Cyber Awareness Challenge 2024 Flashcards

Questions and Answers

What conditions are necessary to be granted access to Sensitive Compartmented Information (SCI)?

Top Secret clearance and indoctrination into the SCI program

Which of the following is permitted when using an unclassified laptop within a collateral classified space?

• A personal laptop
• A government-issued wired headset with microphone (correct)
• Unsecured USB drives
• Using personal headphones

Which of the following is an authoritative source for derivative classification?

Security Classification Guide

Which of the following actions should Carl NOT take with the e-mail about a potential health risk?

Forward it (A)

How can an adversary use information available in public records to target you?

Combine it with information from other data sources to learn how best to bait you with a scam

Which of the following is an appropriate use of government e-mail?

Using a digital signature when sending attachments (A)

Which of the following is NOT a best practice for protecting data on a mobile device?

Disable automatic screen locking after a period of inactivity (B)

What action should Annabeth take if she believes an SCI conversation was overheard?

Contact her security POC to report the incident

On your home computer, how can you best establish passwords when creating separate user accounts?

Have each user create their own, strong password

Which of the following is an allowed use of government furnished equipment (GFE)?

Checking personal e-mail if your organization allows it (C)

How can you prevent viruses and malicious code?

Scan all external files before uploading to your computer

An insider threat is someone who uses __________ access, __________, to harm national security.

authorized, wittingly or unwittingly

Which of the following is an example of behavior that you should report?

Taking sensitive information home for telework without authorization (A)

Which of the following is true of telework?

You must have permission from your organization to telework (A)

After a classified document is leaked online, which statement is true of the leaked information?

You should still treat it as classified even though it has been compromised (C)

How should government-owned removable media be stored?

In a GSA-approved container according to the appropriate security classification

Which of the following is NOT an example of Personally Identifiable Information (PII)?

Automobile make and model (B)

What does the Common Access Card (CAC) contain?

Certificates for identification, encryption, and digital signature

Does Sylvia's commuting behavior pose a security concern?

True (A)

Does Beth tapping her phone at a payment terminal pose a security risk?

True (A)

Which of the following is NOT an appropriate use of your Common Access Card (CAC)?

Using it as photo identification with a commercial entity (C)

When is the safest time to post on social media about your vacation plans?

After the trip

What is the best course of action if you receive a suspicious text message about delayed package delivery?

Delete the message

Which of the following is NOT a best practice for protecting your home wireless network for telework?

Use your router's pre-set Service Set Identifier (SSID) and password (B)

Which of the following is a best practice for using government e-mail?

Do not send mass e-mails (C)

How can you protect your home computer?

Turn on the password feature

Did Carl receive an e-mail about a potential health risk and should forward it?

False (B)

Which of the following is true of transmitting or transporting SCI?

Printed SCI must be retrieved promptly from the printer (A)

Terry sees a post that says there is smoke billowing from the Pentagon. What is likely true?

This is probably a post designed to attract her attention to a scam (D)

Which of the following statements about PHI is false?

It can be used by anyone for personal gain (A)

Which of the following is NOT a best practice for protecting your home wireless network for telework?

Use your router's pre-set SSID and password (C)

Does Beth tapping her phone at a payment terminal pose a security risk?

True (A)

How can you prevent viruses and malicious code?

Scan all external files before uploading to your computer

Which of the following is an example of behavior that you should report?

Taking sensitive information home for telework without authorization (C)

What is the best course of action if you receive a suspicious text message about delayed package delivery?

Delete the message

Which of the following is a permitted use of a DoD PKI token?

Do not use a token approved for NIPR on SIPR (B)

Which of the following is a best practice when browsing the internet?

Only accept cookies from reputable, trusted websites (B)

Where are you permitted to use classified data?

Only in areas with security appropriate to the classification level

Which of the following contributes to your online identity?

All of these (D)

How can you protect your home computer?

Regularly back up your files

Which of the following statements is true of DoD Unclassified data?

It may require access and distribution controls (B)

Which of the following is NOT a way that malicious code can spread?

Running a virus scan (B)

What is the goal of an Insider Threat Program?

Deter, detect, and mitigate

Which of the following uses of removable media is allowed?

Government owned removable media that is approved as operationally necessary (D)

Which of the following is permitted when using an unclassified laptop within a collateral classified space?

A government-issued wired headset with microphone (B)

When is the safest time to post on social media about your vacation plans?

After the trip

Which of the following is NOT an appropriate use of your CAC?

Using it as photo identification with a commercial entity (D)

Flashcards are hidden until you start studying

Study Notes

Sensitive Compartmented Information (SCI)

• Access to SCI requires Top Secret clearance and indoctrination into the SCI program.
• Printed SCI documents must be retrieved promptly from the printer.

Government Equipment and E-mail Usage

• Use a digital signature when sending attachments via government e-mail to ensure authenticity.
• Government-owned removable media should be stored in a GSA-approved container matching the security classification.

Data Protection Practices

• Strong passwords should be created by individual users for separate accounts on home computers.
• To prevent viruses, all external files must be scanned before uploading to personal devices.
• Best practice for mobile devices includes enabling automatic screen locking and ensuring sensitive information isn’t taken home without authorization.

Insider Threats

• An insider threat occurs when someone with authorized access wittingly or unwittingly jeopardizes national security.
• A primary goal of an Insider Threat Program is to deter, detect, and mitigate potential threats.

Social Media and Public Information

• Best to share vacation plans on social media only after returning from the trip to prevent targeting by scammers.
• Information from public records can be exploited by adversaries to orchestrate scams, especially when combined with other data.

Handling Communications

• Avoid forwarding suspicious e-mails regarding health risks or unexpected package notifications; delete such messages instead.
• While using government-approved devices during public commutes, be cautious of eavesdropping and shoulder surfing.

Personal Identifiable Information (PII)

• PII includes data that can identify individuals; however, automobile make and model is not classified as PII when linked to an individual.
• Common Access Cards (CAC) contain identification, encryption, and digital signature certificates but should not be used as identification for commercial purposes.

Wireless Network Security

• Protect home wireless networks by using unique SSIDs and passwords rather than factory presets.
• Regularly back up files and enable password features on home computers to enhance security.

Internet Browsing and General Safety Measures

• Only accept cookies from trustworthy websites during internet browsing to safeguard personal data.
• Mass e-mails should be avoided when using government e-mail to maintain security protocols.

Telework Regulations

• Permission from an organization is mandatory for telework arrangements.
• Treat any leaked classified information as still classified, even after becoming publicly accessible.