DOD Cyber Awareness Challenge 2024 Flashcards

Questions and Answers

What conditions are necessary to be granted access to Sensitive Compartmented Information (SCI)?

Top Secret clearance and indoctrination into the SCI program

Which of the following is permitted when using an unclassified laptop within a collateral classified space?

Using a personal USB drive

Accessing classified websites

Using a Government-issued wired headset with microphone (correct)

Using unapproved software

Which of the following is an authoritative source for derivative classification?

Security Classification Guide

Which of the following actions should Carl NOT take with the e-mail regarding a potential health risk?

Forward it

How can an adversary use information available in public records to target you?

Combine it with information from other data sources to learn how best to bait you with a scam

Which of the following is an appropriate use of government e-mail?

Using a digital signature when sending attachments

Which of the following is NOT a best practice for protecting data on a mobile device?

Disable automatic screen locking after a period of inactivity

What action should Annabeth take if she realizes a conversation involving Sensitive Compartmented Information (SCI) may have been overheard?

Contact her security POC to report the incident

On your home computer, how can you best establish passwords when creating separate user accounts?

Have each user create their own, strong password

Which of the following is an allowed use of government-furnished equipment (GFE)?

Checking personal e-mail if your organization allows it

How can you prevent viruses and malicious code?

Scan all external files before uploading to your computer

Which best describes an insider threat? Someone who uses __________ access, ___________, to harm national security through unauthorized disclosure, data modification, espionage, terrorism, or kinetic actions.

authorized, wittingly or unwittingly

Which of the following is an example of behavior that you should report?

Taking sensitive information home for telework without authorization

Which of the following is true of telework?

True

After a classified document is leaked online, it makes national headlines. You should still treat it as classified even though it has been compromised.

True

How should government-owned removable media be stored?

In a GSA-approved container according to the appropriate security classification

When linked to a specific individual, which of the following is NOT an example of Personally Identifiable Information (PII)?

Automobile make and model

What does the Common Access Card (CAC) contain?

Certificates for identification, encryption, and digital signature

Does Sylvia's use of her government approved mobile device for work calls during her commute pose a security concern?

True

Does Beth's action of tapping her phone at a payment terminal to pay for a purchase pose a security risk?

True

Which of the following is NOT an appropriate use of your Common Access Card (CAC)?

Using it as photo identification with a commercial entity

When is the safest time to post on social media about your vacation plans?

After the trip

What is the best course of action if you receive a text message from a package shipper notifying you about a delay, but you're not expecting a package?

Delete the message

Study Notes

Access to Sensitive Information

• Top Secret clearance is required for access to Sensitive Compartmented Information (SCI).
• Indoctrination into the SCI program is necessary for access.

Use of Technology in Classified Spaces

• Government-issued wired headsets with microphones are allowed on unclassified laptops in classified spaces.
• Personal use of government equipment includes checking personal emails when permitted by the organization.

Classification and Reporting

• Security Classification Guides are authoritative sources for derivative classification.
• Emails containing potential health risks should not be forwarded without verification.
• An incident of overhearing SCI should be reported to the security point of contact.

Information Security Practices

• Each user should create strong, individual passwords on home computers for separate accounts.
• All external files should be scanned for viruses before uploading to computers.
• Sensitive information should never be taken home for telework without authorization.

Insider Threats and PII

• Insider threats are individuals with authorized access that can harm national security through various actions.
• Not all information linked to individuals qualifies as Personally Identifiable Information (PII); for instance, automobile make and model does not qualify.

Use of Common Access Card (CAC)

• The Common Access Card (CAC) contains certificates for identification, encryption, and digital signatures.
• Using CAC as photo identification with commercial entities is inappropriate.

Telework and Social Media Safety

• Telework requires permission from the organization.
• Information about vacation plans should be posted on social media only after returning from the trip.

Eavesdropping Risks

• Communicating via government-approved mobile devices in public transport poses security risks due to the possibility of eavesdropping.
• Contactless payment methods, like tapping a phone, carry risks of signal interception.

Handling Suspicious Messages

• Unknown messages regarding package deliveries should be treated with caution, with the best action being to delete such messages if unexpected.

Description

Test your knowledge on the DOD Cyber Awareness Challenge 2024 with these flashcards. Covering key terms and concepts, this quiz is essential for understanding Cybersecurity protocols and regulations. Perfect for those preparing for the challenge or wanting a refresher.