ANNUAL DOD TRAINING - CYBER

ANNUAL DOD TRAINING - CYBER

AWARENESS/INFORMATION ASSURANCE

CHALLENGE - 4/2024 FLASHCARDS

EXAM PREPARATION GUIDE | 45 ITEMS

Q:When linked to a specific individual, which of the following is NOT an example of Personally Identifiable Information (PII)?A. Passport numberB. Payment for the provision of healthcareC. Fingerprint recordsD. Automobile make and model D

Q:The defense contractor's information system was made vulnerable by outdated

and unpatched software. How does your organization handle this?A. System administrators are on top of it and we have a strict policy. I pay close attention to notices to upgrade and apply patches.B. We use what works; we're not necessarily concerned with upgrading to the latest and greatest thing.C. I have no idea; I'm busy enough as it is. I see notices about upgrades and patches, but I don't have time to worry about software versions or if my computer has every software patch installed.A

Q:Which of the following is an allowed use of government furnished equipment

(GFE)?A. Checking personal e-mail if your organization allows itB. Lending it to your child to complete schoolworkC. Viewing family photos from your shared DropBoxD. Placing a bet in your fantasy football league A Q:You receive an e-mail marked important from your boss asking for data that they need immediately for a meeting starting now. The e-mail was sent from a personal e-mail address that you do not recognize, but it addresses you by name.What concern does this e-mail pose?A. This poses no concern. The e-mail addresses you by name, so it is probably legitimate.B. This may be a spear phishing attempt. Contact your boss using contact information that you know to be legitimate.C. This is an important request that requires your immediate attention. You may not be able to send the data in time.D. The data must be encrypted before you can send it to a non-government e-mail address.

B

Q:Which of the following is NOT a best practice for protecting data on a mobile

device?A. Maintain visual or physical control of your device at all timesB. Lock your device when not in useC. Use two-factor authenticationD. Disable automatic screen locking after a period of inactivity D

Q:Carl receives an e-mail about a potential health risk caused by a common

ingredient in processed food.Which of the following actions should Carl NOT take with the e-mail?A. Research the claimB. Forward itC. Delete itD. Mark it as junk B

Q:Which of the following is true of telework?A. You must have permission from

your organization to telework.B. You may use classified data while teleworking if your monitor is positioned so that others cannot see it.C. You may use your own wireless mouse and keyboard.D. You may telework anywhere.A

Q:How can you protect your home computer?A. Decline security updatesB. Turn on

the password featureC. Use the administrator account for all usersD. Disable any pre-installed antivirus software B

Q:Which of the following personally owned peripherals can you use with

government furnished equipment (GFE)?A. A USB hubB. A monitor connected via USBC. A Bluetooth headsetD. A wired keyboard that requires installed drivers A Q:The question is asking to identify the appropriate use of removable media. The

given options are:A. Downloading data from classified networksB. Discarding

unneeded removable media in the trashC. Avoiding attaching labels to removable mediaD. Encrypting data stored on removable media D

Q:Which of the following is a risk associated with removable media?A. Introduction of malicious codeB. Compromise of systems' confidentiality, availability, or integrityC. Spillage of classified informationD. All of these D Q:Which of the following is an appropriate use of a DoD Public Key Infrastructure (PKI) token?A. Only use it on a publicly accessible computer with up-to-date antivirus softwareB. Leave it in the system for all tasks you performC. Use a SIPRNet token for NIPRNet access as wellD. Do not use a token approved for NIPRNet on SIPRNet D Q:Which of the following is a best practice to protect your identity?A. Carry your social security card with you at all timesB. Shred credit card and bank statements without opening themC. Order a credit report annuallyD. Enable data aggregation on sites when possible C

Q:Annabeth becomes aware that a conversation with a co-worker that involved

Sensitive Compartmented Information (SCI) may have been overheard by someone who does not have the required clearance.What action should Annabeth take?A. Contact her security POC to report the incident.B. Nothing. Verbally overhearing SCI is not considered compromise.C. Swear the person who overheard to secrecy.D. Contact her security POC with detailed information about the incident.A Q:Beth taps her phone at a payment terminal to pay for a purchase.Does this pose a security risk?A. Only if Beth does not have two-factor authentication enabled on her phone.B. Only if Beth does not have the data on her phone encrypted.C. No, there is no security risk associated with this.D. Yes, there is a risk that the signal could be intercepted and altered.D

Q:Which of the following is true of spillage?A. It refers to classified information that has been downgraded.B. It describes when unclassified information is processed on a classified network to avoid disclosure under the Freedom of Information Act (FOIA).C. It refers specifically to classified information that becomes publicly available.D. It can be either inadvertent or intentional.D

Q:Which of the following is an example of a strong password?A. P@55w0rdB.

d+Uf_4RimUzC. 123MapleD. 1970June30!B

Q:The defense contractor was targeted via removable media. What is your

organization's policy on thumb drives and other removable media?A. We use removable media; it's convenient and is an efficient way of sharing and transferring information.B. Removable media is strictly prohibited.C. I'm not sure.B

Q:Based on the description provided, how many insider threat indicators are

present?Elyse has worked for a DoD agency for more than 10 years. She is a diligent employee who receives excellent performance reviews and is a valued team member. She has two children and takes them on a weeklong beach vacation every summer. She spent a semester abroad in France as a teenager and plans to take her children to visit France when they are older.A. 0B. 1C. 2D. 3+ A

Q:Which best describes an insider threat? Someone who uses ________ access,

________ , to harm national security through unauthorized disclosure, data modification, espionage, terrorism, or kinetic actions.A. authorized; with good intentionsB. unauthorized; detected or undetectedC. unauthorized; undetectedD.authorized; wittingly or unwittingly D