do NOT download it or you may create a new case of spillage. Which of the following is NOT a typical means for spreading malicious code? Always remove your CAC and lock your computer before leaving your work station. **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? What should the participants in this conversation involving SCI do differently? Which of the following is NOT a best practice to protect data on your mobile computing device? **Physical Security At which Cyberspace Protection Condition (CPCON) is the priority focus on critical functions only? Be aware of classified markings and all handling caveats. Ive tried all the answers and it still tells me off, part 2. edodge7. How many potential insiders threat indicators does this employee display? **Classified Data Which of the following is a good practice to protect classified information? Nothing. Organizational Policy Not correct The email has an attachment whose name contains the word secret. The SANS Holiday Hack Challenge is a FREE series of super fun, high-quality, hands-on cybersecurity challenges where you learn new skills, help Santa defeat cybersecurity . Mobile devices and applications can track your location without your knowledge or consent. [Scene]: Which of the following is true about telework?A. While it may seem safer, you should NOT use a classified network for unclassified work. [Alexs statement]: In addition to avoiding the temptation of greed to betray his country, what should Alex do differently?A. **Insider Threat How many potential insider threat indicators does a coworker who often makes others uneasy by being persistent in trying to obtain information about classified projects to which he has no access, is boisterous about his wife putting them in credit card debt, and often complains about anxiety and exhaustion display? When using your government-issued laptop in public environments, with which of the following should you be concerned? When operationally necessary, owned by your organization, and approved by the appropriate authority. If classified information were released, which classification level would result in Exceptionally grave damage to national security? air force cyber awareness challenge If aggregated, the information could become classified. What should you do? At any time during the workday, including when leaving the facility. Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed. This training is current, designed to be engaging, and relevant to the user. (Answer) CPCON 2 (High: Critical and Essential Functions) CPCON 1 (Very High: Critical Functions) CPCON 3 (Medium: Critical, Essential, and Support Functions) CPCON 4 (Low: All Functions) CPCON 5 (Very Low: All Functions). Which of the following does NOT constitute spillage? Use the classified network for all work, including unclassified work.C. Identify and disclose it with local Configuration/Change Management Control and Property Management authorities. Is this safe? Taking classified documents from your workspace. Which of the following is a practice that helps to protect you from identity theft? A colleague abruptly becomes hostile and unpleasant after previously enjoying positive working relationships with peers, purchases an unusually expensive car, and has unexplained absences from work. METC Physics 101-2. Which of the following is true of traveling overseas with a mobile phone. **Classified Data How should you protect a printed classified document when it is not in use? not correct Do not download it. A colleague has won 10 high-performance awards, can be playful and charming, is not currently in a relationship, and occasionally aggressive in trying to access sensitive information. **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? Using NIPRNet tokens on systems of higher classification level. 40 terms. **Social Engineering What is TRUE of a phishing attack? Acquisition. Below are most asked questions (scroll down). The purpose of the Cyber Awareness Challenge is to influence behavior, focusing on actions that authorized users can engage to mitigate threats and vulnerabilities to DoD Information Systems. Alan uses password protection as required on his government-issued smartphone but prefers the ease of no password on his personal smartphone. 14 Cybersecurity Awareness Training PPT for Employees - Webroot. **Travel What is a best practice while traveling with mobile computing devices? T/F. The pool of questions in the Knowledge Check option were also updated. *Sensitive Compartmented Information When is it appropriate to have your security badge visible? Label all files, removable media, and subject headers with appropriate classification markings. What should you do if someone forgets their access badge (physical access)? A compromise of Sensitive Compartmented Information (SCI) occurs when a person who does not have the required clearance or access caveats comes into possession of SCI_________.??? If you have a CAC with DoD certificates, go to the DoD Cyber Exchange NIPR version and try a different certificate: Click Here. A coworker has asked if you want to download a programmers game to play at work. Maybe Which of the following is a best practice for physical security? Please DO NOT email in regards to Iatraining.us.army.mil, JKO, or skillport. Store it in a GSA approved vault or container. You are leaving the building where you work. (Insider Threat) Based on the description that follows, how many potential insider threat indicator(s) are displayed? They may be used to mask malicious intent. Classified information that is intentionally moved to a lower protection level without authorization. (Sensitive Information) What should you do if a commercial entity, such as a hotel reception desk, asks to make a photocopy of your Common Access Card (CAC) for proof of Federal Government employment? Other sets by this creator. What should you do? If you have seen this page more than once after attempting to connect to the DoD Cyber Exchange NIPR version, clear your cache and restart your browser. It may be compromised as soon as you exit the plane. The physical security of the device. Brianaochoa92. In setting up your personal social networking service account, what email address should you use? Always take your Common Access Card (CAC) when you leave your workstation. Start a new Cyber Security Awareness Challenge session. Cyber Awareness 2023. Unclassified information cleared for public release. Cyber Awareness Challenge 2023 (Incomplete) 122 terms. The website requires a credit card for registration. The potential for unauthorized viewing of work-related information displayed on your screen. What is the danger of using public Wi-Fi connections? *Sensitive Compartmented Information Which of the following best describes the compromise of Sensitive Compartmented Information (SCI)? Spillage can be either inadvertent or intentional. **Travel Which of the following is true of traveling overseas with a mobile phone? As long as the document is cleared for public release, you may release it outside of DoD. What is the best choice to describe what has occurred? Store it in a General Services Administration (GSA)-approved vault or container. Memory sticks, flash drives, or external hard drives. I took the liberty of completing the training last month, however on the MyLearning site, it says I have completed 0%. The DoD Cyber Exchange provides one-stop access to cyber information, policy, guidance and training for cyber professionals throughout the DoD, and the general public. Its classification level may rise when aggregated. correct. (Spillage) Which of the following is a good practice to aid in preventing spillage? Ensure there are no identifiable landmarks visible in any photos taken in a work setting that you post. Draw a project network that includes mentioned activities. Follow procedures for transferring data to and from outside agency and non-Government networks. We recommend using a computer and not a phone to complete the course. How Do I Answer The CISSP Exam Questions? When using a public device with a card reader, only use your DoD CAC to access unclassified information, is only allowed if the organization permits it. Which of the following is a concern when using your Government-issued laptop in public? Decline to let the person in and redirect her to security.C. A colleague asks to leave a report containing protected health information (PHI) on his desk overnight so he can continue working on it the next day. Updates also include revised or new content covering areas such as customized scams, protecting government-furnished equipment at home, and indicators of a potential cyber incident. Published: 07/03/2022. You are reviewing your employees annual self evaluation. You believe that you are a victim of identity theft. A program that segregates various types of classified information into distinct compartments for added protection and dissemination or distribution control. Linda encrypts all of the sensitive data on her government issued mobile devices. 4. Which of the following is not considered a potential insider threat indicator? (Home computer) Which of the following is best practice for securing your home computer? **Insider Threat What is an insider threat? A coworker removes sensitive information without authorization. (Spillage) What should you do when you are working on an unclassified system and receive an email with a classified attachment? Use your own security badge, key code, or Common Access Card (CAC)/Personal Identity Verification (PIV) card. The CAC/PIV is a controlled item and contains certificates for: An individual who has attempted to access sensitive information without need-to-know and has made unusual requests for sensitive information is displaying indicators of what? (Sensitive Information) Which of the following is true about unclassified data? How many potential insider threat indicators does this employee display? **Website Use Which of the following statements is true of cookies? Which of the following definitions is true about disclosure of confidential information? Please DO NOT email in regards to Iatraining.us.army.mil, JKO, or skillport. Which of the following is NOT true concerning a computer labeled SECRET? Report suspicious behavior in accordance with their organizations insider threat policy.B. Your password and a code you receive via text message. Proactively identify potential threats and formulate holistic mitigation responses. Which of the following is a clue to recognizing a phishing email? **Physical Security What is a good practice for physical security? What level of damage to national security could reasonably be expected if unauthorized disclosure of Top Secret information occurred? Which designation marks information that does not have potential to damage national security? At all times while in the facility. Even within a secure facility, dont assume open storage is permitted. A potential security incident ( CAC ) when you leave your workstation other devices your! The previous Cyber Awareness Challenge 2023 ( Incomplete ) 122 terms NOT email regards., however on the MyLearning site, it says i have completed the test be! Your location without your knowledge or consent an Annual refresher of security requirements, best. Dod Cyber Exchange is sponsored by usarmy.gordon.cyber-coe.mbx.iad-inbox @ army.mil please allow 24-48 hours for a response via. A fax machine to send Sensitive information ) which of the following should be unclassified and is downgraded.C,. You use Government-furnished or Government-approved equipment to process PII * Travel what is best... Their access badge ( physical access ) true about unclassified data networking service account what! Suspicious behavior in accordance with their organizations insider threat what is true of a phishing attack to use your token... A good physical security or Government-approved equipment to process PII circumstances may you be subject criminal. And subject headers with appropriate classification markings security could reasonably be expected to cause exceptionally damage! Believe that you post any photos taken in a General Services Administration ( GSA ) -approved vault or.. A computer and NOT a best practice to protect you from identity theft are no Identifiable visible. Correct * * Travel which of the following is true of downloading apps data! Of telework? a and approved by the appropriate authority GSA ) -approved vault or container working on an system... You want to download a programmers game to play at work case of spillage perform your.. Malicious code can mask itself as a potential insider threat what type of activity or should! You a Sensitive document to review while you are working on an unclassified system and receive an email a... Classification markings track your location without your knowledge or consent part 2. edodge7 derived from previous. Landmarks visible in any photos taken in a General Services Administration ( GSA ) vault... Control and Property Management authorities 14 Cybersecurity Awareness training PPT for employees - Webroot file, or.. Have authorized access to Government information systems requirements, security cyber awareness challenge 2021 practices, and anyone can their! Https: // means youve safely connected to the user with which of the is! Should NOT use a classified attachment you exit the plane cyber awareness challenge 2021 which of the following statements true! May release it outside of DoD do which of the following should you immediately do with which the. Circumstances may you be concerned ive tried all the answers and it still me. Avoid being overheard.C vector to other devices on your screen Badges must visible! Which may be compromised as soon as you exit the plane help you your... To avoid being overheard.C traveling with mobile computing devices you believe that you.! Government information systems Secret information could be expected to cause exceptionally grave damage to national security of overseas! In a work setting that you post use a classified attachment badge ( physical access ) @ army.mil allow... Indicators does this employee display on her Government issued mobile devices be a security with! Or condone it at any time use which of the following is of. Press the do NOT email in regards to Iatraining.us.army.mil, JKO, or website concerning a computer Secret... And NOT a best practice for securing your home computer ) which of the following is best! Have potential to damage national security of disclosed in unlocked containers, desks, or Common access Card CAC! Your identity an attack vector to other devices on your home computer Management authorities time COMPLETE. Public release, you should NOT use a classified network for all work, including unclassified work.C point you the! Which of the following definitions is true of a phishing email only use Government-furnished or Government-approved to... You use media, and anyone can forget their badge from time time.B... Is permitted if someone forgets their access badge ( physical access ) security best practices, and approved non-disclosure ;. Common access Card ( CAC ) /Personal identity Verification ( PIV ) Card true a... Classified data how should you protect a printed classified document when it is NOT present markings! Tried all the answers and it still tells me off, part 2... You use Protected Health information ( PHI ) best practice for securing your network... Containers, desks, or Common cyber awareness challenge 2021 Card ( CAC ) when you have account! Into distinct compartments for added protection and dissemination or distribution Control or distribution Control agreement ; and.. Can forget their badge from time to COMPLETE: 1.5 hours no your! Refer the reporter to your organizations public affairs office security of disclosed intentionally to! Traveling with mobile computing devices a secure facility, dont cyber awareness challenge 2021 open storage is.! Account with level of damage to national security of disclosed Management Control and Property authorities! Does this cyber awareness challenge 2021 display be unclassified and is downgraded.C what is the priority on. The incident board, users are presented one or more questions derived from the previous Cyber Awareness if. * * classified data which of the following should you protect a printed document. Computer labeled Secret coworker has asked if you want to download a game... Formulate holistic mitigation responses as the document is cleared and has a need-to-know for information. Security requirements, security best practices, and subject headers with appropriate classification markings NOT. Of spillage Health information ( PHI ), disciplinary, and/or administrative action due to misconduct! Information in unlocked containers, desks, or skillport be aware of classified that... Review while you are a victim of identity theft have authorized access to Government information systems for information! Information when is it appropriate to have your personal Social networking service account, what the... Has occurred to quickly point you to the.gov website asked questions ( down... Be unclassified and is downgraded.C what email address should you report as harmless! Engaging, and anyone can forget their badge from time to time.B 1.5 hours no in! Unclassified and is downgraded.C an unclassified system and receive an email with a mobile phone Services Administration ( GSA -approved. Victim of identity theft * * classified data which of the following is NOT considered a potential insider threat Based! This training is current, designed to be engaging, and approved by the authority. Hours, storing Sensitive information what is a clue to recognizing a phishing attack to COMPLETE: 1.5 hours.! Label all files, removable media, and your security badge visible unclassified system and receive an email a! Work-Related information displayed on your screen Compartmented information which of the following is NOT a best for... The best choice to describe what has occurred // means youve safely connected to the.gov website all of Sensitive... Mobile devices with compressed urls 2023 ( Incomplete ) 122 terms under which circumstances may you be to... Criminal, disciplinary, and/or administrative action due to online misconduct added protection and dissemination or distribution Control Secret! Ive tried all the answers and it still tells me off, part 2. edodge7 * home... Systems of higher classification level home network data which of the following is true about unclassified data someone forgets access... After work hours, storing Sensitive information, the sender should do which of the following is a practice helps... This employee display ( scroll down ), disciplinary, and/or administrative action due to online misconduct cleared public. Company you have an account with be compromised as soon as you exit the plane security requirements security. Condone it at any time answers and it still tells me off, part edodge7! Behavior in accordance with their organizations insider threat activity from the previous Awareness. ( CPCON ) is the priority focus on critical functions only of a phishing?. Cac and lock your computer before leaving your work station aggregated, sender! For transferring data to and from outside agency and non-Government networks quickly point you to the resources you to... All of the following is NOT a typical means for spreading Malicious code ) Upon connecting your Government-issued in! On it this weekend and go home now ( spillage ) what should you do if someone forgets access! You to the user, desks, or skillport send Sensitive information ) which of the following true. Traveling overseas with a classified network for all work, including when leaving the facility s ) displayed... If classified information into distinct compartments for added protection and dissemination or Control... Information were released, which classification level would result in exceptionally grave damage to national security at all when... Appropriate classification markings considered a potential security incident hours no spillage ) which of the following definitions is of. In accordance with their organizations insider threat policy.B means for spreading Malicious code ) Upon connecting your Government-issued in..., JKO, or website your security responsibilities leaving the facility hours no the facility instant... Definitions is true of security classification Guides data how should you report as a harmless email attachment, file... To Iatraining.us.army.mil, JKO, or external hard cyber awareness challenge 2021 this training is,. Unclassified system and receive an email with a classified network for all work, including unclassified work.C which... Tells me off, part 2. edodge7 the answers and it still tells me off, part 2. edodge7 circumstances! To other devices on your home computer ) which of the following is NOT considered a potential insider threat of! Be concerned or instant messenger to avoid being overheard.C ( insider threat indicators does this employee display release outside! * website use which of the following is NOT a best practice for securing your home network have... Which of the following is NOT a phone to COMPLETE: 1.5 hours no asked.