DoD Cyber Awareness Challenge 2024 Pre Test

Questions and Answers

How can an adversary use information available in public records to target you?

Combine it with info from other data sources to learn how to best bait you with a scam

Which of the following is an example of a strong password?

• d+Uf_4RimUz (correct)
• qwerty
• password
• 123456

Where are you permitted to use classified data?

Only in areas with security appropriate to the classification level

What conditions are necessary to be granted access to SCI?

Special access authorization and indoctrination into the SCI program

Which of the following is NOT a best practice for traveling overseas with a mobile device?

Do not travel with a mobile device if you can avoid it (D)

Under which Cyberspace Protection Condition (CPCON) is the priority focus limited to critical and essential functions?

CPCON 2

Which of the following is prohibited for Tom while working on a report that contains employee names and sensitive information?

Using his home computer to print the report while teleworking (A)

Which of the following uses of removable media is appropriate?

Encrypting data stored on removable media

Which of the following is NOT a best practice for protecting data on a mobile device?

Disable auto screen locking after a period of inactivity (D)

Which of the following is a best practice to protect your identity?

Order a credit report annually

Which of the following is permitted within a SCIF?

An authorized Government-owned PED

Which of the following is a best practice when browsing the internet?

Only accept cookies from reputable, trusted websites

Which of the following is a risk associated with removable media?

All of these

Which of these is NOT a potential indicator that your device may be under a malicious code attack?

A notification of a system update that has been publicized (B)

What is the best course of action if you receive a suspicious text message about a package delivery?

Delete the message

What does the CAC contain?

Certificates for identification, encryption, and digital signature

How can you prevent viruses and malicious code?

Scan all external files before uploading to your computer

Which type of data could reasonably be expected to cause serious damage to national security?

Secret

Which of the following is true of telework?

True (A)

Which of the following is an example of behavior that you should report?

Taking sensitive information home for telework without authorization

Which of the following is least likely to pose a risk to share on a social networking site?

Your pets name (C)

Does Sylvia's use of a government-approved mobile device for calls during her commute pose a security concern?

True (A)

How can you mitigate the potential risk associated with a compressed URL?

Use the preview function to see where the link actually leads

How can you protect your home computer?

Turn on password feature

Which best describes an insider threat? Someone who uses __________ access, ______________, to harm national security through unauthorized disclosure, data modification, espionage, terrorism, or kinetic actions.

authorized, wittingly or unwittingly

Flashcards

Strong Passwords

Complex passwords like d+Uf_4RimUz, designed to resist unauthorized access.

Classified Data Handling

Securely handling classified information in designated areas according to its sensitivity level.

Sensitive Compartmented Information (SCI)

Highly sensitive information requiring special access, authorization, and training.

CPCON 2

A cyber protection condition limiting focus to crucial tasks during security concerns.

Telework Sensitive Data

Prohibited use of home computers for sensitive documents, especially personal data.

Removable Media Encryption

Encrypting data stored on removable media to prevent unauthorized access.

Mobile Device Auto-Locking

Disabling automatic screen locking on mobile devices is NOT a safe practice to protect data.

Credit Report Monitoring

Ordering an annual credit report helps maintain identity protection.

Government-owned PEDs in SCIFs

Government-owned portable electronic devices are permitted in secure facilities.

Safe Internet Browsing

Accepting cookies only from reputable websites while browsing.

Unauthorized Media Risks

Removable media can harbor unauthorized access and malware.

System Update Notifications

Publicly announced system updates are NOT indicators of malicious attacks.

Suspicious Online Messages

Be wary of unsolicited messages, shortened links, and unverified sources.

CAC Functionalities

Common Access Card (CAC) contains certification for identification, encryption, and digital signatures

External File Scanning

Always scan external files before uploading them to prevent viruses or malicious code.

Data Classification - Secret

Secretly classified data has the potential to cause significant harm to national security when disclosed.

Prior Authorization for Telework

Before teleworking, you need permission from your organization.

Reporting Unauthorized Data

It's crucial to report unauthorized removal of sensitive information

Social Media Security Risks

Sharing innocuous information is generally low-risk on social media.

Public Transport Security Risks

Using public transport for sensitive calls may create eavesdropping risks.

Compressed URL Safety

Use previews to verify destination links and mitigate risks associated with compressed URLs.

Home Computer Password Protection

Activating password protection enhances security on home computers.

Insider Threats

Insider threats involve misuse of authorized access to breach security, knowingly or unknowingly.

Study Notes

Cybersecurity Awareness and Best Practices

• Public records can be combined with data from other sources by adversaries to target individuals for scams.
• Strong passwords are complex; an example is d+Uf_4RimUz.
• Classified data should only be handled in security areas appropriate for its classification level.
• Access to Sensitive Compartmented Information (SCI) requires special access authorization and indoctrination into the SCI program.
• Avoid traveling with mobile devices when possible as a cybersecurity best practice.

Cyber Protection Conditions and Data Handling

• Cyberspace Protection Condition (CPCON) 2 limits priority focus to critical and essential functions.
• Using a home computer for printing sensitive reports while teleworking is prohibited, especially when it contains personal employee details.
• Appropriate use of removable media includes encrypting data stored on it.

Mobile Device Security and Internet Safety

• Disabling auto screen locking on mobile devices is not a recommended practice for protecting data.
• Best practices for identity protection include ordering a credit report annually.
• A Government-owned Portable Electronic Device (PED) is permitted in a Sensitive Compartmented Information Facility (SCIF).
• When browsing the internet, only accept cookies from reputable websites.

Risks and Indicators of Cyber Attacks

• Removable media poses various risks, which include unauthorized access or malware.
• Notifications of system updates that have been publicized are not indicators of malicious attacks.
• Receiving unsolicited messages, such as package delivery delays from unknown sources with shortened links, should be approached with caution; the best action is to delete such messages.

Common Security Practices

• Common Access Card (CAC) includes certificates for identification, encryption, and digital signatures.
• To prevent viruses and malicious code, always scan external files before uploading them to your devices.
• Data classified as Secret could cause serious damage to national security if disclosed.

Telework and Reporting Security Issues

• Teleworking requires prior permission from your organization.
• Reporting is essential for behaviors like taking home sensitive information without authorization.
• Sharing innocuous information, such as your pet's name, is less likely to pose security risks on social media.

Transportation Security Considerations

• Using public transport for work-related calls poses security concerns due to eavesdropping and shoulder surfing.
• To safely manage risks associated with compressed URLs, utilize the preview function to verify destination links.

Home Computer Protection

• Activate password protection on home computers to enhance security.
• Insider threats involve individuals misusing their authorized access, whether knowingly or unknowingly, to compromise national security.