DoD Cyber Awareness Challenge (FY22) Quiz
40 Questions
101 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

How should you respond to an inquiry from a reporter about potentially classified information on the Internet?

Refer the reporter to your organization's public affairs office.

Which of the following actions is appropriate after finding classified information on the Internet? (Select all that apply)

  • Download the information so that you have a copy of it
  • Note any identifying information and the website's Uniform Resource Locator (URL) (correct)
  • Contact the owner of the website to remove the information
  • Assume that you must be mistaken and ignore it
  • Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization?

  • Confidential
  • Secret (correct)
  • Top Secret
  • Controlled Unclassified
  • Which of the following individuals can access classified data? (Select all that apply)

    <p>Darryl, who has appropriate clearance and signed a non-disclosure agreement</p> Signup and view all the answers

    How many potential insider threat indicator(s) are displayed?

    <p>1 indicator</p> Signup and view all the answers

    Which of the following practices may reduce your appeal as a target for adversaries seeking to exploit your insider status?

    <p>Remove your security badge after leaving your controlled area or office building</p> Signup and view all the answers

    What threat do insiders with authorized access to information or information systems pose?

    <p>They may wittingly or unwittingly use their authorized access to perform actions that result in the loss or degradation of resources or capabilities.</p> Signup and view all the answers

    What is a security best practice when using social networking sites?

    <p>Understanding and using the available privacy settings.</p> Signup and view all the answers

    What is the safest time to post details of your vacation activities on your social networking profile?

    <p>After you have returned home following the vacation.</p> Signup and view all the answers

    Which of the following information is a security risk when posted publicly on your social networking profile?

    <p>Your birthday</p> Signup and view all the answers

    Which of the following is NOT an example of CUI?

    <p>Press release data</p> Signup and view all the answers

    Which of the following is NOT a correct way to protect CUI?

    <p>CUI may be stored on any password-protected system.</p> Signup and view all the answers

    Give an example of personally identifiable information (PII).

    <p>Social security number.</p> Signup and view all the answers

    Give an example of protected health information (PHI).

    <p>Medical record or information of medical visit/history.</p> Signup and view all the answers

    Which of the following is a best practice for physical security?

    <p>Use your own facility access badge or key code</p> Signup and view all the answers

    Which of the following is NOT a best practice to preserve the authenticity of your identity?

    <p>Write your password down on a device that only you access (e.g., your smartphone)</p> Signup and view all the answers

    In which situation are you permitted to use your PKI token?

    <p>On a NIPRNet system while using it for a PKI-required task</p> Signup and view all the answers

    What guidance is available for marking Sensitive Compartmented Information (SCI)?

    <p>Security Classification Guides, Your supervisor, Original Classification Authority, Sensitive Compartmented Information Guides</p> Signup and view all the answers

    What action should you take if you become aware that Sensitive Compartmented Information (SCI) has been compromised?

    <p>Contact your security point of contact to report the incident, evaluate the causes of the compromise, e-mail detailed information about the incident to your security point of contact, access the amount of damage that could be caused by the compromise</p> Signup and view all the answers

    When is it appropriate to have your security badge visible?

    <p>At all times when in the facility.</p> Signup and view all the answers

    What should the owner of printed SCI do differently?

    <p>Retrieve classified documents promptly from printers.</p> Signup and view all the answers

    What should the participants in a conversation involving SCI do differently?

    <p>Physically assess that everyone within listening distance is cleared and has need-to-know for the information being discussed.</p> Signup and view all the answers

    What action should you take when using removable media in a Sensitive Compartmented Information Facility (SCIF)?

    <p>Identify and disclose it with local Configuration/Change Management Control and Property Management authorities.</p> Signup and view all the answers

    Which of the following is NOT a way that malicious code spreads?

    <p>Legitimate software updates</p> Signup and view all the answers

    What portable electronic devices (PEDs) are permitted in a SCIF?

    <p>Only expressly authorized government-owned PEDs.</p> Signup and view all the answers

    What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF?

    <p>Notify your security POC</p> Signup and view all the answers

    Which of the following is an example of malicious code?

    <p>Software that installs itself without the user's knowledge</p> Signup and view all the answers

    How can malicious code cause damage?

    <p>Corrupting files, erasing your hard drive, allowing hackers access.</p> Signup and view all the answers

    How can you avoid downloading malicious code?

    <p>Do not access website links in e-mail messages.</p> Signup and view all the answers

    How should you respond to the theft of your identity?

    <p>Report the crime to local law enforcement.</p> Signup and view all the answers

    Which is the best practice that can prevent viruses and other malicious code from being downloaded when checking your e-mail?

    <p>Do not access website links, buttons, or graphics in e-mail</p> Signup and view all the answers

    What actions should you take with an e-mail from a friend containing a compressed URL?

    <p>Investigate the link's actual destination using the preview feature</p> Signup and view all the answers

    What type of social engineering targets particular individuals, groups of people, or organizations?

    <p>Spear phishing</p> Signup and view all the answers

    What security risk does a public Wi-Fi connection pose?

    <p>It may expose the connected device to malware.</p> Signup and view all the answers

    Which of the following represents an ethical use of your government-furnished equipment (GFE)?

    <p>E-mailing your co-workers to let them know you are taking a sick day</p> Signup and view all the answers

    When can you use removable media on a government system?

    <p>When operationally necessary, owned by your organization, and approved by the appropriate authority.</p> Signup and view all the answers

    Which of the following is an example of near field communication (NFC)?

    <p>A smartphone that transmits credit card payment information when held in proximity to a credit card reader</p> Signup and view all the answers

    When is it okay to charge a personal mobile device using government-furnished equipment (GFE)?

    <p>This is never okay.</p> Signup and view all the answers

    Which of the following demonstrates proper protection of mobile devices?

    <p>Linda encrypts all of the sensitive data on her government-issued mobile devices.</p> Signup and view all the answers

    What should you consider when using a wireless keyboard with your home computer?

    <p>Reviewing and configuring the available security features, including encryption.</p> Signup and view all the answers

    Study Notes

    DoD Cyber Awareness Challenge (FY22) Key Concepts

    • Inquiries about classified information should be directed to the organization's public affairs office.

    • If classified information is discovered online, note identifying details and the webpage's URL instead of contacting the website owner or ignoring it.

    • Information that could cause serious damage to national security if disclosed without authorization is classified as "Secret."

    • Individuals permitted to access classified information include those with appropriate clearance and signed non-disclosure agreements, such as Darryl managing a classified project.

    • A colleague demonstrating charm yet showing aggression to access classified data is displaying one insider threat indicator.

    • To minimize vulnerability as a target for adversaries, always remove security badges when leaving controlled areas.

    • Insiders with authorized access can unintentionally or intentionally compromise resources and capabilities due to their access.

    • When using social networking sites, it is crucial to understand and utilize privacy settings effectively.

    • Post details about vacations on social media only after returning home to avoid security risks.

    • Publicly sharing your birthday on social media represents a significant security risk regarding your personal information.

    • Publicly released press data is not classified as Controlled Unclassified Information (CUI).

    • CUI should not be stored on any password-protected system; it must be protected within designated environments.

    • Social Security numbers qualify as personally identifiable information (PII).

    • Medical records are classified as protected health information (PHI).

    • A fundamental physical security practice is to use your personal access badge or key code at all times.

    • Writing passwords down on personal devices is not a best practice for maintaining identity authenticity.

    • Use a PKI token for authorized tasks only on designated systems, specifically on NIPRNet and not on systems of higher classification or public computers.

    • Guidance for marking Sensitive Compartmented Information (SCI) includes following Security Classification Guides and consulting original classification authorities.

    • If aware that SCI has been compromised, report to your security contact and evaluate the compromise's causes.

    • Always display security badges visibly while in a facility to maintain access security.

    • Classified documents should be retrieved promptly from printers to mitigate unauthorized access risks.

    • When discussing Classified Information, verify that all participants within earshot are cleared for the information.

    • Removable media in Sensitive Compartmented Information Facilities (SCIF) must be disclosed to local management authorities.

    • Malware can spread through various channels, but infected websites are not classified as a method.

    • Only authorized government devices are allowed in SCIF environments.

    • An incident such as opening an uncontrolled DVD in a SCIF requires notifying security and analyzing the system for potential threats.

    • Malicious code can damage systems by corrupting files, deleting data, or allowing unauthorized access.

    • Avoid downloading malicious code by not clicking on website links found in email messages.

    • Identity theft should be reported to local law enforcement for proper legal action.

    • Accessing links or graphics in emails constitutes a major risk for downloading viruses.

    • When receiving emails with untrusted links, such as compressed URLs, it’s important to verify the link’s destination carefully.

    • Social engineering tactics targeting specific individuals are known as spear phishing.

    • Public Wi-Fi can expose devices to malware threats, posing a significant risk to sensitive information.

    • Ethical use of Government-furnished equipment (GFE) includes proper communication regarding absences while unauthorized usage, such as downloading pirated content is prohibited.

    • Removable media can only be used on government systems under strict operational necessity and with appropriate approvals.

    • Near Field Communication (NFC) is exemplified by smartphones transmitting payment information when near a card reader.

    • Charging personal devices using government-furnished equipment is strictly forbidden.

    • Proper protection of mobile devices includes encrypting sensitive data on government-issued devices.

    • When using wireless keyboards, security settings and encryption options should be carefully evaluated to ensure protection against unauthorized access.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    Test your knowledge of key concepts from the DoD Cyber Awareness Challenge (FY22). This quiz covers essential information about classified data, insider threats, and security protocols to help you understand how to protect sensitive information.

    More Like This

    DoD Cyber Awareness Challenge 2019
    35 questions

    DoD Cyber Awareness Challenge 2019

    SustainableAntigorite1088 avatar
    SustainableAntigorite1088
    DOD Cyber Awareness Challenge 2019
    23 questions
    Cyber Awareness Quiz
    24 questions

    Cyber Awareness Quiz

    SnappyPiccoloTrumpet avatar
    SnappyPiccoloTrumpet
    Use Quizgecko on...
    Browser
    Browser