Cyber Awareness Challenge 2024 Flashcards

Questions and Answers

Which of the following describes the most appropriate way for Mabel to share a document containing contractor proprietary information?

E-mail it using her personal e-mail account

Save it to a shared folder accessible to their team

Leave a printed copy on her supervisor's desk after working hours

Encrypt it and send it via digitally signed Government e-mail (correct)

Which type of data could reasonably be expected to cause serious damage to national security?

Controlled Unclassified Information (CUI)

Secret (correct)

Top Secret

Confidential

Which of the following is NOT a best practice for traveling overseas with a mobile device?

Assume that any voice or data transmission you make is monitored

Do not travel with a mobile device if you can avoid it

Store the device in a hotel safe when sightseeing (correct)

Avoid using public Wi-Fi

When is the safest time to post on social media about your vacation plans?

After the trip

Which of the following uses of removable media is allowed?

Government owned removable media that is approved as operationally necessary

How can you mitigate the potential risk associated with a compressed URL (e.g., TinyURL, goo.gl)?

Use the preview function to see where the link actually leads

Which of the following is NOT a best practice for protecting data on a mobile device?

Disable automatic screen locking after a period of inactivity

Which of the following is NOT an appropriate use of your Common Access Card (CAC)?

Using it as photo identification with a commercial entity

Carl receives an e-mail about a potential health risk caused by a common ingredient in processed food. Which of the following actions should Carl NOT take with the e-mail?

Forward it

Which of the following is least likely to pose a risk to share on a social networking site?

Your pet's name

Which of the following is permitted when using an unclassified laptop within a collateral classified space?

A Government-issued wired headset with microphone

Which of the following is true of Sensitive Compartmented Information Facilities (SCIFs)?

Personnel must position monitors so that they do not face windows or close to window blinds.

Which of the following is true of transmitting or transporting Sensitive Compartmented Information (SCI)?

Printed SCI must be retrieved promptly from the printer.

Which of the following is NOT a best practice for teleworking in an environment where Internet of Things (IoT) devices are present?

Use the devices' default security settings

How should government owned removable media be stored?

In a GSA-approved container according to the appropriate security classification

You receive a text message from a package shipper notifying you that your package delivery is delayed due to needing updated delivery instructions from you. What is the best course of action?

Delete the message

How can you protect your home computer?

Regularly back up your files

Beth taps her phone at a payment terminal to pay for a purchase. Does this pose a security risk?

True

How can you prevent viruses and malicious codes?

Scan all external files before uploading to your computer

Terry sees a post on her social media feed that says there is smoke billowing from the Pentagon. What describes what Terry has likely seen?

This is probably a post designed to attract Terry's attention to click on a link and steal her information.

Which of the following is an appropriate use of government e-mail?

Using a digital signature when sending attachments

Which of the following is an example of behavior that you should report?

Taking sensitive information home for telework without authorization

How can adversaries use information available in public records to target you?

Combine it with information from other data sources to learn how best to bait you with a scam

Sylvia commutes to work via public transportation. She often uses the time to make phone calls or respond to e-mails on her government approved mobile device. Does this pose a security concern?

True

Which of the following is NOT a way that malicious code can be spread?

Running a virus scan

Study Notes

Document Sharing Best Practices

• Sensitive information should be encrypted and sent via digitally signed Government e-mail for secure transmission.
• Using personal e-mail accounts to share government documents is discouraged and insecure.

National Security Risk Levels

• "Secret" information poses a reasonable risk of serious damage to national security if disclosed.

Mobile Device Security During Travel

• Best practices for traveling with mobile devices include avoiding public Wi-Fi and not carrying a device unless necessary.
• Storing devices in a hotel safe is not always recommended, especially if one intends to use them.

Social Media Precautions

• Avoid posting vacation plans on social media before or during the trip; the safest time is after returning.

Removable Media Usage

• Only government-owned removable media approved as operationally necessary is allowed for use in government-related tasks.

URL Safety

• To mitigate risks with compressed URLs, users should utilize the preview function to ascertain the actual destination.

Mobile Device Data Protection

• Disabling automatic screen locking on mobile devices is not a best practice; users should ensure devices lock after periods of inactivity.

Common Access Card (CAC) Usage

• Using a CAC as identification with commercial entities is inappropriate; it must be retained in secure locations.

Email Caution

• Forwarding unverified emails, especially regarding health risks, should be avoided; it is better to mark them as junk or delete them.

Social Media Sharing Risks

• Sharing personal details, such as pet names, poses minimal risk compared to sharing more identifiable information like birth dates or location.

Classified Space Protocols

• In Sensitive Compartmented Information Facilities (SCIFs), monitors should be positioned away from windows to ensure security.

Sensitive Information Handling

• Printed Sensitive Compartmented Information (SCI) should be promptly retrieved from printers to maintain security.

Teleworking Best Practices

• Utilizing default security settings for Internet of Things (IoT) devices is highly discouraged; strong, individualized passwords should be set.

Government Removable Media Storage

• Government-owned removable media must be stored in GSA-approved containers according to their security classification.

Dealing with Suspicious Texts

• A text from an unknown shipper requesting personal information through a shortened link should be deleted to avoid potential phishing scams.

Cyber Hygiene at Home

• Regularly backing up files is an essential step in protecting home computers from data loss or viruses.

Contactless Payments

• Tapping a phone for payments does carry risks, such as potential interception of the signal.

Virus Prevention

• Scanning external files before uploading them to computers is key to preventing viruses and malicious code.

Evaluating Social Media Information

• Posts that are sensational or vague, particularly about emergencies, should be approached with skepticism unless verified through legitimate sources.

Appropriate Government Email Use

• Utilizing a digital signature when sending attachments through government e-mail is considered appropriate.

Reporting Security Violations

• Unauthorized removal of sensitive information for telework purposes should be reported as a security violation.

Public Records and Targeting

• Public records can be combined with other information to craft scams targeting individuals more effectively.

Security Awareness in Public Spaces

• Maintaining awareness of eavesdroppers and potential spies while using government devices in public is vital to protect sensitive communications.

Malicious Code Spread

• Running a virus scan cannot spread malicious code; it is a preventive measure against the other listed methods such as downloading files, visiting infected sites, or opening email attachments.

Description

Test your knowledge on best practices for sharing sensitive information with Cyber Awareness Challenge 2024 flashcards. This quiz focuses on ensuring information security and understanding appropriate communication methods in a government setting.