DOD CYBER AWARENESS CHALLENGE 2026

DOD CYBER AWARENESS CHALLENGE 2026

FLASHCARDS

EXAM PREPARATION GUIDE | 25 ITEMS

Q:What is a Security Classification Guide?

A person who determines whether information is classified and at what level-> Defines classification responsibility.

Q:Which of the following is a best practice to protect your identity?

Monitor your financial statements and credit reports-> Early detection of identity theft is effective.Q:Which of the following is a best practice for working offsite during official travel?Position your monitor so that it is not easily observed by others while in use-> Prevents visual disclosure; other options are weaker safeguards.

Q:How can you identify the separation of Sensitive Compartmented Information

(SCI)classified material from collateral classified material?Markings that identify the compartment with which it is affiliated-> Physical labeling ensures proper handling.

Q:Which of the following personally owned peripherals can you use with

government furnished equipment (GFE)?All peripherals, regardless of ownership, are authorized for use-> Authorized peripherals for official use.

Q:Which of the following is an example of two-factor authentication?

Fingerprint and face identification (ID)-> Biometric plus something you are/own aligns with 2FA concepts.

Q:You receive a suspicious e-mail that appears to have come from an organization that partners with your agency. Your co-workers have received a similar e-mail.What might this be?Spear phishing-> Targeted phishing by a known contact.

Q:While taking a break at your workstation, you switch to your computer's web

browser intending to look up the evening's weather forecast. You notice open tabs In your web browser that you don't recall opening. Is this a concern?Yes, changes could indicate a cybersecurity incident-> Could signal malware or unwanted software.

Q:You receive a text message from a commercial shipping company notifying you

that they need an updated address to deliver a package to you. It provides a link for you to provide the Information needed. What is the best course of action?Open the link-> (Quiz logic) Verify legitimacy before acting; in real life, be cautious.

Q:Which of the following is a best practice for physical security?

Hold the door for coworkers you know when entering your facility-> Controlled access with known individuals.

Q:What is a best practice for user accounts on your home computer?

Each user should have their own account-> Accountability and proper access control.

Q:Under which Cyberspace Protection Condition (CPCON) is the priority focus

limited to critical and essential functions?CPCON 1-> Highest priority for essential operations.

Q:How do Insider Threat Programs defend against insider threats?

Intervening early to help individuals with issues-> Proactive mitigation prevents escalation.

Q:How should you approach a compressed URL, such as Tiny URL?

Right-click the link to see where the link leads-> Verifies destination before opening to avoid malicious redirects.

Q:Consider this social media post. Are there any security concerns in it?"I'm hosting a family reunion for my mom's side of the family, the Smiths. Come b my place at 1234 Mockingbird Lane on the 8th...and grab a slice of birthday cake for me while you're there!" Yes, it contains sensitive personal information (PII) and is not appropriate to share publicly-> Protects identifiable data.

Q:Which of the following e-mail practices can help to prevent inadvertently

downloading viruses?Use the Preview Pane instead of opening e-mails-> Reduces risk from malicious attachments/scripts.

Q:Travis is processing travel reimbursements for the past quarter and needs to

share travel rosters containing passport numbers with his supervisor for approval. Which is an approved way to transmit this information?Encrypted Government e-mail with a digital signature-> Secure, verifiable transmission.

Q:Evelyn is a system administrator at her agency. As part of her duties, she

occasionally uses a thumb drive to perform necessary system tasks, as outlined in her agency's procedures. The thumb drive is provided by the Government for this purpose. Is this an appropriate use of removable media?No. Removable media are never permitted for use in the DoD, per policy-> Policy protects data.

Q:Oliver uses his phone to look up information about a jacket he might want to

purchase. Later, he notices ads for the jacket appearing on websites that he views using his laptop. Why would he see this happen?Oilver's apps and devices collect and share information about him-> Cross-device data sharing explains targeted ads, not device compromise or jacket popularity.

Q:You have been Issued a new Government-owned mobile device. What is a step

youshould take to secure It?Set up a passcode to unlock it-> Establishes initial security baseline.

Q:What should you do with your badge within a Sensitive

CompartmentedInformation Facility (SCIF)?Keep it in your wallet-> Securely carry badge to prevent loss/misuse.

Q:Which of the following formats may be considered official records for

Governmentcommunications?All of these-> Official records can be email, chat, SMS, etc.

Q:How to prevent spillage?

Label all files with appropriate classification markings-> Proper markings reduce accidental disclosure; other options are less effective.

Q:Which of the following is a best practice when browsing the Internet?

Look for an https:// in the URL name-> Indicates a secure site.

Q:Which of the following is an allowed use of a government-furnished smartphone?Responding to e-mails on your government e-mail account-> Maintains official communications channel.