Podcast
Questions and Answers
How should you respond to an inquiry from a reporter about potentially classified information on the Internet?
How should you respond to an inquiry from a reporter about potentially classified information on the Internet?
Refer the reporter to your organization's public affairs office.
Which of the following actions is appropriate after finding classified information on the Internet? (Select all that apply)
Which of the following actions is appropriate after finding classified information on the Internet? (Select all that apply)
- Download the information so that you have a copy of it
- Note any identifying information and the website's Uniform Resource Locator (URL) (correct)
- Contact the owner of the website to remove the information
- Assume that you must be mistaken and ignore it
Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization?
Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization?
- Confidential
- Secret (correct)
- Top Secret
- Controlled Unclassified
Which of the following individuals can access classified data? (Select all that apply)
Which of the following individuals can access classified data? (Select all that apply)
How many potential insider threat indicator(s) are displayed?
How many potential insider threat indicator(s) are displayed?
Which of the following practices may reduce your appeal as a target for adversaries seeking to exploit your insider status?
Which of the following practices may reduce your appeal as a target for adversaries seeking to exploit your insider status?
What threat do insiders with authorized access to information or information systems pose?
What threat do insiders with authorized access to information or information systems pose?
What is a security best practice when using social networking sites?
What is a security best practice when using social networking sites?
What is the safest time to post details of your vacation activities on your social networking profile?
What is the safest time to post details of your vacation activities on your social networking profile?
Which of the following information is a security risk when posted publicly on your social networking profile?
Which of the following information is a security risk when posted publicly on your social networking profile?
Which of the following is NOT an example of CUI?
Which of the following is NOT an example of CUI?
Which of the following is NOT a correct way to protect CUI?
Which of the following is NOT a correct way to protect CUI?
Give an example of personally identifiable information (PII).
Give an example of personally identifiable information (PII).
Give an example of protected health information (PHI).
Give an example of protected health information (PHI).
Which of the following is a best practice for physical security?
Which of the following is a best practice for physical security?
Which of the following is NOT a best practice to preserve the authenticity of your identity?
Which of the following is NOT a best practice to preserve the authenticity of your identity?
In which situation are you permitted to use your PKI token?
In which situation are you permitted to use your PKI token?
What guidance is available for marking Sensitive Compartmented Information (SCI)?
What guidance is available for marking Sensitive Compartmented Information (SCI)?
What action should you take if you become aware that Sensitive Compartmented Information (SCI) has been compromised?
What action should you take if you become aware that Sensitive Compartmented Information (SCI) has been compromised?
When is it appropriate to have your security badge visible?
When is it appropriate to have your security badge visible?
What should the owner of printed SCI do differently?
What should the owner of printed SCI do differently?
What should the participants in a conversation involving SCI do differently?
What should the participants in a conversation involving SCI do differently?
What action should you take when using removable media in a Sensitive Compartmented Information Facility (SCIF)?
What action should you take when using removable media in a Sensitive Compartmented Information Facility (SCIF)?
Which of the following is NOT a way that malicious code spreads?
Which of the following is NOT a way that malicious code spreads?
What portable electronic devices (PEDs) are permitted in a SCIF?
What portable electronic devices (PEDs) are permitted in a SCIF?
What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF?
What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF?
Which of the following is an example of malicious code?
Which of the following is an example of malicious code?
How can malicious code cause damage?
How can malicious code cause damage?
How can you avoid downloading malicious code?
How can you avoid downloading malicious code?
How should you respond to the theft of your identity?
How should you respond to the theft of your identity?
Which is the best practice that can prevent viruses and other malicious code from being downloaded when checking your e-mail?
Which is the best practice that can prevent viruses and other malicious code from being downloaded when checking your e-mail?
What actions should you take with an e-mail from a friend containing a compressed URL?
What actions should you take with an e-mail from a friend containing a compressed URL?
What type of social engineering targets particular individuals, groups of people, or organizations?
What type of social engineering targets particular individuals, groups of people, or organizations?
What security risk does a public Wi-Fi connection pose?
What security risk does a public Wi-Fi connection pose?
Which of the following represents an ethical use of your government-furnished equipment (GFE)?
Which of the following represents an ethical use of your government-furnished equipment (GFE)?
When can you use removable media on a government system?
When can you use removable media on a government system?
Which of the following is an example of near field communication (NFC)?
Which of the following is an example of near field communication (NFC)?
When is it okay to charge a personal mobile device using government-furnished equipment (GFE)?
When is it okay to charge a personal mobile device using government-furnished equipment (GFE)?
Which of the following demonstrates proper protection of mobile devices?
Which of the following demonstrates proper protection of mobile devices?
What should you consider when using a wireless keyboard with your home computer?
What should you consider when using a wireless keyboard with your home computer?
Flashcards are hidden until you start studying
Study Notes
DoD Cyber Awareness Challenge (FY22) Key Concepts
-
Inquiries about classified information should be directed to the organization's public affairs office.
-
If classified information is discovered online, note identifying details and the webpage's URL instead of contacting the website owner or ignoring it.
-
Information that could cause serious damage to national security if disclosed without authorization is classified as "Secret."
-
Individuals permitted to access classified information include those with appropriate clearance and signed non-disclosure agreements, such as Darryl managing a classified project.
-
A colleague demonstrating charm yet showing aggression to access classified data is displaying one insider threat indicator.
-
To minimize vulnerability as a target for adversaries, always remove security badges when leaving controlled areas.
-
Insiders with authorized access can unintentionally or intentionally compromise resources and capabilities due to their access.
-
When using social networking sites, it is crucial to understand and utilize privacy settings effectively.
-
Post details about vacations on social media only after returning home to avoid security risks.
-
Publicly sharing your birthday on social media represents a significant security risk regarding your personal information.
-
Publicly released press data is not classified as Controlled Unclassified Information (CUI).
-
CUI should not be stored on any password-protected system; it must be protected within designated environments.
-
Social Security numbers qualify as personally identifiable information (PII).
-
Medical records are classified as protected health information (PHI).
-
A fundamental physical security practice is to use your personal access badge or key code at all times.
-
Writing passwords down on personal devices is not a best practice for maintaining identity authenticity.
-
Use a PKI token for authorized tasks only on designated systems, specifically on NIPRNet and not on systems of higher classification or public computers.
-
Guidance for marking Sensitive Compartmented Information (SCI) includes following Security Classification Guides and consulting original classification authorities.
-
If aware that SCI has been compromised, report to your security contact and evaluate the compromise's causes.
-
Always display security badges visibly while in a facility to maintain access security.
-
Classified documents should be retrieved promptly from printers to mitigate unauthorized access risks.
-
When discussing Classified Information, verify that all participants within earshot are cleared for the information.
-
Removable media in Sensitive Compartmented Information Facilities (SCIF) must be disclosed to local management authorities.
-
Malware can spread through various channels, but infected websites are not classified as a method.
-
Only authorized government devices are allowed in SCIF environments.
-
An incident such as opening an uncontrolled DVD in a SCIF requires notifying security and analyzing the system for potential threats.
-
Malicious code can damage systems by corrupting files, deleting data, or allowing unauthorized access.
-
Avoid downloading malicious code by not clicking on website links found in email messages.
-
Identity theft should be reported to local law enforcement for proper legal action.
-
Accessing links or graphics in emails constitutes a major risk for downloading viruses.
-
When receiving emails with untrusted links, such as compressed URLs, it’s important to verify the link’s destination carefully.
-
Social engineering tactics targeting specific individuals are known as spear phishing.
-
Public Wi-Fi can expose devices to malware threats, posing a significant risk to sensitive information.
-
Ethical use of Government-furnished equipment (GFE) includes proper communication regarding absences while unauthorized usage, such as downloading pirated content is prohibited.
-
Removable media can only be used on government systems under strict operational necessity and with appropriate approvals.
-
Near Field Communication (NFC) is exemplified by smartphones transmitting payment information when near a card reader.
-
Charging personal devices using government-furnished equipment is strictly forbidden.
-
Proper protection of mobile devices includes encrypting sensitive data on government-issued devices.
-
When using wireless keyboards, security settings and encryption options should be carefully evaluated to ensure protection against unauthorized access.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.