Check Also: Cyber Awareness Challenge answers.
| Question | Answer |
|---|---|
| Which of the following may help prevent spillage? | Follow procedures for transferring data to… |
| Which of the following is a good practice to prevent spillage? | Always check to make sure you are using the correct network for the level of data. |
| You find information that you know to be classified on the internet. What should you do? | Note the website’s URL and report the situation to your security point of contact. |
| Which of the following is a good practice to protect classified information? | Store classified data appropriately in a GSA-approved vault/container. |
| What is the basis for the handling and storage of classified data? | Classification markings and handling caveats. |
| What level of damage can the unauthorized disclosure of information classified as TOP SECURITY reasonably be expect to cause? | Exceptionally grave… |
| How many potential insider threat indicators are displayed? VIDEO GAMES, SOCIAL MEDIA and forget to secure smartphone? | 1 indicator |
| Which of the following is a reportable insider threat activity? | Attempting to access sensitive info without a need-to-know. |
| Which of the following is a potential insider threat indicator? | Difficult circumstances; death of a spouse. |
| Which of the following is a security best practice when using social networking sites? | Avoid posting your mother’s maiden name. |
| How can you protect your organization on social networking sites? | Ensure there are no identifiable landmarks visible in any photos… |
| Spillage/social media – A trusted friend in your social network post a link to vaccine info on a website unknown to you. What action should you take? | Research the source to evaluate its credibility and reliability. |
| Which designation includes PII and PHI? | CUI |
| Uncontrolled Unclassified Information – Which of the following is true of Protected Health Information (PHI)? | It is created or received by a healthcare provider, health plan or employer. |
| Uncontrolled Unclassified Information – Which of the following is true of CUI? | CUI must be handled using safeguarding or dissemination controls? |
| Uncontrolled Unclassified Information/ Physical Security – Which of the following best describes good physical security? | Lionel stops an individual in his secure area… |
| Uncontrolled Unclassified Information/ Identity Management – What is true about a Common Access Card (CAC)? | You should remove and take your CAC/PIV card whenever you leave your workstation. |
| Uncontrolled Unclassified Information/ identity Management – Which of the following is true of using a DoD Public Key Infrastructure (PKI) token? | It should only be in a system while actively using it for a PKI-required task. |
| Uncontrolled Unclassified Information/ Sensitive Compartmented Information – What must authorized personnel do before permitting another individual to enter a Sensitive Compartmented Information Facility (SCIF)? | Confirm the individual’s need-to-know and access. |
| Uncontrolled Unclassified Information/ Sensitive Compartmented Information – Which of the following is true of Sensitive Compartmented Information (SCI)? | Access requires Top Secret clearance and indoctrination into the SCI program. |
| Uncontrolled Unclassified Information/ Removable media – Which of the following is true of portable electronic devices (PEDs) in a Sensitive Compartmented Information Facility (SCIF)? | only connect government-owned PEDs to the same level classification information system when authorized. |
| Malicious Code/ websites – Which of the following statements is true of cookies? | You should confirm that a site that wants to store a cookie uses an encrypted link. |
| Malicious Code – Which of the following is a way to prevent the spread of malicious code? | Scan all external files before uploading to your computer. |
| What is a common indicator of a phishing attempt? | A claim that you must update or validate information |
| Malicious Code/ social engineering – How can you protect yourself form social engineering? | Verify the identity of all individuals. |
| Malicious Code/ social engineering – Which of the following describes an appropriate use of Government email? | Use digital signature when sending attachments of hyperlinks. |
| Malicious Code/ travel – What risk does a public Wi-Fi connection pose? | It may expose the information sent to theft. |
| Malicious Code/ use of GFE – Which of the following personally-owned computer peripherals is permitted for use with Government-furnished equipment? | A headset with a microphone through a Universal Serial Bus (USB) port. |
| Malicious Code/ Mobile Devices – Which of the following is a best practice for using removable media? | Avoid inserting removable media with unknown content into your computer. |
| Malicious Code/ Mobile devices Which is an example of removable media? | external hard drive |
| Malicious Code/ home computer security – Which is best practice for securing your home computer? | install system security patches. 2. Create separate accounts for each user. |
| Question | Best Answer |
|---|---|
| How to send employee self-evaluations for weekend work? | Use government email with encryption. |
| Lend government issued mobile device? | Decline. |
| Where to store PII/PHI? | Secured cabinet/container. |
| Not an intelligence community password mandate? | 45-day max age. |
| Not government computer misuse? | Checking work email. |
| Not a telework guideline? | Removing classified documents. |
| Forget access badge? | Alert security office. |
| Phishing protection? | All of the above. |
| Classified data protection? | Encrypt and avoid discussing over phone. |
| Call about work environment/account info? | Verify name and office number. |
| Released classified information causing “grave damage”? | Top Secret. |
| Not sensitive information? | Sanitized personnel records. |
| Not a criterion for classified data access? | Senior government position. |
| Internet hoax problem? | Directing to fake websites. |
| Label media containing Privacy Act info, PII, PHI? | True. |
| Home security best practice (NOT)? | Weekly virus scan when off. |
| Wireless technology? | Inherently not secure. |
| Leaving work building? | Remove security badge. |
| Avoiding email viruses? | Delete emails from unknown senders. |
| Mobile computing devices (NOT to be plugged in)? | All of the above. |
| Protecting removable media (NOT)? | Labeling all classified media. |
| Not PII? | Hobby. |
| Not protecting sensitive information (NOT)? | Unlocked containers after hours. |
| Travel tip (NOT)? | Using DoD CAC on public card readers for unclassified info. |
| Webmail use? | Allowed only if permitted. |
| Ethical government email use (NOT)? | Distributing company newsletter. |
| High-ranking official targeted attack? | Whaling. |
| Strong password? | All of the above. |
| Encrypted email with “secret” attachment? | Contact security POC. |
| Phishing attack protection? | Look for digital certificates. |
| Compromised account email action? | Notify security. |
| Found suspicious CD? | Leave it. |
| Securely transporting company info on removable media? | Encrypt the media. |
| Always label removable media? | Yes. |
| Not PHI? | Medical care facility name. |
| Authorized work computer activity (NOT)? | Checking personal email. |
| Spear phishing impersonation verification? | Digital signatures. |
| Most important security type? | Physical. |
| Improperly configured wireless device vulnerability? | True. |
| Question | Best Answer |
|---|---|
| Securing CAC/PIV | Remove and take it with you. |
| Leaving for lunch | All of the above (lock workstation, log off, secure CAC/PIV). |
| P2P software and network assets | P2P does not allow physical access. |
| Guarding against identity theft | All of the above (protect SSN, shred documents, monitor accounts). |
| Leaving your work area | Remove your CAC/PIV first. |
| Webmail security features | Webmail may bypass built-in security. |
| Phishing attempt characteristic | Not directing to a real website. |
| Accessing classified information | Requires all of the above (need-to-know, clearance, authorization). |
| Disclosing confidential information | Damage to national security. |
| Releasing unclassified information | Not permissible before being cleared. |
| Not sensitive information | Unclassified information cleared for public release. |
| Protecting yourself on social networks | Validate friend requests through another source. |
| Protecting classified data | Not assuming open storage is authorized. |
| Preventing spillage | All of the above (be mindful, avoid public sharing, use strong passwords). |
| Alex’s personal information vulnerability | Carrying his Social Security Card. |
| DoD CAC use in public devices | Prohibited. |
| Malicious code example | Trojan horses. |
| Not PII | Mother’s maiden name. |
| Classified information classification | Assigned by a supervisor. |
| Tracking Maria’s web browsing | Cookies. |
| Unclassified data aggregation | May change its classification. |
| Medium secure password requirement | At least 15 characters and one special character. |
| PII, PHI, and financial information type | Sensitive. |
| CAC/PIV certificates | All of the above (authentication, digital signature). |
| Potential insider threat indicators | All of the above (unauthorized access attempts, unusual requests). |
| Not a social engineering tip | Following instructions from verified personnel. |
| Bob’s potential insider threat indicators | 3 (divorce, financial difficulty, hostile behavior). |
| Classified email attachment action | Alert your security POC. |
| Identity theft victim action | Monitor credit card statements. |
| Removable media examples | Thumb drives, memory sticks, flash drives. |
| PHI information | Physical or mental health of an individual. |
| Finding classified government data online | Report it to your security office. |
| https site legitimacy and personal information | Not all https sites are legitimate, avoid entering personal information. |
| Sending sensitive information with fax | Confirm receipt with the recipient. |
| Protecting against insider threats | Report any suspicious behavior. |
| Not a potential insider threat | Member of a religion or faith. |
| Not a security awareness tip | Removing security badge in public. |
| ActiveX type | Mobile code. |
| Saving cookies best practice | Not relying on “https” alone, check site legitimacy. |
| Telework requirement (NOT) | Only authorized for unclassified and confidential information. |
| Unknown caller asking for computer information | Request caller’s full name and phone number. |
| Not a wireless security practice | Turning off computer when not in use. |
| What malicious code cannot do | Make your computer more secure. |
| Data requiring proper handling | Classified data. |
| Information to avoid posting on social media | All of the above (personal, work, financial). |
| Unknown CD action | Put it in the trash. |
| Not a DoD special requirement for tokens | Using NIPRNet tokens on higher classification systems. |
| UNCLASSIFIED information | Does not have potential to damage national security. |
| Phone survey attack type | Social engineering. |
| “Spillage” definition | Personal information inadvertently posted online. |
| Securing data on laptops and mobile devices | Encrypt the sensitive data. |
| Home computer security | All of the above (firewalls, antivirus, updates, strong passwords). |
| Spreading Trojan horses, worms, and malicious scripts | Email attachments. |
| Not preventing viruses and malicious code downloads | Scanning only external files from unverifiable sources. |
Was this helpful?
Let us know if this was helpful. That’s the only way we can improve.
