Cyber Awareness Challenge 2024 questions and Answers
Cyber Awareness Challenge Exam
It is getting late on Friday. You are reviewing your employees annual self evaluation. Your
comments are due on Monday. You can email your employees information to yourself so you
can work on it this weekend and go home now. Which method would be the BEST way to send
this information? – ANS Use the government email system so you can encrypt the information
and open the email on your government issued laptop
What should you do if someone asks to use your government issued mobile device
(phone/laptop..etc)? – ANS Decline to lend your phone / laptop
Where should you store PII / PHI? – ANS Information should be secured in a cabinet or
container while not in use
Of the following, which is NOT an intelligence community mandate for passwords? – ANS
Maximum password age of 45 days
Which of the following is NOT Government computer misuse? – ANS Checking work email
Which is NOT a telework guideline? – ANS Taking classified documents from your workspace
What should you do if someone forgets their access badge (physical access)? – ANS Alert the
security office
What can you do to protect yourself against phishing? – ANS All of the above
What should you do to protect classified data? – ANS Answer 1 and 2 are correct
What action is recommended when somebody calls you to inquire about your work environment
or specific account information? – ANS Ask them to verify their name and office number
If classified information were released, which classification level would result in “Exceptionally
grave damage to national security”? – ANS Top Secret
Which of the following is NOT considered sensitive information? – ANS Sanitized information
gathered from personnel records
Which of the following is NOT a criterion used to grant an individual access to classified data? –
ANS Senior government personnel, military or civilian
Of the following, which is NOT a problem or concern of an Internet hoax? – ANS Directing you
to a website that looks real
Media containing Privacy Act information, PII, and PHI is not required to be labeled. – ANS
FALSE
Which of the following is NOT a home security best practice? – ANS Setting weekly time for
virus scan when you are not on the computer and it is powered off
Which of the following best describes wireless technology? – ANS It is inherently not a secure
technology
You are leaving the building where you work. What should you do? – ANS Remove your
security badge
Which of the following is a good practice to avoid email viruses? – ANS Delete email from
senders you do not know
What is considered a mobile computing device and therefore shouldn’t be plugged in to your
Government computer? – ANS All of the above
Which is NOT a way to protect removable media? – ANS As a best practice, labeling all
classified removable media and considering all unlabeled removable media as unclassified
What is NOT Personally Identifiable Information (PII)? – ANS Hobby
Of the following, which is NOT a method to protect sensitive information? – ANS After work
hours, storing sensitive information in unlocked containers, desks, or cabinets if security is not
present
There are many travel tips for mobile computing. Which of the following is NOT one? – ANS
When using a public device with a card reader, only use your DoD CAC to access unclassified
information
The use of webmail is – ANS is only allowed if the organization permits it
What is considered ethical use of the Government email system? – ANS Distributing Company
newsletter
Which of the following attacks target high ranking officials and executives? – ANS Whaling
What constitutes a strong password? – ANS all of the above
You are logged on to your unclassified computer and just received an encrypted email from a
co-worker. The email has an attachment whose name contains the word “secret”. What should
you do? – ANS Contact your security POC right away
Powered by https://learnexams.com/search/study?query=
How can you protect your home computer?
Turn on the password feature
Carl receives an e-mail about a potential health risk…
Forward it
Which of the following is an appropriate use of government e-mail?
Using a digital signature when sending attachments
Sylvia commutes to work via public transportation. She often uses…
Yes. Eavesdroppers may be listening to Sylvia’s phone calls, and shoulder surfers may be looking at her screen.
Which of the following is true of transmitting or transporting SCI?
Printed SCI must be retrieved promptly from the printer
What conditions are necessary to be granted access to SCI?
Top Secret clearance and indoctrination into the SCI program
Terry sees a post on her social media feed that says there is smoke billowing from the Pentagon…
This is probably a post designed to attract Terr’s attention to click on a link and steal her information
Which of the following statements about PHI is false?
It is created or received by a healthcare provider, health plan, or employer of a business associate of these.
Which of the following is NOT a best practice for protecting your home wireless network for telework?
Use your router’s pre-set SSID and password
Beth taps her phone at a payment terminal to pay for a purchase. Does this pose a security risk?
Yes, there is a risk that the signal could be intercepted and altered
How can you prevent viruses and malicious code?
Scan all external files before uploading to your computer
Which of the following is an example of behavior that you should report?
Taking sensitive information home for telework without authorization
You receive a text message from a package shipper notifying you that your package delivery is delayed due to needing updated delivery instructions from you.
Delete the message
Which of the following is an appropriate use of a DoD PKI token?
Do not use a token approved for NIPR on SIPR
Which of the following is a best practice when browsing the internet?
Only accept cookies from reputable, trusted websites
Where are you permitted to use classified data?
Only in areas with security appropriate to the classification level
Which of the following contributes to your online identity?
All of these
How can you protect your home computer?
Regularly back up your files
Which of the following statements is true of DoD Unclassified data?
It may require access and distribution controls
Which of the following is NOT a way that malicious code can spread?
Running a virus scan
What is the goal of an Insider Threat Program?
Deter, detect, and mitigate
Which of the following uses of removable media is allowed?
Government owned removable media that is approved as operationally necessary
Which of the following is permitted when using an unclassified laptop within a collateral classified space?
A government-issued WIRED headset with microphone
When is the safest time to post on social media about your vacation plans?
After the trip
Which of the following is NOT an appropriate use of your CAC?
Using it as photo identification with a commercial entity
What conditions are necessary to be granted access to Sensitive Compartmented Information (SCI)?
Top Secret clearance and indoctrination into the SCI program
Which of the following is permitted when using an unclassified laptop within a collateral classified space?
A Government-issued wired headset with microphone
Which of the following is an authoritative source for derivative classification?
Security Classification Guide
Carl receives an e-mail about a potential health risk caused by a common ingredient in processed food. Which of the following actions should Carl NOT take with the e-mail?
Forward it
How can an adversary use information available in public records to target you?
Combine it with information from other data sources to learn how best to bait you with a scam
Which of the following is an appropriate use of government e-mail?
Using a digital signature when sending attachments
Which of the following is NOT a best practice for protecting data on a mobile device?
Disable automatic screen locking after a period of inactivity
Annabeth becomes aware that a conversation with a co-worker that involved Sensitive Compartmented Information (SCI) may have been overheard by someone who does not have the required clearance. What action should Annabeth take?
Contact her security POC to report the incident.
On your home computer, how can you best establish passwords when creating separate user accounts?
Have each user create their own, strong password
Which of the following is an allowed use of government furnished equipment (GFE)?
Checking personal e-mail if your organization allows it
How can you prevent viruses and malicious code?
Scan all external files before uploading to your computer
Which best describes an insider threat? Someone who uses _ access, __, to harm national security through unauthorized disclosure, data modification, espionage, terrorism, or kinetic actions.
authorized, wittingly or unwittingly
Which of the following is an example of behavior that you should report?
Taking sensitive information home for telework without authorization
Which of the following is true of telework?
You must have permission from your organization to telework.
After a classified document is leaked online, it makes national headlines. Which of the following statements is true of the leaked information that is now accessible by the public?
You should still treat it as classified even though it has been compromised.
How should government owned removable media be stored?
In a GSA-approved container according to the appropriate security classification
When linked to a specific individual, which of the following is NOT an example of Personally Identifiable Information (PII)?
Automobile make and model
What does the Common Access Card (CAC) contain?
Certificates for identification, encryption, and digital signature
Sylvia commutes to work via public transportation. She often uses the time to get a head start on work by making phone calls or responding to e-mails on her government approved mobile device. Does this pose a security concern?
Yes. Eavesdroppers may be listening to Sylvia’s phone calls, and shoulder surfers may be looking at her screen. Sylvia should be aware of these risks.
Beth taps her phone at a payment terminal to pay for a purchase. Does this pose a security risk?
Yes, there is a risk that the signal could be intercepted and altered.
Which of the following is NOT an appropriate use of your Common Access Card (CAC)?
Using it as photo identification with a commercial entity
When is the safest time to post on social media about your vacation plans?
After the trip
You receive a text message from a package shipper notifying you that your package delivery is delayed due to needing updated delivery instructions from you. It provides a shortened link for you to provide the needed information. You are not expecting a package. What is the best course of action?
Delete the message
Which of the following is NOT a best practice for protecting your home wireless network for telework?
Use your router’s pre-set Service Set Identifier (SSID) and password
Which of the following is a best practice for using government e-mail?
Do not send mass e-mails
It is getting late on Friday. You are reviewing your employees annual self evaluation. Your comments are due on Monday. You can email your employees information to yourself so you can work on it this weekend and go home now. Which method would be the BEST way to send this information?
Use the government email system so you can encrypt the information and open the email on your government issued laptop
What should you do if someone asks to use your government issued mobile device (phone/laptop..etc)?
Decline to lend your phone / laptop
Where should you store PII / PHI?
Information should be secured in a cabinet or container while not in use
Of the following, which is NOT an intelligence community mandate for passwords?
Maximum password age of 45 days
Which of the following is NOT Government computer misuse?
Checking work email
Which is NOT a telework guideline?
Taking classified documents from your workspace
What should you do if someone forgets their access badge (physical access)?
Alert the security office
What can you do to protect yourself against phishing?
All of the above
What should you do to protect classified data?
Answer 1 and 2 are correct
What action is recommended when somebody calls you to inquire about your work environment or specific account information?
Ask them to verify their name and office number
If classified information were released, which classification level would result in “Exceptionally grave damage to national security”?
Top Secret
Which of the following is NOT considered sensitive information?
Sanitized information gathered from personnel records
Which of the following is NOT a criterion used to grant an individual access to classified data?
Senior government personnel, military or civilian
Of the following, which is NOT a problem or concern of an Internet hoax?
Directing you to a website that looks real
Media containing Privacy Act information, PII, and PHI is not required to be labeled.
FALSE
Which of the following is NOT a home security best practice?
Setting weekly time for virus scan when you are not on the computer and it is powered off
Which of the following best describes wireless technology?
It is inherently not a secure technology
You are leaving the building where you work. What should you do?
Remove your security badge
Which of the following is a good practice to avoid email viruses?
Delete email from senders you do not know
What is considered a mobile computing device and therefore shouldn’t be plugged in to your Government computer?
All of the above
Which is NOT a way to protect removable media?
As a best practice, labeling all classified removable media and considering all unlabeled removable media as unclassified
What is NOT Personally Identifiable Information (PII)?
Hobby
Of the following, which is NOT a method to protect sensitive information?
After work hours, storing sensitive information in unlocked containers, desks, or cabinets if security is not present
There are many travel tips for mobile computing. Which of the following is NOT one?
When using a public device with a card reader, only use your DoD CAC to access unclassified information
The use of webmail is
is only allowed if the organization permits it
What is considered ethical use of the Government email system?
Distributing Company newsletter
Which of the following attacks target high ranking officials and executives?
Whaling
What constitutes a strong password?
all of the above
You are logged on to your unclassified computer and just received an encrypted email from a co-worker. The email has an attachment whose name contains the word “secret”. What should you do?
Contact your security POC right away
Which is a way to protect against phishing attacks?
Look for digital certificates
You receive an email from a company you have an account with. The email states your account has been compromised and you are invited to click on the link in order to reset your password. What action should you take?
Notify security
You are having lunch at a local restaurant outside the installation, and you find a cd labeled “favorite song”. What should you do?
Leave the cd where it is
How should you securely transport company information on a removable media?
Encrypt the removable media
Should you always label your removable media?
Yes
Which of the following is NOT Protected Health Information (PHI)?
Medical care facility name
If authorized, what can be done on a work computer?
Check personal email
Spear Phishing attacks commonly attempt to impersonate email from trusted entities. What security device is used in email to verify the identity of sender?
Digital Signatures
What type of security is “part of your responsibility” and “placed above all else?”
Physical
If your wireless device is improperly configured someone could gain control of the device? T/F
TRUE
Which of the following is a proper way to secure your CAC/PIV?
Remove and take it with you whenever you leave your workstation
What actions should you take prior to leaving the work environment and going to lunch?
All of the above
P2P (Peer-to-Peer) software can do the following except:
Allow attackers physical access to network assets
How can you guard yourself against Identity theft?
All of the above
When leaving your work area, what is the first thing you should do?
Remove your CAC/PIV
Using webmail may bypass built in security features.
TRUE
Of the following, which is NOT a characteristic of a phishing attempt?
Directing you to a web site that is real
Classified Information can only be accessed by individuals with
All of the above
Which of the following definitions is true about disclosure of confidential information?
Damage to national security
It is permissible to release unclassified information to the public prior to being cleared.
False
Which of the following is NOT sensitive information?
Unclassified information cleared for public release
What should you do to protect yourself while on social networks?
Validate all friend requests through another source before confirming them
Which is NOT a method of protecting classified data?
Assuming open storage is always authorized in a secure facility
What can you do to prevent spillage?
all of the above
Which of the following makes Alex’s personal information vulnerable to attacks by identity thieves?
Carrying his Social Security Card with him
DoD employees are prohibited from using a DoD CAC in card-reader-enabled public device
TRUE
Which of the following is an example of malicious code?
Trojan horses
Which of the following is NOT PII?
Mother’s maiden name
Classified Information is
Assigned a classification level by a supervisor
Maria is at home shopping for shoes on Amazon.com. Before long she has also purchased shoes from several other websites. What can be used to track Maria’s web browsing habits?
Cookies
Which is an untrue statement about unclassified data?
If aggregated, the classification of the information may not be changed
A medium secure password has at least 15 characters and one of the following.
Special character
PII, PHI, and financial information is classified as what type of information?
Sensitive
The CAC/PIV is a controlled item and contains certificates for:
All of the above
An individual who has attempted to access sensitive information without need-to-know and has made unusual requests for sensitive information is displaying indicators of what?
Potential Insider Threat
Which of the following is NOT a social engineering tip?
Following instructions from verified personnel
Bob, a coworker, has been going through a divorce, has financial difficulties and is displaying hostile behavior. How many potential insider threat indicators is Bob displaying?
3
You are working at your unclassified system and receive an email from a coworker containing a classified attachment. What should you do?
Alert your security POC
You check your bank statement and see several debits you did not authorize. You believe that you are a victim of identity theft. Which of the following should you do immediately?
Monitor credit card statements for unauthorized purchases
Thumb drives, memory sticks, and flash drives are examples of
Removable media
What information relates to the physical or mental health of an individual?
PHI
What should be done if you find classified Government Data/Information Not Cleared for Public Release on the Internet?
Make note of any identifying information and the website URL and report it to your security office
All https sites are legitimate and there is no risk to entering your personal info online.
FALSE
When using a fax machine to send sensitive information, the sender should do which of the following?
Contact the recipient to confirm receipt
What should be done to protect against insider threats?
Report any suspicious behavior
Which of the following is NOT a potential insider threat?
Member of a religion or faith
Of the following, which is NOT a security awareness tip?
Remove security badge as you enter a restaurant or retail establishment
ActiveX is a type of this?
Mobile code
Which of the following is NOT a security best practice when saving cookies to a hard drive?
Looking for “https” in the URL. All https sites are legitimate.
Which is NOT a requirement for telework?
Telework is only authorized for unclassified and confidential information
Someone calls from an unknown number and says they are from IT and need some information about your computer. What should you do?
Request the user’s full name and phone number
Which is NOT a wireless security practice?
Turning off computer when not in use
Malicious code can do the following except?
Make your computer more secure
What type of data must be handled and stored properly based on classification markings and handling caveats?
Classified
What information should you avoid posting on social networking sites?
All of the above
A coworker has left an unknown CD on your desk. What should you do?
Put the CD in the trash
Which of the following is NOT a DoD special requirement for tokens?
Using NIPRNet tokens on systems of higher classification level
UNCLASSIFIED is a designation to mark information that does not have potential to damage national security.
TRUE
You receive a call on your work phone and you’re asked to participate in a phone survey. As part of the survey the caller asks for birth date and address. What type of attack might this be?
Social Engineering
“Spillage” occurs when
Personal information is inadvertently posted at a website
What should be done to sensitive data on laptops and other mobile computing devices?
Encrypt the sensitive data
Which of the following should be done to keep your home computer secure?
All of the above
How are Trojan horses, worms, and malicious scripts spread?
By email attachments
The following practices help prevent viruses and the downloading of malicious code except.
Scan external files from only unverifiable sources before uploading to computer