CYBER AWARENESS CHALLENGE 2023

CYBER AWARENESS CHALLENGE 2023

(UPDATED) FLASHCARDS

EXAM PREPARATION GUIDE | 99 ITEMS

Q:**Classified DataWhich of the following is a good practice to protect classified information?Ensure proper labeling by appropriately marking all classified material and, when required, sensitive material

Q:**Classified DataWhich type of information could reasonably be expected to

cause serious damage to national security if disclosed without authorization?Secret

Q:*Malicious CodeWhich of the following is NOT a way that malicious code

spreads?Legitimate software updates Q:*SpillageWhat should you do if a reporter asks you about potentially classified information on the web?Ask for information about the website, including the URL.

Q:**Social EngineeringWhat is TRUE of a phishing attack?

Phishing can be an email with a hyperlink as bait.Q:**Social EngineeringWhich is a best practice that can prevent viruses and other malicious code from being downloaded when checking your e-mail?Do not access website links, buttons, or graphics in e-mail

Q:Avoid talking about work outside of the workplace or with people without a

need-to-know How many insider threat indicators does Alex demonstrate?

Q:Photos of your pet

**Social NetworkingWhich piece if information is safest to include on your social media profile?

Q:Your favorite movie

**Social NetworkingWhich of the following statements is true?Q:*Spillage.What should you do if a reporter asks you about potentially classified information on the web?Refer the reporter to your organization's public affairs office.

Q:Your mother's maiden name

**Social NetworkingYour cousin posted a link to an article with an incendiary headline on social media. What action should you take?

Q:Interest in learning a foreign language

*Insider ThreatWhich of the following is a potential insider threat indicator?

Q:**Classified DataWhen classified data is not in use, how can you protect it?

Store classified data appropriately in a GSA-approved vault/container.

Q:Press release data

Which of the following is true of Unclassified information?

Q:*Sensitive Compartmented InformationWhich must be approved and signed by a

cognizant Original Classification Authority (OCA)?Security Classification Guide (SCG)

Q:**Identity managementWhat is the best way to protect your Common Access

Card (CAC)?Maintain possession of it at all times.

Q:*Sensitive Compartmented InformationWhen faxing Sensitive Compartmented

Information (SCI), what actions should you take?Mark SCI documents appropriately and use an approved SCI fax machine

Q:**Social EngineeringHow can you protect yourself from internet hoaxes?

Use online sites to confirm or expose potential hoaxes

Q:Use only your personal contact information when establishing your account

**Social NetworkingWhich of the following information is a security risk when posted publicly on your social networking profile?Q:Data about you collected from all sites, apps, and devices that you use can be aggregated to form a profile of you.**Social NetworkingAs someone who works with classified information, what should you do if you are contacted by a foreign national seeking information on a research project?

Q:**Insider ThreatWhat type of activity or behavior should be reported as a

potential insider threat?Coworker making consistent statements indicative of hostility or anger toward the United States in its policies.

Q:*SpillageWhat should you do when you are working on an unclassified system

and receive an email with a classified attachment?Call your security point of contact immediately

Q:**Classified DataWhat level of damage can the unauthorized disclosure of

information classified as Confidential reasonably be expected to cause?Damage to national security

Q:**Classified DataHow should you protect a printed classified document when it is not in use?Store it in a General Services Administration (GSA)-approved vault or container

Q:**TravelWhat security risk does a public Wi-Fi connection pose?

It may expose the connected device to malware.

Q:*Malicious CodeWhat are some examples of malicious code?

Viruses, Trojan horses, or worms

Q:**Website UseWhich of the following statements is true of cookies?

You should only accept cookies from reputable, trusted websites.

Q:**Website UseHow should you respond to the theft of your identity?

Report the crime to local law enforcement

Q:*Sensitive Compartmented InformationWhat should the owner of this printed

SCI do differently?Retrieve classified documents promptly from printers

Q:Three or more

What should Alex's colleagues do?

Q:**Identity ManagementYour DoD Common Access Card (CAC) has a Public Key

Infrastructure (PKI) token approved for access to the NIPRNet. In which situation below are you permitted to use your PKI token?On a NIPRNet system while using it for a PKI-required task

Q:*Sensitive Compartmented InformationWhat should the participants in this

conversation involving SCI do differently?Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed