Fort Gordon Cyber Awareness Answers

We thoroughly check each answer to a question to provide you with the most correct answers. Found a mistake? Tell us about it through the REPORT button at the bottom of the page. Ctrl+F (Cmd+F) will help you a lot when searching through such a large set of questions.

Check Also: Cyber Awareness Challenge answers.

QuestionAnswer
Which of the following may help prevent spillage?Follow procedures for transferring data to…
Which of the following is a good practice to prevent spillage?Always check to make sure you are using the correct network for the level of data.
You find information that you know to be classified on the internet. What should you do?Note the website’s URL and report the situation to your security point of contact.
Which of the following is a good practice to protect classified information?Store classified data appropriately in a GSA-approved vault/container.
What is the basis for the handling and storage of classified data?Classification markings and handling caveats.
What level of damage can the unauthorized disclosure of information classified as TOP SECURITY reasonably be expect to cause?Exceptionally grave…
How many potential insider threat indicators are displayed? VIDEO GAMES, SOCIAL MEDIA and forget to secure smartphone?1 indicator
Which of the following is a reportable insider threat activity?Attempting to access sensitive info without a need-to-know.
Which of the following is a potential insider threat indicator?Difficult circumstances; death of a spouse.
Which of the following is a security best practice when using social networking sites?Avoid posting your mother’s maiden name.
How can you protect your organization on social networking sites?Ensure there are no identifiable landmarks visible in any photos…
Spillage/social media – A trusted friend in your social network post a link to vaccine info on a website unknown to you. What action should you take?Research the source to evaluate its credibility and reliability.
Which designation includes PII and PHI?CUI
Uncontrolled Unclassified Information – Which of the following is true of Protected Health Information (PHI)?It is created or received by a healthcare provider, health plan or employer.
Uncontrolled Unclassified Information – Which of the following is true of CUI?CUI must be handled using safeguarding or dissemination controls?
Uncontrolled Unclassified Information/ Physical Security – Which of the following best describes good physical security?Lionel stops an individual in his secure area…
Uncontrolled Unclassified Information/ Identity Management – What is true about a Common Access Card (CAC)?You should remove and take your CAC/PIV card whenever you leave your workstation.
Uncontrolled Unclassified Information/ identity Management – Which of the following is true of using a DoD Public Key Infrastructure (PKI) token?It should only be in a system while actively using it for a PKI-required task.
Uncontrolled Unclassified Information/ Sensitive Compartmented Information – What must authorized personnel do before permitting another individual to enter a Sensitive Compartmented Information Facility (SCIF)?Confirm the individual’s need-to-know and access.
Uncontrolled Unclassified Information/ Sensitive Compartmented Information – Which of the following is true of Sensitive Compartmented Information (SCI)?Access requires Top Secret clearance and indoctrination into the SCI program.
Uncontrolled Unclassified Information/ Removable media – Which of the following is true of portable electronic devices (PEDs) in a Sensitive Compartmented Information Facility (SCIF)?only connect government-owned PEDs to the same level classification information system when authorized.
Malicious Code/ websites – Which of the following statements is true of cookies?You should confirm that a site that wants to store a cookie uses an encrypted link.
Malicious Code – Which of the following is a way to prevent the spread of malicious code?Scan all external files before uploading to your computer.
What is a common indicator of a phishing attempt?A claim that you must update or validate information
Malicious Code/ social engineering – How can you protect yourself form social engineering?Verify the identity of all individuals.
Malicious Code/ social engineering – Which of the following describes an appropriate use of Government email?Use digital signature when sending attachments of hyperlinks.
Malicious Code/ travel – What risk does a public Wi-Fi connection pose?It may expose the information sent to theft.
Malicious Code/ use of GFE – Which of the following personally-owned computer peripherals is permitted for use with Government-furnished equipment?A headset with a microphone through a Universal Serial Bus (USB) port.
Malicious Code/ Mobile Devices – Which of the following is a best practice for using removable media?Avoid inserting removable media with unknown content into your computer.
Malicious Code/ Mobile devices Which is an example of removable media?external hard drive
Malicious Code/ home computer security – Which is best practice for securing your home computer?install system security patches. 2. Create separate accounts for each user.
QuestionBest Answer
How to send employee self-evaluations for weekend work?Use government email with encryption.
Lend government issued mobile device?Decline.
Where to store PII/PHI?Secured cabinet/container.
Not an intelligence community password mandate?45-day max age.
Not government computer misuse?Checking work email.
Not a telework guideline?Removing classified documents.
Forget access badge?Alert security office.
Phishing protection?All of the above.
Classified data protection?Encrypt and avoid discussing over phone.
Call about work environment/account info?Verify name and office number.
Released classified information causing “grave damage”?Top Secret.
Not sensitive information?Sanitized personnel records.
Not a criterion for classified data access?Senior government position.
Internet hoax problem?Directing to fake websites.
Label media containing Privacy Act info, PII, PHI?True.
Home security best practice (NOT)?Weekly virus scan when off.
Wireless technology?Inherently not secure.
Leaving work building?Remove security badge.
Avoiding email viruses?Delete emails from unknown senders.
Mobile computing devices (NOT to be plugged in)?All of the above.
Protecting removable media (NOT)?Labeling all classified media.
Not PII?Hobby.
Not protecting sensitive information (NOT)?Unlocked containers after hours.
Travel tip (NOT)?Using DoD CAC on public card readers for unclassified info.
Webmail use?Allowed only if permitted.
Ethical government email use (NOT)?Distributing company newsletter.
High-ranking official targeted attack?Whaling.
Strong password?All of the above.
Encrypted email with “secret” attachment?Contact security POC.
Phishing attack protection?Look for digital certificates.
Compromised account email action?Notify security.
Found suspicious CD?Leave it.
Securely transporting company info on removable media?Encrypt the media.
Always label removable media?Yes.
Not PHI?Medical care facility name.
Authorized work computer activity (NOT)?Checking personal email.
Spear phishing impersonation verification?Digital signatures.
Most important security type?Physical.
Improperly configured wireless device vulnerability?True.
QuestionBest Answer
Securing CAC/PIVRemove and take it with you.
Leaving for lunchAll of the above (lock workstation, log off, secure CAC/PIV).
P2P software and network assetsP2P does not allow physical access.
Guarding against identity theftAll of the above (protect SSN, shred documents, monitor accounts).
Leaving your work areaRemove your CAC/PIV first.
Webmail security featuresWebmail may bypass built-in security.
Phishing attempt characteristicNot directing to a real website.
Accessing classified informationRequires all of the above (need-to-know, clearance, authorization).
Disclosing confidential informationDamage to national security.
Releasing unclassified informationNot permissible before being cleared.
Not sensitive informationUnclassified information cleared for public release.
Protecting yourself on social networksValidate friend requests through another source.
Protecting classified dataNot assuming open storage is authorized.
Preventing spillageAll of the above (be mindful, avoid public sharing, use strong passwords).
Alex’s personal information vulnerabilityCarrying his Social Security Card.
DoD CAC use in public devicesProhibited.
Malicious code exampleTrojan horses.
Not PIIMother’s maiden name.
Classified information classificationAssigned by a supervisor.
Tracking Maria’s web browsingCookies.
Unclassified data aggregationMay change its classification.
Medium secure password requirementAt least 15 characters and one special character.
PII, PHI, and financial information typeSensitive.
CAC/PIV certificatesAll of the above (authentication, digital signature).
Potential insider threat indicatorsAll of the above (unauthorized access attempts, unusual requests).
Not a social engineering tipFollowing instructions from verified personnel.
Bob’s potential insider threat indicators3 (divorce, financial difficulty, hostile behavior).
Classified email attachment actionAlert your security POC.
Identity theft victim actionMonitor credit card statements.
Removable media examplesThumb drives, memory sticks, flash drives.
PHI informationPhysical or mental health of an individual.
Finding classified government data onlineReport it to your security office.
https site legitimacy and personal informationNot all https sites are legitimate, avoid entering personal information.
Sending sensitive information with faxConfirm receipt with the recipient.
Protecting against insider threatsReport any suspicious behavior.
Not a potential insider threatMember of a religion or faith.
Not a security awareness tipRemoving security badge in public.
ActiveX typeMobile code.
Saving cookies best practiceNot relying on “https” alone, check site legitimacy.
Telework requirement (NOT)Only authorized for unclassified and confidential information.
Unknown caller asking for computer informationRequest caller’s full name and phone number.
Not a wireless security practiceTurning off computer when not in use.
What malicious code cannot doMake your computer more secure.
Data requiring proper handlingClassified data.
Information to avoid posting on social mediaAll of the above (personal, work, financial).
Unknown CD actionPut it in the trash.
Not a DoD special requirement for tokensUsing NIPRNet tokens on higher classification systems.
UNCLASSIFIED informationDoes not have potential to damage national security.
Phone survey attack typeSocial engineering.
“Spillage” definitionPersonal information inadvertently posted online.
Securing data on laptops and mobile devicesEncrypt the sensitive data.
Home computer securityAll of the above (firewalls, antivirus, updates, strong passwords).
Spreading Trojan horses, worms, and malicious scriptsEmail attachments.
Not preventing viruses and malicious code downloadsScanning only external files from unverifiable sources.

Was this helpful?

quizzma
Quizzma Team
+ posts

The Quizzma Team is a collective of experienced educators, subject matter experts, and content developers dedicated to providing accurate and high-quality educational resources. With a diverse range of expertise across various subjects, the team collaboratively reviews, creates, and publishes content to aid in learning and self-assessment.
Each piece of content undergoes a rigorous review process to ensure accuracy, relevance, and clarity. The Quizzma Team is committed to fostering a conducive learning environment for individuals and continually strives to provide reliable and valuable educational resources on a wide array of topics. Through collaborative effort and a shared passion for education, the Quizzma Team aims to contribute positively to the broader learning community.

Valerie Carter
Valerie Carter
+ posts

Valerie Carter is a seasoned cybersecurity expert with over 10 years of experience in the field. Holding a Master's degree in Information Security from Stanford University, Valerie has worked with various Fortune 500 companies to fortify their digital landscapes. She is a Certified Information Systems Security Professional (CISSP) and a member of the Cybersecurity & Infrastructure Security Agency (CISA). Valerie is passionate about educating individuals and organizations on cybersecurity awareness to foster a safer digital environment for all.




Leave a Comment

Your email address will not be published. Required fields are marked *