The annual Cyber Awareness Challenge is a course that helps authorized users learn how to best avoid and reduce threats and vulnerabilities in an organization’s system.
In addition to offering an overview of cybersecurity best practices, the challenge also provides awareness of potential and common cyber threats. The challenge’s goal is simple: To change user behavior to reduce the risks and vulnerabilities DoD Information Systems face.
You can find answers to the DoD Cyber Awareness Challenge 2024.
Cyber Awareness Challenge 2024 Knowledge Check Answers
| Question | Answer |
|---|---|
| Which of the following is true of spillage? | It can be either inadvertent or intentional. Spillage refers to transferring classified or sensitive information to individuals, systems, or networks that are not authorized to access such information. This transfer can occur either inadvertently or intentionally, making this statement true regarding spillage. |
| Which of the following statements about Protected Health Information (PHI) is false? | It requires more protection than Personally Identifiable Information (PII). |
| Which of the following personally owned peripherals can you use with government furnished equipment (GFE)? | A monitor connected via USB. |
| On your home computer, how can you best establish passwords when creating separate user accounts? | Have each user create their own, strong password. |
| Which of the following statements is true of DoD Unclassified data? | It may require access and distribution controls. |
| You receive a text message from a package shipper notifying you that your package delivery is delayed due to needing updated delivery instructions from you. It provides a shortened link for you to provide the needed information. You are not expecting a package. What is the best course of action? | Delete the message. It’s advisable not to engage with suspicious messages or click on any links they provide, as doing so can expose you to various security risks including identity theft or malware infection. |
| When is the safest time to post on social media about your vacation plans? | After the trip. |
| You receive a phone call offering you a $50 gift card if you participate in a survey. Which course of action should you take? | Decline to participate in the survey. This may be a social engineering attempt. |
| Which of the following is NOT an appropriate use of your Common Access Card (CAC)? | Using it as photo identification with a commercial entity. |
| Which of the following is an example of behavior that you should report? | Taking sensitive information home for telework without authorization. |
| How should government owned removable media be stored? | In a GSA-approved container according to the appropriate security classification. Storing removable media in General Services Administration (GSA)-approved security containers helps ensure that the media is protected against unauthorized access, loss, or damage. The storage should align with the security classification of the information contained on the media to ensure compliance with established security protocols and regulations. |
| Which of the following is NOT a best practice for protecting your home wireless network for telework? | Use your router’s pre-set Service Set Identifier (SSID) and password. |
| ° How can you mitigate the potential risk associated with a compressed URL (e.g., TinyURL, goo.gl)? | Use the preview function to see where the link actually leads. |
| Which of the following contributes to your online identity? | All of these. |
| Which of the following is NOT a way that malicious code can spread? | Running a virus scan. |
| Which of the following is NOT a best practice for protecting data on a mobile device? | Disable automatic screen locking after a period of inactivity. |
| Beth taps her phone at a payment terminal to pay for a purchase. Does this pose a security risk? | Yes, there is a risk that the signal could be intercepted and altered. |
| How can you protect your home computer? | Regularly back up your files. |
| Which of the following uses of removable media is appropriate? | Encrypting data stored on removable media. |
| Which of the following is true of working within a Sensitive Compartmented Information Facility (SCIF)? | Authorized personnel who permit another individual to enter the SCIF are responsible for confirming the individual’s need-to-know and access. |
| Which of the following describes Sensitive Compartmented Information (SCI)? SCI is a program that _______ various types of classified information for _______ protection and dissemination or distribution control. | segregates; added |
| Tom is working on a report that contains employees’ names, home addresses, and salary. Which of the following is Tom prohibited from doing with the report? | Using his home computer to print the report while teleworking. |
| Which of these is NOT a potential indicator that your device may be under a malicious code attack? | A notification for a system update that has been publicized. |
| Under which Cyberspace Protection Condition (CPCON) is the priority focus limited to critical and essential functions? | The priority focus on critical and essential functions is established under Cyber Protection Condition (CPCON) level 1. |
| Which of the following is a best practice for using government e-mail? | Do not send mass e-mails. |
| Carl receives an e-mail about a potential health risk caused by a common ingredient in processed food. Which of the following actions should Carl NOT take with the e-mail? | Forward it. |
| Which of the following is permitted when using an unclassified laptop within a collateral classified space? | A Government-issued wired headset with microphone. |
| Based on the description provided, how many insider threat indicators are present? Elyse has worked for a DoD agency for more than 10 years. She is a diligent employee who receives excellent performance reviews and is a valued team member. She has two children and takes them on a weeklong beach vacation every summer. She spent a semester abroad in France as a teenager and plans to take her children to visit France when they are older. | 0 |
| Annabeth becomes aware that a conversation with a co-worker that involved Sensitive Compartmented Information (SCI) may have been overheard by someone who does not have the required clearance. What action should Annabeth take? | Contact her security POC with detailed information about the incident. |
| Which of the following is an appropriate use of government e-mail? | Using a digital signature when sending attachments. |
| Sylvia commutes to work via public transportation. She often uses… | Yes. Eavesdroppers may be listening to Sylvia’s phone calls, and shoulder surfers may be looking at her screen. |
| Which of the following is true of transmitting or transporting SCI? | Printed SCI must be retrieved promptly from the printer. |
| What conditions are necessary to be granted access to SCI? | Top Secret clearance and indoctrination into the SCI program. |
| Terry sees a post on her social media feed that says there is smoke billowing from the Pentagon… | This is probably a post designed to attract Terr’s attention to click on a link and steal her information. |
| Which of the following statements about PHI is false? | It is created or received by a healthcare provider, health plan, or employer of a business associate of these. |
| How can you prevent viruses and malicious code? | Scan all external files before uploading to your computer. |
| Which of the following is an appropriate use of a DoD PKI token? | Do not use a token approved for NIPR on SIPR. |
| Which of the following is a best practice when browsing the internet? | Only accept cookies from reputable, trusted websites. |
| Where are you permitted to use classified data? | Only in areas with security appropriate to the classification level. |
| What is the goal of an Insider Threat Program? | Deter, detect, and mitigate. |
| Which of the following uses of removable media is allowed? | Government owned removable media that is approved as operationally necessary. |
| Which of the following is NOT an appropriate use of your CAC? | Using it as photo identification with a commercial entity. |
| Which of the following is an authoritative source for derivative classification? | Security Classification Guide. |
| How can an adversary use information available in public records to target you? | Combine it with information from other data sources to learn how best to bait you with a scam. |
| Which of the following is an allowed use of government furnished equipment (GFE)? | Checking personal e-mail if your organization allows it. |
| Which best describes an insider threat? Someone who uses _ access, __, to harm national security through unauthorized disclosure, data modification, espionage, terrorism, or kinetic actions. | authorized, wittingly or unwittingly. |
| After a classified document is leaked online, it makes national headlines. Which of the following statements is true of the leaked information that is now accessible by the public? | You should still treat it as classified even though it has been compromised. |
| When linked to a specific individual, which of the following is NOT an example of Personally Identifiable Information (PII)? | Automobile make and model. |
| What does the Common Access Card (CAC) contain? | Certificates for identification, encryption, and digital signature. |
Unclassified Information
Meeting Notes:
Your meeting notes are Unclassified. This means that your notes:
Answer: Do not have the potential to damage national security.
Personnel Roster:
| Employee | Passport Number |
|---|---|
| Adams, Jeff | A12345678 |
| Brown, Marty | B23456789 |
| Clark, Tina | C34567890 |
What type of information does this personnel roster represent?
Answer: Controlled Unclassified Information (CUI). This is an example of Personally Identifiable Information, which is a type of CUI.
| Employee | Passport Number |
|---|---|
| Adams, Jeff | A12345678 |
| Brown, Marty | B23456789 |
| Clark, Tina | C34567890 |
When e-mailing this personnel roster, which of the following should you do?
Answer:
– Encrypt the PII
– Digitally sign the e-mail
– Use your Government e-mail account
Sensitive Compartment Information
- Select an action to take in response to compromised Sensitive Compartment Information (SCI).
– Call your security point of contact (POC). - Dr. Dove printed a classified document and retrieved it promptly from the printer. Does this behavior represent a security concern?
– Yes - Col. Cockatiel worked on an unmarked document on the classified network. Does this behavior represent a security concern?
– Yes - Mr. Macaw and Colleague had a conversation about a shared project in the SCIF after verifying no one was nearby. Does this behavior represent a security concern?
– Yes. - Which of these individuals demonstrated behavior that could lead to the compromise of SCI?
– Col. Cockatiel.
Government Resources
Is this an appropriate use of government-furnished equipment (GFE)?
– No
This is not an appropriate use of GFE. Why?
– You should not use government e-mail to sell anything
– You should use a digital signature when sending hyperlinks.
– You should not use unauthorized services, such as fileshare services, on GFE.
Telework
| Question | Answer |
|---|---|
| What step should be taken next to securely telework? | Secure the area so others cannot view your monitor. |
| Which of these personally-owned computer peripherals may be used with government-furnished equipment? | – HDMI monitor – USB keyboard |
| Does this action pose a potential security risk? | Yes |
Cyber Awareness Challenge 2024 Standard Challenge Answers
The Cyber Awareness Challenge aims to shape user behavior by highlighting actionable steps authorized users can take to reduce risks and fortify the Department of Defense’s (DoD) Information Systems against threats.
This training is kept up-to-date, is designed to capture the user’s attention, and is tailored to be relevant to the user. Serving as the DoD’s foundational standard for end-user awareness training, the Cyber Awareness Challenge delivers awareness content that aligns with evolving mandates from Congress, the Office of Management and Budget (OMB), the Office of the Secretary of Defense, as well as feedback from the DoD CIO-led Cyber Workforce Advisory Group (CWAG).
The course offers a snapshot of the prevailing cybersecurity threats and outlines best practices for safeguarding information and information systems at work and home. It emphasizes the importance of protecting classified, controlled unclassified information (CUI), and personally identifiable information (PII).
For those who have completed earlier versions of the course, a Knowledge Check option is provided. As users navigate through the incident board, they encounter questions based on previous Cyber Awareness Challenges.
Correct answers allow users to proceed to the incident’s end, while incorrect responses require users to review and complete all tasks within the incident.
Unclassified Information
Mission: Protect unclassified information.
Meeting Notes
- Your meeting notes are Unclassified. This means that your notes:
– May be released to the public.
– Do not have the potential to damage national security.
– Do not have the potential to affect the safety of personnel missions, or systems.
– Do not require any markings.
Personnel Roster
| Employee | Passport Number |
|---|---|
| Adams, Jeff | A12345678 |
| Brown, Marty | B23456789 |
| Clark, Tina | C34567890 |
What type of information does this personnel roster represent?
- Controlled Unclassified Information (CUI). This is an example of Personally Identifiable Information, which is a type of CUI.
| Employee | Passport Number |
|---|---|
| Adams, Jeff | A12345678 |
| Brown, Marty | B23456789 |
| Clark, Tina | C34567890 |
When e-mailing this personnel roster, which of the following should you do?
- Encrypt the PII
- Digitally sign the e-mail
- Use your Government e-mail account
Classified Information
Mission: Securely process classified information and prevent spillage.
Your Office
- Pick the Designated Secure Area to earn the Document Coversheets!
Sensitive Compartment Information
Mission: Identify potential causes of Sensitive Compartment Information (SCI) being compromised.
- Select an action to take in response to compromised Sensitive Compartment Information (SCI).
– Call your security point of contact (POC). - Dr. Dove printed a classified document and retrieved it promptly from the printer. Does this behavior represent a security concern?
– Yes - Col. Cockatiel worked on an unmarked document on the classified network. Does this behavior represent a security concern?
– Yes - Mr. Macaw and Colleague had a conversation about a shared project in the SCIF after verifying no one was nearby. Does this behavior represent a security concern?
– Yes. - Which of these individuals demonstrated behavior that could lead to the compromise of SCI?
– Col. Cockatiel.
Physical Facilities
Mission: Protect physical facilities.
Open Office Area
- Which of the following poses a physical security risk?
– Posting an access roster in public view.
Collateral Classified Space
- Which of the following must you do when using an unclassified laptop in a collateral classified environment?
– Disable the embedded camera, microphone, and Wi-Fi
– Use government-issued wired peripherals
SCIF
- Which of the following must you do when working in a SCIF?
– Verify that all personnel in listening distance have a need-to-know
– Ensure that monitors do not provide unobstructed views
– Escort uncleared personnel and warn others in the SCIF
Government Resources
Mission: Protect government resources
Is this an appropriate use of government-furnished equipment (GFE)?
– No
This is not an appropriate use of GFE. Why?
– You should not use government e-mail to sell anything
– You should use a digital signature when sending hyperlinks.
– You should not use unauthorized services, such as fileshare services, on GFE.
Identity Authentication
Mission: Identify best practices for identity authentication.
Alex
I receive a text message code when logging in with a password.
– Good.
Bailey
I use password1 as one of my passwords.
– Bad
Charlie
How do you protect your Common Access Card (CAC)? I use my CAC occasionally as a secondary photo identification.
– Bad
Select the individual who securely authenticates their identity.
– Alex
Malicious Code
Mission: Escape the network maze without being infected by malicious code.
- How can malicious code spread? Select all that apply.
– E-mail attachments
– Downloading files
– Visiting infected websites - How can you prevent the download of malicious code? Select all that apply:
– Scan external files before uploading to your device
– Research apps and their vulnerabilities before downloading
- Which of the following may indicate a malicious code attack? Select all that apply.
– A new app suddenly appears on the device.
– The device slows down.
– A new tab appears in the Web browser.
Mission: Identify social engineering indicators.
- DoD IT. How many social engineering indicators are present in this e-mail?
– 3+ - DoD Software. How many social engineering indicators are present in this e-mail?
– 3+.
Removable Media
Mission: Safely handle removable media.
You find an unlabeled thumb drive in the parking area outside your workplace. What should you do?
– Turn it in to your security officer.
Mobile Devices
Mission: Reduce security risks associated with mobile devices.
- Which payment method poses the least risk?
– Cash. - Which method of getting online poses the least risk?
– Approved mobile hotspot. - Which action will keep DoD data the safest?
– Leave the coffee shop.
Mission: Safely navigate a social networking site.
- Everyone should see the new superhero movie! The special effects are fantastic on the big screen!
– Delete. - Shaun S:
– Deny - Important info for everyone! I had no idea.
– Keep scrolling.
Website Use
Mission: Safely handle a potential internet hoax.
- Save Thanksgiving.
– Research the link and ignore the link.
Identity Management
Mission: Stop the mole from stealing your identity.
- True or false? Voice-activated smart devices can collect and share your personal information.
– True. - True or false? The best way to keep your password safe is to carry it with you.
– False. - True or false? You should monitor your credit cars statements for unauthorized purchases.
– True.
Insider Threat
Mission: Protect against insider threats.
- Does Bob demonstrate potential insider threat indicators?
– Yes. - How should Bob’s colleagues respond?
– Report Bob.
Telework
Mission: Reduce security risks associated with telework.
- What step should be taken next to securely telework?
– Secure the area so others cannot view your monitor. - Which of these personally-owned computer peripherals may be used with government-furnished equipment?
– HDMI monitor
– USB keyboard - Does this action pose a potential security risk?
– Yes.
Home Computer Security
Mission: Protect your home computer.
- Virus and Threat Protection. Install the software.
- User accounts. Create a user profile.
- Firewall protection. Enable it.
Evеrything is very open with a reallʏ clear explanation of tһe issues.
Many thanks for shaгing!
Thanks. It is very helpful!