DoD Cyber Awareness Challenge 2024 Flashcards

Questions and Answers

Mabel is a government employee who needs to share a document containing contractor proprietary information with his supervisor. What is the most appropriate way for Mabel to do this?

Print it and hand it to her

Email the document

Share it on social media

Use an approved secure sharing method (correct)

What is an authoritative source for a derivative classification?

Security classification guide

What is an example of behavior that should be reported?

Taking sensitive information home for telework without authorization

What might Terri have seen on her social media feed related to a smoke billowing from the Pentagon?

A phishing attempt

Which of the following is not an appropriate use for your Common Access Card?

Using it as photo identification with a commercial entity

Spillage refers to the unauthorized disclosure of classified information.

True

Which of the following is not a best practice for protecting data on a mobile device?

Disable automatic screen locking

What is the best course of action if you receive a suspicious text message about a delayed package delivery?

Delete the message

How can you protect your home computer?

Turn on the password feature

Printed Sensitive Compartmented Information (SCI) must be retrieved properly from the printer.

True

What is the best practice for physical security?

Use your own security badge or key code for facility access

Which of the following is a step you should not take to protect against spillage?

Purge any device's memory before connecting to a classified network

Unclassified DoD data may require access and distribution controls.

True

Which of the following is not a best practice for protecting your home wireless network?

Use your router's preset SSID and password

Where are you permitted to use classified data?

Only in a SCIF

What action should Annabeth take if she believes a sensitive compartmented information conversation was overheard?

Contact her security POC with detailed information about the incident

Which of these is not a potential indicator that your device may be under a malicious code attack?

A notification for a system update that has been publicized

How should government-owned removable media be stored?

In a GSA approved container, according to the appropriate security classification

What is the best practice for using a government email?

Do not send mass e-mails

Which of the following uses of removable media is appropriate?

Encrypting data stored on removable media

Which of the following is a risk associated with removable media?

All of these

Protected Health Information (PHI) is a type of controlled unclassified information.

False

Which of the following contributes to your online identity?

All of these

What is the best practice when browsing the Internet?

Only accept cookies from reputable, trusted websites

Study Notes

Document Sharing Procedures

• Government employees must securely share documents containing sensitive information with appropriate clearance only.
• Best practices involve approved methods as per security guidelines.

Derivative Classification

• Security classification guides serve as authoritative sources for derivative classification.

Reporting Sensitive Behavior

• Unauthorized handling or transfer of sensitive information, such as taking it home for telework, should be reported immediately.

Social Media Caution

• Posts featuring alarming content (e.g., smoke at the Pentagon) may be phishing attempts designed to steal personal information.

Common Access Card (CAC) Usage

• CAC is not appropriate for photo identification in commercial settings; it is exclusive to government purposes.

Data Protection Practices

• Automatic screen locking on mobile devices is essential for protecting sensitive data.

Suspicious Communications

• If you receive unexpected messages about package deliveries, especially with links, it is safest to delete the message to avoid phishing attempts.

Home Computer Security

• Enabling password protection on home computers is critical for security against unauthorized access.

Handling Sensitive Information

• Sensitive Compartmented Information (SCI) must be retrieved properly from printers to prevent unauthorized access.

Physical Security Protocols

• Best physical security practice includes using personal security badges or access codes to enter facilities.

Preventing Data Spillage

• Never purge device memory before connecting to a classified network; this can lead to data spillage and unauthorized access.

Unclassified Data Controls

• DoD unclassified data may still require specific access and distribution controls to maintain security.

Home Wireless Network Security

• Avoid using preset router service set identifiers (SSIDs) and passwords; create unique ones for enhanced security.

Use of Classified Data

• Classified data is permitted only in a Secure Compartmented Information Facility (SCIF).

Response to Potential Security Breaches

• If sensitive information is potentially overheard, contact a security Point of Contact (POC) immediately with details.

Indicators of Malicious Code

• Standard notifications for system updates are not indicators of a malicious code attack.

Insider Threat Indicators

• Prolonged good performance does not necessarily indicate insider threat but requires vigilance in monitoring unusual behaviors.

Storing Government Media

• Removable media should be stored in GSA-approved containers based on their security classification for protection.

Best Practice for Government Emails

• Mass emails should be avoided to protect sensitive information and maintain communication integrity.

Appropriate Use of Removable Media

• Encrypting data when using removable media is a best practice to prevent unauthorized access.

Risks of Removable Media

• Many risks are associated with removable media usage, including potential data breaches if not handled securely.

Protected Health Information (PHI)

• PHI is not classified as controlled unclassified information but is instead protected under health privacy laws.

Online Identity Formation

• Online identity is shaped by various factors, including social media use, browsing habits, and personal disclosures.

Internet Browsing Safety

• Accept cookies only from reputable and trusted websites to minimize security risks while browsing online.

Description

Test your knowledge with these flashcards designed for the DoD Cyber Awareness Challenge 2024. Each card presents scenarios and definitions related to cybersecurity practices crucial for government employees. Enhance your understanding of secure information sharing and classification standards.