DoD Cyber Awareness Challenge (FY22) Quiz

Questions and Answers

How should you respond to an inquiry from a reporter about potentially classified information on the Internet?

Refer the reporter to your organization's public affairs office.

Which of the following actions is appropriate after finding classified information on the Internet? (Select all that apply)

Download the information so that you have a copy of it

Note any identifying information and the website's Uniform Resource Locator (URL) (correct)

Contact the owner of the website to remove the information

Assume that you must be mistaken and ignore it

Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization?

Confidential

Secret (correct)

Top Secret

Controlled Unclassified

Which of the following individuals can access classified data? (Select all that apply)

Darryl, who has appropriate clearance and signed a non-disclosure agreement

How many potential insider threat indicator(s) are displayed?

1 indicator

Which of the following practices may reduce your appeal as a target for adversaries seeking to exploit your insider status?

Remove your security badge after leaving your controlled area or office building

What threat do insiders with authorized access to information or information systems pose?

They may wittingly or unwittingly use their authorized access to perform actions that result in the loss or degradation of resources or capabilities.

What is a security best practice when using social networking sites?

Understanding and using the available privacy settings.

What is the safest time to post details of your vacation activities on your social networking profile?

After you have returned home following the vacation.

Which of the following information is a security risk when posted publicly on your social networking profile?

Your birthday

Which of the following is NOT an example of CUI?

Press release data

Which of the following is NOT a correct way to protect CUI?

CUI may be stored on any password-protected system.

Give an example of personally identifiable information (PII).

Social security number.

Give an example of protected health information (PHI).

Medical record or information of medical visit/history.

Which of the following is a best practice for physical security?

Use your own facility access badge or key code

Which of the following is NOT a best practice to preserve the authenticity of your identity?

Write your password down on a device that only you access (e.g., your smartphone)

In which situation are you permitted to use your PKI token?

On a NIPRNet system while using it for a PKI-required task

What guidance is available for marking Sensitive Compartmented Information (SCI)?

Security Classification Guides, Your supervisor, Original Classification Authority, Sensitive Compartmented Information Guides

What action should you take if you become aware that Sensitive Compartmented Information (SCI) has been compromised?

Contact your security point of contact to report the incident, evaluate the causes of the compromise, e-mail detailed information about the incident to your security point of contact, access the amount of damage that could be caused by the compromise

When is it appropriate to have your security badge visible?

At all times when in the facility.

What should the owner of printed SCI do differently?

Retrieve classified documents promptly from printers.

What should the participants in a conversation involving SCI do differently?

Physically assess that everyone within listening distance is cleared and has need-to-know for the information being discussed.

What action should you take when using removable media in a Sensitive Compartmented Information Facility (SCIF)?

Identify and disclose it with local Configuration/Change Management Control and Property Management authorities.

Which of the following is NOT a way that malicious code spreads?

Legitimate software updates

What portable electronic devices (PEDs) are permitted in a SCIF?

Only expressly authorized government-owned PEDs.

What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF?

Notify your security POC

Which of the following is an example of malicious code?

Software that installs itself without the user's knowledge

How can malicious code cause damage?

Corrupting files, erasing your hard drive, allowing hackers access.

How can you avoid downloading malicious code?

Do not access website links in e-mail messages.

How should you respond to the theft of your identity?

Report the crime to local law enforcement.

Which is the best practice that can prevent viruses and other malicious code from being downloaded when checking your e-mail?

Do not access website links, buttons, or graphics in e-mail

What actions should you take with an e-mail from a friend containing a compressed URL?

Investigate the link's actual destination using the preview feature

What type of social engineering targets particular individuals, groups of people, or organizations?

Spear phishing

What security risk does a public Wi-Fi connection pose?

It may expose the connected device to malware.

Which of the following represents an ethical use of your government-furnished equipment (GFE)?

E-mailing your co-workers to let them know you are taking a sick day

When can you use removable media on a government system?

When operationally necessary, owned by your organization, and approved by the appropriate authority.

Which of the following is an example of near field communication (NFC)?

A smartphone that transmits credit card payment information when held in proximity to a credit card reader

When is it okay to charge a personal mobile device using government-furnished equipment (GFE)?

This is never okay.

Which of the following demonstrates proper protection of mobile devices?

Linda encrypts all of the sensitive data on her government-issued mobile devices.

What should you consider when using a wireless keyboard with your home computer?

Reviewing and configuring the available security features, including encryption.

Study Notes

DoD Cyber Awareness Challenge (FY22) Key Concepts

• Inquiries about classified information should be directed to the organization's public affairs office.

• If classified information is discovered online, note identifying details and the webpage's URL instead of contacting the website owner or ignoring it.

• Information that could cause serious damage to national security if disclosed without authorization is classified as "Secret."

• Individuals permitted to access classified information include those with appropriate clearance and signed non-disclosure agreements, such as Darryl managing a classified project.

• A colleague demonstrating charm yet showing aggression to access classified data is displaying one insider threat indicator.

• To minimize vulnerability as a target for adversaries, always remove security badges when leaving controlled areas.

• Insiders with authorized access can unintentionally or intentionally compromise resources and capabilities due to their access.

• When using social networking sites, it is crucial to understand and utilize privacy settings effectively.

• Post details about vacations on social media only after returning home to avoid security risks.

• Publicly sharing your birthday on social media represents a significant security risk regarding your personal information.

• Publicly released press data is not classified as Controlled Unclassified Information (CUI).

• CUI should not be stored on any password-protected system; it must be protected within designated environments.

• Social Security numbers qualify as personally identifiable information (PII).

• Medical records are classified as protected health information (PHI).

• A fundamental physical security practice is to use your personal access badge or key code at all times.

• Writing passwords down on personal devices is not a best practice for maintaining identity authenticity.

• Use a PKI token for authorized tasks only on designated systems, specifically on NIPRNet and not on systems of higher classification or public computers.

• Guidance for marking Sensitive Compartmented Information (SCI) includes following Security Classification Guides and consulting original classification authorities.

• If aware that SCI has been compromised, report to your security contact and evaluate the compromise's causes.

• Always display security badges visibly while in a facility to maintain access security.

• Classified documents should be retrieved promptly from printers to mitigate unauthorized access risks.

• When discussing Classified Information, verify that all participants within earshot are cleared for the information.

• Removable media in Sensitive Compartmented Information Facilities (SCIF) must be disclosed to local management authorities.

• Malware can spread through various channels, but infected websites are not classified as a method.

• Only authorized government devices are allowed in SCIF environments.

• An incident such as opening an uncontrolled DVD in a SCIF requires notifying security and analyzing the system for potential threats.

• Malicious code can damage systems by corrupting files, deleting data, or allowing unauthorized access.

• Avoid downloading malicious code by not clicking on website links found in email messages.

• Identity theft should be reported to local law enforcement for proper legal action.

• Accessing links or graphics in emails constitutes a major risk for downloading viruses.

• When receiving emails with untrusted links, such as compressed URLs, it’s important to verify the link’s destination carefully.

• Social engineering tactics targeting specific individuals are known as spear phishing.

• Public Wi-Fi can expose devices to malware threats, posing a significant risk to sensitive information.

• Ethical use of Government-furnished equipment (GFE) includes proper communication regarding absences while unauthorized usage, such as downloading pirated content is prohibited.

• Removable media can only be used on government systems under strict operational necessity and with appropriate approvals.

• Near Field Communication (NFC) is exemplified by smartphones transmitting payment information when near a card reader.

• Charging personal devices using government-furnished equipment is strictly forbidden.

• Proper protection of mobile devices includes encrypting sensitive data on government-issued devices.

• When using wireless keyboards, security settings and encryption options should be carefully evaluated to ensure protection against unauthorized access.

Description

Test your knowledge of key concepts from the DoD Cyber Awareness Challenge (FY22). This quiz covers essential information about classified data, insider threats, and security protocols to help you understand how to protect sensitive information.