Cyber Awareness Best Practices Quiz

Questions and Answers

Which method would be the BEST way to send this information?

Send it through personal email

Write it down on paper

Use the government email system so you can encrypt the information and open the email on your government issued laptop (correct)

Use instant messaging

What should you do if someone asks to use your government issued mobile device?

Decline to lend your phone/laptop.

Where should you store PII / PHI?

Information should be secured in a cabinet or container while not in use.

Of the following, which is NOT an intelligence community mandate for passwords?

Maximum password age of 45 days

Which of the following is NOT government computer misuse?

Checking work email

Which is NOT a telework guideline?

Taking classified documents from your workspace

What should you do if someone forgets their access badge?

Alert the security office.

What can you do to protect yourself against phishing?

All of the above

What should you do to protect classified data?

Answer 1 and 2 are correct

What action is recommended when somebody calls you about your work environment?

Ask them to verify their name and office number.

If classified information were released, what classification level would result in 'Exceptionally grave damage to national security'?

Top Secret.

Which of the following is NOT considered sensitive information?

Sanitized information gathered from personnel records

Which of the following is NOT a criterion used to grant an individual access to classified data?

Senior government personnel, military or civilian

Of the following, which is NOT a problem of an Internet hoax?

Enhancing public awareness

Media containing Privacy Act information, PII, and PHI is not required to be labeled.

False

Which of the following is NOT a home security best practice?

Setting weekly time for virus scan when you are not on the computer and it is powered off

Which of the following best describes wireless technology?

It is inherently not a secure technology.

You are leaving the building where you work. What should you do?

Remove your security badge.

Which of the following is a good practice to avoid email viruses?

Delete email from senders you do not know

What is considered a mobile computing device and therefore shouldn't be plugged into your government computer?

All of the above

Which is NOT a way to protect removable media?

Storing them in unlocked containers

What is NOT Personally Identifiable Information (PII)?

Hobby.

Of the following, which is NOT a method to protect sensitive information?

After work hours, storing sensitive information in unlocked containers

There are many travel tips for mobile computing. Which of the following is NOT one?

When using a public device with a card reader, only use your DoD CAC to access unclassified information

The use of webmail is?

Only allowed if the organization permits it.

What is considered ethical use of the government email system?

Distributing company newsletter.

Which of the following attacks target high-ranking officials and executives?

Whaling

What constitutes a strong password?

All of the above

You are logged on to your unclassified computer and just received an encrypted email from a co-worker. What should you do?

Contact your security POC right away.

Study Notes

Cyber Awareness Best Practices

• Use the government email system for transmitting sensitive information; it allows encryption and is secure on government-issued devices.
• Never lend your government-issued mobile devices, such as phones or laptops, to others.
• Personal Identifiable Information (PII) and Protected Health Information (PHI) should be securely stored and kept in cabinets or containers when not in use.

Password and Security Guidelines

• Intelligence community mandates require password updates every 45 days.
• Government computer misuse includes inappropriate use of devices, but checking work emails is acceptable.
• Classified documents should never be taken home during telework.

Access and Data Protection

• If an employee forgets their access badge, report it to the security office immediately.
• To protect against phishing, implement a range of defensive strategies.
• Classified data can only be accessed by individuals who meet specific criteria; being a senior government employee does not guarantee access.

Information Classification and Sensitivity

• "Top Secret" classification indicates information whose unauthorized disclosure could cause "Exceptionally grave damage" to national security.
• Sensitive information must be properly labeled; unmarked media containing Privacy Act-related data is considered mislabeled, even if sanitized.
• Hobby information is not classified as Personally Identifiable Information (PII).

Internet and Device Security

• Hoaxes can trick users through realistic-looking websites; discernment is essential in verifying information online.
• Ensure home security by conducting regular virus scans when devices are in use; scans should not be scheduled when devices are powered off.
• Wireless technology is inherently insecure and requires additional safeguard measures.

Mobile and Remote Office Protocol

• Always remove your security badge when leaving the office premises.
• To prevent email viruses, delete suspicious emails from unknown senders.
• Mobile computing devices should not be connected to government computers; this includes laptops, phones, etc.

Sensitivity and Ethical Use of Information

• Protect removable media by adequately labeling it; unknown unlabeled media cannot be assumed unclassified.
• Ethical usage of government email includes sharing organizational information like newsletters.

Cybersecurity Threats

• Whaling attacks specifically target high-ranking officials and executives for sensitive data extraction.
• Strong passwords encompass various elements, including length, complexity, and unpredictability.
• Upon receiving suspicious encrypted emails, especially with alarming attachments, contact the security Point of Contact (POC) immediately.

Description

Test your knowledge on cyber awareness best practices, including the secure transmission of sensitive information and proper handling of personal identifiable information (PII). This quiz also covers password guidelines and data protection protocols required for government employees. Ensure you understand the importance of security measures in maintaining data integrity.