Cyber Awareness Challenge Flashcards

Questions and Answers

What should your response be if your neighbor asks you to comment about a classified security project?

Attempt to change the subject to something non-work related, but neither confirm nor deny the article's authenticity.

What should you do if you find classified government data on the internet?

Note any identifying information, such as the website's URL, and report the situation to your security POC.

What is a good practice to protect classified information?

Store classified data in a locked desk drawer when not in use.

Which classification level is given to information that could reasonably be expected to cause serious damage to national security?

Secret

How many potential insider threat indicators does a person who is playful and charming, consistently wins performance awards, but is occasionally aggressive in trying to access sensitive information display?

1 indicator

Who might 'insiders' be able to cause damage to their organizations more easily than others?

Insiders are given a level of trust and have authorized access to Government information systems.

What type of activity or behavior should be reported as a potential insider threat?

Coworker making consistent statements indicative of hostility or anger toward the United States in its policies.

What information posted publicly on your personal social networking profile represents a security risk?

Your place of birth

When is the best time to post details of your vacation activities on your social networking website?

When your vacation is over, and you have returned home.

What is the best example of Personally Identifiable Information (PII)?

Date and place of birth

What is the best example of Protected Health Information (PHI)?

Your health insurance explanation of benefits (EOB)

What does Personally Identifiable Information (PII) include?

Social Security Number; date and place of birth; mother's maiden name

What is a good practice for physical security?

Challenge people without proper badges.

Which is NOT sufficient to protect your identity?

Use a common password for all your system and application logons.

What certificates are contained on the DoD Public Key Infrastructure (PKI) implemented by the Common Access Card (CAC)/Personal Identity Verification (PIV) card?

Identification, encryption, and digital signature

Which must be approved and signed by a cognizant Original Classification Authority (OCA)?

Security Classification Guide (SCG)

What describes how Sensitive Compartmented Information is marked?

Approved Security Classification Guide (SCG)

Which is a risk associated with removable media?

Spillage of classified information.

What is an indication that malicious code is running on your system?

File corruption

What is a valid response when identity theft occurs?

Report the crime to local law enforcement.

What is whaling?

A type of phishing targeted at high-level personnel such as senior officials.

What is a best practice while traveling with mobile computing devices?

Maintain possession of your laptop and other government-furnished equipment (GFE) at all times.

Under what circumstances is it acceptable to use your Government-furnished computer to check personal e-mail and do other non-work-related activities?

If allowed by organizational policy.

Which of the following helps protect data on your personal mobile devices?

Secure personal mobile devices to the same level as Government-issued systems.

What is a best practice to protect data on your mobile computing device?

Lock your device screen when not in use and require a password to reactivate.

What is a possible indication of a malicious code attack in progress?

A pop-up window that flashes and warns that your computer is infected with a virus.

Study Notes

Cyber Awareness Highlights

• Acknowledge the need for confidentiality and avoid confirming or denying classified information discussions with neighbors.
• If classified government data is found online, document the source and report it to the security point of contact (POC).
• Proper storage of classified information involves keeping it locked in a desk drawer when not in use.
• Information classified as "Secret" can lead to serious national security damage if disclosed.
• A person displaying playfulness, charm, and aggressive information access attempts shows one insider threat indicator.
• Trust and authorized access make insiders potentially more dangerous to organizations.
• Report coworker behaviors showing hostility towards U.S. policies as potential insider threats.
• Sharing your place of birth on social networking sites poses a security risk.
• Post details about vacations only after returning home to avoid compromising personal security.
• Date and place of birth are prime examples of Personally Identifiable Information (PII).
• Protected Health Information (PHI) is exemplified by health insurance Explanation of Benefits (EOB).
• PII includes Social Security Numbers, birth dates, and mother's maiden name.
• Physical security best practices involve challenging individuals lacking proper identification badges.
• Using a common password across systems isn't a secure identity protection measure.
• DoD Public Key Infrastructure on CAC/PIV cards includes identification, encryption, and digital signature components.
• Security Classification Guides (SCG) require approval from an Original Classification Authority (OCA).
• Sensitive Compartmented Information markings must follow an approved SCG.
• Removable media carries risks, including potential spillage of classified information.
• File corruption may indicate the presence of malicious code on a system.
• In cases of identity theft, promptly report the incident to local law enforcement.
• Whaling refers to phishing attacks aimed at high-level officials and personnel.
• When traveling, retain possession of laptops and government-furnished equipment (GFE) at all times for security.
• Using a government computer for personal email is permissible only if the organizational policy allows it.
• Protect data on personal mobile devices by securing them at levels comparable to government-issued systems.
• Locking the device screen and using a password to re-enable access is crucial for mobile device security.
• A concerning sign of a malicious code attack includes pop-up notifications claiming system infection.

Description

Test your knowledge with these flashcards focused on cyber awareness and security protocols. Each card presents a scenario that will help you understand how to handle classified information responsibly. Hone your skills in maintaining security and privacy in sensitive situations.