FY24 DEPARTMENT OF DEFENSE CYBER

FY24 DEPARTMENT OF DEFENSE CYBER

AWARENESS CHALLENGE KNOWLEDGE

CHECK - STUDY GUIDE FLASHCARDS

EXAM PREPARATION GUIDE | 25 ITEMS

Q:When is the safest time to post on social media about your vacation plans?

After the trip.Q:Which of the following is true of Sensitive Compartmented Information Facilities (SCIFs)?Personnel must position monitors so that they do not face windows or close the window blinds.

Q:Annabeth becomes aware that a conversation with a co-worker that involved

Sensitive Compartmented Information (SCI) may have been overheard by someone who does not have the required clearance. What action should Annabeth take?Contact her security POC with detailed information about the incident.

Q:Which of the following is true of working within a Sensitive Compartmented

Information Facility (SCIF)?Authorized personnel who permit another individual to enter the SCIF are responsible for confirming the individual's need-to-know and access.

Q:How can you protect your home computer?

Regularly back up your files.

Q:Which of the following is true of transmitting or transporting Sensitive

Compartmented Information (SCI)?Printed SCI must be retrieved promptly from the printer.

Q:You receive an e-mail marked important from your boss asking for data that they need immediately for a meeting starting now. The e-mail was sent from a personal e-mail address that you do not recognize, bit it addresses you by name.What concern does the e-mail pose?This may be a spear phishing attempt. Contact your boss using contact information that you know to be legitimate.

Q:Which of the following uses of removable media is allowed?

Government owned removable media that is approved as operationally necessary.Q:Terry sees a post on her social media feed that says there is smoke billowing from the Pentagon. The post includes a video that shows smoke billowing from a building that is not readily identifiable as the Pentagon. Terry is not familiar with the source of the post. Which of the following describes what Terry has likely seen?This is probably disinformation unless Terry can verify it on a legitimate news site.

Q:Which of these is NOT a potential indicator that your device may be under a

malicious code attack?A notification for a system update that has been publicized Q:Which best describes an insider threat? Someone who uses ______ access, ______, to harm national security through unauthorized disclosure, data modification, espionage, terrorism, or kinetic actions.authorized; wittingly or unwittingly

Q:Which of the following is NOT an appropriate use of your Common Access Card

(CAC)?

Using it as photo identification with a commercial entity.

Q:Which of the following is a best practice for physical security?

Use your own security badge or key code for facility access.

Q:Which of the following is a best practice to protect your identity?

Order a credit report annually.

Q:Which of the following statements about Portected Health Information (PHI) is

false?It is created or received by a healthcare provider, health plan, or employer or a business associate of these.

Q:Which of the following is NOT a best practice for protecting data on a mobile

device?Disable automatic screen locking after a period of inactivity.

Q:Carl receives an e-mail about a potential health risk caused by a common

ingredient in processed food. Which of the following actions should Carl NOT take with the e-mail?Forward it.

Q:Which of the following is an appropriate use of government e-mail?

Using a digital signature when sending attachments.

Q:How can you prevent viruses and malicious code?

Scan all external files before uploading to your computer.Q:Which of the following is NOT a best practice for teleworking in an environment where Internet of Things (IoT) devices are present?Use the devices' default security settings.

Q:Which of the following is a best practice for using government e-mail?

Do not send mass e-mails.Q:How can an adversary use information available in public records to target you?Combine it with information from other data sources to learn how best to bait you with a scam.

Q:Which type of data could reasonable be expected to cause serious damage to

national security?Secret

Q:Which of the following is true of Controlled Unclassified Information (CUI)?

It must be handled using safeguarding or dissemination controls.Q:How can you mitigate the ptential rish associated with a compressed URL (e.g., TinyURL, goo.gl)?Use the preview function to see where the link actually leads.