This article will provide you with all the questions and answers for Cyber Awareness Challenge.
ActiveX is a type of this?
-Mobile code
All https sites are legitimate and there is no risk to entering your personal info online.
-FALSE
Bob, a coworker, has been going through a divorce, has financial difficulties and is displaying hostile behavior. How many potential insider threat indicators is Bob displaying?
-3
The CAC/PIV is a controlled item and contains certificates for:
-All of the above
Classified Information can only be accessed by individuals with
-All of the above
Classified Information is
-Assigned a classification level by a supervisor
A coworker has left an unknown CD on your desk. What should you do?
-Put the CD in the trash
DoD employees are prohibited from using a DoD CAC in card-reader-enabled public devices.
-TRUE
The following practices help prevent viruses and the downloading of malicious code except.
-Scan external files from only unverifiable sources before uploading to computer
How are Trojan horses, worms, and malicious scripts spread?
-By email attachments
How can you guard yourself against Identity theft?
-All of the above
How should you securely transport company information on a removable media?
-Encrypt the removable media
If authorized, what can be done on a work computer?
-Check personal email
If classified information were released, which classification level would result in “Exceptionally grave damage to national security”?
-Top Secret
If your wireless device is improperly configured someone could gain control of the device? T/F
-TRUE
An individual who has attempted to access sensitive information without need-to-know and has made unusual requests for sensitive information is displaying indicators of what?
-Potential Insider Threat
It is getting late on Friday. You are reviewing your employees annual self evaluation. Your comments are due on Monday. You can email your employees information to yourself so you can work on it this weekend and go home now. Which method would be the BEST way to send this information?
-Use the government email system so you can encrypt the information and open the email on your government issued laptop
It is permissible to release unclassified information to the public prior to being cleared.
-False
Malicious code can do the following except?
-Make your computer more secure
Maria is at home shopping for shoes on Amazon.com. Before long she has also purchased shoes from several other websites. What can be used to track Maria’s web browsing habits?
-Cookies
Media containing Privacy Act information, PII, and PHI is not required to be labeled.
-FALSE
A medium secure password has at least 15 characters and one of the following.
-Special character
Of the following, which is NOT a characteristic of a phishing attempt?
-Directing you to a web site that is real
Of the following, which is NOT a method to protect sensitive information?
-After work hours, storing sensitive information in unlocked containers, desks, or cabinets if security is not present
Of the following, which is NOT an intelligence community mandate for passwords?
-Maximum password age of 45 days
Of the following, which is NOT a problem or concern of an Internet hoax?
-Directing you to a website that looks real
Of the following, which is NOT a security awareness tip?
-Remove security badge as you enter a restaurant or retail establishment
P2P (Peer-to-Peer) software can do the following except:
-Allow attackers physical access to network assets
PII, PHI, and financial information is classified as what type of information?
-Sensitive
Should you always label your removable media?
-Yes
Someone calls from an unknown number and says they are from IT and need some information about your computer. What should you do?
-Request the user’s full name and phone number
Spear Phishing attacks commonly attempt to impersonate email from trusted entities. What security device is used in email to verify the identity of sender?
-Digital Signatures
Spillage occurs when
-Personal information is inadvertently posted at a website
There are many travel tips for mobile computing. Which of the following is NOT one?
-When using a public device with a card reader, only use your DoD CAC to access unclassified information
Thumb drives, memory sticks, and flash drives are examples of
-Removable media
UNCLASSIFIED is a designation to mark information that does not have potential to damage national security.
-TRUE
The use of webmail is
-is only allowed if the organization permits it
Using webmail may bypass built in security features.
-TRUE
What action is recommended when somebody calls you to inquire about your work environment or specific account information?
-Ask them to verify their name and office number
What actions should you take prior to leaving the work environment and going to lunch?
-All of the above
What can you do to prevent spillage?
-all of the above
What can you do to protect yourself against phishing?
-All of the above
What constitutes a strong password?
-all of the above
What information relates to the physical or mental health of an individual?
-PHI
What information should you avoid posting on social networking sites?
-All of the above
What is considered a mobile computing device and therefore shouldn’t be plugged in to your Government computer?
-All of the above
What is considered ethical use of the Government email system?
-Distributing Company newsletter
What is NOT Personally Identifiable Information (PII)?
-Hobby
What should be done if you find classified Government Data/Information Not Cleared for Public Release on the Internet?
-Make note of any identifying information and the website URL and report it to your security office
What should be done to protect against insider threats?
-Report any suspicious behavior
What should be done to sensitive data on laptops and other mobile computing devices?
-Encrypt the sensitive data
What should you do if someone asks to use your government issued mobile device (phone/laptop..etc)?
-Decline to lend your phone / laptop
What should you do if someone forgets their access badge (physical access)?
-Alert the security office
What should you do to protect classified data?
-Answer 1 and 2
What should you do to protect yourself while on social networks?
-Validate all friend requests through another source before confirming them
What type of data must be handled and stored properly based on classification markings and handling caveats?
-Classified
What type of security is “part of your responsibility” and “placed above all else?”
-Physical
When leaving your work area, what is the first thing you should do?
-Remove your CAC/PIV
When using a fax machine to send sensitive information, the sender should do which of the following?
-Contact the recipient to confirm receipt
Where should you store PII / PHI?
-Information should be secured in a cabinet or container while not in use
Which is an untrue statement about unclassified data?
-If aggregated, the classification of the information may not be changed
Which is a way to protect against phishing attacks?
-Look for digital certificates
Which is NOT a method of protecting classified data?
-Assuming open storage is always authorized in a secure facility
Which is NOT a requirement for telework?
-Telework is only authorized for unclassified and confidential information
Which is NOT a telework guideline?
-Taking classified documents from your workspace
Which is NOT a way to protect removable media?
-As a best practice, labeling all classified removable media and considering all unlabeled removable media as unclassified
Which is NOT a wireless security practice?
-Turning off computer when not in use
Which of the following attacks target high ranking officials and executives?
-Whaling
Which of the following best describes wireless technology?
-It is inherently not a secure technology
Which of the following definitions is true about disclosure of confidential information?
-Damage to national security
Which of the following is a good practice to avoid email viruses?
-Delete email from senders you do not know
Which of the following is an example of malicious code?
-Trojan horses
Which of the following is a proper way to secure your CAC/PIV?
-Remove and take it with you whenever you leave your workstation
Which of the following is NOT a criterion used to grant an individual access to classified data?
-Senior government personnel, military or civilian
Which of the following is NOT a DoD special requirement for tokens?
-Using NIPRNet tokens on systems of higher classification level
Which of the following is NOT a home security best practice?
-Setting weekly time for virus scan when you are not on the computer and it is powered off
Which of the following is NOT a potential insider threat?
-Member of a religion or faith
Which of the following is NOT a security best practice when saving cookies to a hard drive?
-Looking for “https” in the URL. All https sites are legitimate.
Which of the following is NOT a social engineering tip?
-Following instructions from verified personnel
Which of the following is NOT considered sensitive information?
-Sanitized information gathered from personnel records
Which of the following is NOT Government computer misuse?
-Checking work email
Which of the following is NOT PII?
-Mother’s maiden name, favorite color
Which of the following is NOT Protected Health Information (PHI)?
-Medical care facility name
Which of the following is NOT sensitive information?
-Unclassified information cleared for public release
Which of the following makes Alex’s personal information vulnerable to attacks by identity thieves?
-Carrying his Social Security Card with him
Which of the following should be done to keep your home computer secure?
-All of the above
You are having lunch at a local restaurant outside the installation, and you find a cd labeled “favorite song”. What should you do?
-Leave the cd where it is
You are leaving the building where you work. What should you do?
-Remove your security badge
You are logged on to your unclassified computer and just received an encrypted email from a co-worker. The email has an attachment whose name contains the word “secret”. What should you do?
-Contact your security POC right away
You are working at your unclassified system and receive an email from a coworker containing a classified attachment. What should you do?
-Alert your security POC
You check your bank statement and see several debits you did not authorize. You believe that you are a victim of identity theft. Which of the following should you do immediately?
-Monitor credit card statements for unauthorized purchases
You receive a call on your work phone and you’re asked to participate in a phone survey. As part of the survey the caller asks for birth date and address. What type of attack might this be?
-Social Engineering
You receive an email from a company you have an account with. The email states your account has been compromised and you are invited to click on the link in order to reset your password. What action should you take?
-Notify security
Which of these is true of unclassified data?
-Its classification level may rise when aggregated. (Correct)
Which type of information includes personal, payroll, medical, and operational information?
Sensitive
Which of the following is NOT a correct way to protect sensitive information?
Sensitive information may be stored on any password-protected system.
Which of the following is NOT a typical result from running malicious code?
Disabling cookies
What level of damage to national security could reasonably be expected if unauthorized disclosure of Top Secret information occurred?
Exceptionally grave damage
Which of the following is true about telework?
-You must have your organization’s permission to telework.
Which of following is true of protecting classified data?
-Classified material must be appropriately marked.
New interest in learning another language?
A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. How many indicators does this employee display?
03
Which of the following is NOT considered a potential insider threat indicator?
-Treated mental health issues.
What would you do if you receive a game application request on your government computer that includes permission to access your friends, profile information, cookies, and sites visited?
-Decline the request.
What information most likely presents a security risk on your personal social networking profile?
-Birthplace
You have reached the office door to exit your controlled area. As a security best practice, what should you do before exiting?
-Remove your security badge, common access card (CAC), or personal identity verification (PIV) card.
How should you protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card?
-Store it in a shielded sleeve to avoid chip cloning.
Which of the following statements is TRUE about the use of DoD Public Key Infrastructure (PKI) tokens?
-Always use DoD PKI tokens within their designated classification level.
Which of the following is a best practice for handling cookies?
-If possible, set your browser preferences to prompt you each time a website wants to store a cookie.
You receive an unexpected email from a friend: “I think you’ll like this: (URL)” What action should you take?
-Use TinyURL’s preview feature to investigate where the link leads.
You receive an email at your official Government email address from an individual at the Office of Personnel Management (OPM). The email provides a link to a personnel portal where you must enter your personal information as part of an effort to standardize recordkeeping. What action should you take first?
-Look for a digital signature on the email.
What is TRUE of a phishing attack?
-Phishing can be an email with a hyperlink as bait.
Upon connecting your Government-issued laptop to a public wireless connection, what should you immediately do?
-Connect to the Government Virtual Private Network (VPN).??
A coworker has asked if you want to download a programmer’s game to play at work. What should be your response?
-I’ll pass.
A coworker wants to send you a sensitive document to review while you are at lunch and you only have your personal tablet. What should you do?
-Never allow sensitive data on non-Government-issued mobile devices.
Which of the following demonstrates proper protection of mobile devices?
-Linda encrypts all of the sensitive data on her government-issued mobile devices.
How can you protect your information when using wireless technology?
-Avoid using non-Bluetooth-paired or unencrypted wireless computer peripherals.
Which of the following is NOT true of traveling overseas with a mobile phone
Physical security of mobile phones carried overseas is not a major issue
SPILLAGE
Which of the following may be helpful to prevent spillage?
Be aware of classification markings and all handling caveats.
SPILLAGE
Which of the following may be helpful to prevent spillage?
Label all files, removable media, and subject headers with appropriate classification markings.
- CLASSIFIED DATA*
Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization?
Secret
CLASSIFIED DATA
What is a good practice to protect classified information?
Ensure proper labeling by appropriately marking all classified material and, when required, sensitive material.
INSIDER THREAT
Based on the description below how many potential insider threat indicators are present? A colleague often makes others uneasy by being persistent in trying to obtain information about classified projects to which he has no access, is boisterous about his wife putting them in credit card debt, and often complains about anxiety and exhaustion display?
3 or more indicators
INSIDER THREAT
What threat do insiders with authorized access to information or information systems pose?
They may wittingly or unwittingly use their authorized access to perform actions that result in the loss or degradation of resources or capabilities.
INSIDER THREAT
Which of the following is NOT considered a potential insider threat indicator?
New interest in learning a foregin language.
SOCIAL NETWORKING
When may you be subject to criminal, disciplinary, and/or administrative action due to online misconduct?
If you participate in or condone it at any time.
SOCIAL NETWORKING
When is the safest time to post details of your vacation activities on your social networking profile?
After you have returned home following the vacation.
SOCIAL NETWORKING
Which of the following is a security best practice when using social networking sites?
Understanding and using the available privacy settings.
UNCONTROLLED CLASSIFIED INFORMATION
Which of the following is NOT an example of CUI?
Press release data
UNCONTROLLED CLASSIFIED INFORMATION
Which of the following is NOT a correct way to protect CUI?
CUI may be stored on any password-protected system.
Select the information on the data sheet that is personally identifiable information (PII) But not protected health information (PHI)
Jane Jones
Social security number: 123-45-6789
Select the information on the data sheet that is protected health information (PHI)
Jane has been Dr…ect patient..ect.
PHYSICAL SECURITY
At which Cyberspace Protection Condition (CPCON) is the priority focus on critical and essential functions?
Answer: CPCON 2
PHYSICAL SECURITY
Within a secure area, you see an individual who you do not know and is not wearing a visible badge
Ask the individual to see an identification badge.
IDENTITY MANAGEMENT
What certificates does the Common Access Card (CAC) or Personal Identity Verification (PIV) card contain?
Identification, encryption, and digital signature
IDENTITY MANAGEMENT
Which of the following is an example of a strong password?
eA1xy2!P
SENSITIVE COMPARTMENTED INFORMATION
When faxing Sensitive Compartmented Information (SCI), what actions should you take?
Mark SCI documents appropriately and use an approved SCI fax machine.
SENSITIVE COMPARTMENTED INFORMATION
When is it appropriate to have your security badge visible within a sensitive compartmented information facility (SCIF)?
At all times while in the facility.
REMOVABLE MEDIA IN A SCIF
What action should you take when using removable media in a Sensitive Compartmented Information Facility (SCIF)?
Identify and disclose it with local Configuration/Change Management Control and Property Management authorities
MALICIOUS CODE
Which of the following is NOT a way malicious code spreads?
Legitimate software updates
WEBSITE USE
Which of the following statements is true of cookies?
You should only accept cookies from reputable, trusted websites.
SOCIAL ENGINEERING
How can you protect yourself from internet hoaxes?
Use online sites to confirm or expose potential hoaxes
SOCIAL ENGINEERING
How can you protect yourself from social engineering?
Follow instructions given only by verified personnel
SOCIAL ENGINEERING
What action should you take with an e-mail from a friend containing a compressed Uniform Resource Locator (URL)?
Investigate the link’s actual destination using the preview feature
TRAVEL
Which of the following is a concern when using your Government-issued laptop in public?
Others may be able to view your screen.
USE OF GFE
What is a critical consideration on using cloud-based file sharing and storage applications on your Government-furnished equipment (GFE)?
Determine if the software or service is authorized
MOBILE DEVICES
Which of the following is an example of near field communication (NFC)?
A smartphone that transmits credit card payment information when held in proximity to a credit card reader.
MOBILE DEVICES
Which of the following is an example of removable media?
Flash Drive
HOME COMPUTER SECURITY
Which of the following is a best practice for securing your home computer?
Create separate accounts for each user.
*Spillage
After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. You know this project is classified. What should be your response?
Attempt to change the subject to something non-work related, but neither confirm nor deny the article’s authenticity.
*Spillage
Which of the following may help prevent inadvertent spillage?
Label all files, removable media, and subject headers with appropriate classification markings.
*Spillage
A user writes down details marked as Secret from a report stored on a classified system and uses those details to draft a briefing on an unclassified system without authorization. What is the best choice to describe what has occurred?
Spillage because classified data was moved to a lower classification level system without authorization.
*Spillage
What should you do when you are working on an unclassified system and receive an email with a classified attachment?
Call your security point of contact immediately
*Spillage
What should you do if a reporter asks you about potentially classified information on the web?
Ask for information about the website, including the URL.
*Spillage
.What should you do if a reporter asks you about potentially classified information on the web?
Refer the reporter to your organization’s public affairs office.
*Spillage
What is a proper response if spillage occurs?
~Immediately notify your security POC.
*Spillage
Which of the following is a good practice to aid in preventing spillage?
Be aware of classification markings and all handling caveats.
**Classified Data
When classified data is not in use, how can you protect it?
Store classified data appropriately in a GSA-approved vault/container.
**Classified Data
What is required for an individual to access classified data?
Appropriate clearance, a signed and approved non-disclosure agreement, and need-to-know
**Classified Data
Which classification level is given to information that could reasonably be expected to cause serious damage to national security?
Secret
**Classified Data
What is a good practice to protect classified information?
Ensure proper labeling by appropriately marking all classified material and, when required, sensitive material.
**Classified Data
Which of the following is true of protecting classified data?
Classified material must be appropriately marked.
**Classified Data
Which of the following can an unauthorized disclosure of information classified as Confidential reasonably be expected to cause?
Damage to national security
**Insider Threat
Which of the following is NOT considered a potential insider threat indicator?
New interest in learning a foreign language
**Insider Threat
A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. How many potential insider threat indicators does this employee display?
1 Indicator(wrong)
~3 or more indicators
**Insider Threat
A colleague vacations at the beach every year, is married and a father of four, his work quality is sometimes poor, and he is pleasant to work with. How many potential insider threat indicators does this employee display?
0 indicators
**Insider Threat
How many potential insider threat indicators does a coworker who often makes others uneasy by being persistent in trying to obtain information about classified projects to which he has no access, is boisterous about his wife putting them in credit card debt, and often complains about anxiety and exhaustion display?
3 or more indicators
**Insider Threat
How many potential insider threat indicators does a person who is playful and charming, consistently wins performance awards, but is occasionally aggressive in trying to access sensitive information display?
1 indicator
**Insider Threat
What advantages do “insider threats” have over others that allows them to cause damage to their organizations more easily?
Insiders are given a level of trust and have authorized access to Government information systems
**Insider Threat
What type of activity or behavior should be reported as a potential insider threat?
Coworker making consistent statements indicative of hostility or anger toward the United States in its policies.
**Insider Threat
Which of the following should be reported as a potential security incident?
A coworker removes sensitive information without authorization
**Insider Threat
Which of the following should be reported as a potential security incident (in accordance with you Agency’s insider threat policy)?
~A coworker brings a personal electronic device into a prohibited area.
**Social Networking
When is the safest time to post details of your vacation activities on your social networking website?
When vacation is over, after you have returned home
**Social Networking
What should you do if you receive a game application request that includes permission to access your friends, profile information, cookies, and sires visited?
Decline the request
*Sensitive Information
Under which circumstances is it permitted to share an unclassified draft document with a non-DoD professional discussion group?
As long as the document is cleared for public release, you may share it outside of DoD.
*Sensitive Information
What is the best example of Personally Identifiable Information (PII)?
Date and place of birth
*Sensitive Information
Which of the following is the best example of Personally Identifiable Information (PII)?
Passport number
*Sensitive Information
Which of the following is an example of Protected Health Information (PHI)?
Medical test results
*Sensitive Information
What type of unclassified material should always be marked with a special handling caveat?
For Official Use Only (FOUO)
*Sensitive Information
Under what circumstances could classified information be considered a threat to national security?
If aggregated, the information could become classified.
**Physical Security
What is a good practice for physical security?
Challenge people without proper badges.
**Physical Security
At which Cyberspace Protection Condition (CPCON) is the priority focus on critical functions only?
CPCON 1
**Identity Management
Your DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approved for access to the NIPRNet. In which situation below are you permitted to use your PKI token?
On a NIPRNet system while using it for a PKI-required task
**Identity Management
Which of the following is the nest description of two-factor authentication?
Something you possess, like a CAC, and something you know, like a PIN or password
**Identity management
Which is NOT a sufficient way to protect your identity?
Use a common password for all your system and application logons.
**Identity management
What is the best way to protect your Common Access Card (CAC)?
Maintain possession of it at all times.
*Sensitive Compartmented Information
What is a Sensitive Compartmented Information (SCI) program?
A program that segregates various type of classified information into distinct compartments for added protection and dissemination for distribution control.
*Sensitive Compartmented Information
Which of the following best describes the compromise of Sensitive Compartmented Information (SCI)?
A person who does not have the required clearance or assess caveats comes into possession of SCI in any manner.
*Sensitive Compartmented Information
When should documents be marked within a Sensitive Compartmented Information Facility (SCIF)
~All documents should be appropriately marked, regardless of format, sensitivity, or classification.
Unclassified documents do not need to be marked as a SCIF.
Only paper documents that are in open storage need to be marked.
Only documents that are classified Secret, Top Secret, or SCI require marking. (Wrong)
*Sensitive Compartmented Information
Which must be approved and signed by a cognizant Original Classification Authority (OCA)?
Security Classification Guide (SCG)
**Removable Media in a SCIF
What must users ensure when using removable media such as compact disk (CD)?
It displays a label showing maximum classification, date of creation, point of contact, and Change Management 9CM) Control Number.
*Malicious Code
What are some examples of malicious code?
Viruses, Trojan horses, or worms
**Website Use
While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. The website requires a credit card for registration. What should you do?
Since the URL does not start with “https,” do not provide you credit card information.
**Social Engineering
Which of the following is a practice that helps to prevent the download of viruses and other malicious code when checking your email?
Do not access links or hyperlinked media such as buttons and graphics in email messages.
**Social Engineering
What is TRUE of a phishing attack?
Phishing can be an email with a hyperlink as bait.
**Social Engineering
Which of the following is a way to protect against social engineering?
Follow instructions given only by verified personnel.
**Travel
What is a best practice while traveling with mobile computing devices?
Maintain possession of your laptop and other government-furnished equipment (GFE) at all times.
**Use of GFE
Under what circumstances is it acceptable to use your Government-furnished computer to check personal e-mail and do other non-work-related activities?
If allowed by organizational policy
**Mobile Devices
Which is a rule for removable media, other portable electronic devices (PEDs), and mobile computing devices to protect Government systems?
Do not use any personally owned/non-organizational removable media on your organization’s systems.
**Mobile Devices
Which of the following helps protect data on your personal mobile devices?
Secure personal mobile devices to the same level as Government-issued systems.
**Home Computer Security
How can you protect your information when using wireless technology?
Avoid using non-Bluetooth-paired or unencrypted wireless computer peripherals.
What is the best response if you find classified government data on the internet?
Note any identifying information, such as the website’s URL, and report the situation to your security POC.
What information posted publicly on your personal social networking profile represents a security risk?
Your place of birth
What is the best example of Protected Health Information (PHI)?
Your health insurance explanation of benefits (EOB)
What does Personally Identifiable Information (PII) include?
Social Security Number; date and place of birth; mother’s maiden name
What certificates are contained on the DoD Public Key Infrastructure (PKI) implemented by the Common Access Card (CAC)/Personal Identity Verification (PIV) card?
Identification, encryption, and digital signature
What describes how Sensitive Compartmented Information is marked?
Approved Security Classification Guide (SCG)
Which is a risk associated with removable media?
Spillage of classified information.
What is an indication that malicious code is running on your system?
File corruption
What is a valid response when identity theft occurs?
Report the crime to local law enforcement.
What is whaling?
A type of phishing targeted at high-level personnel such as senior officials.
What is a best practice to protect data on your mobile computing device?
Lock your device screen when not in use and require a password to reactivate.
What is a possible indication of a malicious code attack in progress?
A pop-up window that flashes and warns that your computer is infected with a virus.
Which of the following may be helpful to prevent inadvertent spillage?
What should you do after you have ended a call from a reporter asking you to confirm potentially classified info found on the web?
Alert your security point of contact.
Which of the following is NOT an example of sensitive information?
PII
SSN, date and place of birth, mother’s maiden name, biometric records, PHI, passport number
PHI
Subset of PII, health information that identifies the individual, relates to physical or mental health of an individual, provision of health care to an individual, or payment of healthcare for individual
Which of the following is NOT a typical result from running malicious code?
Disable cookies
What kind of information could reasonably be expected to cause serious damage to national security in the event of unauthorized disclosure?
Secret
Telework
Have your permissions from your organization, follow your organization guideline, use authorized equipment and software, employ cyber security best practice, perform telework in dedicated when home.
Which of the following should be reported as a potential security incident (in accordance with your Agency’s insider threat policy)?
A coworker brings a personal electronic device into prohibited areas.
A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complains about the credit card bills that his wife runs up. How many potential insider threat indicators does this employee display?
3 or more indicators
A colleague has won 10 high-performance awards, can be playful and charming, is not currently in a relationship, and occasionally aggressive in trying to access sensitive information. How many potential insider threat indicators does this employee display?
1 indicator
What information most likely presents a security risk on your personal social networking profile?
Mother’s maiden name
Which of the following represents a good physical security practice?
Use your own security badge, key code, or Common Access Card (CAC)/Personal Identity Verification (PIC) card.
How should you protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card?
Store it in a shielded sleeve to avoid chip cloning.
Which of the following statements is NOT true about protecting your virtual identity?
Use personal information to help create strong passwords.
While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. The website requires a credit card for registration. What should you do?
Since the URL does not start with “https,” do not provide your credit card information.
You receive an email from the Internal Revenue Service (IRS) demanding immediate payment of back taxes of which you were not aware. The email provides a website and a toll-free number where you can make payment. What action should you take?
Contact the IRS using their publicly available, official contact information.
Which of the following is a practice that helps to prevent the download of viruses and other malicious code when checking your email?
Do not access links or hyperlinked media such as buttons and graphics in email messages.
Which of the following is true of Internet hoaxes?
They can be part of a distributed denial-of-service (DDoS) attack.
Which of the following is NOT true of traveling overseas with a mobile phone?
Physical security of mobile phones carried overseas is not a major issue.
A coworker has asked if you want to download a programmer’s game to play at work. What should be your response?
I’ll pass.
A coworker wants to send you a sensitive document to review while you are at lunch and you only have your personal tablet. What should you do?
Never allow sensitive data on non-Government-issued mobile devices.
A man you do not know is trying to look at your Government-issued phone and has asked to use it. What should you do?
Decline to lend the man your phone.
How can you protect your information when using wireless technology?
Avoid using non-Bluetooth-paired or unencrypted wireless computer peripherals.
What should you do if a reporter asks you about potentially classified information on the web?
Neither confirm or deny the information is classified
.
Which of the following may be helpful to prevent inadvertent spillage?
Label all files, removable media, and subject headers with appropriate classification markings.
What kind of information could reasonably be expected to cause serious damage to national security in the event of unauthorized disclosure?
Secret
Which of the following is NOT true concerning a computer labeled SECRET?
May be used on an unclassified network.
A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complains about the credit card bills that his wife runs up. How many potential insider threat indicators does this employee display?
3 or more indicators
Which of the following should be reported as a potential security incident?
A coworker removes sensitive information without approval.
Which of the following should be reported as a potential security incident (in accordance with your Agency’s insider threat policy)?
A coworker brings a personal electronic device into prohibited areas.
When would be a good time to post your vacation location and dates on your social networking website?
When you return from your vacation.
In setting up your personal social networking service account, what email address should you use?
Your personal email address.
Which of the following is NOT a correct way to protect sensitive information?
Sensitive information may be stored on any password-protected system.
Which of these is true of unclassified data?
It’s classification level may rise when aggregated.
Is it permitted to share an unclassified draft document with a non-DoD professional discussion group?
As long as the document is cleared for public release, you may share it outside of DoD.
Within a secure area, you see an individual you do not know. Her badge is not visible to you. What is the best course of action?
Ask the individual to identify herself.
How should you protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card?
Store it in a shielded sleeve to avoid chip cloning.
Your DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approves for access to the NIPRNET. In which situation below are you permitted to use your PKI token?
On a NIPRNET system while using it for a PKI-required task
After clicking on a link on a website, a box pops up and asks if you want to run an application. Is it okay to run it?
No. Only allow mobile code to run from your organization or your organization’s trusted sites.
Upon connecting your Government- issued laptop to a public wireless connection, what should you immediately do?
Connect to the Government Virtual Private Network (VPN).
What do you do if spillage occurs?
Immediately notify your security point of contact.
What should you do after you have ended a call from a reporter asking you to confirm potentially classified information found on the web?
Alert your security point of contact.
Which of the following is NOT a requirement for telework?
You must possess security clearance eligibility to telework.
Who can be permitted access to classified data?
Only persons with appropriate clearance, a non-disclosure agreement, and need-to-know can access classified data.
A colleague has won 10 high-performance awards, can be playful and charming, is not currently in a relationship, and is occasionally aggressive in trying to access sensitive information. How many potential insiders threat indicators does this employee display?
1 indicator
A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. How many potential insiders threat indicators does this employee display?
3 or more indicators
A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complains about the credit card bills that his wife runs up. How many potential insiders threat indicators does this employee display?
3 or more indicators
In setting up your personal social networking service account, what email address should you use?
Your personal email address
What information most likely presents a security risk on your personal social networking profile?
Your place of birth
Which of the following is NOT an example of sensitive information?
Press release data
Is it permitted to share an unclassified draft document with a non-DoD professional discussion group?
As long as the document is cleared for public release, you may release it outside of DoD
Which of the following is an example of Protected Health Information (PHI)?
I’ve tried all the answers and it still tells me off. Examples are: Patient names, Social Security numbers, Driver’s license numbers, insurance details, and birth dates
Which of the following represents a good physical security practice?
Use your own security badge, key code, or Common Access Card (CAC)/Personal Identity Verification (PIC) card.
Which of the following is NOT a good way to protect your identity?
Use a single, complex password for your system and application logons.
Which of the following statements is TRUE about the use of DoD Public Key Infrastructure (PKI) tokens?
Always use DoD PKI tokens within their designated classification level.
Which of the following is NOT a typical means for spreading malicious code?
Patching from a trusted source
Which of the following is a practice that helps to protect you from identity theft?
Ordering a credit report annually
Which of the following is a practice that helps to prevent the download of viruses and other malicious code when checking your email?
Do not access links or hyperlinked media such as buttons and graphics in email messages.
You receive an unexpected email from a friend: “I think you’ll like this: https://tinyurl.com/2fcbvy.” What action should you take?
Use TinyURL’s preview feature to investigate where the link leads.
You receive an email from the Internal Revenue Service (IRS) demanding immediate payment of back taxes of which you were not aware. The email provides a website and a toll-free number where you can make payment. What action should you take?
Contact the IRS
When using your government-issued laptop in public environments, with which of the following should you be concerned?
The potential for unauthorized viewing of work-related information displayed on your screen.
Under what circumstances is it acceptable to check personal email on Government-furnished equipment (GFE)?
If your organization allows it.
Which of the following is NOT a best practice to protect data on your mobile computing device?
Lock your device screen when not in use and require a password to reactivate.
When checking in at the airline counter for a business trip, you are asked if you would like to check your laptop bag. This bag contains your government-issued laptop. What should you do?
I’ve tried all the answers and it still tells me off, part 2. Decline So That You Maintain Physical Control of Your Government-Issued Laptop.
How can you protect your information when using wireless technology?
Avoid using non-Bluetooth-paired or unencrypted wireless computer peripherals.
not an example of cui
- Press Release Data
which is not an example of cui
- Press Release Data
what is not an example of cui
- Press Release Data
example of cui cyber awareness
- CUI is an umbrella term that encompasses many different markings to identify information that is not classified but which should be protected. Some examples you may be familiar with: Personally Identifiable Information (PII) Sensitive Personally Identifiable Information (SPII)
cui examples
examples of cui
examples of cui include
what are examples of cui
what is not an example of cui cyber awareness
which is not an example of cui cyber awareness
cui example
example of cui
examples of controlled unclassified information include
examples of controlled unclassified information includes
what are examples of controlled unclassified information
what is considered cui
controlled unclassified information examples
correct way to protect cui
cui cyber awareness
cui protection
examples of controlled unclassified information
how to protect cui cyber awareness
is pii controlled unclassified information
not a correct way to store cui
what is considered cui data
what is controlled unclassified information basic
what is cui data
what is not a correct way to protect cui
a cui
controlled classified information
controlled unclassified information
cui controlled unclassified information
cui cyber security
cui data classification
cui documents
cui security
cui security classification
cui vs unclassified
cyber awareness cui
define controlled unclassified information
examples of controlled unclassified information cui include
is pii cui
is press release data cui
protecting cui
what cui basic
what is a controlled unclassified information
what is a cui
what is considered controlled unclassified information
what is controlled unclassified information
what is controlled unclassified information cui
what is cui cyber awareness
what is the correct way to protect cui
who is responsible for protecting cui markings and dissemination instructions
army cui
classification cui
controlled technical information
controlled unclassified info
controlled unclassified information categories
controlled unclassified information cui
controlled unclassified information marking
controlled unclassified information markings
controlled unclassified information registry
cui basic
cui classification
cui defined
cui distribution
cui documents must be reviewed
cui guidance
cui guide
cui markings
cui means
cui pii
cui registry
cui requirements
cui security classification guide
cui specified
cui transmission
define cui
definition of controlled unclassified information
how to protect cui
how to store cui
in order to obtain access to cui
information may be cui in accordance with
marking controlled unclassified information
protect cui
protecting cui includes which steps
security cui
types of cui
unclassified cui
unclassified information
what cui
what is controlled unclassified information specified
what is cui basic
what is cui dod
what is cui information
what is cui specific
what level of system and network is required for cui
when destroying or disposing of classified information you must
32 cfr part 2002
air force cui
army controlled unclassified information training
at the time of creation of cui
can cui
can cui be stored in a locked desk
can cui be stored on any password protected system
controlled unclassified information cover sheet
controlled unclassified information cui awareness training
controlled unclassified information meaning
controlled unclassified information training
controlled unclassified information training army
correct banner marking for unclassified documents with cui
cui
cui acronym
cui army
cui basic definition
cui categories
cui category
cui classification marking
cui data
cui definition
cui distribution statement
cui distribution statements
cui dod
cui government
cui includes information traditionally marked as
cui information
cui labeling
cui marking examples
cui marking handbook
cui markings dod
cui meaning
cui navy
cui specified definition
cui stands for
cui.
definition of cui
dod cui instruction
dod cui marking examples
dod cui markings
is proprietary data cui
it is mandatory to include a banner
it is mandatory to include a banner marking
level of system and network configuration is required for cui
navy cui
sensitive unclassified information
the correct banner for unclassified documents with cui is
the correct banner marking for unclassified documents with cui is
understanding that protection of sensitive unclassified information is
understanding that protection of sensitive unclassified information is:
what dod instructions implements the dod cui program
what does cui mean
what is basic cui
what is cui specified
what is the goal of destroying cui
which of the following individuals can access classified data
who can control cui
who is responsible for applying cui markings
who is responsible for protecting cui
32 cfr 2002
army controlled unclassified information
army cui training
army unclassified
at the time of creation of cui material
at the time of creation of cui material the authorized
can cui be emailed if encrypted
cmmc cui
controlled unclassified information army
controlled unclassified information dod
cui army training
cui banner
cui banner marking
cui category markings
cui cdi
cui cmmc
cui date
cui designation indicator
cui documents must be reviewed according to which
cui documents must be reviewed according to which procedures
cui documents must be reviewed to which procedures before destruction
cui email
cui email marking
cui fouo
cui marking
cui marking guidance
cui marking guide
cui stand for
cui training
cui training air force
cui vs fouo
cui’s
dod controlled unclassified information
dod controlled unclassified information training
dod cui guidance
dod cui program instruction
dod instruction cui program
dod instruction implements the dod cui program
dod mandatory controlled unclassified information
eo 13556
executive order 13556
fouo vs cui
how long is your nda applicable
how should you protect a printed classified document
is financial information cui
isoo cui
isoo cui registry
isoo registry
marking cui
proprietary data cui
unclasified
unclassifed
unclassified
under what circumstances could unclassified information be considered a threat
under which circumstances is it permitted to share an unclassified
what dod instruction implements cui
what dod instruction implements cui program
what dod instruction implements dod cui program
what dod instruction implements the cui program
what dod instruction implements the dod cui
what dod instruction implements the dod cui program
what does cui stand for
what is cui
what is fouo
what is purpose of isoo cui registry
what is sensitive unclassified information
what is the purpose of the isoo cui registry
what level of system is required for cui
what marking banner and footer
which of the following is true about markings
which of the following is true about unclassified data
which of the following may help to prevent inadvertent spillage
who can decontrol cui
who is responsible for applying cui markings and dissemination
why is cui important
2002 date
2002 h
200squared
2022 cyber awareness challenge
32 2002
32 cfr 2002 controlled unclassified information
32 cfr part 2002 controlled unclassified information
32 part
access to classified information
access to sensitive or restricted information is controlled describes which
adversaries mc
af cyber awareness challenge
air force cyber awareness challenge
air force fouo cover sheet
all classified
application sensitive but unclassified sbu
army cyber awareness 2022
army jko cyber awareness
army privacy act cover sheet
army sipr email address format
army unclassified powerpoint template
banner markings identify the
c ui
can 2002
cbt cyber security
compressed url cyber awareness
controlled government
critical unclassified information is sometimes
ctp requirements
cui can
cui cbt
cui certification
cui compliance
cui cover sheet
cui cti
cui cui
cui dfars
cui fedcon
cui itar
cui label
cui labels
cui propin
cui training army
cui.me
cui//sp-cti
cyber awareness cbt
cyber awareness challenge 2022
cyber awareness challenge 2022 cheat code
cyber awareness challenge insider threat
cyber awareness challenge jko
cyber awareness how can you protect yourself from internet hoaxes
cyber awareness jko
cyber awareness training 2022
cyber awarness 2022
cyber security cbt
define counterintelligence
dfars cui
disclosure con
dod 5200.48
dod cui training
dod cyber awareness challenge 2022
dod instruction 5200.48
dod mandatory controlled unclassified information cui training
dod mandatory controlled unclassified information training
dod mandatory cui training
dodi 5200.48
email marking
example of near field communication cyber awareness
good practice to prevent spillage
how can you avoid downloading malicious code cyber awareness challenge
how can you protect yourself from internet hoaxes
how can you protect yourself from internet hoaxes cyber awareness
how can you protect yourself from social engineering cyber awareness
how long is your non disclosure agreement applicable
how long is your non-disclosure agreement applicable
how many insider threat indicators does alex
how many insider threat indicators does alex demonstrate
how should you respond to the theft of your identity
how to prevent spillage cyber awareness
how to protect yourself from internet hoaxes
i hate cbts cyber awareness
identify the correct and incorrect statements about executive orders.
if you are a military personnel and you knowingly leaked
ihatecbts cyber awareness 2022
inadvertent spillage
information may be cui in accordance with executive order 13526
intentional unauthorized disclosure of classified information
internet hoaxes cyber awareness
is it permitted to share an unclassified draft document
is press release data sensitive information
is whistleblowing the same as reporting an unauthorized disclosure
isoo cui registry purpose
isso cui registry
itar cui
itar vs cui
jko cyber awareness
jko cyber awareness 2022 answers
jko cyber security
malicious code cyber awareness
mc requirements
near field communication cyber awareness
near field communication cyber awareness 2022
network configuration for cui
non federal systems
opsec is a dissemination control category
opsec is a dissemination control category within the cui program
penalties for unauthorized disclosure of classified information
portion mark
portion markings
possible effect of malicious code
prevent spillage
purpose of isoo cui registry
relates to reporting of gross mismanagement and/or abuse of authority
requirements to access classified information
sensitive but unclassified
spillage definition cyber awareness
the act of publicly documenting and sharing information is called
the whistleblower protection enhancement act relates to reporting
transfer email from nipr to sipr
unauthorized disclosure of classified
unauthorized disclosure of classified information
unauthorized disclosure of classified information for dod and industry
unauthorized disclosure of information classified as confidential
unclassified banner
unclassified cover sheet
unclassified resume
unnpi
what can malicious code do cyber awareness challenge
what dod instruction implements the dod program
what is a possible effect of malicious code
what is a possible effect of malicious code cyber awareness
what is a protection against internet hoaxes
what is a protection against internet hoaxes cyber awareness
what is controlled
what is possible effect of malicious code
what is protection against internet hoaxes
what is purpose of the isoo cui registry
what is required for an individual to access classified data
what is sensitive compartmented information cyber awareness 2022
what is spillage cyber awareness
what is spillage in cyber awareness
what is the possible effect of malicious code
what is the purpose of isoo cui registry
what is the purpose of the isoo registry
what level of damage can the unauthorized disclosure of information
what security risk does a public wi-fi connection pose
what should the owner of this printed sci do differently
what should you do if you suspect spillage has occurred
what threat do insiders with authorized
what threat do insiders with authorized access to information
what threat do insiders with authorized access to information pose
when can you check personal email on your gfe
when using social networking services the penalties for ignoring requirements
which of the following individuals can access classified data 2022
which of the following is an
which of the following is an example of nfc
which of the following is good practice to prevent spillage
which of the following is not an
which of the following is true about protecting classified data
which of the following is true of protecting classified data
which of the following may help prevent spillage
which of the following may help to prevent spillage
which of the following represents a good physical security practice
which of these is true of unclassified data
whistleblowing should be used to report which of the following
who is responsible for applying cui markings and dissemination instructions
working papers must be remarked within
Which of the following is an example of malicious code? Software that install itself without the user’s knowledge.
It is getting late on Friday. You are reviewing your employees annual self evaluation. Your comments are due on Monday. You can email your employees information to yourself so you can work on it this weekend and go home now. Which method would be the BEST way to send this information?
Use the government email system so you can encrypt the information and open the email on your government issued laptop
What should you do if someone asks to use your government issued mobile device (phone/laptop..etc)?
Decline to lend your phone / laptop
Where should you store PII / PHI?
Information should be secured in a cabinet or container while not in use
Of the following, which is NOT an intelligence community mandate for passwords?
Maximum password age of 45 days
Which of the following is NOT Government computer misuse?
Checking work email
Which is NOT a telework guideline?
Taking classified documents from your workspace
What should you do if someone forgets their access badge (physical access)?
Alert the security office
What can you do to protect yourself against phishing?
All of the above
What should you do to protect classified data?
Answer 1 and 2 are correct
What action is recommended when somebody calls you to inquire about your work environment or specific account information?
Ask them to verify their name and office number
If classified information were released, which classification level would result in “Exceptionally grave damage to national security”?
Top Secret
Which of the following is NOT considered sensitive information?
Sanitized information gathered from personnel records
Which of the following is NOT a criterion used to grant an individual access to classified data?
Senior government personnel, military or civilian
Of the following, which is NOT a problem or concern of an Internet hoax?
Directing you to a website that looks real
Media containing Privacy Act information, PII, and PHI is not required to be labeled.
FALSE
Which of the following is NOT a home security best practice?
Setting weekly time for virus scan when you are not on the computer and it is powered off
Which of the following best describes wireless technology?
It is inherently not a secure technology
You are leaving the building where you work. What should you do?
Remove your security badge
Which of the following is a good practice to avoid email viruses?
Delete email from senders you do not know
What is considered a mobile computing device and therefore shouldn’t be plugged in to your Government computer?
All of the above
Which is NOT a way to protect removable media?
As a best practice, labeling all classified removable media and considering all unlabeled removable media as unclassified
What is NOT Personally Identifiable Information (PII)?
Hobby
Of the following, which is NOT a method to protect sensitive information?
After work hours, storing sensitive information in unlocked containers, desks, or cabinets if security is not present
There are many travel tips for mobile computing. Which of the following is NOT one?
When using a public device with a card reader, only use your DoD CAC to access unclassified information
The use of webmail is
is only allowed if the organization permits it
What is considered ethical use of the Government email system?
Distributing Company newsletter
Which of the following attacks target high ranking officials and executives?
Whaling
What constitutes a strong password?
all of the above
You are logged on to your unclassified computer and just received an encrypted email from a co-worker. The email has an attachment whose name contains the word “secret”. What should you do?
Contact your security POC right away
Which is a way to protect against phishing attacks?
Look for digital certificates
You receive an email from a company you have an account with. The email states your account has been compromised and you are invited to click on the link in order to reset your password. What action should you take?
Notify security
You are having lunch at a local restaurant outside the installation, and you find a cd labeled “favorite song”. What should you do?
Leave the cd where it is
How should you securely transport company information on a removable media?
Encrypt the removable media
Should you always label your removable media?
Yes
Which of the following is NOT Protected Health Information (PHI)?
Medical care facility name
If authorized, what can be done on a work computer?
Check personal email
Spear Phishing attacks commonly attempt to impersonate email from trusted entities. What security device is used in email to verify the identity of sender?
Digital Signatures
What type of security is “part of your responsibility” and “placed above all else?”
Physical
If your wireless device is improperly configured someone could gain control of the device? T/F
TRUE
Which of the following is a proper way to secure your CAC/PIV?
Remove and take it with you whenever you leave your workstation
What actions should you take prior to leaving the work environment and going to lunch?
All of the above
P2P (Peer-to-Peer) software can do the following except:
Allow attackers physical access to network assets
How can you guard yourself against Identity theft?
All of the above
When leaving your work area, what is the first thing you should do?
Remove your CAC/PIV
Using webmail may bypass built in security features.
TRUE
Of the following, which is NOT a characteristic of a phishing attempt?
Directing you to a web site that is real
Classified Information can only be accessed by individuals with
All of the above
Which of the following definitions is true about disclosure of confidential information?
Damage to national security
It is permissible to release unclassified information to the public prior to being cleared.
False
Which of the following is NOT sensitive information?
Unclassified information cleared for public release
What should you do to protect yourself while on social networks?
Validate all friend requests through another source before confirming them
Which is NOT a method of protecting classified data?
Assuming open storage is always authorized in a secure facility
What can you do to prevent spillage?
all of the above
Which of the following makes Alex’s personal information vulnerable to attacks by identity thieves?
Carrying his Social Security Card with him
DoD employees are prohibited from using a DoD CAC in card-reader-enabled public device
TRUE
Which of the following is an example of malicious code?
Trojan horses
Which of the following is NOT PII?
Mother’s maiden name
Classified Information is
Assigned a classification level by a supervisor
Maria is at home shopping for shoes on Amazon.com. Before long she has also purchased shoes from several other websites. What can be used to track Maria’s web browsing habits?
Cookies
Which is an untrue statement about unclassified data?
If aggregated, the classification of the information may not be changed
A medium secure password has at least 15 characters and one of the following.
Special character
PII, PHI, and financial information is classified as what type of information?
Sensitive
The CAC/PIV is a controlled item and contains certificates for:
All of the above
An individual who has attempted to access sensitive information without need-to-know and has made unusual requests for sensitive information is displaying indicators of what?
Potential Insider Threat
Which of the following is NOT a social engineering tip?
Following instructions from verified personnel
Bob, a coworker, has been going through a divorce, has financial difficulties and is displaying hostile behavior. How many potential insider threat indicators is Bob displaying?
3
You are working at your unclassified system and receive an email from a coworker containing a classified attachment. What should you do?
Alert your security POC
You check your bank statement and see several debits you did not authorize. You believe that you are a victim of identity theft. Which of the following should you do immediately?
Monitor credit card statements for unauthorized purchases
Thumb drives, memory sticks, and flash drives are examples of
Removable media
What information relates to the physical or mental health of an individual?
PHI
What should be done if you find classified Government Data/Information Not Cleared for Public Release on the Internet?
Make note of any identifying information and the website URL and report it to your security office
All https sites are legitimate and there is no risk to entering your personal info online.
FALSE
When using a fax machine to send sensitive information, the sender should do which of the following?
Contact the recipient to confirm receipt
What should be done to protect against insider threats?
Report any suspicious behavior
Which of the following is NOT a potential insider threat?
Member of a religion or faith
Of the following, which is NOT a security awareness tip?
Remove security badge as you enter a restaurant or retail establishment
ActiveX is a type of this?
Mobile code
Which of the following is NOT a security best practice when saving cookies to a hard drive?
Looking for “https” in the URL. All https sites are legitimate.
Which is NOT a requirement for telework?
Telework is only authorized for unclassified and confidential information
Someone calls from an unknown number and says they are from IT and need some information about your computer. What should you do?
Request the user’s full name and phone number
Which is NOT a wireless security practice?
Turning off computer when not in use
Malicious code can do the following except?
Make your computer more secure
What type of data must be handled and stored properly based on classification markings and handling caveats?
Classified
What information should you avoid posting on social networking sites?
All of the above
A coworker has left an unknown CD on your desk. What should you do?
Put the CD in the trash
Which of the following is NOT a DoD special requirement for tokens?
Using NIPRNet tokens on systems of higher classification level
UNCLASSIFIED is a designation to mark information that does not have potential to damage national security.
TRUE
You receive a call on your work phone and you’re asked to participate in a phone survey. As part of the survey the caller asks for birth date and address. What type of attack might this be?
Social Engineering
“Spillage” occurs when
Personal information is inadvertently posted at a website
What should be done to sensitive data on laptops and other mobile computing devices?
Encrypt the sensitive data
Which of the following should be done to keep your home computer secure?
All of the above
How are Trojan horses, worms, and malicious scripts spread?
By email attachments
The following practices help prevent viruses and the downloading of malicious code except.
Scan external files from only unverifiable sources before uploading to computer
Questions and Answers
- 1. Which of the below is not used for Multi-factor authentication?
- A. Something you do
- B. Something you have
- C. Something you know
- D. Something you are
A. Something you doExplanation
“Something you do” is not used for multi-factor authentication. Multi-factor authentication typically involves using a combination of two or more factors to verify a user’s identity. These factors can include “something you have” (such as a physical token or a mobile device), “something you know” (such as a password or PIN), and “something you are” (such as biometric data like fingerprints or facial recognition). However, “something you do” refers to behavioral biometrics, which is a separate authentication method that analyzes patterns of behavior, such as typing speed or mouse movements, to verify identity.Rate this question: - 2. Which of the below is not a best practice of choosing Strong Passwords?
- A. Make it impersonal
- B. Make it long
- C. Make it diverse
- D. Make it numeric
D. Make it numericExplanation
Making a password numeric is actually a best practice for choosing strong passwords. Including numbers in a password adds complexity and makes it harder for attackers to guess or crack the password. Therefore, the given answer is incorrect.Rate this question: - 3. Which of the below is not a part of the Clean Desk Policy?
- A. Tidy your desk
- B. Lock your screen
- C. Hiding passwords below keyboard
- D. Put away sensitive documents
C. Hiding passwords below keyboardExplanation
The Clean Desk Policy aims to maintain a clutter-free and secure work environment. Tidying your desk, locking your screen, and putting away sensitive documents are all practices that align with this policy. However, hiding passwords below the keyboard is not a part of the Clean Desk Policy. This action poses a security risk as it makes it easier for unauthorized individuals to access sensitive information.Rate this question: - 4. Which of the below is not a part of the appropriate use – Laptop Security Policy?
- A. Return your laptop when you resign
- B. Prevent damage to loss/theft of Laptop
- C. Report loss of Laptop to HR & IT Department
- D. Install any software without approval
D. Install any software without approvalExplanation
The correct answer is “Install any software without approval.” This is not a part of the appropriate use – Laptop Security Policy because it can pose a security risk to the laptop and the network. Installing software without approval can introduce malware or other malicious programs, compromise the laptop’s security, and violate company policies. It is important to obtain proper approval before installing any software to ensure the security and integrity of the laptop and the organization’s network.Rate this question: - 5. Which of the below is not a part of the appropriate use – Email Security Policy?
- A. Don’t access your personal email account
- B. Use official Email ID for personal purposes
- C. Don’t send spam
- D. Don’t do Email Forging
B. Use official Email ID for personal purposesExplanation
The statement “Use official Email ID for personal purposes” is not a part of the appropriate use – Email Security Policy. This policy is designed to ensure the security and confidentiality of email communication within an organization. Using official email IDs for personal purposes may compromise the security of sensitive information and increase the risk of unauthorized access or data breaches. It is important to separate personal and official email accounts to maintain the integrity of the organization’s email security policy.Rate this question: - 6. When receiving a Email from a unknown contact that has an attachment, you should:
- A. Open the attachment to view its contents
- B. Delete the mail
- C. Forward the email to your co-workers to allow them to open the attachment first
- D. Forward the email to your personal email account so you can open it at home
B. Delete the mailExplanation
When receiving an email from an unknown contact that has an attachment, it is recommended to delete the mail. Opening the attachment can pose a security risk as it may contain malware or viruses that can harm your computer or compromise your personal information. Forwarding the email to co-workers or personal email accounts can potentially spread the risk to others or expose personal information to unauthorized individuals. Therefore, the safest course of action is to delete the email to protect yourself and your system from potential harm.Rate this question: - 7. The mouse on your computer begins moving across the screen and clicking on things without you even touching it. What will you do?
- A. Unplug your mouse
- B. Disconnect your computer from the network & call the IT Support Desk
- C. Turn your computer OFF
- D. Call your colleagues over so they can see this miracle!
B. Disconnect your computer from the network & call the IT Support DeskExplanation
If the mouse on your computer is moving and clicking on things without you touching it, it is likely that your computer has been compromised by malware or a hacker. Disconnecting your computer from the network is important to prevent further unauthorized access or potential damage. Calling the IT Support Desk is necessary to report the incident and seek assistance in resolving the issue and ensuring the security of your computer system.Rate this question: - 8. Which of the following is an Online Malware Scanning Service for suspicious files and URLs?
- A. Www.serials.ws
- B. Www.crackme.us
- C. Www.totalvirus.com
- D. Www.virustotal.com
D. Www.virustotal.comExplanation
www.virustotal.com is an online malware scanning service that allows users to scan suspicious files and URLs for potential malware or viruses. It provides a comprehensive analysis by using multiple antivirus engines and other tools to detect any malicious content. Users can upload files or enter URLs to be scanned, and the service provides detailed reports on the potential threats found. It is a trusted platform used by individuals and organizations to ensure the safety of their files and websites.Rate this question: - 9. When is the best time to lie to your information security auditor or officer?
- A. If you want to cover up your best friend’s faults or mistakes
- B. If the security auditor is not your friend and cannot be trusted
- C. If it impacts the termination of the key people in your organization
- D. None of the above
D. None of the aboveExplanation
The best time to lie to your information security auditor or officer is never. Lying to cover up someone else’s faults or mistakes, or because you don’t trust the auditor, or to protect key people in your organization is unethical and can have serious consequences. It is always best to be honest and transparent with auditors and officers to maintain the integrity and security of the organization’s information.Rate this question: - 10. You went to Starbucks/CCD to buy a coffee and then while waiting for your order, you decided to connect to their Free WIIFI. While browsing your Google Mail (https://mail.google.com/), the page redirects to http://www.googlemail.anish.net. What do you think should you do?
- A. Login to where Google Mail has redirected, it’s just one of Google’s web sites – not suspicious at all.
- B. Disconnect to Starbucks/CCD WIFI network.
- C. Ask the person sitting next to you if his Google Mail also redirects to http://www.googlemail.anish.net.
- D. Find the Wireless Access Point (Wi-Fi device) and reboot it
B. Disconnect to Starbucks/CCD WIFI network.Explanation
The correct answer is to disconnect from the Starbucks/CCD WIFI network. This is because when browsing Google Mail, the page redirects to a suspicious website (http://www.googlemail.anish.net) instead of the legitimate Google Mail website (https://mail.google.com/). This could indicate a potential security threat or a man-in-the-middle attack. To ensure the safety of personal information, it is best to disconnect from the WIFI network to prevent any unauthorized access or data breach.Rate this question: - 11. Which of the following could help you mitigate malwares and viruses from infecting your PC?
- A. Download software from trusted sources only
- B. Install an antivirus program and enable firewall
- C. Always update your PC when prompted for system updates
- D. Monitor and analyze the network traffic of your PC
B. Install an antivirus program and enable firewall - 12. You have a hard copy of a design document that you want to dispose of. What would you do?
- A. Throw it in any dustbin
- B. Shred it using a shredder
- C. Give it to the office boy to reuse it for other purposes
- D. Be environment friendly and reuse it for writing
B. Shred it using a shredderExplanation
Shredding the hard copy of the design document is the correct answer because it ensures that the sensitive information contained in the document is destroyed and cannot be accessed by unauthorized individuals. This helps to protect the confidentiality of the information and prevent any potential misuse or data breaches. Shredding is a secure and reliable method of disposing of confidential documents.Rate this question: - 13. What is social engineering?
- A. A group planning for a social activity in the organization
- B. Creating a situation wherein a third party gains confidential information from you
- C. The organization planning an activity for welfare of the neighbourhood
- D. None of the above
B. Creating a situation wherein a third party gains confidential information from youExplanation
Social engineering refers to the act of manipulating individuals into divulging confidential information or performing actions that may compromise their security. This can be done through various techniques such as impersonation, deception, or psychological manipulation. The correct answer states that social engineering involves creating a situation where a third party gains confidential information from the individual, which accurately describes the concept. It is important to be aware of social engineering tactics to protect oneself from potential security breaches.Rate this question: - 14. How can you report a security incident?
- A. Email
- B. Phone
- C. Any of the above
- D. None of the above
C. Any of the aboveExplanation
The correct answer is “Any of the above” because reporting a security incident can be done through various means, including email and phone. This allows individuals to choose the most convenient method for them to report the incident and ensure that it is communicated to the appropriate authorities.Rate this question: - 15. You see a non familiar face in the access controlled areas of our office, the person does not have the a ITZCASH ID/Visitor/Vendor tag with him. What would you do?
- A. None of my business, let some body else take care of it
- B. Ask the person to leave the facility
- C. Escort the person to the security and raise a security incident
- D. Scream and yell till the person leaves
C. Escort the person to the security and raise a security incidentExplanation
If a non-familiar face is seen in the access controlled areas of the office without any proper identification, the appropriate action would be to escort the person to the security and raise a security incident. This ensures that the person is properly addressed and investigated by the security team, maintaining the safety and security protocols of the office.