Cyber Awareness Challenge 2023 Quiz

Questions and Answers

Which of the following is a good practice to prevent spillage?

Use VPN

Follow procedures for transferring data (correct)

Refer to PA

Ignore the situation

How should you respond to an inquiry about government information not cleared for public release?

Refer to PA

Which of the following is a good practice for telework?

Share passwords

Use public Wi-Fi

Use VPN (correct)

Leave devices unlocked

What level of damage can the unauthorized disclosure of information classified as Top Secret reasonably be expected to cause?

Exceptionally grave damage

Which of the following is a potential insider threat indicator?

Interest in learning a foreign language

What is an insider threat?

Someone who uses authorized access, wittingly or unwittingly, to harm.

Based on the description, how many potential insider threat indicator(s) are displayed?

1

Which of the following is a security best practice when using social networking sites?

Avoid posting your mother's maiden name

Adversaries exploit social networking sites to disseminate fake news.

True

Many apps and smart devices collect and share your personal information and contribute to your online identity.

True

Which of the following best describes a way to safely transmit Controlled Unclassified Information (CUI)?

Secure file transfer protocols

Protected Health Information (PHI) is not classified information.

True

Which designation includes Personally Identifiable Information (PII) and PHI?

Sensitive information

Which of the following best describes good physical security?

Lionel stops an individual in his secure area who is not wearing a badge.

You should remove and take your CAC/PIV card whenever you leave your workstation.

True

You may only transport sensitive compartmented information (SCI) if you have been courier-briefed for SCI.

True

All personal and government-owned portable electronic devices are prohibited in a Sensitive Compartmented Information Facility (SCIF).

True

Which of the following is NOT a type of malicious code?

Executables

Which of the following actions can help to protect your identity?

Shred personal documents

What action should you take with a compressed URL on a known website?

Investigate the destination using the preview feature

How can you protect yourself from social engineering?

Verify the identity of all individuals.

What is a common indicator of a phishing attempt?

A claim that you must update or validate information.

What security risk does a public Wi-Fi connection pose?

It may expose the information sent to theft.

Which of the following is NOT a permitted way to connect a personally-owned monitor to your GFE?

USB

Which of the following best describes the conditions under which mobile devices and applications can track your location?

It may occur at any time without your knowledge or consent

How can you protect data on your mobile computing and portable electronic devices?

Enable automatic screen locking after a period of inactivity.

What should you do if you find classified information on the Internet?

Note the website's URL and report the situation to your security point of contact.

How should you secure your home wireless network for teleworking?

Implement Wi-Fi Protected Access 2 (WPA2) Personal encryption at a minimum.

Which of the following may help to prevent spillage?

Follow procedures for transferring data

Who designates whether information is classified and its classification level?

Original classification authority

Study Notes

SPILLAGE

• Good practices to prevent spillage include following procedures for transferring data to and from external agencies and non-government networks.
• Upon discovering classified information online, immediately note the URL and report it to your security point of contact.

CLASSIFIED DATA

• Teleworking requires the use of a VPN to securely access classified data.
• Unauthorized disclosure of Top Secret information can lead to exceptionally grave damage.
• Classification levels and designations of information are determined by the original classification authority.

INSIDER THREAT

• Potential indicators of insider threats may include unusual interests, such as learning a foreign language.
• An insider threat is defined as anyone utilizing their authorized access, knowingly or unknowingly, to cause harm.

SOCIAL NETWORKING

• To enhance security on social media, avoid sharing personally identifiable information, like your mother's maiden name.
• Adversaries can exploit social networking sites to spread misinformation.
• Many applications and smart devices collect personal data, impacting your online identity.

CONTROLLED UNCLASSIFIED INFORMATION (CUI)

• Sensitive information includes both Personally Identifiable Information (PII) and Protected Health Information (PHI).
• Safely transmitting CUI involves adherence to specified guidelines (details not provided).

PHYSICAL SECURITY

• Effective physical security practices include ensuring individuals in secure areas display proper badges.

IDENTITY MANAGEMENT

• Always remove your Common Access Card (CAC) or Personal Identity Verification (PIV) card when leaving your workstation.
• A DoD Public Key Infrastructure (PKI) token should only be in use during active PKI-required tasks.

SENSITIVE COMPARTMENTED INFORMATION (SCI)

• Transporting sensitive compartmented information requires prior courier briefing for SCI.
• Access to SCI demands Top Secret clearance and indoctrination into the SCI program.

REMOVABLE MEDIA IN A SCIF

• Only government-approved portable electronic devices (PEDs) are permitted in Sensitive Compartmented Information Facilities (SCIFs).

MALICIOUS CODE

• Executables are not classified as malicious code.

WEBSITE USE

• Shredding personal documents is an effective method to protect your identity online.

SOCIAL ENGINEERING

• With compressed URLs, always investigate by using the preview feature to ensure the link is safe.
• To defend against social engineering, verify the identity of all individuals before sharing any information.
• A common phishing tactic involves prompting victims to update or validate their information.

TRAVEL

• Using public Wi-Fi can expose transmitted information to potential theft, as it may not allow VPN usage.

USE OF GOVERNMENT-FURNISHED EQUIPMENT (GFE)

• Connecting a personally-owned monitor to Government-Furnished Equipment (GFE) via USB is prohibited.

MOBILE DEVICES

• Location tracking by mobile devices and applications may occur without users’ knowledge or consent.
• To secure data on mobile devices, enable automatic screen locking after a period of inactivity.

HOME COMPUTER SECURITY

• For secure teleworking, implement Wi-Fi Protected Access 2 (WPA2) Personal encryption on your home wireless network.

Description

Test your knowledge on cyber awareness with this quiz based on the 2023 challenge. Explore key practices for handling spillage and classified data, as well as guidelines for telework. Perfect for anyone looking to enhance their understanding of cybersecurity protocols.