Forgot Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

You must login to ask a question.

Please briefly explain why you feel this question should be reported.

Please briefly explain why you feel this answer should be reported.

Please briefly explain why you feel this user should be reported.

Quizzma Latest Articles

Cyber Awareness Challenge 2023 Answers

We thoroughly check each answer to a question to provide you with the most correct answers. Found a mistake? Tell us about it through the REPORT button at the bottom of the page. Ctrl+F (Cmd+F) will help you a lot when searching through such a large set of questions.

Cyber Awareness Challenge 2023 Answers

Check Also: Cyber Awareness Challenge 2024 Answers

Cyber Awareness Challenge 2023 Standard Challenge Answers

Spillage

If spillage occurs:

  • Immediately notify your security POC;
  • Do not delete the suspected files;
  • Do not forward, read further, or manipulate the file;
  • Secure the area.

Which of the following does NOT constitute spillage?

Classified information that should be unclassified and is downgraded. Spillage occurs when information is “spilled” from a higher classification or protection level to a lower classification or protection level. Spillage can be either inadvertent or intentional.

Which of the following is NOT an appropriate way to protect against inadvertent spillage?

Use the classified network for all work, including unclassified work. Being cognizant of classification markings and labeling practices are good strategies to avoid inadvertent spillage. While it may seem safer, you should NOT use a classified network for unclassified work.

Which of the following should you NOT do if you find classified information on the internet?

Download the information. Leaked classified or controlled information is still classified/controlled even if it has already been compromised. Do not download it.

Classified Data

What level of damage to national security can you reasonably expect Top Secret information to cause if disclosed?

Exceptionally grave damage. Top Secret information could be expected to cause exceptionally grave damage to national security of disclosed.

Which of the following is true about telework?

You must have your organization’s permission to telework. When teleworking, you should always use authorized and software.

Which of the following is true of protecting classified data?

Classified material must be appropriately marked. Even within a secure facility, don’t assume open storage is permitted.

Insider Threat

In addition to avoiding the temptation of greed to betray his country, what should Alex do differently?

Avoid talking about work outside of the workplace or with people without a need-to-know.

How many insider threat indicators does Alex demonstrate?

Three or more. Alex demonstrates a lot of potential insider threat indicators.

What should Alex’s colleagues do?

Report the suspicious behavior in accordance with their organization’s insider threat policy.

Social Networking

QuestionAnswer
Alex’s social profileClick on All Areas (all 3 sections)
Privacy settingsAll to Friends Only. Only friends should see all biographical data such as where Alex lives and works, and Turn OFF the GPS.

Controlled Unclassified Information

Which of the following is NOT an example of CUI?

Press release data. CUI includes, but is not limited to Controlled Technical Information (CTI), Personally Identifiable Information (PII), Protected Health Information (PHI), financial information, personal or payroll information, proprietary data and operational information.

Which of the following is NOT a correct way to protect CUI?

CUI may be stored on any password-protected system. CUI may be stored only on authorized systems or approved devices.

Select the information on the data sheet that is personally identifiable information (PII) but not protected health information (PHI)..

Pick the Social Security Number section. PII includes, but is not limited to, social security numbers, date and places of birth, mothers’ maiden names, biometric records, and PHI.

Physical Security

CPCON LevelDoD Risk LevelPriority Focus
CPCON 1Very HighCritical Functions
CPCON 2HighCritical and Essential Functions
CPCON 3MediumCritical, Essential, and Support Functions
CPCON 4LowAll Functions
CPCON 5Very LowAll Functions

What should the employee do differently?

Remove his CAC and lock his workstation.

What should the employee do differently?

Decline to let the person in and redirect her to security. Don’t allow other access or to piggyback into secure areas.

Identity Management

Identify security violations:

Always take your CAC when you leave your workstation. Never write down the PIN for your CAC.

Sensitive Compartmented Information

When is it appropriate to have your security badge visible?

At all times while in the facility. Badges must be visible and displayed above the waist at all times when in the facility.

What should the owner of this printed SCI do differently?

Retrieve classified documents promptly from printers. ALways mark classified information appropriately and retrieve classified documents promptly from the printer.

What should the participants in this conversation involving SCI do differently?

Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed.

Removable Media in a SCIF

What portable electronic devices (PEDs) are permitted in a SCIF?

Only expressly authorized government-owned PEDs.

What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF?

All of these. Classified DVD distribution should be controlled just like any other classified media.

Malicious Code

Malicious code can do damage by corrupting files, erasing your hard drive, and/or allowing hackers access.

Which of the following is an example of malicious code?

Software that installs itself without the user’s knowledge. Malicious code can mask itself as a harmless e-mail attachment, downloadable file, or website.

Which of the following is a way to prevent the spread of malicious code?

Scan all external files before uploading to your computer.

How can malicious code cause damage?

All of these.

How can you avoid downloading malicious code?

Do not access website links in e-mail messages.

Which is an appropriate use of government e-mail?

Use a digital signature when sending attachments or hyperlinks

Website Use

What to choose?

Look for the HTTPS in URL and also a cookie section.

Social Engineering

To protect against social engineering:

  • Do not participate in telephone surveys;
  • Do not give out personal information
  • Do not give out computer or network information
  • Do not follow instructions from unverified personnel
  • Contact your security POC or help desk

Required Profile Update

Report e-mail.

Account Alert

Delete e-mail.

Great Book Deals

Delete e-mail.

Travel

QuestionAnswer
What should Sara do when publicly available Internet, such as hotel Wi-Fi?Only connect with the Government VPN.
What security risk does a public Wi-Fi connection pose?It may expose the information sent to theft.
What is the danger of using public Wi-Fi connections?Both of these.

Use of GFE

Permitted Uses of Government-Furnished Equipment (GFE)

Viewing or downloading pornography – No
Gambling online – No
Conducting a private money-making venture – No
Using unauthorized software – No
Illegaly downloading copyrighted material – No
Making unauthorized configuration changes – No

Mobile Devices

When is it okay to charge a personal mobile device using government-furnished equipment (GFE)?

This is never okay.

Which of the following demonstrates proper protection of mobile devices?

Linda encrypts all of the sensitive data on her government issued mobile devices.

Home Computer Security

What to choose?

Update – Install – Enable – Exit

Cyber Awareness Challenge 2023 Knowledge Check Answers

Spillage

What does “spillage” refer to?

Information improperly moved from a higher protection level to a lower protection level. – Correct

You find information that you know to be classified on the Internet. What should you do?

Note the website’s URL and report the situation to your security point of contact. – Correct

You receive an inquiry from a reporter about government information not cleared for public release. How should you respond?

Refer the reporter to your organization’s public affairs office. – Correct

A vendor conducting a pilot program with your organization contacts you for organizational data to use in a prototype. How should you respond?

Refer the vendor to the appropriate personnel. – Correct

Which of the following may help to prevent spillage?

Follow procedures for transferring data to and from outside agency and non-Government networks. – Correct.

Which of the following is a good practice to prevent spillage?

Always check to make sure you are using the correct network for the level of data. – Correct


Classified Data

Which of the following is a good practice for telework?

Position your monitor so that it is not facing others or easily observed by others when in use – Correct

What level of damage can the unauthorized disclosure of information classified as Top Secret reasonably be expected to cause?

Exceptionally grave damage to national security. – Correct

Which of the following is a good practice to protect classified information?

Don’t assume open storage in a secure facility is authorized – correct

What level of damage can the unauthorized disclosure of information classified as confidential reasonably be expected to cause?

Damage to national security. – Correct

Which of the following must you do before using an unclassified laptop and peripherals in a collateral classified environment?

Ensure that any cameras, microphones, and Wi-Fi embedded in the laptop are physically disabled.- Correct

What is the basis for the handling and storage of classified data?

Classification markings and handling caveats.

Who designates whether information is classified and its classification level?

Original classification authority – Correct

Insider Threat

Which of the following is a potential insider threat indicator?

Unusual interest in classified information. – Correct Difficult life circumstances, such as death of spouse – correct

What function do Insider Threat Programs aim to fulfill?

Proactively identify potential threats and formulate holistic mitigation responses. – Correct

What is an insider threat?

Someone who uses authorized access, wittingly or unwittingly, to harm national security through unauthorized disclosure or other actions that may cause the loss or degradation of resources or capabilities. – Correct

Based on the description that follows, how many potential insider threat indicator(s) are displayed? A colleague saves money for an overseas vacation every year, is a single father, and occasionally consumes alcohol.

0 indicators.

Based on the description that follows, how many potential insider threat indicator(s) are displayed? A colleague is playful and charming, consistently wins performance awards, and is occasionally aggressive in trying to access classified information.

1 indicator.

Based on the description that follows, how many potential insider threat indicator(s) are displayed? A colleague enjoys playing video games online, regularly use social media, and frequently forgets to secure her smartphone elsewhere before entering areas where it is prohibited.

1 indicator.

Based on the description that follows, how many potential insider threat indicator(s) are displayed? A colleague abruptly becomes hostile and unpleasant after previously enjoying positive working relationships with peers, purchases an unusually expensive new car, and has unexplained absences from work.

3 or more indicators. – Correct

Which of the following is a reportable insider threat activity?

Attempting to access sensitive information without need-to-know. – correct.

Which scenario might indicate a reportable insider threat?

A colleague removes sensitive information without seeking authorization in order to perform authorized telework. – Correct

Social Networking

How can you protect your organization on social networking sites?

Ensure there are no identifiable landmarks visible in any photos taken in a work setting that you post

A trusted friend in your social network posts a link to vaccine information on a website unknown to you. What action should you take?

Research the source to evaluate its credibility and reliability.

Which piece of information is safest to include on your social media profile?

Your favorite movie. – Correct Photos of your pet – Correct

When may you be subject to criminal, disciplinary, and/or administrative action due to online harassment, bullying, stalking, hazing, discrimination, or retaliation?

If you participate in or condone it at any time.

How can you protect yourself on social networking sites?

Validate friend requests through another source before confirming them. – Correct

Which of the following statements is true?

Many apps and smart devices collect and share your personal information and contribute to your online identity.

Which of the following statements is true?

Adversaries exploit social networking sites to disseminate fake news – Correct.

Which of the following is a security best practice when using social networking sites?

Avoiding posting your mother’s maiden name

Controlled Unclassified Information

Which designation marks information that does not have potential to damage national security?

Unclassified – Correct

Which designation includes Personally Identifiable Information (PII) and Protected Health Information (PHI)?

Controlled unclassified information. – correct

What is a best practice for protecting controlled unclassified information (CUI)?

Store it in a locked desk drawer after working hours. – correct

Which of the following is true of Controlled Unclassified information (CUI)?

CUI must be handled using safeguarding or dissemination controls. – Correct

Which of the following is true of Protected Health Information (PHI)?

It is created or received by a healthcare provider, health plan, or employer. – Correct

Which of the following is NOT an example of Personally Identifiable Information (PII)?

High school attended. – correct

Which of the following is a security best practice for protecting Personally Identifiable Information (PII)?

Only use Government-furnished or Government-approved equipment to process PII. – correct

Which of the following best describes a way to safely transmit Controlled Unclassified Information (CUI)?

Debra ensures all recipients have the required clearance and an official need-to-know before sending CUI via encrypted e-mail. – correct

Which of the following is true of Unclassified Information?

It could affect the safety of government personnel, missions, and systems – correct.

Physical Security

QuestionAnswer
Which Cyber Protection Condition (CPCON) establishes a protection priority focus on critical functions only?CPCON1
Which of the following is a best practice for physical security?Report suspicious activity
Which of the following best describes good physical security?Lionel stops an individual in his secure area who is not wearing a badge. – Correct

Identity Management

Which of the following is an example of a strong password?

%2ZN=Ugq – correct

What is the best way to protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card?

Store it in a shielded sleeve. – Correct

Which of the following is true of the Common Access Card (CAC) or Personal Identity Verification (PIV) card?

You should remove and take your CAC/PIV card whenever you leave your workstation. – correct

Which of the following is true of using DoD Public key Infrastructure (PKI) token?

It should only be in a system while actively using it for a PKI-required task. – Correct

Which of the following is true of the Common Access Card (CAC)?

It contains certificates for identification, encryption, and digital signature. – correct

Which of the following is an example of two-factor authentication?

A Common Access Card and Personal Identification Number. – correct

Sensitive Compartmented Information

What must authorized personnel do before permitting another individual to enter a Sensitive Compartmented Information Facility (SCIF)?

Confirm the individual’s need-to-know and access. – correct

Which of the following is true of Security Classification Guides?

They broadly describe the overall classification of a program or system. – Not correct They provide guidance on reasons for and duration of classification of information.

Which of the following is true of Sensitive Compartmented Information (SCI)?

Access requires Top Secret clearance and indoctrination into the SCI program.

Which of the following is true of sharing information in a Sensitive Compartmented Information Facility (SCIF)?

All individuals in a SCIF are properly cleared and have need-to-know.

A compromise of Sensitive Compartmented Information (SCI) occurs when a person who does not have the required clearance or access caveats comes into possession of SCI_________.???

In any manner.

Which of the following is true of transmitting Sensitive Compartmented Information (SCI)?

You may only transport SCI if you have been courier-briefed for SCI. – Correct

Removable Media in a SCIF

QuestionAnswer
Which of the following is NOT a potential consequence of using removable media unsafely in a Sensitive Compartmented Facility (SCIF)?Damage to the removable media.
Which of the following is true of portable electronic devices (PEDs) in a Sensitive Compartmented Information Facility (SCIF)?Only connect government-owned PEDs to the same level classification information system when authorized.
With the maximum classification, date of creation, point of contact, and Change Management (CM) Control Number.With the maximum classification, date of creation, point of contact, and Change Management (CM) Control Number.

Malicious Code

What is a common indicator of a phishing attempt?

A claim that you must update or validate information

Which of the following is NOT a type of malicious code?

Executables

Which of the following is true of downloading apps?

For Government-owned devices, use approved and authorized applications only. – Correct

Which of the following is a way to prevent the spread of malicious code?

For Government-owned devices, use approved and authorized applications only. – Correct

Which of the following is a way to prevent the spread of malicious code?

Scan all external files before uploading to your computer.

Website Use

QuestionAnswer
Which of the following actions can help to protect your identity?Shred personal documents.
How should you respond to the theft of your identity?Contact credit reporting agencies

Social Engineering

QuestionAnswer
What type of social engineering targets senior officials?Whaling
How can you protect yourself from social engineering?Verify the identity of all individuals.
What actions should you take with a compressed Uniform Resource Locator (URL) on a website known to you?Search for instructions on how to preview where the link actually leads
Which of the following is true?Digitally signed e-mails are more secure.
Which is an appropriate use of government e-mail?Use a digital signature when sending attachments or hyperlinks
which of the following is true of internet hoaxes?They can be part of a distributed denial-of-service (DDoS) attack.

Travel

QuestionAnswer
Which of the following is a concern when using your Government-issued laptop in public?Others may be able to view your screen. The physical security of the device.
Which of the following is true of traveling overseas with a mobile phone?A personally owned device approved under Bring Your Own Approved Device (BYOAD) policy must be unenrolled while out of the country.

Use of GFE

QuestionAnswer
Which of the following is NOT a permitted way to connect a personally-owned monitor to your Government-furnished equipment (GFE)?Universal Serial Bus (USB)
Which of the following personally-owned computer peripherals is permitted for use with Government-furnished equipment?A headset with a microphone through a Universal Serial Bus (USB) port.

Mobile Devices

QuestionAnswer
Which of the following is an example of removable media?Memory sticks, flash drives, or external hard drives.
How can you protect data on your mobile computing and portable electronic devices (PEDs)?Enable automatic screen locking after a period of inactivity.
Which of the following is true of removable media and portable electronic devices (PEDs)?PEDs pose more risks than removable media and therefore have more stringent rules and protections.
Which of the following is a best practice for using removable media?Avoid inserting removable media with unknown content into your computer – not correct.
Which of the following best describes the conditions under which mobile devices and applications can track your location?It may occur at any time without your knowledge or consent.

Home Computer Security

QuestionAnswer
Which of the following is a best practice for securing your home computer?Install system security patches.
Which of the following is true of Internet of Things (IoT) devices?They can become an attack vector to other devices on your home network. – correct
How should you secure your home wireless network for teleworking?Implement Wi-Fi Protected Access 2 (WPA2) Personal encryption at a minimum.

Was this helpful?




Quizzma Team

Quizzma Team

The Quizzma Team is a collective of experienced educators, subject matter experts, and content developers dedicated to providing accurate and high-quality educational resources. With a diverse range of expertise across various subjects, the team collaboratively reviews, creates, and publishes content to aid in learning and self-assessment.
Each piece of content undergoes a rigorous review process to ensure accuracy, relevance, and clarity. The Quizzma Team is committed to fostering a conducive learning environment for individuals and continually strives to provide reliable and valuable educational resources on a wide array of topics. Through collaborative effort and a shared passion for education, the Quizzma Team aims to contribute positively to the broader learning community.

Related Posts

Leave a comment