CYBER AWARENESS CHALLENGE 2024

CYBER AWARENESS CHALLENGE 2024

(INCOMPLETE) FLASHCARDS

EXAM PREPARATION GUIDE | 26 ITEMS

Q:How should government owned removable media be stored?-In a GSA-approved

container according to the appropriate security classification-With your organization's IT department-Removable media is not permitted in government facilities-In any type of container where it is not visible, such as a desk drawer In a GSA-approved container according to the appropriate security classification

Q:You receive a text message from a package shipper notifying you that your

package delivery is delayed due to needing updated delivery instructions from you. It provides a shortened link for you to provide the needed information. You are not expecting a package. What is the best course of action?-Reply to the message and ask for more information-Delete the message-Open the link to provide the information-Open the link to inspect the website ~Delete the message Q:Which of the following is least likely to pose a risk to share on a social networking site?-Your mother's maiden name-Your current location-Your birthdate-Your pet's name ~Your pet's name

Q:Which of the follwing is NOT a way that malicious code can be

spread?-Downloading files-Visiting infected websites-E-mail attachments-Running a virus scan ~Running a virus scan

Q:Carl receives an e-mail about a potential health risk caused by a common

ingredient in processed food. Which of the following actions should Carl NOT take with the e-mail?-Forward it-Mark it as junk-Delete it-Research the claim ~Forward it

Q:How can adversary use information available in public records to target

you?-Combine it with information from other data sources to learn how best to bait you with a scam-Information in public records cannot be used to target you, as any sensitive information must be redacted-Sign you up for junk mail to make you less critical in your evaluation of communications-Take verifiable information stolen from others to establish bona fides with you ~Combine it with information from other data sources to learn how best to bait you with a scam

Q:Which of the following is NOT an appropriate use of your Common Access Card

(CAC)?-Maintain possession of it at all times-Reporting it immediately if lost or misplaced-Removing from your computer and taking it with you when you leave your workstation-Using it as photo identification with a commercial entity Using it as photo identification with a commercial entity Q:Sylvia commutes to work via public transportation. She often uses the time to get a head start on work by making phone calls or responding to e-mails on her government approved mobile device. Does this pose a security concern?-Yes, but only the phone calls. Sylvia should speak softly and only make calls when no one is sitting next to her.-No. No one else is going to be paying attention to what Sylvia is doing, as they will be focused on their own business.-Yes. Eavesdroppers may be listening to Sylvia's phone calls, and shoulder surfers may be looking at her screen. Sylvia should be aware of these risks.-No, because Sylvia is using a government approved device.~Yes. Eavesdroppers may be listening to Sylvia's phone calls, and shoulder surfers may be looking at her screen. Sylvia should be aware of these risks.Q:Which of the following is true of Sensitive Compartmented Information Facilities (SCIFs)?-Phone conversations within a SCIF are inherently secure and require no further protection.-Personnel with access to a SCIF have a need-to-know for all information processed within the SCIF.-Personnel must position monitors so that they do not face windows or close to window blinds.-Due to the physical security measure in place within a SCIF, open storage is allowed.~Personnel must position monitors so that they do not face windows or close to window blinds.

Q:Which of the following is an appropriate use of government e-mail?-Sharing an

order form for your child's school fundraiser-Using a digital signature when sending attachments-Sending e-mails to personal contacts-Forwarding DoD-related memes or jokes ~Using a digital signature when sending attachments Q:When is the safest time to post on social media about your vacation plans?-Before the trip-During the trip-After the trip ~After the trip

Q:Which of the following is true of transmitting or transporting of Sensitive

Compartmented Information (SCI)?-A collateral classified fax machine may be used to fac SCI with the appropriate coversheet.-SCI does not require a coversheet in an open storage environment.-Anyone with eligibility to access the SCI may hand-courier SCI.-Printed SCI must be retrieved promptly from the printer.~Printed SCI must be retrieved promptly from the printer.

Q:How can you prevent viruses and malicious codes?-Download apps from your

device's official app store because these are guaranteed to have no vulnerabilities-Allow mobile code to run on all websites-Scan all external files before uploading to your computer-View e-mail using the Preview Pane rather than opening it ~Scan all external files before uploading to your computer

Q:When is the safest time to post on social media about your vacation

plans?-During the trip-Before the trip-After the trip ~After the trip

Q:How can you protect your home computer?-Accept all mobile code-Use the

default operating system password-Regularly back up your files-Disable firewall protection ~Regularly back up your files

Q:Which of the following is permitted when using an unclassified laptop within a collateral classified space?-Wi-Fi-A Government-issued wireless headset without microphone-A personally-owned wired headset with microphone-A Government-issued wired headset with microphone ~A Government-issued wired headset with microphone

Q:Which type of date could reasonably be expected to cause serious damage to

national security?-Confidential-Secret-Controlled Unclassified Information (CUI)-Top Secret ~Secret Q:Beth taps her phone at a payment terminal to pay for a purchase. Does this pose a security risk?-No, there is no security risk associated with this.-Only if Beth does not have the data on her phone encrypted.-Yes, there is a risk that the signal could be intercepted and altered.-Only if Beth does not have two-factor authentication enabled on her phone.~Yes, there is a risk that the signal could be intercepted and altered.Q:How can you mitigate the potential risk associated with a compressed URL (e.g., TinyURL, goo.gl)?-Open the link in a new tab or window-Select the link to see where it leads-Open the link in your browser's incognito mode-Use the preview function to see where the link actually leads ~Use the preview function to see where the link actually leads Q:Which of the following in NOT a best practice for teleworking in an environment where Internet of Things (IoT) devices are present?-Set strong passwords for the devices-Use the devices' default security settings-Check the devices periodically for Bluetooth connections-Remove any voice-enabled device ~Use the devices' default security settings

Q:Which of the following is NOT a best practice for protecting data on a mobile

device?-Use two-factor authentication-Maintain visual or physical control of your device at all times-Lock your device when not in use-Disable automatic screen locking after a period of inactivity ~Disable automatic screen locking after a period of inactivity