Cyber Awareness Challenge 2024

Questions and Answers

What should you do if a neighbor asks about a classified project?

Attempt to change the subject to something non-work related, but neither confirm nor deny the article's authenticity.

Which of the following may help to prevent spillage? (Select all that apply)

Use public Wi-Fi for transfers

Follow procedures for transferring data (correct)

Encrypt all files

Label all files appropriately (correct)

What are some examples of malicious code?

Viruses, Trojan horses, or worms

What best describes the situation when classified data is drafted on an unclassified system without authorization?

Spillage because classified data was moved to a lower classification level system without authorization.

What should you do when receiving an email with a classified attachment on an unclassified system?

Call your security point of contact immediately.

Which of the following is NOT a way that malicious code spreads?

Legitimate software updates

After visiting a website on your Government device, a popup appears asking if you want to run an application. Is this safe?

False

What should you do if a reporter asks about classified information on the web?

Ask for information about the website, including the URL.

Which of the following is NOT a type of malicious code?

Executables

What should you do if you suspect spillage has occurred?

Immediately notify your security point of contact.

What should you do if a registration website requires a credit card but does not start with 'https'?

Do not provide your credit card information.

Which of the following is a good practice to protect classified information? (Select all that apply)

Store classified data in a GSA-approved vault

How should you respond to the theft of your identity?

Report the crime to local law enforcement.

What level of damage can the unauthorized disclosure of Confidential information cause?

Damage to national security.

You should only accept cookies from reputable, trusted websites.

True

Which classification level is given to information that may cause serious damage to national security?

Secret.

How should printed classified documents be stored when not in use?

Store it in a General Services Administration (GSA)-approved vault or container.

Which best describes an insider threat? Someone who uses _______ access, _______________, to harm national security.

authorized access, wittingly or unwittingly

What is a best practice that can prevent viruses and other malicious code from being downloaded when checking your email?

Do not access website links, buttons, or graphics in e-mail.

What must an individual have to access classified data?

Appropriate clearance, a signed and approved non-disclosure agreement, and need-to-know.

What guidance is available for marking Sensitive Compartmented Information (SCI)?

Security Classification Guides.

What is TRUE of a phishing attack?

Phishing can be an email with a hyperlink as bait.

What is true about using a DoD Public Key Infrastructure (PKI) token?

It should only be in use for a PKI-required task.

Which of the following is a way to protect against social engineering?

Follow instructions given only by verified personnel

What is whaling?

A type of phishing targeted at senior officials.

Which of the following is a security risk when posted publicly on your social networking profile? (Select all that apply)

Your personal email address

What action should you take with an email from a friend containing a compressed URL?

Investigate the link's actual destination using the preview feature.

What advantages do insider threats have over others?

Insiders are given a level of trust and have authorized access to Government information systems.

How can you protect yourself from internet hoaxes?

Use online sites to confirm or expose potential hoaxes.

What should you do if you receive a game application request that accesses personal information?

Decline the request.

Which may be a security issue with compressed URLs?

They may be used to mask malicious intent.

When is the safest time to post vacation details online?

After you have returned

What is a common indicator of a phishing attempt?

A threat of dire consequence.

What must users ensure when using removable media?

It displays a label showing maximum classification, date of creation, point of contact, and Change Management Control Number.

Internet hoaxes can be part of a distributed denial of service (DDoS) attack.

True

Digitally signed emails are more secure.

True

Study Notes

Cyber Awareness Challenge 2024

• Classified information should not be discussed; redirect the conversation if approached by neighbors or unauthorized personnel.
• To prevent information spillage, label files and media with proper classification markings.
• Unauthorized movement of classified information to unclassified systems is classified as spillage.
• If receiving a classified attachment on an unclassified system, immediately contact security.
• When approached by reporters about classified matters, gather information about the inquiry and refer them to the appropriate public affairs office.
• In the event of suspected information spillage, contact your security point of contact without delay.
• Always be aware of classification markings to maintain data security.
• Upon encountering classified info online, document the URL and report it to security.
• Security practice dictates that classified data should be stored in GSA-approved containers when not in use.
• Access to classified data requires proper clearance, a non-disclosure agreement, and a legitimate need-to-know.
• "Secret" classification indicates potential serious harm to national security if disclosed.
• Proper labeling of classified material is crucial to ensure it remains protected.
• Unauthorized disclosure of "Confidential" information can cause harm to national security.
• Teleworking requires organizational permission and adherence to security protocols.
• Insider threats have unique advantages such as trust and authorized access to sensitive data.
• Report any concerning statements or behaviors from colleagues that may suggest hostility or unauthorized information seeking.
• Best practices for physical security include monitoring badge compliance and reporting suspicious actions.
• Two-factor authentication combines something you know (password) with something you have (token or CAC).
• Protecting Personally Identifiable Information (PII) involves using government-approved equipment and maintaining security through proper channels.
• Malicious code can include programs like viruses and worms; it spreads through methods such as phishing, but not through legitimate software updates.
• Use caution when sharing personal information online, especially on social networking platforms; always vet the credibility of links before clicking.
• In the event of identity theft, it's essential to report to local law enforcement.
• Cookies should only be accepted from trustworthy sites to safeguard personal data against exploitation.
• Adverse actions for online misconduct can occur if they also occur offline or at any time relative to work activities.

Insider Threat Awareness

• Insider threats pose risks through witting or unwitting misuse of authorized access to harm national security.
• Indicators of insider threats include unusual interest in classified information and the expression of grievances or financial issues.
• The assessment of potential insider threats should be proactive in identifying concerning behavior.

Communication and Event Reporting

• Reporting is critical for any unauthorized access or removal of sensitive materials.
• Maintain vigilance with online communication; inspect emails and attachments for credibility and security.

Best Practices

• Utilize strong, unique passwords for systems, avoid writing them down, and establish secure access protocols.
• During sensitive discussions, ensure everyone engaged has the appropriate clearance and need-to-know.
• Marking and securely handling Sensitive Compartmented Information (SCI) is regulated and must follow prescribed guidelines.
• When using removable media, proper labeling and controls must be practiced to avoid data breaches.

Phishing and Cybersecurity Threats

• Whaling is a specialized form of phishing aimed at high-ranking officials within an organization.
• E-mails from friends that include compressed URLs should be investigated to reveal their actual destination using the preview feature, ensuring safety before clicking.
• To avoid falling victim to internet hoaxes, cross-check information using reliable online verification sites.
• Compressed URLs may hide malicious intent, posing a security risk by obscuring the true link destination.

Indicators of Phishing and Hoaxes

• A common sign of phishing attempts includes threats of severe consequences to induce panic and trick victims into acting quickly.
• Internet hoaxes can sometimes lead to larger, coordinated cyberattacks, such as distributed denial of service (DDoS) attacks.
• Secure communication can be enhanced through digitally signed e-mails, providing verification of the sender's identity and ensuring message integrity.

Description

Test your knowledge on cybersecurity and the proper handling of classified information with this quiz. Learn about the best practices to prevent information spillage and how to respond to unauthorized inquiries. Stay informed on security measures necessary to maintain data integrity in the digital age.