Cyber Awareness Flashcards by Jedi Master (2024)

1

Q

Spillage: Which of the following does NOT constitute spillage?
a. Classified information that is accidentally moved to a lower classification or protection level. b. Classified information that should be unclassified and is downgraded. c. Classified information that is intentionally moved to a lower protection level without authorization.

A

b. Classified information that should be unclassified and is downgraded.

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

2

Q

Spillage: Which of the following is NOT an appropriate way to protect against inadvertent spillage? a. Label all files, removable media, and subject headers. b. Use the classified network for all work, including unclassified work. c. Be aware of classified markings and all handling caveats.

A

b. Use the classified network for all work, including unclassified work.

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

3

Q

Spillage: Which of the following should you NOT do if you find classified information on the internet? a. Not the website’s URL. b. Download the information. c. Report it to security.

A

b. Download the information.

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

4

Q

Classified Data: (Incident) What level of damage to national security can you reasonably expect Top Secret information to cause if disclosed? a. Damage b. Serious damage c. Exceptionally grave damage

A

Exceptionally grave damage

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

5

Q

Classified data: (Scene) Which of the following is true about telework? a. You may use your personal computer as long as it is in a secure area in your home b. You must have your organization’s permission to telework c. You may use unauthorized software as long as your computer’s antivirus software is up to date.

A

You must have your organization’s permission to telework

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

6

Q

Classified data: (Theory) Which of the following is true of protecting classified data? a. Classified material must be appropriately marked b. Secure facilities allow open storage of classified material c Classified material may be used in unsecured areas as long as it remains in the possession of an individual with the proper clearance and need-to-know.

A

Classified material must be appropriately marked

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

7

Q

Insider threat: (Alex’s statement) In addition to avoiding the temptation of greed to betray his country, what should Alex do differently? a. Avoid attending professional conferences. b. Ask probing questions of potential network contacts to ascertain their true identity c. Avoid talking about work outside of the workplace or with people without need-to-know.

A

Avoid talking about work outside of the workplace or with people without need-to-know.

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

8

Q

Insider threat: (Ellen’s statement) How many insider threat indicators does Alex demonstrate? 0, 1, 2, or 3+

A

Three or more

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

9

Insider threat: (Mark’s statement): What should Alex’s colleagues do? a. Report the suspicious behavior in accordance with their organization’s insider threat policy b. Keep an eye on his behavior to see if it escalates c. Set up a situation to establish concrete proof that Alex is taking classified information.

A

Report the suspicious behavior in accordance with their organization’s insider threat policy

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

10

Q

Social Networking: Select all sections of the profile that contain an issue.

A

  1. Works at Department of Defense
  2. Car broke down again!!
  3. Family
    * All three sections.

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

11

Q

Social Networking: Privacy Settings

A

Name and profile picture - Any

Status, photos, and posts - Friends Only

Family and relationships - Friends Only

Birthday - Friends Only

Photos and videos you are in - Friends Only

Check in location via GPS: Off

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

12

Q

Controlled Unclassified Information: (Incident) Which of the following is NOT an example of CUI? a. Proprietary data b. Press release data c. Financial information

A

Press release data

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

13

Q

Controlled Unclassified Information: (Incident) Which of the following is NOT a correct way to protect CUI? a. CUI may be stored on any password-protected system b. CUI may be stored in a locked desk after working hours c. CUI may be emailed if encrypted.

A

CUI may be stored on any password-protected system

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

14

Q

Controlled Unclassified Information: (Victim) Select the information on the data sheet that is personally identifiable information (PII) but not protected health information (PHI).

A

Jane Jones

Social Security Number

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

15

Q

Controlled Unclassified Information: (Victim) Select the information on the data sheet that is protected health information (PHI).

A

Interview: Dr. Nora Baker

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

16

Q

Physical Security: (Incident #1): What should the employee do differently? a. Nothing. He let his colleague know where he was going, and he was coming right back. b. Skip the coffee break and remain at his workstation. He’s on the clock after all! c. Remove his CAC and lock his workstation.

A

Remove his CAC and lock his workstation.

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

17

Q

Physical Security: (Incident #2): What should the employee do differently? a. Nothing. The person looked familiar, and anyone can forget their badge from time to time. b. Decline to let the person in and redirect her to security c. Let the person in but escort her back t her workstation and verify her badge.

A

Decline to let the person in and redirect her to security

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

18

Q

Identity Management Evidence (Incident): Select all violations at this unattended workstation.

A

Laptop (Take CAC out), PIN note (Never write your PIN.

How well did you know this?

1

Not at all

2

3

4

5

Perfectly

19

Q

Sensitive Compartmented Information (Incident #1): When is it appropriate to have your security badge visible? a. Only when badging in b. At all times when in the facility c. At any time during the workday, including when leaving the facility.

A

At all times when in the facility

20

Q

Sensitive Compartmented Information (Incident #2): What should the owner of this printed SCI do differently? a. Never print classified documents b. Label the printout UNCLASSIFIED to avoid drawing attention to it c. Retrieve classified documents promptly from printers.

A

Retrieve classified documents promptly from printers.

21

Q

Sensitive Compartmented Information (Incident #3): What should the participants in this conversation involving SCI do differently? a. Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed. b. Hold the conversation over e-mail or instant messenger to avoid being overheard. c. Nothing. It is fair to assume that everyone in the SCIF is properly cleared.

A

Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed.

22

Q

Removable Media in a SCIF (Evidence): What portable electronic devices (PEDs) are permitted in a SCIF? a. All PEDs, including personal devices b. All government-owned PEDs c. Only expressly authorized government-owned PEDs.

A

Only expressly authorized government-owned PEDs.

23

Q

Removable Media in a SCIF (Incident): What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF? a. Notify your security POC b. Analyze the media for viruses or malicious code. c. Analyze the other workstations in the SCIF for viruses or malicious code. d. All of these.

A

All of these.

24

Q

Malicious Code (Prevalence): Which of the following is an example of malicious code? a. A system reminder to install security updates b. Software that installs itself without the user’s knowledge c. A firewall that monitors and controls network traffic.

A

Software that installs itself without the user’s knowledge

25

Q

Malicious Code (Damage): How can malicious code cause damage? a. Corrupting files b. Erasing your hard drive. c. Allowing hackers access. d. All of these

A

All of these

26

Q

Malicious Code (Spread): How can you avoid downloading malicious code: a. Turn on automatic downloading b. Only use a government-issued thumb drive to transfer files between systems. c. Do not access website links in e-mail messages.

A

Do not access website links in e-mail messages.

27

Q

Website Use (Incident): Select all security issues.

A

CookiesWebsite url (Not https)**These are items I selected and did not get dinged.

28

Q

Social Engineering (Alice Murphy)

A

Delete (Tiny url)

29

Q

Social Engineering (Pursuit Bank)

A

Delete email. “This email is fake. Opening the link would allow the sender to steal Isabel’s information. It would be best to contact the institution using verified contact information to confirm.

30

Q

Social Engineering (John Anderson)

A

Report email. This is a spear phishing attempt, and it would be best to report it to security.

31

Q

Travel (Incident): What should Sara do when using publicly available Internet, such as hotel Wi-Fi? a. Only connect with the Government VPN. b. Only connect via an Ethernet cable. c. Only connect to known networks

A

Only connect with the Government VPN

32

Q

Travel (Incident): What is the danger of using public Wi-Fi connections? a. Compromise of data b. Exposure to malware. c. Both of these

A

Both of these

33

Q

Use of GFE (Incident): Permitted Uses of Government-Furnished Equipment (GFE)

A

No to all: Viewing or downloading pornography, gambling online, conducting a private money-making venture, using unauthorized software, Illegally downloading copyrighted material, making unauthorized configuration changes.

34

Q

Mobile Devices (Incident): When is it okay to charge a personal mobile device using government-furnished equipment (GFE)? a. This is always okay. b. Only when there is no other charger available. c. This is never okay.

A

This is never okay.

35

Q

Mobile Devices (Incident): Which of the following demonstrates proper protection of mobile devices? a. Sally stored her government-furnished laptop in her checked luggage using a TSA approved luggage lock. b. Linda encrypts all of the sensitive data on her government issued mobile devices. c. Alan uses password protection as required on his government-issued smartphone but prefers the ease of no password on his personal smartphone.

A

Linda encrypts all of the sensitive data on her government issued mobile devices

36

Q

Home Computer Security (Evidence): Antivirus alert. Update or Remind me later?

A

Update

37

Q

Home Computer Security (Evidence): Update Status: Install or Remind me later

A

Install

38

Q

Home Computer Security (Evidence): Firewall Status: Enable or Keep Disabled

A

Enable

39

Q

Home Computer Security (Evidence): Virus Alert! Remove Virus or Exit

A

Exit. Beware of sudden flashing pop-ups that warn your computer is infected with a virus. This may be a malicious code attack. Use your legitimate antivirus software to perform a virus scan instead.

40

Q

Spillage: Which of the following is a good practice to prevent spillage?

A

Be aware of classification markings and all handling caveats.

41

Q

What threat do insiders with authorized access to information or information systems pose?

A

They may wittingly or unwittingly use their authorized access to perform actions that result in the loss or degradation of resources or capabilities.

42

Q

Which scenario might indicate a reportable insider threat?

A

A coworker uses a personal electronic device in a secure area where their use is prohibited.

43

Q

Which of the following practices may reduce your appeal as a target for adversaries seeking to exploit your insider status?

A

Remove your security badge after leaving your controlled area or office building

44

Q

Which of the following information is a security risk when posted publicly on your social networking profile?

A

Your birthday (?)

45

Q

Your DOD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approved for access to the Non-classified Internet Protocol Router Network (NIPRNet). In which situation below are you permitted to use your PKI token?
A. On a computer displaying a notification to update the antivirus software
B. On a NIPRNet system while using it for a PKI-required task
C. On a computer at the public library to check your DOD email.
D. On a system of a higher classification level, such as the Secret Internet Protocol Router Network (SIPRNet)

A

On a NIPRNet system while using it for a PKI-required task

46

Q

What guidance is available for marking Sensitive Compartmented Information (SCI)?
A. Sensitive Compartmented Information Guides
B. Original Classification Authority
C. Security Classification Guides

A

Unknown

Cyber Awareness Flashcards by Jedi Master (2024)

FAQs

How can you avoid downloading malicious code in Cyber Awareness 2024? ›

How to avoid downloading malicious code
  1. Use antivirus software and firewalls. ...
  2. Deploy advanced email security. ...
  3. Only browse secure websites. ...
  4. Block pop-ups. ...
  5. Only download from trusted sources. ...
  6. Block unsecured sites at a DNS level. ...
  7. Educate your team on phishing scams.
Jan 19, 2024

What does the CAC contain in cyber awareness? ›

In addition to its use as an ID card, a CAC is required for access to government buildings and computer networks. A CAC is about the size of a standard debit card and has an embedded microchip that enables the encryption and cryptographic signing of email and use of public key infrastructure (PKI) authentication tools.

Is Tom prohibited from doing with the report? ›

Final answer: Tom is prohibited from sharing the report with colleagues, but he can print it at the office or use his home computer while teleworking. Deleting the report without permission is not allowed.

Which of the following is a best practice to protect your identity cyber awareness in 2024? ›

Use two-factor authentication wherever possible, even for personal accounts. For example, some widely used personal services (like Google) offer two-factor authentication.

Can you avoid downloading malicious code? ›

Install a robust antivirus solution

Antivirus software scans your device for malicious code in the form of malware, adware, spyware, viruses, etc., before removing them. Antivirus software also lets you know if you're trying to connect to an unsecured site, which is more likely to contain malicious code.

What is the first step you should take to avoid malicious code in your computer? ›

Malicious code prevention and protection measures

Deploy antivirus and anti-malware software on your devices. Keep your software up-to-date. Make sure your staff is vigilant and aware of common threat vectors, including email attachments, malicious downloads, phishing, and social engineering.

Is Tom still at the SHmuseum Reddit? ›

Tom The Car Dude

Just seen Tom post about his departure from the Shmuseum, I had noticed he wasn't in any of the videos recently but hadn't thought he got the boot.

What is the strongest prevention against cyber threats? ›

Ensuring that only authorized users and devices can access connected devices is fundamental for security. Strong authentication mechanisms, such as passwords, biometrics, or MFA, help prevent unauthorized access. Update firmware and software in a timely manner.

What is the trend in cybersecurity in 2025? ›

Looking ahead to 2025, AI is expected to become even more integral to cybersecurity. Advancements in AI technologies, such as deep learning and neural networks, will enhance threat detection and response capabilities.

What are the 3 key prevention measures of cyber attacks? ›

Use antivirus software to protect your computer against malware. Use firewalls to filter the traffic that may enter your device. Stay alert and avoid clicking on a suspicious link. Update your operating system.

Which of the following is a way to prevent malicious code cyber awareness? ›

Expert-Verified Answer. Option (C) The correct way to prevent the spread of malicious code is to regularly update antivirus software.

How can we prevent malicious code detection? ›

Use anti-virus and anti-malware tools

A firewall to shield malicious traffic from entering your system. An intrusion detection system (IDS) to monitor network activity and detect existing malicious code.

How can you protect your home computer cyber awareness in 2024? ›

Answer. To protect your home computer from cyber threats, use anti-virus software, strong passwords, and enable two-factor authentication. Be cyber aware of emerging threats and maintain physical security to prevent unauthorized access.

How will you protect your system from malicious Internet and malicious code? ›

Install or enable a firewall.

Firewalls can prevent some types of infection by blocking malicious traffic before it enters your computer. Some operating systems include a firewall; if the operating system you are using includes one, enable it.

Top Articles
Latest Posts
Recommended Articles
Article information

Author: Jerrold Considine

Last Updated:

Views: 6403

Rating: 4.8 / 5 (58 voted)

Reviews: 89% of readers found this page helpful

Author information

Name: Jerrold Considine

Birthday: 1993-11-03

Address: Suite 447 3463 Marybelle Circles, New Marlin, AL 20765

Phone: +5816749283868

Job: Sales Executive

Hobby: Air sports, Sand art, Electronics, LARPing, Baseball, Book restoration, Puzzles

Introduction: My name is Jerrold Considine, I am a combative, cheerful, encouraging, happy, enthusiastic, funny, kind person who loves writing and wants to share my knowledge and understanding with you.