DOD CYBER AWARENESS CHALLENGE

DOD CYBER AWARENESS CHALLENGE

(FY22) FLASHCARDS

EXAM PREPARATION GUIDE | 40 ITEMS

Q:What portable electronic devices (PEDs) are permitted in a SCIF?

Only expressly authorized government-owned PEDs

Q:When is it appropriate to have your security badge visible?

At all times when in the facility

Q:How can malicious code cause damage?

• corrupting files- erasing your hard drive- allowing hackers access

Q:Which of the following practices may reduce your appeal as a target for

adversaries seeking to exploit your insider status?- Discuss classified information freely within your closed work environment- Talk about your work only at a high level when attending public networking events- Retrieve messages from your smartphone immediately, regardless of your surroundings- Remove your security badge after leaving your controlled area or office building Remove your security badge after leaving your controlled area or office building Q:Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization?- Secret- Top Secret- Controlled Unclassified- Confidential Secret

Q:Which of the following is an example of malicious code?- A system reminder to

install security updates- Software that installs itself without the user's knowledge- A firewall that monitors and controls network traffic Software that installs itself without the user's knowledge

Q:What guidance is available for marking Sensitive Compartmented Information

(SCI)?Security Classification GuidesYour supervisorOriginal Classification AuthoritySensitive Compartmented Information Guides ?

Q:Example of information that is personally identifiable information (PII)

social security number Q:You receive an inquiry from a reporter about potentially classified information on the Internet. How should you respond?Refer the reporter to your organization's public affairs office.Q:Which of the following individuals can access classified data?- Darryl is managing a project that requires access to classified information. He has the appropriate clearance and a signed, approved non-disclosure agreement.- Theodore is seeking access to classified information that eh does not need to know to perform his job duties. He has the appropriate clearance and a signed, approved non-disclosure agreement.- Maria received an assignment to support a project that requires access to classified information. She has recently been granted the appropriate clearance but has not yet signed the non-disclosure agreement.- Elsa is joining a project that required access to information that is classified t a higher level than her current clearance level. For her current clearance, she has a signed and approved non-disclosure agreement.Darryl is managing a project that requires access to classified information. He has the appropriate clearance and a signed, approved non-disclosure agreement.

Q:Example of information that is protected health information (PHI)

medical record or information of medical visit/history

Q:Your DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI)

token approved for access to the Non-classified Internet Protocol Router network (NIPRNet). In which situation below are you permitted to use your PKI token?- On a system of a higher classification level, such as the Secret Internet protocol Router Network (SIPRNet)- On a computer displaying a notification to update the antivirus software- On a NIPRNet system while using it for a PKI-required task- On a computer at the public library to check your DoD e-mail On a NIPRNet system while using it for a PKI-required task

Q:Which of the following is NOT a best practice to preserve the authenticity of your identity?- Write your password down on a device that only you access (e.g., your smartphone)- Store your Common Access Card (CAC) or Personal Identity Verification (PIV) card in a shielded sleeve- Enable two-factor authentication whenever available, even for personal accounts- Change your password at least every 3 months Write your password down on a device that only you access (e.g., your smartphone)

Q:What action should you take if you become aware that Sensitive Compartmented

Information (SCI) has been compromised?- contact your security point of contact to report the incident- evaluate the causes of the compromise- e-mail detailed information about the incident to your security point of contact- access the amount of damage that could be caused by the compromise ?

Q:How should you respond to the theft of your identity?

Report the crime to local law enforcement Q:What should the participants in this conversation involving SCI do differently?Physically assess that everyone within listening distance is cleared and has need-to-know for the information being discussed

Q:Which of the following represents an ethical use of your Government-furnished

equipment (GFE)?- Downloading a pirated episode of your favorite television show- Listing a piece of furniture for sale on your neighborhood buy/sell group- Placing a bet on your Final Four bracket- E-mailing your co-workers to let them know you are taking a sick day E-mailing your co-workers to let them know you are taking a sick day Q:Which of the following demonstrates proper protection of mobile devices?- Sally stored her government-furnished laptop in her checked luggage using a TSA approved luggage lock.- Linda encrypts all of the sensitive data on her government-issued mobile devices.- Alan uses password protection as required on his government-issued smartphone but prefers the ease of no password on his personal smartphone.Linda encrypts all of the sensitive data on her government-issued mobile devices.

Q:Which of the following is an example of near field communication (NFC)?- A pair of people talking via hand-held, two-way radio transceivers (i.e., walkie talkies)- An internal chat message sent between team members on a workforce collaboration platform (e.g., Teams)- A smartphone that transmits credit card payment information when held in proximity to a credit card reader- An e-mail transmitted between a sender and recipient who are on the same e-mail server ?

Q:What should you consider when using a wireless keyboard with your home

computer?Reviewing and configuring the available security features, including encryption

Q:When is it okay to charge a personal mobile device using government-furnished

equipment (GFE)?this is never okay

Q:Which of the following is NOT a way that malicious code spreads?- Legitimate

software updates- Infected websites- E-mail attachments- File downloads Infected websites

Q:What security risk does a public Wi-Fi connection pose?

It may expose the connected device to malware

Q:When can you use removable media on a Government system?

When operationally necessary, owned by your organization, and approved by the appropriate authority Q:Which of the following is NOT a correct way to protect CUI?- CUI may be stored on any password-protected system.- CUI may be stored in a locked desk after working hours.- CUI may be e-mailed if encrypted.CUI may be stored on any password-protected system.