Cyber Awareness Challenge 2024 Flashcards

Questions and Answers

How can you protect your home computer?

Turn on the password feature

What should Carl do after receiving an email about a potential health risk?

Forward it

What is an appropriate use of government email?

Using a digital signature when sending attachments

Eavesdroppers may be listening to Sylvia's phone calls.

True

What must be done promptly with printed Sensitive Compartmented Information (SCI)?

It must be retrieved promptly from the printer

What conditions are necessary to be granted access to SCI?

Top Secret clearance and indoctrination into the SCI program

What is likely about the social media post Terry saw regarding smoke from the Pentagon?

This is probably a post designed to attract Terry's attention to click on a link and steal her information

PHI is created solely by healthcare providers.

False

What is NOT a best practice for protecting your home wireless network for telework?

Use your router's pre-set SSID and password

There is a risk that tapping a phone at a payment terminal poses a security risk.

True

How can you prevent viruses and malicious code?

Scan all external files before uploading to your computer

What behavior should you report?

Taking sensitive information home for telework without authorization

What should you do upon receiving a text message from a package shipper about updated delivery instructions?

Delete the message

What is an appropriate use of a DoD PKI token?

Do not use a token approved for NIPR on SIPR

What is a best practice when browsing the internet?

Only accept cookies from reputable, trusted websites

Where are you permitted to use classified data?

Only in areas with security appropriate to the classification level

Which of the following contributes to your online identity? (Select all that apply)

All of these

How can you protect your home computer?

Regularly back up your files

What is true of DoD Unclassified data?

It may require access and distribution controls

Which of the following is NOT a way that malicious code can spread?

Running a virus scan

What is the goal of an Insider Threat Program?

Deter, detect, and mitigate

What uses of removable media is allowed?

Government-owned removable media that is approved as operationally necessary

What is permitted when using an unclassified laptop within a collateral classified space?

A government-issued WIRED headset with microphone

When is the safest time to post on social media about your vacation plans?

After the trip

Which of the following is NOT an appropriate use of your CAC?

Using it as photo identification with a commercial entity

Do not travel with a mobile device if you can avoid it is a best practice for traveling overseas.

False

What does spillage refer to?

It refers specifically to classified information that becomes publicly available

What is permitted within a Sensitive Compartmented Information Facility (SCIF)?

An authorized Government-owned Portable Electronic Device (PED)

What should you do if you receive a phone call offering a $50 gift card for participating in a survey?

Decline to participate in the survey

How should government-owned removable media be stored?

In a GSA-approved container according to the appropriate security classification

What is a best practice for using government email?

Do not send mass e-mails

What is a best practice for physical security?

Use your own security badge or key code for facility access

Which of the following is least likely to pose a risk to share on a social networking site?

Your pet's name

How can you protect your home computer?

Regularly back up your files

Sensitive Compartmented Information (SCI) _________ various types of classified information for _________ protection and dissemination or distribution control.

segregates, added

You must have permission from your organization to telework.

True

Open storage is allowed within Sensitive Compartmented Information Facilities (SCIFs).

False

Which of the following is NOT a best practice for teleworking in an environment where Internet of Things (IoT) devices are present?

Use the devices' default security settings

How many insider threat indicators are present based on the description provided?

0

What is Tom prohibited from doing with his report containing sensitive employee information?

E-mailing it to a colleague who needs to provide missing data

Which of these is NOT a potential indicator that your device may be under a malicious code attack?

A notification for a system update that has been publicized

What is a best practice to protect your identity?

Order a credit report annually

Study Notes

Home Computer Protection

• Enable password protection on your computer.
• Regularly back up files to prevent data loss.

Email Security

• Always verify health-related emails before forwarding.
• Use digital signatures for secure government email communications.

Public Transportation Risks

• Be aware of eavesdroppers and shoulder surfers while using public transport.

Sensitive Compartmented Information (SCI)

• Requires Top Secret clearance and indoctrination for access.
• Printed SCI should be promptly retrieved from the printer.

Social Media Awareness

• Exercise caution with posts related to emergencies, as they may be scams designed to steal information.
• Delay vacation-related posts until after the trip for security reasons.

Health Information (PHI)

• PHI is created by healthcare providers or plans; identifying false statements is crucial.

Wireless Network Security

• Avoid using default SSID and passwords for home wireless networks.

Mobile Payment Security

• Tap-to-pay features may be vulnerable to signal interception.

Virus Prevention

• Always scan external files for viruses before uploading to a computer.

Reporting Improper Behavior

• Sensitive information should not be taken home without proper authorization.

Text Message Security

• Delete suspicious texts from package shippers, as they may be phishing attempts.

Use of DoD PKI Token

• DoD PKI tokens should not be used interchangeably between NIPR and SIPR networks.

Internet Browsing Best Practices

• Accept cookies only from trustworthy sites.

Classified Data Handling

• Classified data can only be used in secure environments appropriate to their classification level.

Online Identity

• Your online identity is shaped by various factors, requiring mindful sharing.

Insider Threat Program

• Aims to deter, detect, and mitigate insider threats.

Removable Media Usage

• Only use government-owned removable media that is essential for operations.

Sensitive Compartmented Information Facility (SCIF)

• An authorized government-issued wired headset is approved in SCIF settings.

Managed Communication

• Do not participate in unsolicited surveys promising gift cards, as they may be scams.

Storage of Government Media

• Store removable media in GSA-approved containers according to security classifications.

Mass Email Practices

• Avoid sending mass emails using government email accounts.

Physical Security Measures

• Use personal security badges for facility access.

Sharing on Social Media

• Sharing innocuous personal details, like your pet's name, poses the least risk.

Telework Protocol

• Obtain organizational permission before engaging in telework.

SCIF Regulations

• Open storage is permitted in SCIFs due to stringent security measures.

Teleworking with IoT Devices

• Avoid relying on default security settings for IoT devices when teleworking.

Insider Threat Indicators

• No indicators may suggest wrongdoing in the described case study example.

Handling Sensitive Personal Data

• Prohibited from emailing sensitive employee information without appropriate measures.

Malicious Code Awareness

• Be cautious of unexpected notifications for system updates; they may not indicate a real threat.

Identity Protection Best Practices

• It is advisable to order a credit report annually to monitor for identity theft.

Description

Test your knowledge with these flashcards focused on cyber awareness. Each card presents key concepts such as computer protection, email safety, and appropriate online behaviors. Ideal for individuals looking to enhance their understanding of cybersecurity in 2024.