What do you do if spillage occurs? | ? |
Which of the following does NOT constitute spillage? | Classified information that should be unclassified and is downgraded |
Which of the following is NOT an appropriate way to protect against inadvertent spillage? | Use the classified network for all work, including unclassified work |
Which of the following should you NOT do if you find classified information on the internet? | Download the information |
Which of the following is NOT true concerning a computer labeled SECRET? | May be used on an unclassified network |
What kind of information could reasonably be expected to cause serious damage to national security in the event of unauthorized disclosure? | Secret |
What advantages do "insider threats" have over others that allows them to be able to do extraordinary damage to their organizations? | They are trusted and have authorized access to Government information systems. |
Which of the following should be reported as a potential security incident? | A coworker removes sensitive information without authorization. |
A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complains about the credit card bills that his wife runs up. How many potential insider threat indicators does this employee display? | ? |
In addition to avoiding the temptation of greed to betray his country, what should Alex do differently? | Avoid talking about work outside of the workplace or with people without a need-to-know |
How many insider threat indicators does Alex demonstrate? | Three or more |
What should Alex’s colleagues do? | Report the suspicious behavior in accordance with their organization’s insider threat policy |
What information most likely presents a security risk on your personal social networking profile? | Personal email address |
What information most likely presents a security risk on your personal social networking profile? | ? |
Select all sections of the profile that contain an issue. Then select Submit. [Alex Smith] | All three sections |
Select the appropriate setting for each item. Then select Save. [Alex Smith/Social Media] | Name and profile picture – Any (depends on personal preference) Biographical data – Friends Only; Status, photos, and posts – Friends Only; Family and relationships – Friends Only; Birthday – Friends Only; Photos and videos you are in – Friends Only; Check in location via GPS – Off |
Which of the following is NOT a correct way to protect sensitive information? | Sensitive information may be stored on any password-protected system. |
Is it permitted to share an unclassified draft document with a non-DoD professional discussion group? | As long as the document is cleared for public release, you may share it outside of DoD. |
Which type of information includes personal, payroll, medical, and operational information? | Sensitive |
After clicking on a link on a website, a box pops up and asks if you want to run an application. Is it okay to run it? | No. Only allow mobile code to run from your organization or your organization’s trusted sites. |
Which of the following represents a good physical security practice? | Use your own security badge, key code, or Common Access Card (CAC)/Personal Identity Verification (PIC) card. |
Which of the following statements is TRUE about the use of DoD Public Key Infrastructure (PKI) tokens? | Always use DoD PKI tokens within their designated classification level. |
What is the best way to protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card? | Maintain possession of it at all times. |
Which of the following is a best practice for handling cookies? | ? |
Select all security issues. Then select Submit. [Isabel/Website Use] | Top and bottom sections only |
You receive an email at your official Government email address from an individual at the Office of Personnel Management (OPM). The email provides a link to a personnel portal where you must enter your personal information as part of an effort to standardize recordkeeping. What action should you take first? | Look for a digital signature on the email. |
You receive an email from the Internal Revenue Service (IRS) demanding immediate payment of back taxes of which you were not aware. The email provides a website and a toll-free number where you can make payment. What action should you take? | Contact the IRS using their publicly available, official contact information. |
Which email attachments are generally SAFE to open? | Attachments contained in a digitally signed email from someone known |
Which of the following is NOT true of traveling overseas with a mobile phone? | ? |
What should Sara do when using publicly available Internet, such as hotel Wi-Fi? | Only connect with the Government VPN |
What is the danger of using public Wi-Fi connections? | Both of these |
A coworker has asked if you want to download a programmer’s game to play at work. What should be your response? | I’ll pass. |
While you are waiting for your lunch bill, a stranger picks up your Government-issued phone from your table and proceeds to exit the facility with it. What should you do? | Try to observe the direction taken and any other useful information and immediately make a report to your security point of contact. |
Mobile devices include fitness bands, tablets, smartphones, electronic readers, and Bluetooth- enabled devices. | True |
Which of the following is a best practice for securing your home computer? | Use antivirus software and keep it up to date. |
FAQs
What is the knowledge check option for DoD cyber awareness? ›
A Knowledge Check option is available for users who have successfully completed the previous version of the course. After each selection on the incident board, users are presented one or more questions derived from the previous Cyber Awareness Challenge.
What is malicious code DoD cyber awareness challenge? ›Malicious code can do damage by corrupting files, encrypting or erasing your hard drive, and/or allowing hackers access. Malicious code includes viruses, Trojan horses, worms, macros, and scripts. Malicious code can be spread by e-mail attachments, downloading files, and visiting infected websites.
Where can I find my Cyber Awareness Challenge certificate? ›You can go back to the Certificates tab at the top on the right side of the DoD Cyber Awareness Challenge, select the little ribbon under the column titled certificate. You'll see your Cyber Awareness Challenge completion certificate. Save it and send it to who is asking for it.
What is Cyber Awareness Challenge training? ›A Cyber Awareness Challenge is a type of training and security certification that helps authorized users understand the actions required to avoid and reduce threats and vulnerabilities in an organization's system.
What is the DoD checklist used for? ›The DoD is a set of high-level criteria for determining if a product increment is complete. It applies to all product increments and defines the overall quality of a product.
What are the three 3 information security and cybersecurity program controls? ›There are three main types of IT security controls including technical, administrative, and physical. The primary goal for implementing a security control can be preventative, detective, corrective, compensatory, or act as a deterrent.
What is an example of the threat of malicious code? ›Malicious code refers to any software that can damage or disable various access on business networks. This coding can take the form of email viruses, trojans, worms, malware, ransomware, or phishing email attacks.
What is a common indicator of a phishing attempt DoD cyber awareness? ›A common indicator of a phishing attempt is a deceptive and suspicious email often disguised as a legitimate one. Such emails are meant for stealing information and malicious actions. There are some fraudulent companies that send false emails, texts, or websites to exploit human weaknesses and steal sensitive data.
What is a DoD threat? ›A person, known or suspected, who uses their authorized access to DoD facilities, personnel, systems, equipment, information, or infrastructure to damage and disrupt operations, compromise DoD information, or commit espionage on behalf of an FIE (Foreign Intelligence Entity).
How hard is cyber security certification? ›The CISSP is quite a tough certification in cyber security to get. It's widely recognized and you need a minimum of five years of experience in cybersecurity. You also need to pass the CISSP exam. Topics that the curriculum covers include security and risk management, asset security, and security architecture.
Is a cyber defense certificate worth it? ›
* “They validate your skills and provide a standardized benchmark that employers can use to assess candidates … So, while not strictly required, cybersecurity certifications are highly beneficial and often essential for a successful and competitive career.”
How fast can I get a cyber security certificate? ›The Google Cybersecurity Certificate can be completed in 3 months working approximately 20 hours per week, or in 6 months working 10 hours per week. Are the modules self-paced? Yes. This certificate program is asynchronous and self-paced.
How long is the cyber awareness course? ›Version: 2024 Length: 1 Hour. The purpose of the Cyber Awareness Challenge is to influence behavior, focusing on actions that authorized users can engage to mitigate threats and vulnerabilities to DoD Information Systems.
What of the following is an example of malicious code? ›Taking advantage of common system vulnerabilities, malicious code examples include computer viruses, worms, Trojan horses, logic bombs, spyware, adware, and backdoor programs.
Is cyber awareness Challenge an annual requirement? ›If you use EIV, if you view EIV reports or if you send TRACS files you are required to take Cyber Awareness Challenge (Security Awareness Training) annually. The requirements are for: Any EIV User/Coordinator who has access to or uses EIV and completed the EIV Access Authorization Form.
Which of the following is a good practice for telework knowledge check? ›Explanation: A good practice for telework cyber awareness is to use a secure VPN for remote access.
What is cyber security check? ›Cyber security testing seeks to identify vulnerabilities in a system or program before an attacker may exploit them. The testing checks how vulnerable the software is to cyberattacks and how it impacts malicious or unexpected inputs on its operations.
What is knowledge base for information security? ›The Security Knowledge Base is a cluster of information gathered from various publicly-available threat intelligence sources, which are external to the FINSEC core platform.
What cybersecurity framework does the DoD use? ›The DCWF leverages the original National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NCWF) and the DoD Joint Cyberspace Training and Certification Standards (JCT&CS).