DOD Cyber Awareness 2023 Flashcards

Questions and Answers

What should you do if a vendor contacts you for organizational data to use in a prototype?

Refer the vendor to the appropriate personnel.

How can you protect classified data when it is not in use?

Store classified data appropriately in a GSA-approved vault/container.

What is the basis for handling and storage of classified data?

Classification markings and handling caveats.

What must you do before using an unclassified laptop in a classified environment?

Ensure that any cameras, microphones, and Wi-Fi embedded in the laptop are physically disabled.

What level of damage to national security can you expect from the disclosure of Top Secret information?

Exceptionally grave damage.

What is required for telework?

You must have your organization's permission to telework.

What is true about protecting classified data?

Classified material must be appropriately marked.

What constitutes a reportable insider threat activity?

Attempting to access sensitive information without need-to-know.

What scenario might indicate a reportable insider threat?

A colleague removes sensitive information without seeking authorization.

What is a potential insider threat indicator?

Unusual interest in classified information.

What piece of information is safest to include on your social media profile?

Your favorite movie.

What is true about many apps and smart devices?

They collect and share your personal information.

How can you protect your organization on social networking sites?

Ensure there are no identifiable landmarks in photos.

What is a best practice for protecting Controlled Unclassified Information (CUI)?

Store it in a locked desk drawer after working hours.

What best describes a way to safely transmit Controlled Unclassified Information (CUI)?

Verify that the information is CUI, include a CUI marking in the subject header, and digitally sign the email.

Which designation includes Personally Identifiable Information (PII) and Protected Health Information (PHI)?

Controlled Unclassified Information (CUI).

Which of the following is NOT an example of CUI?

Press release data.

Which of the following is NOT a correct way to protect CUI?

CUI may be stored on any password-protected system.

What best describes good physical security?

Stopping an individual in a secure area who is not wearing a badge.

What is an example of two-factor authentication?

A Common Access Card and Personal Identification Number.

What is the best way to protect your Common Access Card (CAC)?

Store it in a shielded sleeve.

What must authorized personnel do before permitting entry to a Sensitive Compartmented Information Facility (SCIF)?

Confirm the individual's need-to-know and access.

What is true of Sensitive Compartmented Information (SCI)?

Access requires Top Secret clearance and indoctrination.

Which of the following is NOT a potential consequence of using removable media unsafely in a SCIF?

Damage to the removable media.

What portable electronic devices (PEDs) are permitted in a SCIF?

Only expressly authorized government-owned PEDs.

What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF?

All of these.

Which of the following is NOT a type of malicious code?

Executables.

Which of the following actions can help to protect your identity?

Shred personal documents.

What is an appropriate use of government email?

Use a digital signature when sending attachments or hyperlinks.

What type of social engineering targets particular groups of people?

Spear phishing.

How can you protect yourself from social engineering?

Verify the identity of all individuals.

What is true of traveling overseas with a mobile phone?

A personally owned device must be unenrolled while out of the country.

What should you do when using publicly available Internet, such as hotel Wi-Fi?

Only connect with Government VPN.

What is the danger of using public Wi-Fi connections?

Both of these.

Which personally-owned computer peripheral is permitted for use with Government-furnished equipment?

A headset with a microphone through a USB port.

How can you protect data on your mobile computing and portable electronic devices (PEDs)?

Enable automatic screen locking after a period of inactivity.

What is an example of removable media?

External hard drive.

What is true of Internet of Things (IoT) devices?

They can become an attack vector to other devices.

When is it appropriate to have your security badge visible?

At all times when in the facility.

What should the owner of printed SCI do differently?

Retrieve classified documents promptly from printers.

What should participants in a conversation involving SCI do differently?

Physically assess that everyone within listening distance is cleared.

Which demonstrates proper protection of mobile devices?

Linda encrypts all of the sensitive data.

Which does NOT constitute spillage?

Classified information downgraded to unclassified.

Which is NOT an appropriate way to protect against inadvertent spillage?

Use the classified network for all work.

What should you NOT do if you find classified information on the internet?

Download the information.

Who designates whether information is classified and its classification level?

The appropriate authority or designated personnel.

What is a good practice to protect classified information?

Regularly conduct security training.

What may help to prevent spillage?

Follow procedures for transferring data to and from outside agencies.

Study Notes

Vendor Data Request

• Refer vendors to appropriate personnel for organizational data requests.

Protecting Classified Data

• Store classified data in GSA-approved vaults/containers when not in use.

Handling Classified Data

• Classification markings and handling caveats dictate data handling and storage.

Unclassified Laptop Usage

• Disable any embedded cameras, microphones, and Wi-Fi before using unclassified laptops in classified environments.

Impact of Top Secret Disclosure

• Disclosure of Top Secret information can cause exceptionally grave damage to national security.

Telework Guidelines

• Permission from the organization is required for teleworking.

Marking Classified Material

• Proper marking is essential for protecting classified data.

Insider Threat Activities

• Attempting to access sensitive information without the need-to-know is reportable as an insider threat.

Indicators of Insider Threat

• Removing sensitive information without authorization for telework may indicate insider threat behavior.

Social Media Privacy

• Safest information to share on social media includes non-identifiable details, like favorite movies.

Apps and Smart Devices

• Many apps gather and share personal information, impacting online identity.

Social Networking Site Protection

• Avoid posting identifiable work-related photos where landmarks can be recognized.

Protecting Controlled Unclassified Information (CUI)

• Store CUI in locked desk drawers after business hours for security.

Transmitting CUI Safely

• Verify CUI status, mark emails appropriately, and digitally sign them for secure transmission.

Designation of Information Types

• CUI includes Personally Identifiable Information (PII) and Protected Health Information (PHI).

Examples of CUI

• Press release data is not classified as CUI.

Storing CUI Safely

• CUI storage should not be performed on any password-protected system indiscriminately.

Physical Security Best Practices

• Stop unbadged individuals in secure areas to ensure safety and compliance.

Two-Factor Authentication

• Examples include using a Common Access Card and a Personal Identification Number.

Protecting Security Cards

• Store Common Access Cards (CAC) or Personal Identity Verification (PIV) cards in shielded sleeves.

SCIF Entry Protocol

• Confirm the need-to-know and access before allowing individuals in Sensitive Compartmented Information Facilities (SCIF).

SCI Access Requirements

• Access to Sensitive Compartmented Information (SCI) requires Top Secret clearance and specific indoctrination.

Removable Media Risks

• Using removable media unsafely in SCIF does not typically damage the media itself, but poses other risks.

Authorization for Electronic Devices

• Only government-owned, expressly authorized devices are permitted in SCIF.

Incident Response in SCIF

• Responding to incidents, such as opening unauthorized DVDs, necessitates all outlined measures.

Malicious Code Types

• Categories do not include executables.

Identity Protection Actions

• Shredding personal documents is a crucial step in protecting identity.

Government Email Usage

• Utilize digital signatures for attaching files or hyperlinks in government emails.

Types of Social Engineering Attacks

• Spear phishing specifically targets particular groups or individuals.

Preventing Social Engineering

• Always verify individual identities to combat social engineering threats.

Traveling with Mobile Phones

• Personal devices under BYOAD policy must be unenrolled when traveling abroad.

Public Wi-Fi Safety

• Connecting to public Wi-Fi, like hotel internet, poses significant risks.

Permissible Computer Peripherals

• Headsets with microphones and USB connections can be used with government-furnished equipment.

Data Security on Mobile Devices

• Enable automatic screen lock on mobile and portable devices to secure data.

Removable Media Examples

• External hard drives qualify as examples of removable media.

IoT Security Risks

• Internet of Things (IoT) devices can create vulnerabilities on home networks.

Security Badge Visibility

• Security badges must be visible at all times within facilities.

Handling Printed SCI

• Retrieve classified documents promptly from printers to maintain security.

Conversation Guidelines with SCI

• Ensure everyone within earshot is cleared and has a need-to-know during sensitive conversations.

Mobile Device Security Measures

• Encrypt sensitive data on government-issued mobile devices for enhanced protection.

Definition of Spillage

• Spillage does not include classified information downgraded to unclassified status.

Inadvertent Spillage Prevention

• Utilize the classified network solely for classified work; do not mix with unclassified tasks.

Classified Information on the Internet

• Downloading classified information found online should be avoided.

Classification Designation Authority

• The authority for designating information classification lies with the appropriate officials.

Good Practices for Protecting Classified Information

• Systematic approaches and consistent adherence to policies are essential.

Preventing Information Spillage

• Follow strict procedures for transferring data between outside agencies and non-government networks.

Description

Test your knowledge with these flashcards designed for the DOD Cyber Awareness 2023 training. Each card presents key concepts and best practices essential for maintaining data security and privacy in your organization. Perfect for reinforcing your understanding of information handling and related protocols.