DOD Cyber Awareness 2023 Flashcards

Questions and Answers

What should you do if a vendor conducting a pilot program contacts you for organizational data to use in a prototype?

Refer the vendor to the appropriate personnel.

How can you protect classified data when it is not in use?

Store classified data appropriately in a GSA-approved vault/container.

What is the basis for handling and storage of classified data?

Classification markings and handling caveats.

What must you do before using an unclassified laptop and peripherals in a collateral classified environment?

Ensure that any cameras, microphones, and Wi-Fi embedded in the laptop are physically disabled. Signup and view all the answers

What level of damage to national security can you expect Top Secret information to cause if disclosed?

Exceptionally grave damage. Signup and view all the answers

What must you have in order to telework?

Your organization's permission. Signup and view all the answers

What must classified material be?

Appropriately marked. Signup and view all the answers

What is a reportable insider threat activity?

Attempting to access sensitive information without need-to-know. Signup and view all the answers

What scenario might indicate a reportable insider threat?

A colleague removes sensitive information without seeking authorization in order to perform authorized telework. Signup and view all the answers

Which of the following is a potential insider threat indicator? (Select all that apply)

Unusual interest in classified information. Signup and view all the answers

What piece of information is safest to include on your social media profile?

Your favorite movie. Signup and view all the answers

What is true about many apps and smart devices?

Many apps and smart devices collect and share your personal information and contribute to your online identity. Signup and view all the answers

How can you protect your organization on social networking sites?

Ensure there are no identifiable landmarks visible in any photos taken in a work setting that you post. Signup and view all the answers

What is a best practice for protecting Controlled Unclassified Information (CUI)?

Store it in a locked desk drawer after working hours. Signup and view all the answers

How should Controlled Unclassified Information (CUI) be safely transmitted?

Paul verifies that the information is CUI, includes a CUI marking in the subject header, and digitally signs an email containing CUI. Signup and view all the answers

Which designation includes Personally Identifiable Information (PII) and Protected Health Information (PHI)?

Controlled Unclassified Information (CUI). Signup and view all the answers

Which of the following is NOT an example of CUI?

Press release data. Signup and view all the answers

Which of the following is NOT a correct way to protect CUI?

CUI may be stored on any password-protected system. Signup and view all the answers

What best describes good physical security?

Lionel stops an individual in his secure area who is not wearing a badge. Signup and view all the answers

What is an example of two-factor authentication?

A Common Access Card and Personal Identification Number. Signup and view all the answers

What is the best way to protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card?

Store it in a shielded sleeve. Signup and view all the answers

What must authorized personnel do before allowing someone to enter a Sensitive Compartmented Information Facility (SCIF)?

Confirm the individual's need-to-know and access. Signup and view all the answers

What is true about Sensitive Compartmented Information (SCI)?

Access requires Top Secret clearance and indoctrination into the SCI program. Signup and view all the answers

Which of the following is NOT a potential consequence of using removable media unsafely in a SCIF?

Damage to the removable media. Signup and view all the answers

What portable electronic devices (PEDs) are permitted in a SCIF?

Only expressly authorized government-owned PEDs. Signup and view all the answers

What should be the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF?

All of these. Signup and view all the answers

Study Notes

Vendor Interaction

Refer vendors conducting pilot programs to the relevant organizational personnel for data requests.

Protecting Classified Data

Store classified data in a GSA-approved vault or container when not in use.

Classification Basis

Handling and storage of classified data are determined by classification markings and handling caveats.

Unclassified Devices in Classified Environments

Disable any cameras, microphones, and embedded Wi-Fi in laptops before use in classified settings.

Impact of Top Secret Information Disclosure

Disclosure of Top Secret information can cause exceptionally grave damage to national security.

Telework Guidelines

You must obtain your organization's permission before engaging in telework.

Marking of Classified Material

All classified material must be appropriately marked to ensure protection.

Insider Threat Activities

Attempting unauthorized access to sensitive information is considered a reportable insider threat activity.

Indicators of Insider Threats

Removing sensitive information without authorization for telework may indicate a reportable insider threat.

Potential Insider Threat Indicators

Watch for unusual interest in classified information and significant personal stressors, such as the death of a spouse.

It is safest to include benign information, like your favorite movie, on social media profiles.

Apps and Personal Information

Many applications and smart devices gather and share personal data that contribute to your online identity.

Avoid posting photos from work settings that reveal identifiable landmarks.

Best Practices for Controlled Unclassified Information (CUI)

After hours, store CUI in a locked drawer to secure it.

Transmitting CUI Safely

Verify information is CUI, include appropriate markings, and digitally sign emails containing CUI.

Definitions of CUI

Controlled Unclassified Information (CUI) includes Personally Identifiable Information (PII) and Protected Health Information (PHI).

Examples of CUI

Press release data is not considered Controlled Unclassified Information.

Protecting CUI Guidelines

CUI cannot be stored on any password-protected system indiscriminately.

Good Physical Security Practices

Stop individuals without a badge in secure areas to maintain physical security.

Two-Factor Authentication

Using a Common Access Card and Personal Identification Number constitutes two-factor authentication.

Protecting Access Cards

Store Common Access Cards (CAC) and Personal Identity Verification (PIV) cards in shielded sleeves.

Access to Sensitive Compartmented Information Facility (SCIF)

Authorized personnel must confirm an individual's need-to-know before granting SCIF access.

Characteristics of Sensitive Compartmented Information (SCI)

SCI access necessitates Top Secret clearance and indoctrination into the SCI program.

Safe Use of Removable Media

Using removable media unsafely in a SCIF may lead to various consequences, excluding damage to the media itself.

Portable Electronic Devices in SCIF

Only government-owned portable electronic devices are allowed in SCIF areas.

Incident Response in SCIF

Opening uncontrolled media, like DVDs, on SCIF computers requires a comprehensive incident response.

Malicious Code Awareness

Recognize and avoid types of malicious code to enhance security measures.

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

Description

Test your knowledge with these flashcards focused on the DOD Cyber Awareness updates for March 2023. Each card presents essential scenarios and definitions related to cybersecurity protocols and data protection. Ideal for individuals preparing for cybersecurity compliance and awareness training.