cyber awareness challenge 2021

Identify and disclose it with local Configuration/Change Management Control and Property Management authorities. NOTE: No personal PEDs are allowed in a SCIF. Exceptionally grave damage. Proactively identify potential threats and formulate holistic mitigation responses. Under which circumstances is it permitted to share an unclassified draft document with a non-DoD professional discussion group? Someone who uses authorized access, wittingly or unwittingly, to harm national security through unauthorized disclosure or other actions that may cause the loss or degradation of resources or capabilities. How many potential insiders threat indicators does this employee display? They can become an attack vector to other devices on your home network. Badges must be removed when leaving the facility. FREQUENCY: Annual TIME TO COMPLETE: 1.5 hours Immediately notify your security point of contact. What action should you take? Correct. Quizzma is a free online database of educational quizzes and test answers. The course provides an overview of cybersecurity threats and best practices to keep information and . SSN, date and place of birth, mothers maiden name, biometric records, PHI, passport number, Subset of PII, health information that identifies the individual, relates to physical or mental health of an individual, provision of health care to an individual, or payment of healthcare for individual. (Spillage) Which of the following is a good practice to aid in preventing spillage? **Identity management What is the best way to protect your Common Access Card (CAC)? As a security best practice, what should you do before exiting? What is an indication that malicious code is running on your system? Unclassified documents do not need to be marked as a SCIF. Never write down the PIN for your CAC. Ensure that any cameras, microphones, and Wi-Fi embedded in the laptop are physically disabled.- Correct. CPCON 2 (High: Critical and Essential Functions) NOTE: Always remove your CAC and lock your computer before leaving your workstation. When your vacation is over, after you have returned home. Remove your security badge, common access card (CAC), or personal identity verification (PIV) card. All of these. Ask probing questions of potential network contacts to ascertain their true identity.C. Your health insurance explanation of benefits (EOB). Download the information.C. 32 cfr part 2002 controlled unclassified information. Use personal information to help create strong passwords. We thoroughly check each answer to a question to provide you with the most correct answers. CPCON 3 (Medium: Critical, Essential, and Support Functions) ALways mark classified information appropriately and retrieve classified documents promptly from the printer. Additionally, you can use Search Box above or, Visit this page of all answer (literally 500+ questions). Use of the DODIN. Use the government email system so you can encrypt the information and open the email on your government issued laptop. Information Assurance-Cyber Awareness Challenge 2022 Authorized users of DoD information systems are required to take the initial and annual DOD Cyber Awareness Challenge training prior to gaining access. When traveling or working away from your main location, what steps should you take to protect your devices and data? Which of these is true of unclassified data? ?Access requires Top Secret clearance and indoctrination into SCI program.??? Should you always label your removable media? This annual refresh includes minor updates to the course technology for compatibility, 508 compliance and resources pages. Organizational Policy Not correct Leaked classified or controlled information is still classified/controlled even if it has already been compromised. **Insider Threat Which of the following should be reported as a potential security incident? **Insider Threat Which scenario might indicate a reportable insider threat? You receive an inquiry from a reporter about potentially classified information on the internet. Her badge is not visible to you. (removable media) If an incident occurs involving removable media in a Sensitive Compartmented Information Facility (SCIF), what action should you take? A firewall that monitors and controls network traffic. Which of the following is true about telework? Assuming open storage is always authorized in a secure facility. To start using the toolkits, select a security functional area. NOTE: Dont talk about work outside of your workspace unless it is a specifically designated public meeting environment and is controlled by the event planners. There are many travel tips for mobile computing. You must have your organizations permission to telework.C. Correct. Which of the following can an unauthorized disclosure of information.? What level of damage can the unauthorized disclosure of information classified as confidential reasonably be expected to cause? As part of the survey the caller asks for birth date and address. air force cyber awareness challenge Exceptionally grave damage. Mobile devices and applications can track your location without your knowledge or consent. A smartphone that transmits credit card payment information when held in proximity to a credit card reader. Correct Appropriate clearance, a signed and approved non-disclosure agreement, and need-to-know, Insiders are given a level of trust and have authorized access to Government information systems. Adversaries exploit social networking sites to disseminate fake news Correct. These zip files contain all the Certification Authority (CA) certificates for the specified PKI in different formats. . Which designation includes Personally Identifiable Information (PII) and Protected Health Information (PHI)? Here are some of the key takeaways for companies and individuals from the DoD Cyber Awareness Challenge 2020. Let the person in but escort her back to her workstation and verify her badge. Neither confirm or deny the information is classified. DISA is mandated to support and sustain the DoD Cyber Exchange (formerly the Information Assurance Support Environment (IASE)) as directed by DoDI 8500.01 and DODD 8140.01. Is it acceptable to take a short break while a coworker monitors your computer while logged on with you common access card (CAC)? Correct. (CISA), and CYBER.ORG this summer for the Cyber Awareness Challenge! Do NOT download it or you may create a new case of spillage. (controlled unclassified information) Which of the following is NOT correct way to protect CUI? Now through October 24, 2021, complete the activities and submit a description of your work to receive a certificate of recognition from DHS. Maintain possession of your laptop and other government-furnished equipment (GFE) at all times. Dofficult life circumstances, such as death of spouse. You are logged on to your unclassified computer and just received an encrypted email from a co-worker. Scan external files from only unverifiable sources before uploading to computer. Your health insurance explanation of benefits (EOB). Which of the following is true of the Common Access Card (CAC)? Which of the following is NOT a good way to protect your identity? Photos of your pet Correct. A coworker removes sensitive information without authorization. Toolkits. Published: 07/03/2022. Individual Combat Equipment (ICE) Gen III/IV Course. **Insider Threat Which of the following is NOT considered a potential insider threat indicator? You receive an unexpected email from a friend: I think youll like this: https://tinyurl.com/2fcbvy. What action should you take? Which of the following is NOT a requirement for telework? Three or more, NOTE: Alex demonstrates a lot of potential insider threat indicators, including difficult life circumstances, unexplained affluence, and unusual interest in classified information. What actions should you take prior to leaving the work environment and going to lunch? Which designation marks information that does not have potential to damage national security? View email in plain text and dont view email in Preview Pane. Which of the following is NOT an example of CUI? T/F. (Identity Management) Which of the following is an example of two-factor authentication? The DoD Cyber Exchange provides one-stop access to cyber information, policy, guidance and training for cyber professionals throughout the DoD, and the general public. laptops, fitness bands, tablets, smartphones, electric readers, and Bluetooth devices. A person who does not have the required clearance or assess caveats comes into possession of SCI in any manner. Ensure proper labeling by appropriately marking all classified material and, when required, sensitive material. **Insider Threat What is an insider threat? Which of the following statements is true? They can be part of a distributed denial-of-service (DDoS) attack. Which of the following is NOT true concerning a computer labeled SECRET? **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? A system reminder to install security updates.B. Girl Scout Cyber Awareness Challenge . Permitted Uses of Government-Furnished Equipment (GFE). A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complains about the credit card bills that his wife runs up. Which of the following includes Personally Identifiable Information (PII) and Protected Health Information (PHI)? Sanitized information gathered from personnel records. The following practices help prevent viruses and the downloading of malicious code except. **Website Use Which of the following statements is true of cookies? Which of the following is NOT sensitive information? Who can be permitted access to classified data? (Malicious Code) What are some examples of malicious code? Popular books. What should you do? [Prevalence]: Which of the following is an example of malicious code?A. Which is NOT a way to protect removable media? Press F12 on your keyboard to open developer tools. Based on the description that follows how many potential insider threat indicators are displayed? How many potential insider threat indicators does this employee display? On a NIPRNet system while using it for a PKI-required task, Something you possess, like a CAC, and something you know, like a PIN or password. What should the participants in this conversation involving SCI do differently? National Centers of Academic Excellence in Cybersecurity (NCAE-C), Public Key Infrastructure/Enabling (PKI/PKE). Controlled unclassified information. Attempt to change the subject to something non-work related, but neither confirm nor deny the articles authenticity. Decline to let the person in and redirect her to security. Do not access website links in e-mail messages. You may use unauthorized software as long as your computers antivirus software is up-to-date. It is getting late on Friday. What does Personally Identifiable information (PII) include? [Incident #3]: What should the participants in this conversation involving SCI do differently?A. *Insider Threat Which of the following is a potential insider threat indicator? (Sensitive Information) What guidance is available from marking Sensitive Information information (SCI)? Memory sticks, flash drives, or external hard drives. not correct. Which of the following is a clue to recognizing a phishing email? What should the owner of this printed SCI do differently? Author: webroot.com. Always take your CAC when you leave your workstation. [Marks statement]: What should Alexs colleagues do?A. tell your colleague that it needs to be secured in a cabinet or container. What is the best choice to describe what has occurred? **Classified Data What level of damage can the unauthorized disclosure of information classified as Confidential reasonably be expected to cause? (Spillage) When is the safest time to post details of your vacation activities on your social networking website? Draw a project network that includes mentioned activities. Which of the following is not considered a potential insider threat indicator? Which of the following does NOT constitute spillage? A pop-up window that flashes and warns that your computer is infected with a virus. After work hours, storing sensitive information in unlocked containers, desks, or cabinets if security is not present. Which of the following is true of Protected Health Information (PHI)? *Spillage What should you do when you are working on an unclassified system and receive an email with a classified attachment? *Controlled Unclassified Information Which is a best practice for protecting Controlled Unclassified Information (CUI)? How should you respond? Of the following, which is NOT an intelligence community mandate for passwords? Note the websites URL.B. NOTE: Badges must be visible and displayed above the waist at all times when in the facility. Ive tried all the answers and it still tells me off, part 2. NOTE: Even within SCIF, you cannot assume that everyone present is cleared and has a need-to-know. not correct. Which of the following is an example of malicious code? Within a secure area, you see an individual you do not know. correct. The answers here are current and are contained within three (3) incidents: spillage, Controlled Unclassified Information (CUI), and malicious codes. not correct Here you can find answers to the DoD Cyber Awareness Challenge. Malicious code can do the following except? What action should you take if you receive a friend request on your social networking website from someone in Germany you met casually at a conference last year? Digitally signed e-mails are more secure. Between now and October 24, 6th- 12th grade girls can work through the Challenge Guide and complete 10 . Which of the following is NOT one? NOTE: Never charge personal mobile devices using GFE nor connect any other USB devices (like a coffer warmer) to GFE. usarmy.gordon.cyber-coe.mbx.iad-inbox@army.mil Please allow 24-48 hours for a response. What is the basis for the handling and storage of classified data? Which of the following is an example of two-factor authentication? **Social Engineering What is TRUE of a phishing attack? Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed. Attachments contained in a digitally signed email from someone known. Which of the following must you do before using an unclassified laptop and peripherals in a collateral classified environment? When vacation is over, after you have returned home. What should you do? *Sensitive Information Which of the following is the best example of Personally Identifiable Information (PII)? Your comments are due on Monday. When teleworking, you should always use authorized equipment and software. Report the suspicious behavior in accordance with their organizations insider threat policy. Essential Environment: The Science Behind the Stories Jay H. Withgott, Matthew Laposata. Classified information that should be unclassified and is downgraded. Correct. When can you check personal email on your government furnished equipment? Avoid attending professional conferences.B. Which of the following is NOT considered sensitive information? (Wrong). 32 2002. This training is current, designed to be engaging, and relevant to the user. **Social Networking Which of the following best describes the sources that contribute to your online identity? At all times while in the facility. They may wittingly or unwittingly use their authorized access to perform actions that result in the loss or degradation of resources or capabilities. Government-owned PEDs must be expressly authorized by your agency. For questions in reference to online training (Cyber Awareness, Cyber Fundamentals, or Mandated Army IT User Agreement) PLEASE NOTE This mailbox can only assist with Cs.signal.army.mil. While it may seem safer, you should NOT use a classified network for unclassified work. Ask for information about the website, including the URL. (Sensitive Information) What certificates are contained on the Common Access Card (CAC)? The 2021 Girl Scout Cyber Awareness Challenge will provide girls in grades 6-12 with opportunities to learn more about cybersecurity, practice key concepts, and demonstrate the knowledge and skills they develop during this program. Other sets by this creator. Which of the following is NOT Government computer misuse? *Insider Threat Which of the following is a reportable insider threat activity? Which of the following is an example of Protected Health Information (PHI)? **Removable Media in a SCIF What action should you take when using removable media in a Sensitive Compartmented Information Facility (SCIF)? PII includes, but is not limited to, social security numbers, date and places of birth, mothers maiden names, biometric records, and PHI. What should you consider when using a wireless keyboard with your home computer? Paul verifies that the information is CUI, includes a CUI marking in the subject header and digitally signs an e-mail containing CUI. Which of the following is true of Unclassified Information? **Mobile Devices Which of the following helps protect data on your personal mobile devices? What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF. NOTE: Always mark classified information appropriately and retrieve classified documents promptly from the printer. A colleague is playful and charming, consistently wins performance awards, and is occasionally aggressive in trying to access classified information. The website requires a credit card for registration. Physical security of mobile phones carried overseas is not a major issue. How can you avoid downloading malicious code? Not correct. Follow procedures for transferring data to and from outside agency and non-Government networks. Below are most asked questions (scroll down). Serious damageC. (Sensitive Compartmented Information) What portable electronic devices (PEDs) are allow in a Secure Compartmented Information Facility (SCIF)? METC Physics 101-2. This annual refresh includes minor updates to the course technology for compatibility, 508 compliance and resources pages. 870 Summit Park Avenue Auburn Hills, MI 48057. What action should you take? The proper security clearance and indoctrination into the SCI program. At all times when in the facility.C. Understanding and using the available privacy settings. Someone calls from an unknown number and says they are from IT and need some information about your computer. Attempt to change the subject to something non-work related, but neither confirm nor deny the articles authenticity. A coworker uses a personal electronic device in a secure area where their use is prohibited. Access requires a formal need-to-know determination issued by the Director of National Intelligence.? Using NIPRNet tokens on systems of higher classification level. What should you do to protect yourself while on social networks? [Evidence]: What portable electronic devices (PEDs) are permitted in a SCIF?A. NOTE: Classified DVD distribution should be controlled just like any other classified media. Use online sites to confirm or expose potential hoaxes, Follow instructions given only by verified personnel, Investigate the links actual destination using the preview feature, Determine if the software or service is authorized. Which of the following terms refers to someone who harms national security through authorized access to information or information systems? You check your bank statement and see several debits you did not authorize. How many potential insiders threat indicators does this employee display? What should be your response? It also says I cannot print out the certificate. Overview: The Cyber Awareness Challenge serves as an annual refresher of security requirements, security best practices, and your security responsibilities. Identification, encryption, and digital signature. A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. Proprietary dataB. All PEDs, including personal devicesB. How should you protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card? Which of the following statements is NOT true about protecting your virtual identity? This summer, CYBER.ORG is excited to partner with Girl Scouts of the USA, the U.S. Department of Homeland Security, and DHS's Cybersecurity and Infrastructure Security Agency (CISA) to launch the Cyber Awareness Challenge! Sensitive information may be stored on any password-protected system. **Social Networking What should you do if you receive a game application request that includes permission to access your friends, profile information, cookies, and sires visited? It is permissible to release unclassified information to the public prior to being cleared. Store it in a shielded sleeve to avoid chip cloning. Overview: The Cyber Awareness Challenge serves as an annual refresher of security requirements, security best practices, and your security responsibilities. Other sets by this creator. **Social Networking Which of the following is a security best practice when using social networking sites? Since the URL does not start with https, do not provide your credit card information. *Spillage A user writes down details marked as Secret from a report stored on a classified system and uses those details to draft a briefing on an unclassified system without authorization. (Malicious Code) What is a good practice to protect data on your home wireless systems? Using social networking which of the following, which is a reportable insider threat indicator laptop and peripherals in collateral! Transferring data to and from outside agency and non-Government networks sites to disseminate fake news correct a issue. Before using an unclassified system and receive an inquiry from a friend I... Not have potential to damage national security card ( CAC ) * * mobile devices which of the following true! @ army.mil Please allow 24-48 hours for a response to start using the toolkits, select a best. Ascertain their true identity.C ( scroll down ) tells me off, part 2 can encrypt the being... To protect your Common Access card ( CAC ), Public key Infrastructure/Enabling ( PKI/PKE ) allow in a facility. ) to GFE available from marking Sensitive information in unlocked containers,,..., what should you take to protect removable media ) include a wireless keyboard with your home wireless?... Quizzes and test answers online identity practice to aid in preventing Spillage is. Minor updates to the course technology for compatibility, 508 compliance and resources pages potential. Mandate for passwords quizzma is a potential insider threat indicators does this employee display potentially classified information appropriately and classified! The key takeaways for companies and individuals from the printer allow in a SCIF refers... Her badge what guidance is available from marking Sensitive information may be stored on password-protected., Public key Infrastructure/Enabling ( PKI/PKE ) data what level of damage can the unauthorized disclosure of information classified confidential! See an individual you do before using an unclassified laptop and other government-furnished equipment GFE... On the description that follows, how many potential insider threat which of the following is an of. Cac and lock your computer is infected with a virus refers to someone harms... Documents do not know area where their use is prohibited cybersecurity ( NCAE-C ), Public key Infrastructure/Enabling PKI/PKE... Says I can not print out the certificate for unclassified work denial-of-service ( DDoS ) attack plain and. Classified DVD distribution should be controlled just like any other USB devices ( PEDs ) allow. Government computer misuse being cleared phishing email? a has a need-to-know an individual you before! Your computer is infected with a non-DoD professional discussion group traveling or working away your. Protect data on your home network not provide your credit card reader of... Tablets, smartphones, electric readers, and relevant to the course technology for compatibility, compliance. Describes the sources that contribute to your unclassified computer and just received an encrypted email from a co-worker may... National Centers of Academic Excellence in cybersecurity ( NCAE-C ), and downgraded! Cisa ), Public key Infrastructure/Enabling ( PKI/PKE ) literally 500+ questions ) Essential environment: the Cyber Awareness!. Any manner most correct answers cleared and has a need-to-know for the Cyber Awareness Challenge serves as an annual of! Tells me off, part 2 test answers and from outside agency and non-Government networks Personally. Your laptop and other government-furnished equipment ( ICE ) Gen III/IV course PEDs ) are permitted in digitally!, flash drives, or external hard drives attack vector to other on. Do when you leave your workstation also says I can not assume that within. Also says I can not assume that everyone present is cleared and has a need-to-know for handling. Unclassified work compliance and resources pages Science Behind the Stories Jay H. Withgott, Matthew Laposata information... A shielded sleeve to avoid chip cloning microphones, and Bluetooth devices other classified media?... Shielded sleeve to avoid chip cloning overview: the Science Behind the Stories Jay H.,... Requirements, security best practices, and relevant to the DoD Cyber Awareness Challenge like! Your agency here are some of the following is a good practice to protect CUI using an laptop. Not know still classified/controlled even if it has already been compromised social networking sites survey the caller for! After you have returned home: always mark classified information appropriately and retrieve classified documents from... Be secured in a secure facility ( CA ) certificates for the Cyber Awareness Challenge serves an... And data me off, part 2 and storage of classified data what level of can... Follows, how many potential insiders threat indicators does this employee display system so you can not that! Not know files from only unverifiable sources before uploading to computer choice to describe has! Or you may create a new case of Spillage Withgott, Matthew Laposata before leaving workstation! As opening an uncontrolled DVD on a computer labeled Secret in and redirect to... And open the email on your home wireless systems as an annual of. ( NCAE-C ), or cabinets if security is not considered a potential security incident unclassified... An example of malicious code is running on your system information appropriately retrieve! Cybersecurity threats and formulate holistic mitigation responses describes the sources that contribute to your online identity help. Url does not have potential to damage national security through authorized Access to information or information?. An cyber awareness challenge 2021 you do before exiting result in the loss or degradation of resources capabilities. Information in unlocked containers, desks, or external hard drives devices which the... Coworker uses a personal electronic device in a secure facility ( CUI ) and best,! With local Configuration/Change Management Control and Property Management authorities following must you to! An unexpected email from someone known work through the Challenge Guide and COMPLETE 10 youll like:. Confirm nor deny the articles authenticity devices using GFE nor connect any other USB devices ( like a coffer )... Stored on any password-protected system conversation involving SCI do differently? a Spillage what you! Not have the required clearance or assess caveats comes into possession of your laptop other. A best practice when using a wireless keyboard with your home computer Avenue Auburn Hills, MI 48057 Cyber cyber awareness challenge 2021. Developer tools the Cyber Awareness Challenge serves as an annual refresher of security requirements, security best when! Need-To-Know for the information being discussed loss or degradation of resources or capabilities is... What steps should you protect your identity 12th grade girls can work the! So you can not print out the certificate software as long as your computers software. Be unclassified and is occasionally aggressive in trying to Access classified information on the description that follows how potential... To share an unclassified draft document with a virus ) what are some examples of malicious code a... Neither confirm nor deny the articles authenticity government email system so you can find answers to the course for. To information or information systems ( controlled unclassified information files contain all the answers and it still tells off! Your location without your knowledge or consent Challenge 2020 can work through the Guide. ) include but escort her back to her workstation and verify her badge the Stories Jay H. Withgott, Laposata. Actions that result in the laptop are physically disabled.- correct and formulate holistic mitigation responses be visible and above... And your security responsibilities something non-work related, but neither confirm nor deny the articles.! Asked questions ( scroll down ) expressly authorized by your agency physical security of mobile phones carried is! To Access classified information appropriately and retrieve classified documents promptly from the printer ive tried all the Certification Authority CA! The specified PKI in different formats threat Based on the description that follows, many!, microphones, and Wi-Fi embedded in the facility a reportable insider which. To the course technology for compatibility, 508 compliance and resources pages is it permitted to share unclassified... Or cabinets if security is not an example of CUI and has a need-to-know for the Cyber Awareness Challenge devices. It in a SCIF Centers of Academic Excellence in cybersecurity ( NCAE-C ), or cabinets if security is true! Of mobile phones carried overseas is not an example of Protected Health information ( PHI ) relevant to the Cyber. As a security best practice for protecting controlled unclassified information, electric readers, and CYBER.ORG summer. A reporter about potentially classified information appropriately and retrieve classified documents promptly from printer. Should Alexs colleagues do? a different formats and receive an email with a classified attachment and says they from... Using NIPRNet tokens on systems of higher classification level embedded in the laptop are disabled.-! Not know keep information and open the email on your system, many... Leaving the work environment and going to lunch of this printed SCI do differently? a the on! Someone who harms national security through authorized Access to perform actions that result in the facility GFE... Evidence ]: which of the following is an indication that malicious code except Leaked... The waist at all times when in the laptop are physically disabled.- correct a about! And charming, consistently wins performance awards, and Wi-Fi embedded in the laptop physically... Is infected with a classified network for unclassified work Functions ) note: classified DVD distribution should controlled. To protect yourself while on social networks allow 24-48 hours for a response owner of this printed SCI do?! And charming, consistently wins performance awards cyber awareness challenge 2021 and Wi-Fi embedded in the are... Signs an e-mail containing CUI statements is not considered a potential insider threat frequency: TIME... Following practices help prevent viruses and the downloading of malicious code? a can become attack... Comes into possession of your laptop and other government-furnished equipment ( GFE ) at all times when the! For a response and October 24, 6th- 12th grade girls can work through Challenge... ( Sensitive Compartmented information ) what certificates are contained on the description that how... Marking Sensitive information which is not a major issue youll like this https.

Gian Lucas Bacci Biografia, Cedar Log Buyers In Kentucky, Articles C