DOD CYBER AWARENESS KNOWLEDGE

DOD CYBER AWARENESS (KNOWLEDGE

CHECK) FLASHCARDS

EXAM PREPARATION GUIDE | 48 ITEMS

Q:(Insider Threat)Which scenario might indicate a reportable insider threat?

A colleague removes sensitive information without seeking authorization in order to perform authorized telework.Q:(Insider Threat)Which of the following is a reportable insider threat activity?Attempting to access sensitive information without need-to-know

Q:(Social Engineering)Which of the following is true?

Digitally signed e-mails are more secure.

Q:(Social Engineering)What type of social engineering targets senior officials?

Whaling

Q:(Sensitive Compartmented Information)What must authorized personnel do

before permitting another individual to enter aSensitive Compartmented Information Facility (SCIF)?Confirm the individual's need-to-know and access

Q:(Controlled Unclassified Information)Which of the following is NOT an example

of Personally Identifiable Information (PII)?High school attended Q:(Insider Threat)Which of the following is a potential insider threat indicator?Unusual interest in classified information

Q:(Identity Management)What is the best way to protect your Common Access

Card (CAC) or Personal IdentityVerification (PIV) card?Store it in a shielded sleeve

Q:(Mobile Devices)How can you protect data on your mobile computing and

portable electronic devices (PEDs)?Enable automatic screen locking after a pekod of inactivity

Q:(Spillage)Which of the following may help to prevent spillage?

Follow procedures for transferring data to and from outside agency and non-Government networks Q:(Controlled Unclassified Information)Which of the following is a security best practice for protecting Personally IdentifiableInformation (PII)?Only use Government-furnished or Government-approved equipment to processPIl.

Q:(Classified Data)Who designates whether information is classification level?

Original classification authority Q:(Removable Media in a SCIF)Which of the following is true of portable electronic devices (PEDs) in a Sensitive Compartmented Information Facility (SCIF)?Only connect government-owned PEDs to the same level classification information system when authorized Q:(Classified Data)What is the basis for the handling and storage of classified data?Classification markings and handling caveats Q:(Classified Data)Which of the following is a good practice to protect classified information?Don't assume open storage in a secure facility is authorized

Q:(Malicious Code)Which of the following is NOT a type of malicious code?

Executables

Q:(Insider Threat)What is an insider threat?

Someone who uses authorized access, wittingly or unwittingly, to harm national security through unauthorized disclosure or other actions that may cause the loss or degradation of resources or capabilities.Q:(Insider Threat)Based on the description that follows, how many potential insider threat indicator(s) are displayed? A colleague abruptly becomes hostile and unpleasant after previously enjoying positive working relationship with peers, purchases an unusually expensive new car, and has unexplained absences from work.

• or more indicators

Q:(Controlled Unclassified Information)Which designation marks information that

does not have potential to damage national security?Unclassified Q:(Controlled Unclassified Information)Which of the following is true of Protected Health Information (PHI)?It is created or received by a healthcare provider, health plan, or employer.

Q:(Use of GFE)Which of the following represents an ethical use of your

Government-furnished equipment (GFE)?Checking personal e-mail when allowed by your organization

Q:(Spillage)Which of the following is a good practice to prevent spillage?

Always check to make sure you are using the correct network for the level of data Q:(Sensitive Compartmented Information)Which of the following is true of Security Classification Guides?The provide guidance on reasons for and duration of classification of information.

Q:(Removable Media in SCIF)Which of the following is NOT a potential

consequence of using removable media unsafely in a Sensitive Compartmented Information Facility (SCIF)?Damage to the removable media

Q:(Identity Management)Which of the following is true of the Common Access

Card (CAC)?It contains certificates for identification, encryption, and digital signature.

Q:(Travel)What security risk does a public Wi-Fi connection pose?

It may expose the information sent to theft.

Q:(Identity Management)Which of the following is true of using a DoD Public Key

Infrastructure (PKI) token?It should only be in a system while actively using it for a PKI-required task.

Q:(Spillage)A vendor conducting a pilot program with your organization contacts

you for organizational data to use in a prototype. How should you respond?Refer the vendor to the appropriate personnel

Q:(Spillage)You receive an inquiry from a reporter about government information

not cleared for public release. How should you respond?Refer to reporter to your organization's public affairs office Q:(Physical Security)Which of the following best describes good physical security?Lionel stops an individual in his secure area who is not wearing a badge.Q:(Physical Security)Which of the following is a best practice for physical security?Report suspicious activity

Q:(Controlled Unclassified Information)Which is a best practice for protecting

Controlled Unclassified Information (CUI)?Store it in a locked desk drawer after working hours