Cyber Awareness 2023

Questions and Answers

How should you respond if you receive an inquiry for information not clear for public release?

Refer your order to PAO.

What will help prevent spillage?

Follow procedures for transferring data to and from outside agency and networks.

What is the basis for handling classified data?

Classification level and handling caveats.

Who designates classified data?

Original Classification Authority.

Which of the following is a potential indicator of an insider threat?

Difficult life circumstances

What function do insider threat programs aim to fulfill?

Proactively identify future threats and formulate holistic mitigation responses.

What is a reportable insider threat?

A colleague removes sensitive info without seeking authorization in order to perform authorized telework.

When might you be subject to criminal, disciplinary, or administrative action due to online harassment, bullying, or stalking?

If you participate or condone it in any way.

Which of the following is a security best practice when using social networking sites?

Avoid posting PII (mother's maiden name)

How can you protect yourself on social networking sites?

Delete posts containing personal information on a regular basis.

Which designator marks information that does not have the potential to damage national security?

Unclassified.

What's true for Controlled Unclassified Information (CUI)?

CUI must have disseminating controls.

What is the best way to transmit CUI?

Make sure recipients are clear and need to know, then send via encrypted email.

Which CPCON establishes a protection policy focused on critical functions only?

CPCON 1

What is an example of a strong password?

@rF+13gtK5!

What's true about Common Access Cards (CACs)?

It contains certificates for ID, encryption, and digital signature.

What's true of sharing information in a Sensitive Compartmented Information Facility (SCIF)?

Avoid referencing derivative classified reports classified higher than the recipient.

What's true for transmitting Sensitive Compartmented Information (SCI)?

Only transmit SCI if you're courier briefed for SCI.

What's true of Personal Electronic Devices (PEDs) in a SCIF?

Only connect government-owned PEDs to the same level classification information system when authorized.

What's true for downloading apps on government devices?

Use approved and authorized apps only.

How should you respond to the theft of identity?

Contact reporting agencies, financial institutions, monitor credit card statements, and report crime to law enforcement.

How can you protect from social engineering?

Verify the identity of individuals.

What is a common indicator of a phishing attempt?

Claim that you need to update or validate information.

What security issue is associated with compressed URLs?

They can be used to mask malicious intent.

What are the problems with public Wi-Fi?

May expose information sent to theft.

What is a personally owned monitor you shouldn't connect to your Government Furnished Equipment (GFE)?

USB.

What is a best practice for using removable media?

Avoid inserting removable media with unknown content into your computer.

How can you protect data on your mobile computing and portable electronic devices (PEDs)?

Auto screen locking.

What is the best practice for securing your home computer?

Install system security patches.

Study Notes

Information Response Protocols

• Inquiries for information not clear for public release should be referred to the Public Affairs Office (PAO).
• Preventing data spillage involves strict adherence to procedures for transferring data to and from external agencies and networks.

Handling Classified Data

• Handling of classified data is determined by its classification level and associated handling caveats.
• Designation of classified data is the responsibility of the Original Classification Authority.

Insider Threat Awareness

• Indicators of potential insider threats include difficult life circumstances.
• Insider threat programs are designed to proactively identify potential threats and develop comprehensive mitigation strategies.
• A reportable insider threat includes unauthorized removal of sensitive information for telework purposes.

Social Networking Safety

• Participation or condoning of online harassment, bullying, or stalking may result in criminal, disciplinary, or administrative actions.
• A key security best practice on social media is to avoid posting personal identifiable information (PII), such as a mother's maiden name.
• Regularly delete posts that contain personal information to enhance security on social networking sites.

Controlled Unclassified Information (CUI)

• Unclassified information is marked appropriately to indicate it does not threaten national security.
• CUI requires specific disseminating controls to manage its distribution effectively.
• When transmitting CUI, ensure that recipients have a clear need-to-know and utilize encrypted email for security.

Physical Security Measures

• CPCON 1 focuses on establishing protection policies for critical functions only.

Identity Management Standards

• A strong password example includes complex characters, such as @rF+13gtK5!--.
• Common Access Cards (CACs) contain certificates necessary for identification, encryption, and digital signature functionalities.

Sensitive Compartmented Information (SCI)

• Avoid referencing derivative classified reports that are classified higher than the recipient's clearance level when sharing information in a Sensitive Compartmented Information Facility (SCIF).
• Transmission of SCI is permitted only if the individual is a courier briefed for SCI.

Use of Removable Media

• Personal electronic devices (PEDs) should only be connected to information systems of the same classification level when authorized.
• Always use government-approved and authorized applications when downloading apps on government devices to avoid malicious code.

Responding to Identity Theft

• In case of identity theft, contact reporting agencies and financial institutions, monitor credit card statements, and report the crime to law enforcement.

Protecting Against Social Engineering

• Verify the identities of individuals to protect against social engineering attempts.
• Common phishing indicators often involve claims that require updates or validation of personal information.
• Compressed URLs can mask malicious intent, posing additional security risks.

Issues with Public Wi-Fi

• Utilizing public Wi-Fi presents risks, including exposure of information to potential theft.

Guidelines for Government-Furnished Equipment (GFE)

• Personal monitors, such as USBs, should not be connected to GFE.

Mobile Device Security Practices

• Avoid inserting removable media with unknown content into computers to prevent malware and data breaches.
• Employ auto screen locking on mobile computing and portable electronic devices (PEDs) to protect data.

Home Computer Security

• Regularly install system security patches to keep home computers secure and up-to-date.

Description

Test your knowledge on cyber awareness and protocols for handling sensitive information in 2023. This quiz covers crucial terms and definitions related to data security and spillage prevention. Enhance your understanding of how to manage classified data appropriately.