DoD Cyber Awareness Challenge 2024 Flashcards

Questions and Answers

Which of the following is permitted when using an unclassified laptop within a collateral classified space?

• An unapproved mobile device
• A government issued tablet
• A government issued wired headset with microphone (correct)
• A personal laptop

Which of the following is a best practice for using government email?

• Share your email password with trusted colleagues
• Send mass e-mails to all contacts
• Use a personal email for official communications
• Do not send mass e-mails (correct)

Which of the following personally owned peripherals can you use with government-furnished equipment (GFE)?

• A personal printer
• A tablet
• A smartphone
• A USB hub (correct)

Which of the following is NOT a best practice for protecting data on a mobile device?

Disable automatic screen locking after a period of inactivity (D)

You receive a phone call offering you a $50 gift card if you participate in a survey. What course of action should you take?

Decline to participate in the survey.

Which of the following is NOT a way that malicious code can spread?

Running a virus scan (B)

Which of the following is NOT a best practice for protecting your home wireless network for telework?

Use your router's pre-set Service Set Identifier (SSID) and password (D)

What is an example of a strong password?

d+Uf_4RimUz

Which of the following is least likely to pose a risk to share on a social networking site?

Your pet's name (B)

Carl receives an e-mail about a potential health risk caused by a common ingredient in processed food. Which of the following actions should Carl NOT take with the e-mail?

Forward it (D)

Where are you permitted to use classified data?

Only in SCIF.

Which of the following is an appropriate use of DoD Public Key Infrastructure (PKI) token?

Use a token approved for SIPRNet on SIPRNet (C)

How can you protect your home computer?

Regularly back up your files.

Which of the following is true of transmitting or transporting Sensitive Compartmented Information (SCI)?

Printed SCI must be retrieved promptly from the printer (B)

Which of the following is permitted within a Sensitive Compartmented Information SCIF?

An authorized Government-owned Portable Electronic Device (PED) (A)

Does Sylvia pose a security concern while commuting?

Yes.

How can you prevent viruses and malicious code?

Scan all external files before uploading to your computer.

What concern does the email from Carl's boss pose?

This may be a spear phishing attempt.

What conditions are necessary to be granted access to Sensitive Compartmented Information (SCI)?

Top Secret clearance and indoctrination into the SCI program.

When linked to a specific individual, which of the following is NOT an example of Personally Identifiable Information (PII)?

Automobile make and model (D)

Which of the following is best practice to protect your identity?

Order a credit report annually (A)

Which of the following is true of spillage?

It can be either inadvertent or intentional (B)

Which of the following is a risk associated with removable media?

ALL OF THESE (D)

Based on the description provided, how many insider threat indicators are present for Elyse?

0 (Zero).

How can you protect your home computer?

Turn on the password feature.

Flashcards

Classified Laptop Headset

Use a government-issued wired headset with microphone for unclassified laptops in classified spaces.

Mass Emails from Govt.

Avoid sending large emails from government accounts to protect against overload and breaches.

USB Hub for GFE

A USB hub is acceptable personal device for Government Furnished Equipment (GFE).

Automatic Screen Lock

Keep automatic screen locking enabled on mobile devices for data protection.

Unsolicited Phone Calls

Decline unsolicited offers of gifts from unknown callers; this is social engineering.

External File Scanning

Scan external files before uploading to prevent viruses.

Printed SCI Retrieval

Immediately retrieve printed Sensitive Compartmented Information (SCI) from printers.

SCI Access Requirements

Top Secret clearance and SCI program indoctrination is needed to access Sensitive Compartmented Information (SCI).

Unverified Health Emails

Do not forward unverified emails about health risks; misinformation can spread.

Strong Password Example

A complex password, like 'd+Uf_4RimUz', is crucial for online security.

Annual Credit Report

Order a credit report annually to maintain online safety.

Router SSID/Password

Do not use predefined router settings to avoid unauthorized access.

Spear Phishing Emails

Emails from unknown senders requesting urgent information may be spear phishing attempts.

Removable Media Risks

Removable media can introduce malicious code, compromising security.

Insider Threat Assessment

Carefully evaluate potential insider threats; in the example, Elyse was deemed low-risk

Social Engineering Caution

Avoid sharing personal information, like pet names, on social media, although low-risk in most cases.

Study Notes

Cybersecurity Best Practices

• Use a government-issued wired headset with microphone for unclassified laptops in classified spaces to maintain security protocols.
• Avoid sending mass emails from government accounts to prevent information overload and potential security breaches.
• A USB hub is an acceptable personally owned peripheral for use with Government Furnished Equipment (GFE).

Mobile Device Security

• Do not disable automatic screen locking on mobile devices; this feature is essential for data protection.
• Be cautious with unsolicited phone calls offering gifts; they may be attempts at social engineering. Always decline such offers.

Data Protection Strategies

• Regularly scan external files before uploading to your computer to prevent viruses and malicious code.
• Printed Sensitive Compartmented Information (SCI) must be promptly retrieved from printers to maintain document confidentiality.

Handling Sensitive Information

• Access to SCI requires Top Secret clearance and indoctrination into the SCI program, ensuring only authorized personnel handle sensitive data.
• It is inappropriate to forward unverified emails regarding health risks, as they may spread misinformation.

Password Security

• A strong example of a password is "d+Uf_4RimUz," showcasing the importance of complexity in password creation.
• To safeguard online identity, ordering a credit report annually is highly recommended.

Wireless Network Safety

• Avoid using pre-set router SSIDs and passwords for home wireless networks to enhance security against unauthorized access.

Recognizing Phishing Attempts

• Emails from unknown personal addresses requesting urgent information may represent spear phishing attempts; verify with known contact methods.

Removable Media Risks

• Using removable media can introduce malicious code and compromise system integrity, confidentiality, and availability.

Insider Threat Indicators

• Assessing insider threats requires careful observation; in the provided example, Elyse shows no indicators of risk.

Social Engineering Awareness

• Sharing innocuous personal information, like a pet’s name, is typically low-risk, but caution is still advised on social networking sites.

Description

Test your knowledge with these flashcards focused on the DoD Cyber Awareness Challenge 2024. Each card highlights important best practices and guidelines for using government equipment and email. Perfect for anyone preparing for cybersecurity awareness in a military context.