DoD Cyber Awareness Challenge 2024 Flashcards

Questions and Answers

Mabel is a government employee who needs to share a document containing contractor proprietary information with his supervisor. What is the most appropriate way for Mabel to do this?

• Print it and hand it to her
• Email the document
• Share it on social media
• Use an approved secure sharing method (correct)

What is an authoritative source for a derivative classification?

Security classification guide

What is an example of behavior that should be reported?

Taking sensitive information home for telework without authorization

What might Terri have seen on her social media feed related to a smoke billowing from the Pentagon?

A phishing attempt (B)

Which of the following is not an appropriate use for your Common Access Card?

Using it as photo identification with a commercial entity (B)

Spillage refers to the unauthorized disclosure of classified information.

True (A)

Which of the following is not a best practice for protecting data on a mobile device?

Disable automatic screen locking (D)

What is the best course of action if you receive a suspicious text message about a delayed package delivery?

Delete the message

How can you protect your home computer?

Turn on the password feature

Printed Sensitive Compartmented Information (SCI) must be retrieved properly from the printer.

True (A)

What is the best practice for physical security?

Use your own security badge or key code for facility access

Which of the following is a step you should not take to protect against spillage?

Purge any device's memory before connecting to a classified network (D)

Unclassified DoD data may require access and distribution controls.

True (A)

Which of the following is not a best practice for protecting your home wireless network?

Use your router's preset SSID and password (B)

Where are you permitted to use classified data?

Only in a SCIF

What action should Annabeth take if she believes a sensitive compartmented information conversation was overheard?

Contact her security POC with detailed information about the incident

Which of these is not a potential indicator that your device may be under a malicious code attack?

A notification for a system update that has been publicized (A)

How should government-owned removable media be stored?

In a GSA approved container, according to the appropriate security classification

What is the best practice for using a government email?

Do not send mass e-mails

Which of the following uses of removable media is appropriate?

Encrypting data stored on removable media (A)

Which of the following is a risk associated with removable media?

All of these (D)

Protected Health Information (PHI) is a type of controlled unclassified information.

False (B)

Which of the following contributes to your online identity?

All of these (C)

What is the best practice when browsing the Internet?

Only accept cookies from reputable, trusted websites (B)

Flashcards

Secure Document Sharing

Sharing documents containing sensitive information with only those who have appropriate clearance ensures confidentiality.

Derivative Classification

Derivative classification refers to assigning security classifications to documents based on the information they contain, using the principles of original classification.

Reporting Sensitive Behavior

Unauthorized handling or transfer of sensitive information, such as taking it home, should be reported immediately to maintain security.

Social Media Caution

Social media posts, especially those with alarming content, can be phishing attempts to steal personal information.

CAC Usage

The Common Access Card (CAC) is solely for government identification and access; it is not a general photo ID for commercial purposes.

Mobile Device Security

Automatic screen locking on mobile devices protects sensitive data from unauthorized access.

Suspicious Communications

If you receive unexpected or suspicious messages about package deliveries, especially with links, it's safest to delete them to avoid phishing attempts.

Home Computer Security

Enabling password protection on home computers prevents unauthorized access to sensitive data.

Handling Sensitive Information

Retrieval of Sensitive Compartmented Information (SCI) from printers must be done securely to prevent unauthorized access.

Physical Security Measures

Using personal security badges or access codes provides a physical layer of security when entering facilities.

Preventing Data Spillage

Purging device memory before connecting to a classified network can lead to data spillage and unauthorized access.

Unclassified Data Controls

Even unclassified data belonging to the DoD may have specific access and distribution controls in place to maintain security.

Home Wireless Network Security

Using preset router service set identifiers (SSIDs) and passwords weakens security; creating unique ones improves it.

Use of Classified Data

Classified data is only permitted for use within a Secure Compartmented Information Facility (SCIF).

Security Breaches

If you suspect sensitive information might have been overheard, immediately contact a security Point of Contact (POC) with details.

Indicators of Malicious Code

Standard notifications for system updates are not indicators of a malicious code attack.

Insider Threat Indicators

Prolonged good performance does not guarantee the absence of insider threats; monitoring unusual behaviors is crucial.

Storing Government Media

Removable media, like flash drives, should be stored in GSA-approved containers based on their security classification for protection.

Best Practice for Government Emails

Mass emails should be avoided to protect sensitive information and maintain communication integrity.

Appropriate Use of Removable Media

Encrypting data when using removable media protects it from unauthorized access.

Risks of Removable Media

Removable media usage carries risks like potential data breaches if not handled securely.

PHI Protection

Protected Health Information (PHI) is subject to health privacy laws, not classified as controlled unclassified information.

Online Identity Formation

Online identity is formed through interactions like social media use, browsing habits, and personal disclosures.

Internet Browsing Safety

Accepting cookies only from reputable websites minimizes security risks while browsing online.

Study Notes

Document Sharing Procedures

• Government employees must securely share documents containing sensitive information with appropriate clearance only.
• Best practices involve approved methods as per security guidelines.

Derivative Classification

• Security classification guides serve as authoritative sources for derivative classification.

Reporting Sensitive Behavior

• Unauthorized handling or transfer of sensitive information, such as taking it home for telework, should be reported immediately.

Social Media Caution

• Posts featuring alarming content (e.g., smoke at the Pentagon) may be phishing attempts designed to steal personal information.

Common Access Card (CAC) Usage

• CAC is not appropriate for photo identification in commercial settings; it is exclusive to government purposes.

Data Protection Practices

• Automatic screen locking on mobile devices is essential for protecting sensitive data.

Suspicious Communications

• If you receive unexpected messages about package deliveries, especially with links, it is safest to delete the message to avoid phishing attempts.

Home Computer Security

• Enabling password protection on home computers is critical for security against unauthorized access.

Handling Sensitive Information

• Sensitive Compartmented Information (SCI) must be retrieved properly from printers to prevent unauthorized access.

Physical Security Protocols

• Best physical security practice includes using personal security badges or access codes to enter facilities.

Preventing Data Spillage

• Never purge device memory before connecting to a classified network; this can lead to data spillage and unauthorized access.

Unclassified Data Controls

• DoD unclassified data may still require specific access and distribution controls to maintain security.

Home Wireless Network Security

• Avoid using preset router service set identifiers (SSIDs) and passwords; create unique ones for enhanced security.

Use of Classified Data

• Classified data is permitted only in a Secure Compartmented Information Facility (SCIF).

Response to Potential Security Breaches

• If sensitive information is potentially overheard, contact a security Point of Contact (POC) immediately with details.

Indicators of Malicious Code

• Standard notifications for system updates are not indicators of a malicious code attack.

Insider Threat Indicators

• Prolonged good performance does not necessarily indicate insider threat but requires vigilance in monitoring unusual behaviors.

Storing Government Media

• Removable media should be stored in GSA-approved containers based on their security classification for protection.

Best Practice for Government Emails

• Mass emails should be avoided to protect sensitive information and maintain communication integrity.

Appropriate Use of Removable Media

• Encrypting data when using removable media is a best practice to prevent unauthorized access.

Risks of Removable Media

• Many risks are associated with removable media usage, including potential data breaches if not handled securely.

Protected Health Information (PHI)

• PHI is not classified as controlled unclassified information but is instead protected under health privacy laws.

Online Identity Formation

• Online identity is shaped by various factors, including social media use, browsing habits, and personal disclosures.

Internet Browsing Safety

• Accept cookies only from reputable and trusted websites to minimize security risks while browsing online.