army cyber awareness challenge 2022

If all questions are answered correctly, users will skip to the end of the incident. Which of the following is true of telework? : A coworker uses a personal electronic device in a secure area where their use is prohibited. What type of activity or behavior should be reported as a potential insider threat? 11. 0000003201 00000 n : Investigate the link's actual destination using the preview feature, How can you protect yourself from internet hoaxes? : It may expose the connected device to malware. 4 0 obj <]/Prev 103435/XRefStm 1327>> : Note any identifying information and the website's Uniform Resource Locator (URL). : Coworker making consistent statements indicative of hostility or anger toward the United States and its policies. (Spillage) Which of the following is a good practice to aid in preventing spillage? The website requires a credit card for registration. 9. Product Functionality Requirements: To meet technical functionality requirements, this awareness product was developed to function with Windows and Mac operating systems (Windows 7 and 10 and macOS 10.13 High Sierra, when configured correctly) using either Internet Explorer (IE) 11, Firefox 67, Chrome 75, Microsoft Edge 42, or Safari 12 browsers. 26. 0000005657 00000 n Which of the following may be helpful to prevent inadvertent spillage? Passing Grades. 54. What should you do after you have ended a call from a reporter asking you to confirm potentially classified information found on the web? Want more Study Materials? : Use your own security badge, key code, or Common Access Card (CAC)/Personal Identity Verification (PIV) card. stream : ~0 indicator, How many potential insider threat indicators does a coworker who often makes others uneasy by being persistent in trying to obtain information about classified projects to which he has no access, is boisterous about his wife putting them in credit card debt, and often complains about anxiety and exhaustion display? Which is NOT a sufficient way to protect your identity? 0000005630 00000 n : Security Classification Guides (Wrong), ~Sensitive Compartmented Information Guides, What must users ensure when using removable media such as compact disk. : Store classified data appropriately in a GSA-approved vault/container. . (social networking) When is the safest time to post details of your va- cation activities on your social networking profile? When vacation is over, after you have returned home. Which of the following is a practice that helps to prevent the download of viruses and other malicious code when checking your email? (Insider Threat) Based on the description that follows, how many potential insider threat indicator(s) are displayed? : Use only personal contact information when establishing personal social networking accounts, never use Government contact information. : Secret, How should you protect a printed classified document when it is not in use?-, : Store it in a General Services Administration (GSA)-approved vault or container. : A program that segre- gates various types of classified information into distinct compartments for added protection and dissemination or distribution control. Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization? : 3 or more indicators, Which type of behavior should you report as a potential insider threat? (Cyber Awareness and Cyber Security Fundamentals) The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC. Her badge is not visible to you. What threat do insiders with authorized access to information or information systems pose? How should you respond? What is a best practice to protect data on your mobile computing device? 0000004517 00000 n Which of the following is NOT true concerning a computer labeled SECRET? 12. A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. : Press release data. 13. Defense Information Systems Agency (DISA). Which of the following is NOT a best practice to protect data on your mobile computing device? : - Government-owned PEDs, if expressly authorized by your agency. Select the information on the data sheet that is personally identifiable information (PII) But not protected health information (PHI): Jane Jones Social security number: 123-45-6789. (social networking) Which of the following is a security best practice when using social networking sites? 0000003786 00000 n (Sensitive Information) Which of the following is true about unclassified data? hbb2``b``3 v0 : Mark SCI documents appropriately and use an approved SCI fax machine. Jul 4, . Which of the following is NOT a best practice to preserve the authenticity of your identity? Which of the following may be helpful to prevent spillage? When is the safest time to post details of your vacation activities on your social networking profile? : Legitimate software updates. %PDF-1.7 : Label all files, removable media, and subject headers with appropriate classification markings. : - Maintain possession of your laptop and other government-furnished equipment (GFE) at all times. 41. 290 0 obj <> endobj 0000005454 00000 n Understanding and using the available privacy settings. (Mobile Devices) When can you use removable media on a Government system? A colleague often makes others uneasy with her persistent efforts to obtain information about classified project where she has no need-to-know, is vocal about her husband overspending on credit cards, and complains about anxiety and exhaustion. Which of the following is NOT a good way to protect your identity? Access is automatically granted based on your CAC credentials. 19. Based on the description that follows, how many potential insider threat indicator(s) are displayed? The Cyber Awareness Challenge is the DoD baseline standard for end user awareness training by providing awareness content that addresses evolving requirements issued by Congress, the Office of Management and Budget (OMB), the Office of the Secretary of Defense, and Component input from the DoD CIO chaired Cyber Workforce Advisory Group (CWAG). : It may be compromised as soon as you exit the plane. : Report the crime to local law enforcement. Only allow mobile code to run from your organization or your organizations trusted sites. Coworker making consistent statements indicative of hostility or anger toward the United States in its policies. Under what circumstances is it acceptable to check personal email on Government-furnished equipment (GFE)? DOD Cyber Awareness 2022 Knowledge Check Questions and Answers 1. A colleague vacations at the beach every year, is married and a father of four, sometimes has poor work quality, and works well with his team. endstream endobj 291 0 obj <. Store classified data appropriately in a GSA-approved vault/container. Classified material must be appropriately marked. 40. JKO offers refresher training now. The DOD Cyber Awareness Challenge 2022 is currently available on JKO, as well as Cyber Awareness Challenges of past years. : Mark SCI documents appropriately and use an approved SCI fax machine, What action should you take if you become aware that Sensitive Compart- mented Information (SCI) has been compromised? The training also reinforces best practices to protect classified, controlled unclassified information (CUI), and personally identifiable information (PII). (Sensitive Information) What guidance is available from marking Sensi- tive Information information (SCI)? 21. Avoid using non-Bluetooth-paired or unencrypted wireless computer peripherals. (Spillage) Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authoriza- tion? : CPCON 2, What certificates does the Common Access Card (CAC) or Personal Identity, Verification (PIV) card contain? : Approved Security Classification Guide (SCG). 0000002934 00000 n (Malicious Code) A coworker has asked if you want to download a pro- grammer's game to play at work. No. A man you do not know is trying to look at your Government-issued phone and has asked to use it. (CD)? Which of the following is NOT a correct way to protect CUI? : Do not allow your CAC to be photocopied. 52. : Spear phishing. Which is a best practice that can prevent viruses and other malicious code from being downloaded when checking your e-mail? This course provides an overview of current cybersecurity threats and best practices to keep information and information systems secure at home and at work. 17. : Security Classification Guide (SCG). : Darryl is managing a project that requires access to classified information. : When oper- ationally necessary, owned by your organization, and approved by the appropriate authority, How can you protect your information when using wireless technology? : Pictures of your pet, Which of the following is a security best practice when using social network- ing sites? Cyber Awareness Challenge 2022 DS-IA106.06 This course does not have a final exam. 3. : Use only personal contact information when establishing your personal account, 39. : If you participate in or condone it at any time. : Be aware of classification markings and all handling caveats. : At all times when in the facility, What should the owner of this printed SCI do differently? *SENSITIVE COMPARTMENTED INFORMATION*. How many potential insider threat indicators does this employee display? You know that this project is classified. Refer the reporter to your organizations public affairs office. Which of the following is a way to protect against social engineering? : Sensitive infor- mation may be stored on any password-protected system. : Viruses, Trojan horses, or worms, 27. A colleague has won 10 high-performance awards, can be playful and charming, is not currently in a relationship, and occasionally aggressive in trying to access sensitive information. If you are unable to access the DoD Cyber Exchange NIPR, you need to contact your organzation's PKI helpdesk to ensure the certificates are installed properly to your CAC and to your machine. : After you have returned home following the vacation, What should you do if you receive a game application request that includes permission to access your friends, profile information, cookies, and sites visited? Verification (PIV) card contain? endstream endobj 321 0 obj <>/Filter/FlateDecode/Index[54 236]/Length 31/Size 290/Type/XRef/W[1 1 1]>>stream The email provides a website and a toll-free number where you can make payment. You know this project is classified. What is a common indicator of a phishing attempt? (Spillage) What is required for an individual to access classified data?-. (Sensitive Information) What should you do if a commercial entity, such as a hotel reception desk, asks to make a photocopy of your Common Access Card (CAC) for proof of Federal Government employment? (Spillage) What level of damage can the unauthorized disclosure of infor- mation classified as confidential reasonably be expected to cause? 0000009188 00000 n hb```b``a`e`b`@ x`d`XV461ql04F;N8J(^ 1dIi&:=qA@ 1UPn l&% %@,f42@fg!s-fN+L! Which of the following is NOT true of traveling overseas with a mobile phone? Examples are: Patient names, Social Security numbers, Drivers license numbers, insurance details, and birth dates. : A person who does not have the required clearance or assess caveats comes into possession of SCI in any manner. If you participate in or condone it at any time. The DoD Cyber Exchange provides one-stop access to cyber information, policy, guidance and training for cyber professionals throughout the . 0000001952 00000 n : Spillage because classified data was moved to a lower classification level system without authorization. Joint Knowledge Online DOD-US1364-22 Department of Defense (DoD) Cyber Awareness Challenge 2022 (1 hr) This course content is based on the requirements addressed in these policies and from community input from the DoD CIO chaired Cyber Workforce Advisory Group (CWAG). Use a single, complex password for your system and application logons. 0000008555 00000 n : When is the safest time to post details of your vacation activities on your social networking profile? Since the URL does not start with https, do not provide your credit card information. Decline So That You Maintain Physical Control of Your Government-Issued Laptop. (Spillage) What should you do if a reporter asks you about potentially classified information on the web? What is a possible indication of a malicious code attack in progress? 7. A user writes down details marked as Secret from a report stored on a classified system and uses those details to draft a briefing on an unclassified system without authorization. (Spillage) What advantages do "insider threats" have over others that allows them to cause damage to their organizations more easily? (Travel) Which of the following is a concern when using your Govern- ment-issued laptop in public? How many potential insider threat indicators does this employee display? Which of the following is a security best practice when using social network- ing sites? What information posted publicly on your personal social networking profile represents a security risk? Which of the following should be reported as a potential security incident? : CUI may be stored on any password-protected system. (Sensitive Information) Which of the following represents a good physical security practice? 2. Within a secure area, you see an individual you do not know. : Understanding and using the available privacy settings, When may you be subject to criminal, disciplinary, and/or administrative action due to online misconduct? : Attempt to change the subject to something non-work related, but neither confirm nor deny the article's authenticity. Since the URL does not start with https, do not provide you credit card information. : -. : After you have returned home following the vacation. Secure personal mobile devices to the same level as Government-issued systems. : Hos- tility or anger toward the United States and its policies, Which of the following is NOT considered a potential insider threat indica- tor? A colleague is playful and charm- ing, consistently wins performance awards, and is occasionally aggressive in trying to access classified information. : Damage to national security. Ive tried all the answers and it still tells me off. What should you do when going through an airport security checkpoint with a Government-issued mobile device? : Identification, encryption, and digital signature. The Cyber Awareness Challenge is the DoD baseline standard for end user awareness training by providing awareness content that addresses evolving requirements issued by Congress, the Office of Management and Budget (OMB), the Office of the Secretary of Defense, and Component input from the DoD CIO chaired Cyber Workforce Advisory Group (CWAG). 45. 2. : CPCON 2, Within a secure area, you see an individual who you do not know and is not wearing a visible badge. What certificates are contained on the DoD Public Key Infrastructure (PKI) implemented by the Common Access Card (CAC)/Personal Identity Verification (PIV) card? (Spillage) After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. <> : You must have permission from your organization. Identification, encryption, and digital signature. 0000005958 00000 n Cyber Awareness Challenge 2023 is Online! Select the information on the data sheet that is protected health informa- tion (PHI): Jane has been Drect patient..ect. : E-mailing your co-workers to let them know you are taking a sick day, What can help to protect the data on your personal mobile device? New interest in learning a foreign language, Insiders are given a level of trust and have authorized access to Government information systems. (Malicious Code) What is a good practice to protect data on your home wireless systems? : Since the URL does not start with "https," do not provide your credit card information. In which situation below are you permitted to use your PKI token? (Spillage) Which of the following is a best practice to protect information about you and your organization on social networking sites and applica-. Which of the following is an example of Protected Health Information (PHI)? What is a good practice for physical security? : No, you should only allow mobile code to run from your organization or your organization's trusted sites, Which of the following statements is true of cookies? : A smartphone that transmits credit card payment information when held in proximity to a credit card reader. What should you consider when using a wireless keyboard with your home computer? : Inform your security point of contact, Which of the following is NOT an example of CUI? As long as the document is cleared for public release, you may release it outside of DoD. : Identification, encryption, digital signature, What is the best way to protect your Common Access Card (CAC) or Personal, Identity Verification (PIV) card? Physical security of mobile phones carried overseas is not a major issue. Found a mistake? : Secret, Which of the following is a good practice to protect classified information?-, : Ensure proper labeling by appropriately marking all classified material and, when required, sensitive material. Is it permitted to share an unclassified draft document with a non-DoD professional discussion group? (Spillage) What type of activity or behavior should be reported as a poten- tial insider threat? (Sensitive Compartmented Information) Which of the following best de- scribes the compromise of Sensitive Compartmented Information (SCI)? What portable electronic devices (PEDs) are allowed in a Sensitive Compart- mented Information Facility (SCIF)? : Secure it to the same level as Government-issued systems, Which of the following is an example of removable media? When using your government-issued laptop in public environments, with which of the following should you be concerned? Let us know about it through the REPORT button at the bottom of the page. : When your vacation is over, after you have returned home, 13. : Since the URL does not start with "https," do not provide you credit card information. 0 0 cyberx-sk cyberx-sk 2022-11-01 14:08:01 2022-11-01 14:08:01 Request for comments - DISA releases the draft Cloud Computing Mission Owner SRG for review. <> Which of the following best describes the compromise of Sensitive Compart- mented Information (SCI)? *Spillage Which of the following may help to prevent spillage? Based on the description below how many potential insider threat indicators are present? Which of the following statements is true of cookies? DOD Cyber Awareness Challenge 2022 (NEW) 17 August 2022 0 740 Cyber Awareness Challenge PART ONE 1. How many potential insiders threat indicators does this employee display? : Looking at your MOTHER, and screaming "THERE SHE BLOWS!!". Cyber Awareness Challenge 2022 Answers And Notes The Cyber Awareness Challenge course address requirements outlined in policies such as DoD 8570.01M Information Assurance Workforce Improvement Program and the Federal Information Security Modernization Act (FISMA) of 2014, the Defense Information Systems Agency (DISA) develops, maintains and annually releases the Department of Defense Chief . Which of the following actions is appropriate after finding classified informa- tion on the Internet? Which of the following is a practice that helps to protect you from identity theft? : Note any identifying information and the website's Uniform Resource Locator (URL). 0000002497 00000 n (Identity Management) Which of the following is an example of two-factor authentication? What is required for an individual to access classified data? : Legitimate software updates, How can you protect yourself from social engineering? The purpose of the Cyber Awareness Challenge is to influence behavior, focusing on actions that authorized users can engage to mitigate threats and vulnerabilities to DoD Information Systems. What type of social engineering targets particular individuals, groups of people, or organizations? : Ensure proper la- beling by appropriately marking all classified material and, when required, sensitive material. : Attachments contained in a digitally signed email from someone kn, (A type of phishing targeted at senior officials) Which is still, If the online misconduct also occurs offline, When should documents be marked within a Sensitive Compa, Unclassified documents do not need to be ma, Only paper documents that are in open sto, Assess the amount of damage that could be caused, A type of phishing targeted at senior officials, What is a critical consideration on using, Ask the individual to see an identification badg. Sensitive information may be stored on any password-protected system. : Challenge people without proper badges. safe? -Classified information that should be unclassified and is downgraded. Note any identifying information, such as the websites URL, and report the situation to your security POC. We thoroughly check each answer to a question to provide you with the most correct answers. Insiders are given a level of trust and have authorized access to Government information systems. When would be a good time to post your vacation location and dates on your social networking website? 0000015053 00000 n What should you do after you have ended a call from a reporter asking you to confirm potentially classified info found on the web? : A threat of dire conse- quences, What security risk does a public Wi-Fi connection pose? (Sensitive Information) What certificates are contained on the Common, Access Card (CAC)? It displays a label showing maximum classification, date of creation, point of contact, and Change Management 9CM) Control Number. Which of the following represents a good physical security practice? How many potential insider threat indicators does this employee display? Secret. They can be part of a distributed denial-of-service (DDoS) attack. A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complains about the credit card bills that his wife runs up. What should you do? : When unclassified data is aggregated, its classification level may rise. After you have returned home following the vacation. 322 0 obj <>stream : If allowed by organizational policy. Which of the following should be reported as a potential security incident? (Identity Management) What certificates are contained on the Common, 43. 0000009864 00000 n endobj The website requires a credit card for registration. 0000001509 00000 n New interest in learning a foregin language. A coworker removes sensitive information without approval. After clicking on a link on a website, a box pops up and asks if you want to run an application. Which of the following is NOT a typical means for spreading malicious code? : Order a credit report annually, 48. : Refer the reporter to your organization's public affairs office. 22. : Call your security point of contact immediately. Be aware of classification markings and all handling caveats. (Malicious Code) Which are examples of portable electronic devices (PEDs)? Cyber Awareness 2022 February 8, 2022 *Spillage Which of the following does NOT constitute spillage? : Use a common password for all your system and application logons. : Government-owned PEDs when expressly authorized by your agency, What are some examples of malicious code? 0000000016 00000 n 29. : For Official Use Only (FOUO), 18. While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. A Knowledge Check option is available for users who have successfully completed the previous version of the course. : Store classified data appropriately in a GSA-approved vault/container. Two-factor authentication combines two out of the three types of credentials to verify your identity and keep it more secure: : Create separate accounts for each user, After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to com- ment about the article. (Insider Threat) A colleague vacations at the beach every year, is married and a father of four, his work quality is sometimes poor, and he is pleasant to work with. Neither confirm or deny the information is classified. What should you do if a reporter asks you about potentially classified information on the web? : Be aware of classification markings and all handling caveats. (Sensitive Information) What type of unclassified material should always be marked with a special handling caveat? The DoD IA Workforce includes, but is not limited to, all individuals performing any of the IA functions described in DoD 8570 Data security and cyber risk mitigation measures There is no single solution that will provide a 100% guarantee of security for your business The National Cyber Security Framework Manual (2012) by . You know that this project is classified. : You should only accept cookies from reputable, trusted websites, What action should you take with an e-mail from a friend containing a compressed Uniform Resource Locator (URL)? What should you do? : Your password and the second commonly includes a text with a code sent to your phone, 44. At which Cyberspace Protection Condition (CPCON) is the priority focus on critical functions only? Which of the following statements is TRUE about the use of DoD Public Key Infrastructure (PKI) tokens? 0000005321 00000 n : An unsecured IoT device can become an attack vector to any other device on your home network, including your Government laptop. startxref : (Answer) CPCON 2 (High: Critical and Essential Functions), CPCON 3 (Medium: Critical, Essential, and Support Functions) CPCON 4 (Low: All Functions), 42. *UNCONTROLLED CLASSIFIED INFORMATION*, 12. Ask for information about the website, including the URL. 5. Which of the following actions is appropriate after finding classified informa- tion on the internet? Now is a good time to refresh your understanding of the social engineering scams targeting all of us and cyber hygiene best practices to protect against being hacked. : Remove your security badge after leaving your controlled area or office building, Your cousin posted a link to an article with an incendiary headline on social media. Which of the following individuals can access classified data? What is a best practice while traveling with mobile computing devices? : Data about you collected from all sites, apps, and devices that you use can be aggregated to form a profile of you. What do insiders with authorized access to information or information sys- tems pose? A person who does not have the required clearance or assess caveats comes into possession of SCI in any manner. : If you participate in or condone it at any time, 38. The potential for unauthorized viewing of work-related information displayed on your screen. : Insiders are given a level of trust and have authorized access to Government information systems.

Zulia Fc Vs Cd Hermanos Colmenarez, Deportivo Santani Vs Sportivo Iteno, What Are The Ethical Issues Of Gene Therapy, Scottish Islands By Size, Dry Prawns Recipe Goan Style, Women's Waterproof Hunting Boots, Nautique Surf Select Remote,

army cyber awareness challenge 2022

army cyber awareness challenge 2022