Cyber Awareness 2022 Knowledge Check
54 Questions
100 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What should you do if a reporter asks you about potentially classified information on the web?

Refer the reporter to your organization's public affairs office.

Which of the following is a good practice to aid in preventing spillage?

  • Mix classified and unclassified data.
  • Ignore handling caveats.
  • Share information freely.
  • Be aware of classification markings. (correct)
  • What should be your response if asked to comment on a classified project?

    Attempt to change the subject to something non-work related, but neither confirm nor deny the article's authenticity.

    What should you do when working on an unclassified system and receive an email with a classified attachment?

    <p>Call your security point of contact immediately.</p> Signup and view all the answers

    What is required for an individual to access classified data?

    <p>Appropriate clearance; signed and approved non-disclosure agreement; and need-to-know.</p> Signup and view all the answers

    How can you protect classified data when it is not in use?

    <p>Store classified data appropriately in a GSA-approved vault/container.</p> Signup and view all the answers

    How many potential insider threat indicators does a colleague who vacations at the beach every year and has a poor work quality display?

    <p>0 indicators</p> Signup and view all the answers

    Based on the following description, how many insider threat indicators are displayed: a playful and charming colleague who wins awards and is occasionally aggressive in accessing classified info?

    <p>1 indicator</p> Signup and view all the answers

    What type of activity should be reported as a potential insider threat?

    <p>Coworker making consistent statements indicative of hostility or anger toward the United States and its policies.</p> Signup and view all the answers

    What advantages do 'insider threats' have over others in causing damage to organizations?

    <p>Insiders are given a level of trust and have authorized access to Government information systems.</p> Signup and view all the answers

    Which of the following is a best practice to protect information about you on social networking sites?

    <p>Use only personal contact information.</p> Signup and view all the answers

    When is the safest time to post details of your vacation activities on social media?

    <p>When your vacation is over, after you have returned home.</p> Signup and view all the answers

    What level of damage can the unauthorized disclosure of information classified as confidential cause?

    <p>Damage to national security.</p> Signup and view all the answers

    Which type of information could cause serious damage to national security if disclosed without authorization?

    <p>Secret.</p> Signup and view all the answers

    What practice may reduce your appeal as a target for adversaries seeking to exploit your insider status?

    <p>Remove your security badge after leaving your controlled area or office building.</p> Signup and view all the answers

    What type of unclassified material should be marked with a special handling caveat?

    <p>For Official Use Only (FOUO).</p> Signup and view all the answers

    Which of the following is NOT an example of sensitive information?

    <p>Press release data</p> Signup and view all the answers

    Which of the following is true about unclassified data?

    <p>When unclassified data is aggregated, its classification level may rise.</p> Signup and view all the answers

    Which of the following represents a good physical security practice?

    <p>Use your own security badge, key code, or Common Access Card (CAC)/Personal Identity Verification (PIV) card.</p> Signup and view all the answers

    What certificates are contained on the Common Access Card (CAC)?

    <p>Identification, encryption, and digital signature.</p> Signup and view all the answers

    What should you do if a hotel asks to make a photocopy of your Common Access Card (CAC)?

    <p>Do not allow your CAC to be photocopied.</p> Signup and view all the answers

    How is Sensitive Compartmented Information (SCI) marked?

    <p>Approved Security Classification Guide (SCG).</p> Signup and view all the answers

    What best describes the compromise of Sensitive Compartmented Information (SCI)?

    <p>A person without the required clearance or access comes into possession of SCI.</p> Signup and view all the answers

    What portable electronic devices (PEDs) are allowed in a Secure Compartmented Information Facility (SCIF)?

    <p>Government-owned PEDs, if expressly authorized by your agency.</p> Signup and view all the answers

    What are some examples of malicious code?

    <p>Viruses, Trojan horses, or worms.</p> Signup and view all the answers

    Which of the following is NOT a way that malicious code spreads?

    <p>Legitimate software updates</p> Signup and view all the answers

    What should you do if a website requires a credit card for registration and does not start with 'https'?

    <p>Do not provide your credit card information.</p> Signup and view all the answers

    Which email attachments are generally safe to open?

    <p>Attachments contained in a digitally signed email from someone known.</p> Signup and view all the answers

    What is a common indicator of a phishing attempt?

    <p>It includes a threat of dire circumstances.</p> Signup and view all the answers

    Which of the following is true of Internet hoaxes?

    <p>They can be part of a distributed denial-of-service (DDoS) attack.</p> Signup and view all the answers

    What should you do upon connecting your Government-issued laptop to a public wireless connection?

    <p>Connect to the Government Virtual Private Network (VPN).</p> Signup and view all the answers

    What should be your response if a coworker asks you to download a programmer's game to play at work?

    <p>I'll pass.</p> Signup and view all the answers

    What are some examples of removable media?

    <p>Memory sticks, flash drives, or external hard drives.</p> Signup and view all the answers

    Which are examples of portable electronic devices (PEDs)?

    <p>Laptops, fitness bands, tablets, smartphones, electric readers, and Bluetooth devices.</p> Signup and view all the answers

    What is a good practice to protect data on your home wireless systems?

    <p>Ensure that the wireless security features are properly configured.</p> Signup and view all the answers

    When may you be subjected to criminal, disciplinary, and/or administrative action due to online misconduct?

    <p>If you participate in or condone it at any time.</p> Signup and view all the answers

    Which is a security best practice when using social networking sites?

    <p>Use only personal contact information.</p> Signup and view all the answers

    Which of the following is NOT an example of Controlled Unclassified Information (CUI)?

    <p>Press release data</p> Signup and view all the answers

    Which of the following is NOT a correct way to protect CUI?

    <p>CUI may be stored on any password-protected system.</p> Signup and view all the answers

    Which Cyberspace Protection Condition (CPCON) establishes a focus on critical and essential functions only?

    <p>CPCON 2 (High: Critical and Essential Functions).</p> Signup and view all the answers

    What certificates are contained on the Common Access Card (CAC)?

    <p>Identification, encryption, and digital signature.</p> Signup and view all the answers

    Which of the following is an example of two-factor authentication?

    <p>Your password and a text code.</p> Signup and view all the answers

    What guidance is available from marking Sensitive Information (SCI)?

    <p>Security Classification Guide (SCG).</p> Signup and view all the answers

    What must the dissemination of information regarding intelligence sources follow?

    <p>The Director of National Intelligence.</p> Signup and view all the answers

    If an incident occurs involving removable media in a Sensitive Compartmented Information Facility (SCIF), what action should you take?

    <p>Notify your security point of contact.</p> Signup and view all the answers

    Which actions can help to protect your identity?

    <p>Order a credit report annually.</p> Signup and view all the answers

    What is whaling?

    <p>A type of phishing targeted at senior officials.</p> Signup and view all the answers

    Which best practice can prevent viruses and other malicious code from being downloaded when checking your email?

    <p>Do not access website links, buttons, or graphics in email.</p> Signup and view all the answers

    What type of social engineering targets particular individuals or organizations?

    <p>Spear phishing.</p> Signup and view all the answers

    Which of the following is a concern when using your Government-issued laptop in public?

    <p>Others may be able to view your screen.</p> Signup and view all the answers

    When can you check personal email on your Government-furnished equipment (GFE)?

    <p>If allowed by organizational policy.</p> Signup and view all the answers

    Which of the following statements is true about mobile devices?

    <p>Mobile devices and applications can track your location without your knowledge or consent.</p> Signup and view all the answers

    When can you use removable media on a Government system?

    <p>When operationally necessary, owned by your organization, and approved by the appropriate authority.</p> Signup and view all the answers

    Which is the best practice for securing your home computer?

    <p>Create separate accounts for each user.</p> Signup and view all the answers

    Study Notes

    Spillage

    • If approached by a reporter about classified information, refer them to the public affairs office.
    • Awareness of classification markings and handling caveats is critical to prevent information spillage.
    • In conversations about classified projects, avoid confirming or denying details; change the subject instead.
    • If receiving a classified attachment on an unclassified system, immediately contact your security point of contact.
    • Accessing classified data requires appropriate clearance, a signed non-disclosure agreement, and a need-to-know basis.
    • To protect classified data when not in use, store it in a GSA-approved vault or container.

    Insider Threat

    • A colleague's vacation habits and family status may not indicate insider threats; zero indicators present in this scenario.
    • Indicators of a potential insider threat can include charm combined with aggression towards accessing classified information.

    Online Conduct and Security

    • Report comments of hostility towards the U.S. as potential insider threats.
    • Insiders have an easier path to damage organizations due to their trust and authorized access to sensitive systems.
    • When creating social media accounts, use personal contact details only to safeguard organizational information.
    • Post vacation updates only after returning to avoid giving potential adversaries information to exploit.

    Data Classification

    • Unauthorized disclosure of confidential information could threaten national security.
    • Disclosing secret information poses serious risks to national security.
    • Enhance security presence by removing security badges outside controlled areas.

    Sensitive Information

    • Mark unclassified materials with handling caveats like For Official Use Only (FOUO).
    • Aggregated unclassified data may require a higher classification.
    • Secure personal identification and authorization via Common Access Cards (CAC) to prevent unauthorized access.

    Malicious Code

    • Malicious code examples include viruses, Trojan horses, and worms.
    • Legitimate software updates are not a method of spreading malicious code.
    • Ensure URLs are secure (start with "https") before providing sensitive information.
    • Open email attachments only if they're from recognized senders and are digitally signed.

    Social Networking Risks

    • Engage in responsible online behavior to avoid disciplinary actions, which include both direct participation and condoning misconduct.
    • Use personal contact information when setting up accounts on social networking sites to enhance security.

    Controlled Unclassified Information (CUI)

    • Press release data is not considered CUI.
    • CUI should be safeguarded, and cannot be stored on just any password-protected system.

    Physical Security and Identity Management

    • Cyberspace Protection Condition (CPCON 2) prioritizes critical functions amid varying levels of threat.
    • Common Access Cards (CAC) contain identification, encryption, and digital signature certificates.

    Security Practices

    • Two-factor authentication can enhance security; it typically includes a password and a verification code sent to your phone.
    • When using removable media in government settings, ensure the media is owned by the organization and approved for use.
    • Individuals should order a credit report annually to help protect their identity.
    • Whaling is a sophisticated phishing attack aimed at senior officials.

    Mobile Device Security

    • Mobile devices can track users' locations without their knowledge, raising privacy concerns.
    • Users should create separate accounts for each individual on home computers to improve security.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    Test your knowledge on Cyber Awareness for 2022 with this quiz focused on preventing information spillage. Learn about handling classified information and best practices for communication with the media. Perfect for those who want to ensure they are up-to-date with cyber security protocols.

    More Like This

    DOD Cyber Awareness Challenge 2024
    18 questions

    DOD Cyber Awareness Challenge 2024

    LionheartedBrazilNutTree avatar
    LionheartedBrazilNutTree
    Use Quizgecko on...
    Browser
    Browser