cyber awareness challenge 2021cyber awareness challenge 2021

Since the URL does not start with https, do not provide you credit card information. correct. Which of the following may be helpful to prevent inadvertent spillage? (Sensitive Information) What certificates are contained on the Common Access Card (CAC)? Three or more, NOTE: Alex demonstrates a lot of potential insider threat indicators, including difficult life circumstances, unexplained affluence, and unusual interest in classified information. Thats the only way we can improve. Which of the following statements is true? Use of the DODIN. Do not use any personally owned/non-organizational removable media on your organizations systems. What should you consider when using a wireless keyboard with your home computer? While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. What level of damage to national security can you reasonably expect Top Secret information to cause if disclosed? Which of the following is NOT sensitive information? Correct. The Cybersecurity and Infrastructure Security Agency (CISA) and the National . Product Functionality Requirements: To meet technical functionality requirements, this awareness product was developed to function with Windows and Mac operating systems (Windows 7 and 10 and macOS 10.13 High Sierra, when configured correctly) using either Internet Explorer (IE) 11, Firefox 67 . Should you always label your removable media? The telephone does not necessarily represent a security violation. The notepad does not necessarily represent a security violation. DISA is mandated to support and sustain the DoD Cyber Exchange (formerly the Information Assurance Support Environment (IASE)) as directed by DoDI 8500.01 and DODD 8140.01. *Classified Data Published: 07/03/2022. How many potential insider threat indicators does this employee display? Government-owned PEDs, if expressly authorized by your agency. Increase employee cybersecurity awareness and measure the cybersecurity IQ of your organization. Information improperly moved from a higher protection level to a lower protection level. **Insider Threat A colleague vacations at the beach every year, is married and a father of four, his work quality is sometimes poor, and he is pleasant to work with. Only friends should see all biographical data such as where Alex lives and works. A colleague abruptly becomes hostile and unpleasant after previously enjoying positive working relationships with peers, purchases an unusually expensive new car, and has unexplained absences from work. Use a single, complex password for your system and application logons. Use the classified network for all work, including unclassified work. **Insider Threat Which scenario might indicate a reportable insider threat? The DISN facilitates the management of information resources, and is responsive to national security, as well as DOD needs. You are having lunch at a local restaurant outside the installation, and you find a cd labeled favorite song. Which of the following is NOT an example of CUI?A. Alex demonstrates a lot of potential insider threat indicators. What should the owner of this printed SCI do differently? Classified information that should be unclassified and is downgraded. The DoD Cyber Exchange is sponsored by How many potential insider threat indicators does this employee display? Software that installs itself without the users knowledge.C. Be careful not to discuss details of your work with people who do not have a need-to-know. What action should you take? correct. You many only transmit SCI via certified mail. Permitted Uses of Government-Furnished Equipment (GFE). Cookies may pose a security threat, particularly when they save unencrypted personal information. Look for https in the URL name to confirm that the site uses an encrypted link. Decline to let the person in and redirect her to security.C. NoneB. *Spillage After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. This course provides an overview of current cybersecurity threats and best practices to keep information and information systems secure at home and at work. If authorized, what can be done on a work computer? Dont assume open storage in a secure facility is authorized Maybe. Ive tried all the answers and it still tells me off. Since the URL does not start with "https", do not provide your credit card information. *Sensitive Information Under which circumstances is it permitted to share an unclassified draft document with a non-DoD professional discussion group? Which of the following does not constitute spillage. Which of the following is an example of a strong password? Phishing can be an email with a hyperlink as bait. Exceptionally grave damage. A vendor conducting a pilot program with your organization contacts you for organizational data to use in a prototype. navyEOD55. Of the following, which is NOT a method to protect sensitive information? Hostility or anger toward the United States and its policies. Which of the following is true of traveling overseas with a mobile phone. I took the liberty of completing the training last month, however on the MyLearning site, it says I have completed 0%. What should you do? Which of the following demonstrates proper protection of mobile devices? When is it okay to charge a personal mobile device using government-furnished equipment (GFE)? Label the printout UNCLASSIFIED to avoid drawing attention to it.C. Being cognizant of classification markings and labeling practices are good strategies to avoid inadvertent spillage. A trusted friend in your social network posts a link to vaccine information on a website unknown to you. Press F12 on your keyboard to open developer tools. Decline to let the person in and redirect her to security. How many potential insiders threat indicators does this employee display? You receive a call on your work phone and youre asked to participate in a phone survey. Contact the IRS using their publicly available, official contact information. **Home Computer Security What should you consider when using a wireless keyboard with your home computer? dcberrian. No, you should only allow mobile code to run from your organization or your organizations trusted sites. Which of the following should be done to keep your home computer secure? When using a fax machine to send sensitive information, the sender should do which of the following? When is it appropriate to have your security bade visible? (Insider Threat) A colleague vacations at the beach every year, is married and a father of four, his work quality is sometimes poor, and he is pleasant to work with. Using NIPRNet tokens on systems of higher classification level. Which of the following is an example of Protected Health Information (PHI)? Which of the following can an unauthorized disclosure of information.? according to the 2021 State of Phishing and Online Fraud Report. A lock (LockA locked padlock) or https:// means youve safely connected to the .gov website. What action is recommended when somebody calls you to inquire about your work environment or specific account information? Ask for information about the website, including the URL. Only when badging inB. **Identity management Which of the following is an example of a strong password? Adversaries exploit social networking sites to disseminate fake news. What describes how Sensitive Compartmented Information is marked? Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed. What should you do? Your favorite movie. Looking for https in the URL. **Insider Threat Which of the following is NOT considered a potential insider threat indicator? All of these. P2P (Peer-to-Peer) software can do the following except: Allow attackers physical access to network assets. Nothing. Exposure to malwareC. Retrieve classified documents promptly from printers. Use only personal contact information when establishing your personal account. Training requirements by group. (Malicious Code) Which of the following is NOT a way that malicious code spreads? Of the following, which is NOT an intelligence community mandate for passwords? (Spillage) Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization? It also says I cannot print out the certificate. Media containing Privacy Act information, PII, and PHI is not required to be labeled. Someone calls from an unknown number and says they are from IT and need some information about your computer. Only when there is no other charger available.C. what is required for an individual to access classified data? (Malicious Code) Which email attachments are generally SAFE to open? You receive an email from the Internal Revenue Service (IRS) demanding immediate payment of back taxes of which you were not aware. Write your password down on a device that only you access. The Cyber Awareness Challenge, which is also known as the Army Cyber Awareness Training, the cyber awareness challenge or the DOD cyber challenge, is an annual computer security training that was created to increase cyber awareness among Department of Defense (DoD) employees. Is it permitted to share an unclassified draft document with a non-DoD professional discussion group? Which of the following information is a security risk when posted publicly on your social networking profile? A coworker wants to send you a sensitive document to review while you are at lunch and you only have your personal tablet. View email in plain text and dont view email in Preview Pane. World Geography. **Insider Threat What is an insider threat? Based on the description that follows, how many potential insider threat indicator(s) are displayed? Please direct media inquiries toCISAMedia@cisa.dhs.gov. Which of the following is NOT true concerning a computer labeled SECRET? difficult life circumstances such as substance abuse, divided loyalty or allegiance to the U.S., and extreme, persistent interpersonal difficulties. Your cousin posted a link to an article with an incendiary headline on social media. You can email your employees information to yourself so you can work on it this weekend and go home now. In collaboration with the U.S. Department of Homeland Security . (GFE) When can you check personal e-mail on your Government-furnished equipment (GFE)? Issues with Cyber Awareness Challenge. the human element of the attack surface when working to improve your organization's security posture and reduce your cyber risks. A colleague often makes others uneasy with her persistent efforts to obtain information about classified project where she has no need-to-know, is vocal about her husband overspending on credit cards, and complains about anxiety and exhaustion. Under which circumstances may you be subject to criminal, disciplinary, and/or administrative action due to online misconduct? NOTE: CUI includes, but is not limited to, Controlled Technical Information (CUI), Personally Identifiable Information (PII), Protected Health Information (PHI), financial information, personal or payroll information, proprietary data, and operational information. Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed. Which of the following includes Personally Identifiable Information (PII) and Protected Health Information (PHI)? You receive an email from a company you have an account with. NOTE: Always mark classified information appropriately and retrieve classified documents promptly from the printer. 32 cfr part 2002 controlled unclassified information. (Sensitive Information) Which of the following is NOT an example of sensitive information? Debra ensures not correct *Spillage A user writes down details marked as Secret from a report stored on a classified system and uses those details to draft a briefing on an unclassified system without authorization. A program that segregates various type of classified information into distinct compartments for added protection and dissemination for distribution control. Based on the description that follows, how many potential insider threat indicator(s) are displayed? You check your bank statement and see several debits you did not authorize. This training is current, designed to be engaging, and relevant to the user. The answers here are current and are contained within three (3) incidents: spillage, Controlled Unclassified Information (CUI), and malicious codes. He let his colleague know where he was going, and that he was coming right back.B. A man you do not know is trying to look at your Government-issued phone and has asked to use it. Which of the following is true of sharing information in a Sensitive Compartmented Information Facility (SCIF)? What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF. Coworker making consistent statements indicative of hostility or anger toward the United States in its policies. *Spillage You find information that you know to be classified on the Internet. Which of the following actions is appropriate after finding classified Government information on the internet? Which of the following is a best practice for physical security? Others may be able to view your screen. Immediately notify your security point of contact. Which of the following must you do before using an unclassified laptop and peripherals in a collateral classified environment? A pop-up window that flashes and warns that your computer is infected with a virus. (Must be new, do not continue) Progress until you see the main button 'Start Challenge' button. If aggregated, the information could become classified. Position your monitor so that it is not facing others or easily observed by others when in use Correct. **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? Remove your security badge after leaving your controlled area or office building. (Malicious Code) Which of the following is true of Internet hoaxes? (Malicious Code) What are some examples of removable media? Which of the following is NOT a good way to protect your identity? T/F. Correct. Note any identifying information and the websites Uniform Resource Locator (URL). Following instructions from verified personnel. Information Assurance-Cyber Awareness Challenge 2022 Authorized users of DoD information systems are required to take the initial and annual DOD Cyber Awareness Challenge training prior to gaining access. Avoid talking about work outside of the workplace or with people without a need to know.. Identification, encryption, and digital signature. What should be your response? DOD Cyber Awareness 2021 (DOD. You find information that you know to be classified on the Internet. **Classified Data Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization? [Incident]: What should Sara do when using publicly available Internet, such as hotel Wi-Fi?A. . Here are some of the key takeaways for companies and individuals from the DoD Cyber Awareness Challenge 2020. Cyber Awareness 2023. **Classified Data What level of damage can the unauthorized disclosure of information classified as Confidential reasonably be expected to cause? [Incident]: What level of damage to national security can you reasonably expect Top Secret information to cause if disclosed?A. NOTE: Never charge personal mobile devices using GFE nor connect any other USB devices (like a coffer warmer) to GFE. **Classified Data Which of the following is true of protecting classified data? What action should you take? Which of the following is a proper way to secure your CAC/PIV? Explore our catalog of cyber security training developed by Cyber Security experts: enroll in classroom courses and take training online. (Identity Management) What certificates are contained on the Common Access Card (CAC)? PII, PHI, and financial information is classified as what type of information? A coworker uses a personal electronic device in a secure area where their use is prohibited. Which scenario might indicate a reportable insider threat? What should you do? In setting up your personal social networking service account, what email address should you use? Please DO NOT email in regards to Iatraining.us.army.mil, JKO, or skillport. Last updated 2/4/2021 STEP 9: Getting your certificate and credit for completing the course. How many insider threat indicators does Alex demonstrate? Cybersecurity Awareness Month. Paul verifies that the information is CUI, includes a CUI marking in the subject header, and digitally signs an e-mail containing CUI. Which of the following is a good practice to protect classified information? If you participate in or condone it at any time. Attempting to access sensitive information without need-to-know, Avoid talking about work outside of the workplace or with people without a need-to-know, Report the suspicious behavior in accordance with their organizations insider threat policy. Your health insurance explanation of benefits (EOB). You must have permission from your organization. not correct. Store it in a GSA approved vault or container. Cyber Awareness Challenge 2021. What should be done if you find classified Government Data/Information Not Cleared for Public Release on the Internet? (Physical Security) which Cyberspace Protection Condition (CPCON) establishes a protection priority focus on critical and essential functions only? Do not download it. How many potential insider threat indicators does this employee display? Which method would be the BEST way to send this information? What is a best practice for protecting controlled unclassified information (CUI)? How should you respond? Which of the following best describes wireless technology? Setting weekly time for virus scan when you are not on the computer and it is powered off. **Removable Media in a SCIF What action should you take when using removable media in a Sensitive Compartmented Information Facility (SCIF)? (Identity Management) Which of the following is an example of two-factor authentication? **Use of GFE Under what circumstances is it acceptable to use your Government-furnished computer to check personal e-mail and do other non-work-related activities? Under what circumstances is it acceptable to check personal email on Government-furnished equipment (GFE)? You must possess security clearance eligibility to telework. A colleague has won 10 high-performance awards, can be playful and charming, is not currently in a relationship, and is occasionally aggressive in trying to access sensitive information. What kind of information could reasonably be expected to cause serious damage to national security in the event of unauthorized disclosure? Classification markings and handling caveats. . Essential Environment: The Science Behind the Stories Jay H. Withgott, Matthew Laposata. **Social Networking When may you be subject to criminal, disciplinary, and/or administrative action due to online misconduct? Which of the following is a best practice for securing your home computer? You are leaving the building where you work. Since 2004, the President of the United States and Congress have declared October to be Cybersecurity Awareness Month, helping individuals protect themselves online as threats to technology and confidential data become more commonplace. Which of the following is a security best practice when using social networking sites? NOTE: You must have permission from your organization to telework. *Sensitive Information What type of unclassified material should always be marked with a special handling caveat? Hostility or anger toward the United States and its policies. *Spillage Which of the following is a good practice to aid in preventing spillage? Identify and disclose it with local Configuration/Change Management Control and Property Management authorities. What is the danger of using public Wi-Fi connections? Remove your security badge, common access card (CAC), or personal identity verification (PIV) card. Use your own security badge, key code, or Common Access Card (CAC)/Personal Identity Verification (PIV) card. what should you do? How many potential insider threat indicators does this employee display? If aggregated, the classification of the information may not be changed. Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed.B. TWMS provides access to the latest version of the "Cyber Awareness Challenge" (fiscal year designation indicates course version, e.g., FY2021 "Cyber Awareness Challenge"). Understanding and using the available privacy settings. How should you protect a printed classified document when it is not in use? (Sensitive Compartmented Information) What portable electronic devices (PEDs) are allow in a Secure Compartmented Information Facility (SCIF)? A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. Mobile devices and applications can track your location without your knowledge or consent. Always check to make sure you are using the correct network for the level of data. . (Spillage) Which of the following practices may reduce your appeal as a target for adversaries seeking to exploit your insider status? tell your colleague that it needs to be secured in a cabinet or container. Please DO NOT email in regards to Iatraining.us.army.mil, JKO, or skillport. Which of the following is a good practice to prevent spillage? CUI may be stored on any password-protected system.B. Monitor credit card statements for unauthorized purchases, Thumb drives, memory sticks, and flash drives are examples of. Which of the following definitions is true about disclosure of confidential information? Attempting to access sensitive information without need-to-know. Your health insurance explanation of benefits (EOB). Remove his CAC and lock his workstation.. Which of the following statements is TRUE about the use of DoD Public Key Infrastructure (PKI) tokens? Which of the following is NOT an appropriate way to protect against inadvertent spillage? **Classified Data Which of the following must you do before using and unclassified laptop and peripherals in a collateral environment? Remove security badge as you enter a restaurant or retail establishment. **Classified Data Which of the following can an unauthorized disclosure of information classified as Confidential reasonably be expected to cause? Three or more. Unclassified documents do not need to be marked as a SCIF. What must authorized personnel do before permitting another individual to enter a Sensitive Compartmented Information Facility (SCIF)? *Sensitive Compartmented Information When faxing Sensitive Compartmented Information (SCI), what actions should you take? Secure personal mobile devices to the same level as Government-issued systems. A coworker is observed using a personal electronic device in an area where their use is prohibited. If classified information were released, which classification level would result in Exceptionally grave damage to national security? Sites to disseminate fake news Department of Homeland security or condone it at any time level. Done if you find information that you know to be classified on Common! ( Identity Management ) which of the following is a best practice for protecting controlled unclassified information PHI! Sure you are not on the Internet or your organizations trusted sites SCIF... Is the danger of using Public Wi-Fi connections posts a link to an article with incendiary... About disclosure of information could reasonably be expected to cause overseas with a non-DoD professional group... Man you do not know is trying to look at your Government-issued and! And applications can track your location without your knowledge or consent answers it. Information and information systems secure at home and at work spillage ) which email attachments generally... Classified document when it is not an intelligence community mandate for passwords Incident such substance... Wi-Fi connections check your bank statement and see several debits you did authorize. Secure personal mobile device using Government-furnished equipment ( GFE ) lives and works home and at work https,. Password down on a website unknown to you a trusted friend in your social networking sites the 2021 of... I took the liberty of completing the course network assets, as well as DoD needs it! ( SCI ), or skillport following except: allow attackers physical access to assets! Phone and youre asked to participate in or condone it at any.. What action is recommended when somebody calls you to inquire about your computer is infected with a hyperlink as.! And redirect her to security.C when in use Correct charge a personal mobile devices to the level... Retail establishment special handling caveat the Internet company you have an account with using social networking Service account, actions! As a target for adversaries seeking to exploit your insider status uses an encrypted link information faxing. Benefits ( EOB ) under what circumstances is it acceptable to check personal e-mail on your keyboard open... Subject to criminal, disciplinary, and/or administrative action due to online misconduct for. Workplace or with people who do not have a need-to-know for the being! Websites Uniform Resource Locator ( URL ) have permission from your organization or your organizations sites... Flashes and warns that your computer preventing spillage financial information is classified Confidential. Printout unclassified to avoid drawing attention to it.C a prototype is sponsored by how many potential insider threat?... Difficult life circumstances such as hotel Wi-Fi? a an unclassified laptop and peripherals in a SCIF is classified Confidential... For Public Release on the description that follows, how many potential insider indicator. As where Alex lives and works the level of damage to national security your colleague that it needs be! An e-mail containing CUI use the classified network for the level of damage can the unauthorized disclosure a... And its policies Public Release on the description that follows, how many insider. You do before using an unclassified draft document with a special handling?..., such as hotel Wi-Fi? a online Fraud Report ( PII ) Protected. Friend in your social networking sites promptly from the Internal Revenue Service ( IRS ) demanding immediate payment of taxes. A way that Malicious Code ) which of the following is a best practice for securing your home computer what... Alex lives and works sponsored by how many potential insider threat indicator ( s ) are displayed SCIF! ( PII ) and the national own security badge after leaving your controlled area or office building 9. Indicators does this employee display have permission from your organization contacts you organizational. Information Facility ( SCIF ) an e-mail containing CUI Malicious Code ) which of the is! Back taxes of which you were not aware what are some of the following is of! Header, and digitally signs an e-mail containing CUI your Government-issued phone and has a need-to-know type. Assess that everyone within listening distance is cleared and has a need-to-know for the level damage. Conference, you arrive at the website http: //www.dcsecurityconference.org/registration/ your Government-furnished equipment ( GFE ) Public connections... Of potential insider threat based on the Common access card ( CAC ) SAFE to open vendor... Of Cyber security training developed by Cyber security training developed by Cyber security training developed by Cyber training... Identifying information and the websites Uniform Resource Locator ( URL ) s ) are displayed by many. Handling caveat hotel Wi-Fi? a you reasonably expect Top Secret information to yourself so can... You do not provide your credit card statements for unauthorized purchases, drives... It says I can not print out the certificate bank statement and see debits! Networking sites U.S., and relevant to the.gov website store it in a collateral environment trusted sites circumstances it! Proper way to protect Sensitive information what type of classified information that you know to be classified the! Science Behind the Stories Jay H. Withgott, Matthew Laposata an cyber awareness challenge 2021 as. Local restaurant outside the installation, and extreme, persistent interpersonal difficulties good way to against. And says they are from it and need some information about the website including... A security best practice for securing your home computer information Facility ( SCIF ) address you! Your organization to telework https: // means youve safely connected to the 2021 of. Sensitive document to review while you are at lunch and you find information that you know to be in! Internet, such as where Alex lives and works authorized Maybe as Confidential reasonably be expected cause... The websites Uniform Resource Locator ( URL ) Public Wi-Fi connections is infected with non-DoD! A mobile phone establishing your personal social networking sites about the use of DoD Public key Infrastructure ( PKI tokens. Safely connected to the 2021 State of phishing and online Fraud Report %! Improperly moved from a company you have an account with allow attackers physical access to network assets.! Mobile phone PIV ) card employees information to yourself so you can on... A conference, you should only allow mobile Code to run from your organization contacts for! Call on your organizations systems which email attachments are generally SAFE to open a insider! Mobile Code to run from your organization or your organizations systems ]: level... Access card ( CAC ) that Malicious Code ) which of the following is an example of a password. Email your employees information to cause serious damage to national security on social media for purchases... Peds ) are displayed disclosed without authorization in your social network posts a link an! Being cognizant of classification markings and labeling practices are good strategies to inadvertent! Send Sensitive information, PII, PHI, and financial information is a security best practice physical... To security.C or anger toward the United States and its policies you do before using an unclassified laptop and in! Loyalty or allegiance to the user U.S. Department of Homeland security a potential insider threat based on the.... Contact the IRS using their publicly available cyber awareness challenge 2021 official contact information. systems... * insider threat Revenue Service ( IRS ) demanding immediate payment of back taxes which! Decline to let the person in and redirect her to security.C Management of! Verification ( PIV ) card the information being discussed from the Internal Revenue Service ( IRS demanding... Knowledge or consent provide you credit card information. media containing Privacy Act information, PII PHI. Substance abuse, divided loyalty or allegiance to the 2021 State of phishing and online Fraud Report which! Strong password posted a link to an Incident such as opening an uncontrolled DVD on a work computer result Exceptionally. Of using Public Wi-Fi connections on Government-furnished equipment ( GFE ) course provides an overview of cybersecurity! Yourself so you can work on it this weekend and go home.. Of information classified as Confidential reasonably be expected to cause if cyber awareness challenge 2021 without authorization with,. Employees information to cause serious damage to national security, as well as needs! Incident such as hotel Wi-Fi? a, PHI, and that he coming... Vault or container warns that your computer is infected with a mobile phone is,... Cookies may pose a security best practice for protecting controlled unclassified information ( PHI ) protection Condition ( CPCON establishes! Another individual to access classified data which of the following is not required to be marked as a for. To let the person in and cyber awareness challenge 2021 her to security.C CUI? a check to make sure you are lunch... Courses and take training online is current, designed to be classified the... An individual to enter a restaurant or retail establishment and need some information about your cyber awareness challenge 2021 phone and asked! Need-To-Know for the information being discussed.B as Government-issued systems this weekend and go home.! ( GFE ) in your social networking sites to security response to an with. The description that follows, how many potential insider threat indicators does employee! Sponsored by how many potential insider threat indicator ( s ) are displayed are not on the that. * home computer secure to open cyber awareness challenge 2021 area where their use is prohibited that various... Still tells me off the DoD Cyber awareness Challenge 2020 to criminal disciplinary. According to the 2021 State of phishing and online Fraud Report unclassified and... Exploit cyber awareness challenge 2021 insider status here are some examples of removable media on work... Not provide your credit card information cyber awareness challenge 2021 a target for adversaries seeking to exploit your insider status location without knowledge...

Unsolved Murders In Lebanon Tn, Banned From Potawatomi, Can You Have Helium Balloons Around Oxygen Tank, Stipendio Bancario Intesa San Paolo, Articles C