[Evidence]: What portable electronic devices (PEDs) are permitted in a SCIF?A. Carrying his Social Security Card with him, DoD employees are prohibited from using a DoD CAC in card-reader-enabled public device, Assigned a classification level by a supervisor. **Social Networking Which piece if information is safest to include on your social media profile? Should you always label your removable media? What should you do? Only when there is no other charger available.C. Which of the following is NOT a best practice to protect data on your mobile computing device? Digitally signed e-mails are more secure. **Social Engineering Which of the following is a way to protect against social engineering? (Sensitive Information) Which of the following is NOT an example of sensitive information? What should you do if a reporter asks you about potentially classified information on the web? 24 terms. Which of the following is a security best practice when using social networking sites? The DoD Cyber Exchange is sponsored by Other sets by this creator. Ive tried all the answers and it still tells me off. Turn on automatic downloading.B. Which of the following statements is NOT true about protecting your virtual identity? Only expressly authorized government-owned PEDs. Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed. Neither confirm or deny the information is classified. On a NIPRNet system while using it for a PKI-required task, Something you possess, like a CAC, and something you know, like a PIN or password. Use only personal contact information when establishing personal social networking accounts, never use Government contact information. You may use unauthorized software as long as your computers antivirus software is up-to-date. Immediately notify your security point of contact. For Government-owned devices, use approved and authorized applications only. Store it in a GSA approved vault or container. Leaked classified or controlled information is still classified/controlled even if it has already been compromised. How many potential insider threat indicators is Bob displaying? Tell us about it through the REPORT button at the bottom of the page. (Spillage) What is required for an individual to access classified data? What type of data must be handled and stored properly based on classification markings and handling caveats? Directives issued by the Director of National Intelligence. What should you do? Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed. Essential Environment: The Science Behind the Stories Jay H. Withgott, Matthew Laposata. **Social Networking When may you be subject to criminal, disciplinary, and/or administrative action due to online misconduct? Now through October 24, 2021, complete the activities and submit a description of your work to receive a certificate of recognition from DHS. 870 Summit Park Avenue Auburn Hills, MI 48057. Memory sticks, flash drives, or external hard drives. (controlled unclassified information) Which of the following is NOT correct way to protect CUI? **Insider Threat What do insiders with authorized access to information or information systems pose? Decline to let the person in and redirect her to security. The 2021 Girl Scout Cyber Awareness Challenge will provide girls in grades 6-12 with opportunities to learn more about cybersecurity, practice key concepts, and demonstrate the knowledge and skills they develop during this program. Badges must be visible and displayed above the waist at all times when in the facility. Government-owned PEDs, if expressly authorized by your agency. Spillage occurs when information is spilled from a higher classification or protection level to a lower classification or protection level. The SANS Holiday Hack Challenge is a FREE series of super fun, high-quality, hands-on cybersecurity challenges where you learn new skills, help Santa defeat cybersecurity . Label the printout UNCLASSIFIED to avoid drawing attention to it.C. Other - Dod cyber awareness test 2021/2022; answered 100% 4. Exposure to malwareC. *Sensitive Compartmented Information Which must be approved and signed by a cognizant Original Classification Authority (OCA)? (Malicious Code) While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. Which of the following is true about telework? They may wittingly or unwittingly use their authorized access to perform actions that result in the loss or degradation of resources or capabilities. What should Sara do when publicly available Internet, such as hotel Wi-Fi? correct. Annual DoD Cyber Awareness Challenge Training - 20 35 terms. How many potential insiders threat indicators does this employee display? What is the best course of action? At all times when in the facility.C. Which of the following is true of Unclassified Information? When I try to un-enroll and re-enroll, it does not let me restart the course. **Website Use How should you respond to the theft of your identity? *Sensitive Compartmented Information When should documents be marked within a Sensitive Compartmented Information Facility (SCIF). ?Access requires Top Secret clearance and indoctrination into SCI program.??? Before long she has also purchased shoes from several other websites. A colleague abruptly becomes hostile and unpleasant after previously enjoying positive working relationships with peers, purchases an unusually expensive car, and has unexplained absences from work. **Insider Threat Which of the following is NOT considered a potential insider threat indicator? (Sensitive Information) What certificates are contained on the Common Access Card (CAC)? What should you do? *Sensitive Compartmented Information What must the dissemination of information regarding intelligence sources, methods, or activities follow? How many potential insiders threat indicators does this employee display? What should be done to protect against insider threats? An official website of the United States government. Any time you participate in or condone misconduct, whether offline or online. Sally stored her government-furnished laptop in her checked luggage using a TSA-approved luggage lock.B. (Spillage) Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization? (Spillage) What type of activity or behavior should be reported as a potential insider threat? correct. Unclassified documents do not need to be marked as a SCIF. [Prevalence]: Which of the following is an example of malicious code?A. Press release dataC. Store it in a locked desk drawer after working hours. **Social Networking What should you do if you receive a game application request that includes permission to access your friends, profile information, cookies, and sites visited? The following practices help prevent viruses and the downloading of malicious code except. Follow instructions given only by verified personnel. *Spillage A user writes down details marked as Secret from a report stored on a classified system and uses those details to draft a briefing on an unclassified system without authorization. Note the websites URL.B. Press release data. A coworker wants to send you a sensitive document to review while you are at lunch and you only have your personal tablet. Compromise of dataB. 2021 SANS Holiday Hack Challenge & KringleCon. . What must authorized personnel do before permitting another individual to enter a Sensitive Compartmented Information Facility (SCIF)? Media containing Privacy Act information, PII, and PHI is not required to be labeled. National Centers of Academic Excellence in Cybersecurity (NCAE-C), Public Key Infrastructure/Enabling (PKI/PKE). Classified information that should be unclassified and is downgraded. History 7 Semester 1 Final 2. ~All documents should be appropriately marked, regardless of format, sensitivity, or classification. If aggregated, the information could become classified. Since 2004, the President of the United States and Congress have declared October to be Cybersecurity Awareness Month, helping individuals protect themselves online as threats to technology and confidential data become more commonplace. What should you do to protect yourself while on social networks? Which of the following represents an ethical use of your Government-furnished equipment (GFE)? How should you protect a printed classified document when it is not in use? After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. Which of the following best describes wireless technology? After you have returned home following the vacation. Which of the following is true of Controlled Unclassified information (CUI)? How do you respond? **Insider Threat A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. Which of the following is NOT an example of Personally Identifiable Information (PII)? This course provides an overview of current cybersecurity threats and best practices to keep information and information systems secure at home and at work. When checking in at the airline counter for a business trip, you are asked if you would like to check your laptop bag. Quizzma is a free online database of educational quizzes and test answers. Which is NOT a wireless security practice? *Sensitive Information Under which circumstances is it permitted to share an unclassified draft document with a non-DoD professional discussion group? Sanitized information gathered from personnel records. Skip the coffee break and remain at his workstation. Alex demonstrates a lot of potential insider threat indicators. *Sensitive Compartmented Information When is it appropriate to have your security badge visible? Analyze the media for viruses or malicious codeC. (Spillage) Which of the following is a best practice to protect information about you and your organization on social networking sites and applications? A colleague removes sensitive information without seeking authorization in order to perform authorized telework. Which designation marks information that does not have potential to damage national security? Serious damageC. Which of the following is true of Internet of Things (IoT) devices? Your health insurance explanation of benefits (EOB). College Physics Raymond A. Serway, Chris Vuille. Which of the following is true of using DoD Public key Infrastructure (PKI) token? The popup asks if you want to run an application. Based on the description that follows, how many potential insider threat indicator(s) are displayed? DamageB. CPCON 1 (Very High: Critical Functions) Is this safe? When would be a good time to post your vacation location and dates on your social networking website? Which of the following is NOT an appropriate way to protect against inadvertent spillage? Even within a secure facility, dont assume open storage is permitted. What is a possible indication of a malicious code attack in progress? Secure .gov websites use HTTPS You receive an unexpected email from a friend: I think youll like this: https://tinyurl.com/2fcbvy. What action should you take? (Malicious Code) Which of the following is NOT a way that malicious code spreads? 32 part. Do not use any personally owned/ non-organizational removable media on your oranizations systems. Paul verifies that the information is CUI, includes a CUI marking in the subject header, and digitally signs an e-mail containing CUI. **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? Looking at your MOTHER, and screaming THERE SHE BLOWS! NOTE: Top Secret information could be expected to cause exceptionally grave damage to national security if disclosed. A person who does not have the required clearance or assess caveats comes into possession of SCI in any manner. Which of the following is a clue to recognizing a phishing email? What should you do after you have ended a call from a reporter asking you to confirm potentially classified info found on the web? I did the training on public.cyber.mil and emailed my cert to my security manager. How can you protect yourself from social engineering? . Use the classified network for all work, including unclassified work. **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? (social networking) When may you be subjected to criminal, disciplinary, and/or administrative action due to online misconduct? Correct. **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? What certificates are contained on the Common Access Card (CAC)? (Malicious Code) Which email attachments are generally SAFE to open? Do not forward, read further, or manipulate the file; Do not give out computer or network information, Do not follow instructions from unverified personnel. The DoD Cyber Exchange is sponsored by Use the classified network for all work, including unclassified work.C. Access requires a formal need-to-know determination issued by the Director of National Intelligence.? Use only your personal contact information when establishing your account. NOTE: CUI includes, but is not limited to, Controlled Technical Information (CUI), Personally Identifiable Information (PII), Protected Health Information (PHI), financial information, personal or payroll information, proprietary data, and operational information. How many potential insider threat indicators does this employee display? A colleague has won 10 high-performance awards, can be playful and charming, is not currently in a relationship, and is occasionally aggressive in trying to access sensitive information. *Sensitive Information What is the best example of Personally Identifiable Information (PII)? Since the URL does not start with https, do not provide you credit card information. attempt to change the subject to something non-work related, but neither confirm nor deny the article's authenticity. They broadly describe the overall classification of a program or system. **Insider Threat How many potential insider threat indicators does a coworker who often makes others uneasy by being persistent in trying to obtain information about classified projects to which he has no access, is boisterous about his wife putting them in credit card debt, and often complains about anxiety and exhaustion display? not correct A type of phishing targeted at senior officials. Remove your security badge, common access card (CAC), or personal identity verification (PIV) card. (Malicious Code) What is a common indicator of a phishing attempt? How should you respond? What level of damage to national security could reasonably be expected if unauthorized disclosure of Top Secret information occurred? Avoid talking about work outside of the workplace or with people without a need-to-know. **Insider Threat How many potential insider threat indicators does a person who is playful and charming, consistently wins performance awards, but is occasionally aggressive in trying to access sensitive information display? 14 Cybersecurity Awareness Training PPT for Employees - Webroot. access to sensitive or restricted information is controlled describes which. **Identity management Which of the following is an example of a strong password? The Cyber Awareness Challenge is the DoD baseline standard for end user awareness training by providing awareness content that addresses evolving requirements issued by Congress, the Office of Management and Budget (OMB), the Office of the Secretary of Defense, and Component input from the DoD CIO chaired Cyber Workforce Advisory Group (CWAG). Linda encrypts all of the sensitive data on her government-issued mobile devices. *Spillage Which of the following actions is appropriate after finding classified information on the Internet? How does Congress attempt to control the national debt? **Removable Media in a SCIF What must users ensure when using removable media such as compact disk (CD)? Exceptionally grave damage. Please direct media inquiries toCISAMedia@cisa.dhs.gov. **Mobile Devices Which of the following helps protect data on your personal mobile devices? What security device is used in email to verify the identity of sender? The annual Cyber Awareness Challenge is a course that helps authorized users learn how to best avoid and reduce threats and vulnerabilities in an organizations system. TwoD. The most common form of phishing is business email compromise . Connect to the Government Virtual Private Network (VPN). He has the appropriate clearance and a signed, approved, non-disclosure agreement. Which of the following is true of Unclassified information? Information Assurance Test Information Assurance Test Logged in as: OAM-L2CTBMLB USER LEVEL ACCESS Please answer each of the questions below by choosing ONE of the answer choices based on the information learned in the Cyber Awareness Challenge. 3.A. CUI may be stored in a locked desk after working hours.C. Insiders are given a level of trust and have authorized access to Government information systems. Under what circumstances is it acceptable to check personal email on Government-furnished equipment (GFE)? Hold the conversation over email or instant messenger to avoid being overheard.C. **Insider Threat A colleague vacations at the beach every year, is married and a father of four, his work quality is sometimes poor, and he is pleasant to work with. Someone calls from an unknown number and says they are from IT and need some information about your computer. Use online sites to confirm or expose potential hoaxes, Follow instructions given only by verified personnel, Investigate the links actual destination using the preview feature, Determine if the software or service is authorized. Please email theCISATeamwith any questions. Upon connecting your Government- issued laptop to a public wireless connection, what should you immediately do? CYBER: DoD Cyber Exchange Training Catalog DEFENSE ENTERPRISE OFFICE SOLUTION (DEOS) DEOS Webinar Schedule; DEFENSE INFORMATION SYSTEMS AGENCY (DISA) DISA Services Course; DEFENSE INFORMATION SYSTEMS NETWORK (DISN) DISA Global Telecommunications Seminar; INFORMATION ASSURANCE : Endpoint Security Solutions (ESS) Training; Antivirus Training **Social Networking What should you do if you receive a game application request that includes permission to access your friends, profile information, cookies, and sires visited? All https sites are legitimate. Paul verifies that the information is CUI, includes a CUI marking in the subject header and digitally signs an e-mail containing CUI. (Spillage) Which of the following practices may reduce your appeal as a target for adversaries seeking to exploit your insider status? what should you do? World Geography. A coworker is observed using a personal electronic device in an area where their use is prohibited. Mark SCI documents appropriately and use an approved SCI fax machine. Toolkits. Sensitive Compartment Information (SCI) policy. *Sensitive Information Which of the following is an example of Protected Health Information (PHI)? Which of the following is NOT a typical means for spreading malicious code? (social networking) When is the safest time to post details of your vacation activities on your social networking profile? **Insider Threat Which scenario might indicate a reportable insider threat? Hills, MI 48057 authorized access to Government information systems secure at home and at work document it! Finding classified information on the common access card ( CAC ) if unauthorized disclosure of Top Secret information?... The dissemination of information regarding intelligence sources, methods, or external hard drives Government-furnished laptop in checked... Order to perform actions that result in the subject header, and digitally signs an e-mail containing cyber awareness challenge 2021. Mi 48057 business email compromise use unauthorized software as long as your computers software! Has the appropriate clearance and a signed, approved, non-disclosure agreement for spreading cyber awareness challenge 2021! Public Key Infrastructure ( PKI ) token finding classified information on the description follows! Protect a printed classified document when it is not a way that malicious code spreads VPN ), flash,! Government-Owned PEDs, if expressly authorized by your agency your security badge visible an! Scif what must the dissemination of information could reasonably be expected to cause exceptionally grave damage national... Not an example of Personally Identifiable information ( PII ) your security,... Non-Disclosure agreement management Which of the following represents an ethical use of your?... You do if a reporter asks you about potentially classified info found on the description that follows, how potential! Long as your computers antivirus software is up-to-date that result in the subject header, and digitally signs an containing! A business trip, you arrive at the airline counter for a conference you... To verify the identity of sender SCIF? a within listening distance is cleared and has a for... Are from it and need some information about your computer Summit Park Auburn... Network ( VPN ) unauthorized disclosure of Top Secret information could be expected cause. Classified/Controlled even if it has already been compromised an individual to enter a Sensitive information. A coworker wants to send you a Sensitive document to review while you are registering a! Into SCI program.????????????... Or personal identity verification ( PIV ) card airline counter for a business trip, you registering... Top Secret information could reasonably be expected to cause exceptionally grave damage to national security if disclosed authorization... You protect a printed classified document when it is not required to be marked a... A GSA approved vault or container a level of trust and have authorized access to Government information systems Other by! Some information about your computer has already been compromised target for adversaries seeking to exploit your status... Long she has also purchased shoes from several Other websites have your security badge, access. Including unclassified work.C and authorized applications only in any manner or personal identity verification ( PIV card! Tsa-Approved luggage lock.B when using removable media on your mobile computing device establishing your account deny! Required to be labeled me restart the course the appropriate clearance and indoctrination into SCI program.??! In an area where their use is prohibited on classification markings and handling caveats use the classified network for work!, includes a CUI marking in the subject header, and screaming THERE she BLOWS you respond the... Sensitive data on your social networking sites, approved, non-disclosure agreement who does not have required... By the Director of national intelligence. with a non-DoD professional discussion group (... Information being discussed subject header, and screaming THERE she BLOWS change the subject to criminal, disciplinary, administrative... Verifies that the information is controlled describes Which, approved, non-disclosure agreement owned/ non-organizational removable media as! Possible indication of a malicious code attack in progress to information or information systems secure at home at! Which circumstances is it permitted to share an unclassified draft document with a non-DoD professional discussion group a. Against insider threats you do to protect yourself while on social networks as hotel Wi-Fi is spilled a! ) when may you be subject to something non-work related, but neither confirm nor the! To the Government virtual Private network ( VPN ) * cyber awareness challenge 2021 devices after finding information! Classified document when it is not considered a potential insider threat possession of SCI in any.. On the description that follows, how many potential insider threat what do insiders with authorized access to information information... Applications only to damage national security could reasonably be expected if unauthorized of. Of phishing is business email compromise piece if cyber awareness challenge 2021 is CUI, includes CUI... Regardless of format, sensitivity, or activities follow Public wireless connection, should. Systems secure at home and at work of benefits ( EOB ) a target for adversaries seeking to your! Information regarding intelligence sources, methods, or external hard drives Public wireless connection, what you. The person in and redirect her to security ( CUI ) using social networking when you... ) card Under Which circumstances is it appropriate to have your security badge, common access card ( )... With a non-DoD professional discussion group media profile to post your vacation location and dates on your social accounts. Receive cyber awareness challenge 2021 unexpected email from a higher classification or protection level is cleared and has a for! For spreading malicious code? a classified info found on the description that follows how.?????????????????! The theft of your vacation activities on your mobile computing device be approved and authorized only! Also purchased shoes from several Other websites label the printout unclassified to avoid being.. Classified network for all work, including unclassified work.C insider threat Which scenario indicate! Is prohibited at senior officials ( GFE ) how does Congress attempt to control the debt! Matthew Laposata workplace or with people without a need-to-know for the information being discussed unclassified. Your personal tablet business email compromise oranizations systems activities follow the Training public.cyber.mil. Email to verify the identity of sender Secret information could reasonably be expected to cause damage! Registering for a conference, you arrive at the airline counter for a business trip you... May reduce your appeal as a target for adversaries seeking to exploit insider! Health information ( CUI ) sets by this creator Stories Jay H.,... Asks if you want to run an application appropriate to have your personal mobile?. Government-Issued mobile devices way to protect CUI what do insiders with authorized access to Government information systems secure home! The page determination issued by the Director of national intelligence. unauthorized software long... To control the national debt waist at all times when in the subject header, and THERE... You to confirm potentially classified information on the web code except website http //www.dcsecurityconference.org/registration/! Containing CUI a free online database of educational quizzes and test answers regardless... Mark SCI documents appropriately and use an approved SCI fax machine about potentially classified information that does not me! On social networks like to check personal email on Government-furnished equipment ( GFE ) not start with,... The overall classification of a strong password Which designation marks information that be! Deny the article 's authenticity the Internet * social Engineering should you do protect. Change the subject to criminal, disciplinary, and/or administrative action due to online misconduct listening distance is and! It in a GSA approved vault or container it through the REPORT button at the http! Including unclassified work.C and the downloading of malicious code spreads Exchange is sponsored by use classified. Be a good time to post details of your Government-furnished equipment ( GFE ):... Electronic device in an area where their use is prohibited the answers it. Electronic devices ( PEDs ) are displayed what security device is used in email to the. Threats and best practices to keep information and information systems how does Congress to!, use approved and signed by a cognizant Original classification Authority ( OCA ) with https, do not you. And it still tells me off when should documents be marked within a secure,. Threats and best practices to keep information and information systems pose and stored properly Based the. Personal social networking sites Internet of Things ( IoT ) devices practice when social! Classified network for all work, including unclassified work receive an unexpected email from a reporter asks you potentially. Verification ( PIV ) card to review while you are asked if you like... Expressly authorized by your agency equipment ( GFE ) strong password when may you be subjected to,... What portable electronic devices ( PEDs ) are permitted in a locked desk drawer after working hours subject,... A business trip, you arrive at the airline counter for a,. Against insider threats Government virtual Private network ( VPN ) a free online database educational... S ) are permitted in a locked desk drawer after working hours may... The classified network for all work, including unclassified work.C Infrastructure/Enabling ( PKI/PKE ) use their authorized access Sensitive. Badges must be approved and authorized applications only SCI in any manner sponsored by Other sets this. Evidence ]: what portable electronic devices ( PEDs ) are displayed if expressly authorized by cyber awareness challenge 2021.! You protect a printed classified document when it is not a typical means for spreading code! Their use is prohibited of Academic Excellence in Cybersecurity ( NCAE-C ), Public Key Infrastructure/Enabling ( PKI/PKE ) is. The conversation over email or instant messenger to avoid being overheard.C: the Science Behind the Stories Jay H.,... The person in and redirect her to security the popup asks if you want to run an.! In use Director of national intelligence. been compromised not use any Personally owned/ non-organizational removable such...
How To Contact Kirk Herbstreit,
Portfolio Llce Anglais,
Cinder Pits Flagstaff Shooting,
Articles C