Cyber Awareness Challenge 2025 Knowledge Check Answers

Question	Answer
How can you protect yourself from identity theft?	Review your credit report annually
Which of the following is an allowed use of government-furnished equipment (GFE)?	E-mailing your supervisor
Which of the following is true of spillage?	It describes information that is “spilled” to either a lower or higher protection level.
Which of the following is true of Sensitive Compartmented Information Facilities (SCIFs)?	Personnel should physically assess whether everyone within listening distance has a need-to-know before starting conversations involving classified information.
Which of the following is a potential insider threat indicator?	Work-related foreign travel
How can you protect a mobile device while traveling?	Connect with a Government VPN
Which of the following is true of transmitting or transporting Sensitive Compartmented Information (SCI)?	You must be courier-briefed for SCI to transport it.
Which of the following is a best practice for telework and remote work?	Connect to your Government Virtual Private Network (VPN).
When linked to a specific individual, which of the following is NOT an example of Personally Identifiable Information (PII)?	Smartphone brand and model
Which of the following can be used to catalog information about you?	All of these
Tessa is processing payroll data that includes employees’ names, home addresses, and salary. Which of the following is Tessa prohibited from doing with the data?	Using her home computer to print the data while working remotely
John receives an e-mail about a potential shutdown of a major social service unless a petition receives enough signatures. Which of the following actions should John NOT take with the e-mail?	Forward it
How can you prevent viruses and malicious code?	Scan all e-mail attachments
You receive an e-mail marked important from your agency head asking you to call them using a number you do not recognize. The e-mail was sent from a personal e-mail address that you do not recognize, but it addresses you by name. What action should you take?	This may be a spear phishing attempt. Report it to your security POC or help desk.
Which type of data could reasonably be expected to cause damage to national security?	Confidential
Which of the following is an appropriate use of government e-mail?	Using a digital signature when sending hyperlinks
Which of the following is an example of a strong password?	bRobr@79I*P
Which of the following uses of removable media is allowed?	Sam uses approved Government-owned removable media to transfer files between government systems as authorized.
Which of the following is a best practice to protect your identity?	Ask how information will be used before giving it out.
Matt is a government employee who needs to share a document containing source selection data with his supervisor. Which of the following describes the most appropriate way for Matt to do this?	Encrypt it and send it via digitally signed Government e-mail.
Under which Cyberspace Protection Condition (CPCON) is the priority focus limited to critical functions?	CPCON 1
Which of the following is the safest to share on a social networking site?	Your favorite movie
Does it pose a security risk to tap your smartwatch to pay for a purchase at a store?	Only if you do not have two-factor authentication enabled on your linked phone.
What is a best practice for creating user accounts for your home computer?	Create separate accounts for each user and have each user create their own password.
Which of the following is true of removable media and portable electronic devices (PEDs)?	Removable media pose more risks than PEDs and are not permitted in government facilities.
Which of the following is true of compressed URLs (e.g., TinyURL, goo.gl)?	They may be used to mask malicious intent
You receive an e-mail with a link to run an anti-virus scan. Your IT department has not sent links like this in the past. The e-mail is not digitally signed. What action should you take?	Report the e-mail to your security POC or help desk.
Which of the following is a way to protect classified data?	Store it in a GSA-approved container
How can you protect your home computer?	Use legitimate, known antivirus software
Which of the following poses a security risk while teleworking in an environment where Internet of Things (IoT) devices are present?	All of these.
Which of these is NOT a potential indicator that your device may be under a malicious code attack	An operating system update
What are the requirements for access to Sensitive Compartmented Information (SCI)?	Top Secret clearance and indoctrination into the SCI program
Which of the following is an example of removable media?	Compact disc
Which of the following is an example of behavior that you should report?	Bringing a phone into a prohibited area
Which of the following is NOT an appropriate use of your Common Access Card (CAC)?	Exchanging it for a visitor pass in another building.
Which of the following is an appropriate use of a DoD Public Key Infrastructure (PKI) token?	Only leave it in a system while actively using it for a PKI-required task
How can you protect yourself on social networking sites?	Validate connection requests through another source if possible
How can you protect data on a mobile device?	Use two-factor authentication
Which of the following is permitted when using an unclassified laptop within a collateral classified space?	A personally-owned wired headset without a microphone

Standard Challenge Answers

Unclassified Information

Your meeting notes are Unclassified. This means that your notes:

1. May be released to the public.
2. Do not have the potential to damage national security.
3. Do not have the potential to affect the safety of personnel, missions, or systems.
4. Do not require any markings.

Correct Answer:
2. Do not have the potential to damage national security.

---

Employee	Passport Number

Adams, Jeff

A12345678

Brown, Marty

B23456789

Clark, Tina

C34567890

What type of information does this personnel roster represent?

1. Unclassified information
2. Controlled Unclassified Information (CUI)
3. For Official Use Only (FOUO) information

Correct Answer:
2. Controlled Unclassified Information (CUI)

---

When e-mailing this personnel roster, which of the following should you do? (Select all that apply.)

1. Encrypt the PII
2. Digitally sign the e-mail
3. Use your Government e-mail account

Correct Answers:

• Encrypt the PII
• Digitally sign the e-mail
• Use your Government e-mail account

Classified Information

Your Office

Your office is not cleared for use with classified information. Select an action to take to protect against accidental spillage.

1. Lower the blinds
2. Check that you are using the correct network level
3. Select a different area in which to work
4. Close the door

Correct Answer:
3. Select a different area in which to work

Common Area

The common area is not cleared for use with classified information. Select an action to take to protect against accidental spillage.

Answer Options:

1. Shield your laptop screen
2. Check that you are using the correct network level
3. Select a different area in which to work
4. Close the door

Correct Answer:
3. Select a different area in which to work

Conference Room

The conference room is not cleared for use with classified information. Select an action to take to protect against accidental spillage.

Answer Options:

1. Turn off the projector
2. Check that you are using the correct network level
3. Select a different area in which to work
4. Close the door

Correct Answer:
3. Select a different area in which to work

Designated Secure Area

Great choice! Taking steps to protect classified data, like ensuring that you use it only in areas with appropriate security, reduces incidents of spillage.

Sensitive Compartmented Information

Select an action to take in response to compromised Sensitive Compartmented Information (SCI).

1. Gather more information
2. Call your security point of contact (POC)
3. Do nothing

Correct Answer:
2. Call your security point of contact (POC)

---

Dr. Dove printed a classified document and retrieved it promptly from the printer. Does this behavior represent a security concern?

Answer Options:

1. Yes
2. No

Correct Answer:
2. No

Col. Cockatiel stored an unmarked document on the classified network. Does this behavior represent a security concern?

1. Yes
2. No

Correct Answer:

1. Yes

Mr. Macaw and a colleague had a conversation about a shared project in the SCIF after verifying no one was nearby. Does this behavior represent a security concern?

1. Yes
2. No

Correct Answer:
2. No

Which of these individuals demonstrated behavior that could lead to the compromise of SCI?

Answer Options:

1. Dr. Dove
2. Col. Cockatiel
3. Mr. Macaw

Correct Answer:
2. Col. Cockatiel

Physical Facilities

Open Office Area

Which of the following poses a physical security risk?

1. Posting an access roster in public view
2. Using your Common Access Card (CAC) for facility access
3. Challenging people without proper badges

Correct Answer:

1. Posting an access roster in public view

Collateral Classified Space

Which of the following must you do when using an unclassified laptop in a collateral classified environment? (Select all that apply.)

1. Use a wireless headset
2. Disable the embedded camera, microphone, and Wi-Fi
3. Use government-issued wired peripherals

Correct Answers:
2. Disable the embedded camera, microphone, and Wi-Fi
3. Use government-issued wired peripherals

Sensitive Compartmented Information Facility (SCIF)

Which of the following must you do when working in a SCIF? (Select all that apply.)

1. Verify that all personnel in listening distance have a need-to-know
2. Ensure that monitors do not provide unobstructed views
3. Escort uncleared personnel and warn others in the SCIF

Correct Answers:

1. Verify that all personnel in listening distance have a need-to-know
2. Ensure that monitors do not provide unobstructed views
3. Escort uncleared personnel and warn others in the SCIF

Government Resources

Is this an appropriate use of government-furnished equipment (GFE)?

Answer Options:

1. Yes
2. No

Correct Answer:
2. No

---

This is not an appropriate use of GFE. Why? (Select all that apply.)

1. You should not use government e-mail to sell anything.
2. You should use a digital signature when sending hyperlinks.
3. You should not use unauthorized services, such as fileshare services, on GFE.

Correct Answers:

1. You should not use government e-mail to sell anything.
2. You should not use unauthorized services, such as fileshare services, on GFE.
3. You should not use unauthorized services, such as fileshare services, on GFE.

Identity Authentication

How do you secure your accounts?

Answer:
“I receive a text message code when logging in with a password.”

Correct Response:
Yes.

Reasoning:
Using a text message code along with a password is a form of two-factor authentication (2FA), which is a best practice for securing accounts.

Question:
What kind of passwords do you use?

Answer:
“I use Password1 as one of my passwords.”

Correct Response:
No.

Reasoning:
Using “Password1” is not secure because it is a common, easily guessable password. Strong passwords should be unique and include a mix of uppercase and lowercase letters, numbers, and special characters.

How do you protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card?

Answer:
“I use my CAC occasionally as a secondary photo identification.”

Correct Response:
No.

Reasoning:
CACs and PIV cards are intended strictly for official use and should not be used as secondary photo identification in non-official contexts. This increases the risk of loss or misuse.

Malicious Code

How can malicious code spread? (Select all that apply.)

1. E-mail attachments
2. Downloading files
3. Visiting infected websites
4. Virus scans

Correct Answers:

1. E-mail attachments
2. Downloading files
3. Visiting infected websites

Question:
How can you prevent the download of malicious code? (Select all that apply.)

1. Scan external files before uploading to your device
2. Research apps and their vulnerabilities before downloading
3. Use the Preview Pane to view e-mails
4. Disable automatic security patches

Correct Answers:

1. Scan external files before uploading to your device
2. Research apps and their vulnerabilities before downloading

Which of the following may indicate a malicious code attack? (Select all that apply.)

1. The device re-starts following a system update.
2. A new app suddenly appears on the device.
3. The device slows down.
4. A new tab appears in the Web browser.

Correct Answers:
2. A new app suddenly appears on the device.
3. The device slows down.
4. A new tab appears in the Web browser.

Social Engineering

How many social engineering indicators are present in this e-mail?

Answer Options:

1. 0
2. 1
3. 2
4. 3+

Correct Answer:
4. 3+

How many social engineering indicators are present in this e-mail? You are not expecting this e-mail.

1. 0
2. 1
3. 2
4. 3+

Correct Answer:
4. 3+

Removable Media

You find an unlabeled thumb drive in the parking area outside your workplace. What should you do?

Answer Options:

1. Plug it into your work computer to find out more about it
2. Leave it alone
3. Turn it in to your security officer

Correct Answer:
3. Turn it in to your security officer

Mobile Devices

Which payment method poses the least risk?

Answer Options:

1. Cash
2. Digital credit card on smartphone

Correct Answer:
1. Cash

Which method of getting online poses the least risk?

Answer Options:

1. Approved mobile hotspot
2. Coffee shop Wi-Fi

Correct Answer:

1. Approved mobile hotspot

Identity Management

True or false? The best way to keep your passport safe is to carry it with you.

Answer Options:

1. True
2. False

Correct Answer:
2. False

Previous Cyber Awareness Challenge Answers

• Cyber Awareness Challenge 2024 Answers
• Cyber Awareness Challenge 2023 Answers
• Cyber Awareness Challenge 2022 Answers