Cyber Awareness Challenge 2024 Flashcards

Questions and Answers

How can you protect your home computer?

Turn on the password feature

What should Carl do after receiving an e-mail about a potential health risk?

Forward it

Which of the following is an appropriate use of government e-mail?

Using a digital signature when sending attachments

Does Sylvia risk being overheard when commuting via public transportation?

True

What is true of transmitting or transporting Sensitive Compartmented Information (SCI)?

Printed SCI must be retrieved promptly from the printer

What conditions are necessary to be granted access to SCI?

Top Secret clearance and indoctrination into the SCI program

What does Terry's post about smoke from the Pentagon likely represent?

This is probably a post designed to attract Terry's attention to click on a link and steal her information

Which statement regarding Protected Health Information (PHI) is false?

False

Which of the following is NOT a best practice for protecting your home wireless network for telework?

Use your router's pre-set SSID and password

Does tapping a phone at a payment terminal pose a security risk?

True

How can you prevent viruses and malicious code?

Scan all external files before uploading to your computer

Which behavior should you report?

Taking sensitive information home for telework without authorization

What should you do about a text message from a package shipper requesting updated delivery instructions?

Delete the message

Which use of a DoD PKI token is appropriate?

Do not use a token approved for NIPR on SIPR

What is a best practice when browsing the internet?

Only accept cookies from reputable, trusted websites

Where can you use classified data?

Only in areas with security appropriate to the classification level

Which of the following contributes to your online identity?

All of these

How can you protect your home computer?

Regularly back up your files

Which statements are true of DoD Unclassified data?

It may require access and distribution controls

Which of the following is NOT a way that malicious code can spread?

Running a virus scan

What is the goal of an Insider Threat Program?

Deter, detect, and mitigate

Which use of removable media is allowed?

Government owned removable media that is approved as operationally necessary

What can you do with an unclassified laptop within a collateral classified space?

A government-issued WIRED headset with microphone

When is the safest time to post about your vacation plans on social media?

After the trip

What is NOT an appropriate use of your Common Access Card (CAC)?

Using it as photo identification with a commercial entity

Is it correct to say, 'Do not travel with a mobile device if you can avoid it'?

False

Which statement about spillage is true?

It refers specifically to classified information that becomes publicly available.

What is permitted within a Sensitive Compartmented Information Facility (SCIF)?

An authorized Government-owned Portable Electronic Device (PED)

What should you do if you receive a call offering a $50 gift card for a survey?

Decline to participate in the survey. This may be a social engineering attempt.

How should government owned removable media be stored?

In a GSA-approved container according to the appropriate security classification.

What is a best practice for using government e-mail?

Do not send mass e-mails.

What is a best practice for physical security?

Use your own security badge or key code for facility access.

Which of the following is least likely to pose a risk to share on a social networking site?

Your pet's name

How can you protect your home computer?

Regularly back up your files.

Sensitive Compartmented Information (SCI) is a program that ______________ various types of classified information for ______________ protection and dissemination or distribution control.

segregates, added

Do you need permission from your organization to telework?

True

Is open storage allowed in Sensitive Compartmented Information Facilities (SCIFs)?

True

Which is NOT a best practice for teleworking in an environment with IoT devices?

Use the devices' default security settings.

Based on the description provided, how many insider threat indicators are present?

0

What is Tom prohibited from doing with a report containing employees' names, addresses, and salary?

E-mailing it to a colleague who needs to provide missing data

Which of these is NOT a potential indicator that your device may be under a malicious code attack?

A notification for a system update that has been publicized.

What is a best practice to protect your identity?

Order a credit report annually

Study Notes

Home Computer Protection

• Activate password feature on devices to enhance security.
• Regularly back up files to prevent data loss.

Handling Suspicious Emails

• Forward emails about potential health risks to appropriate personnel for verification.

Appropriate Use of Government Email

• Employ digital signatures when sending attachments to ensure authenticity.

Public Transportation Safety

• Be aware of eavesdropping and shoulder surfing when using mobile devices in public.

Handling Sensitive Compartmented Information (SCI)

• Promptly retrieve printed SCI from printers.
• Access to SCI requires Top Secret clearance and indoctrination into the program.

Social Media Caution

• Be skeptical of sensational posts, as they may lead to phishing attempts.

Protected Health Information (PHI)

• PHI is created by healthcare providers and requires strict confidentiality.

Wireless Network Security

• Avoid using default SSID and password for home wireless networks to enhance security.

Payment Security Risks

• Contactless payments pose risks of signal interception by malicious actors.

Virus Protection

• Scan all external files before uploading to computers to mitigate virus threats.

Reporting Improper Behavior

• Report unauthorized removal of sensitive information for telework purposes.

Text Message Caution

• Delete unsolicited messages from package shippers that request personal information.

Proper Use of DoD PKI Tokens

• Ensure tokens are used within their designated classifications.

Internet Browsing Best Practices

• Accept cookies only from trusted websites to protect personal data.

Classifying Classified Data

• Utilize classified data only in secure areas that match the classification level.

Online Identity Management

• Awareness that various factors contribute to your online presence.

Insider Threat Program Goals

• Aim to deter, detect, and mitigate insider threats within organizations.

Removable Media Use

• Only authorized government-owned removable media for operational needs is allowed.

Using Laptops in Secure Areas

• Unclassified laptops can be used with government-issued wired headsets in classified facilities.

Social Media Posting Timing

• Delay posting about vacations until after returning to avoid increased risk of security breaches.

CAC Usage Guidelines

• Avoid using CAC as identification for commercial entities.

Travel Best Practices for Mobile Devices

• It is advised to travel with mobile devices, rather than avoid taking them.

Spillage Definition

• Spillage involves classified information becoming publicly accessible.

Sensitive Compartmented Information Facilities (SCIF)

• SCIFs allow open storage due to robust physical security measures.

Internet of Things (IoT) Security

• Avoid using default security settings on IoT devices to minimize vulnerabilities.

Insider Threat Indicators

• Diligent work history and personal attributes do not automatically indicate insider threats; evaluate carefully.

Handling Sensitive Reports

• Prohibition on emailing sensitive reports containing personal information to unauthorized personnel.

Device Security Warnings

• System update notifications are typically not indicators of malicious attacks.

Identity Protection Tips

• Request annual credit reports to monitor for identity theft.

Description

Test your knowledge with these flashcards on cyber awareness concepts for 2024. Each card covers essential practices for protecting your computer and dealing with cybersecurity threats. Perfect for anyone looking to improve their cyber safety skills!