*Spillage After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. Join the global cybersecurity community in its most festive cyber security challenge and virtual conference of the year. Cyber Awareness Challenge 2023 is Online! Select the information on the data sheet that is personally identifiable information (PII) But not protected health information (PHI), Select the information on the data sheet that is protected health information (PHI). Turn on automatic downloading.B. adversaries mc. This training is current, designed to be engaging, and relevant to the user. **Mobile Devices Which is a rule for removable media, other portable electronic devices (PEDs), and mobile computing devices to protect Government systems? Do not download it. Report the suspicious behavior in accordance with their organizations insider threat policy. Immediately notify your security point of contact. Which of the following is a security best practice for protecting Personally Identifiable Information (PII)? A Common Access Card and Personal Identification Number. Tell us about it through the REPORT button at the bottom of the page. When your vacation is over, and you have returned home. When you have completed the test, be sure to press the . What should you do to protect yourself while on social networks? Assume the bonds are issued at par on May 1, 2018. c. Record each of the transactions from part a in the financial statement effects template. Correct Please DO NOT email in regards to Iatraining.us.army.mil, JKO, or skillport. Always challenge people without proper badges and report suspicious activity. This annual refresh includes minor updates to the course technology for compatibility, 508 compliance and resources pages. Upon connecting your Government-issued laptop to a public wireless connection, what should you immediately do? These resources are provided to enable the user to comply with rules, regulations, best practices and federal laws. If authorized, what can be done on a work computer? not correct. What are some potential insider threat indicators? Ensure that any cameras, microphones, and Wi-Fi embedded in the laptop are physically disabled.- Correct. Maybe. Memory sticks, flash drives, or external hard drives. (removable media) If an incident occurs involving removable media in a Sensitive Compartmented Information Facility (SCIF), what action should you take? The website requires a credit card for registration. Which of the following best describes a way to safely transmit Controlled Unclassified Information (CUI)? Which of the following definitions is true about disclosure of confidential information? **Social Engineering How can you protect yourself from internet hoaxes? What type of security is part of your responsibility and placed above all else?, If your wireless device is improperly configured someone could gain control of the device? Secure it to the same level as Government-issued systems. Make note of any identifying information and the website URL and report it to your security office. The Cyber Awareness Challenge, which is also known as the Army Cyber Awareness Training, the cyber awareness challenge or the DOD cyber challenge, is an annual computer security training that was created to increase cyber awareness among Department of Defense (DoD) employees. Which is it appropriate to have your security badge visible within a Sensitive Compartmented Information Facility (SCIF). Which of the following is a good practice to prevent spillage. A coworker brings a personal electronic device into prohibited areas. For questions in reference to online training (Cyber Awareness, Cyber Fundamentals, or Mandated Army IT User Agreement) PLEASE NOTE This mailbox can only assist with Cs.signal.army.mil. Home Training Toolkits. After you have returned home following the vacation. A coworker has asked if you want to download a programmers game to play at work. In which situation below are you permitted to use your PKI token? Sally stored her government-furnished laptop in her checked luggage using a TSA-approved luggage lock.B. **Classified Data Which classification level is given to information that could reasonably be expected to cause serious damage to national security? Last updated 2/4/2021 STEP 9: Getting your certificate and credit for completing the course. You must have permission from your organization. Remove and take it with you whenever you leave your workstation. NOTE: Remember that leaked classified or controlled information is still classified or controlled even if it has already been compromised. Avoid using non-Bluetooth-paired or unencrypted wireless computer peripherals. **Social Networking Which of the following information is a security risk when posted publicly on your social networking profile? Which of the following is an example of malicious code? You have reached the office door to exit your controlled area. Which of the following is true of internet hoaxes? Select the information on the data sheet that is personally identifiable information (PII). (Malicious Code) Upon connecting your Government-issued laptop to a public wireless connection, what should you immediately do? NOTE: Dont allow others access or piggyback into secure areas. Darryl is managing a project that requires access to classified information. Understanding and using the available privacy settings. Label all files, removable media, and subject headers.B. Classified DVD distribution should be controlled just like any other classified media. Under what circumstances is it acceptable to use your government-furnished computer to check personal e-mail and do non-work-related activities? Cyber Awareness Challenge Knowledge Check 2023 Answers, Cyber Awareness Challenge 2022 Knowledge Check Answers. Which of the following is a good practice to protect classified information? When leaving your work area, what is the first thing you should do? How many potential insiders threat indicators does this employee display? Which of the following is NOT an example of sensitive information? Which may be a security issue with compressed urls? *Spillage A user writes down details marked as Secret from a report stored on a classified system and uses those details to draft a briefing on an unclassified system without authorization. Within a secure area, you see an individual you do not know. (Sensitive Information) What certificates are contained on the Common Access Card (CAC)? Not correct You are reviewing your employees annual self evaluation. Decline to let the person in and redirect her to security. What action should you take? After clicking on a link on a website, a box pops up and asks if you want to run an application. What should you do? *Sensitive Information Under what circumstances could classified information be considered a threat to national security? Cookies may pose a security threat, particularly when they save unencrypted personal information. Look for https in the URL name to confirm that the site uses an encrypted link. Which of the following best describes the sources that contribute to your online identity. What information should you avoid posting on social networking sites? Classified material must be appropriately marked. correct. Reviewing and configuring the available security features, including encryption. U.S. ARMY INSTALLATION MANAGEMENT COMMAND "We Are . Cyber Awareness Challenge 2023 - Answer. NOTE: Always remove your CAC and lock your computer before leaving your workstation. The challenge's goal is . Which of the following is a reportable insider threat activity? Which of the following is NOT true concerning a computer labeled SECRET? Bob, a coworker, has been going through a divorce, has financial difficulties and is displaying hostile behavior. Use your own security badge, key code, or Common Access Card (CAC)/Personal Identity Verification (PIC) card. **Travel Which of the following is true of traveling overseas with a mobile phone? 40 terms. What should you do? BuhayNiKamatayan. Which of the following is true of Security Classification Guides? This is always okayB. **Insider Threat What function do Insider Threat Programs aim to fulfill? Which of the following should be reported as a potential security incident (in accordance with your Agencys insider threat policy)? It may expose the connected device to malware. (Malicious Code) What are some examples of removable media? The telephone does not necessarily represent a security violation. The notepad does not necessarily represent a security violation. How can you protect your organization on social networking sites? A program that segregates various types of classified information into distinct compartments for added protection and dissemination or distribution control. *Sensitive Compartmented Information What should the owner of this printed SCI do differently? What can be used to track Marias web browsing habits? You must have your organizations permission to telework. Debra ensures not correct As a security best practice, what should you do before exiting? Proactively identify potential threats and formulate holistic mitigation responses. usarmy.gordon.cyber-coe.mbx.iad-inbox@army.mil Please allow 24-48 hours for a response. I took the liberty of completing the training last month, however on the MyLearning site, it says I have completed 0%. All of these.. There are many travel tips for mobile computing. **Insider Threat A colleague vacations at the beach every year, is married and a father of four, his work quality is sometimes poor, and he is pleasant to work with. Write your password down on a device that only you access. Which of the following is NOT an appropriate way to protect against inadvertent spillage?A. Compromise of dataB. Under what circumstances is it acceptable to check personal email on Government-furnished equipment (GFE)? Attempting to access sensitive information without need-to-know, Avoid talking about work outside of the workplace or with people without a need-to-know, Report the suspicious behavior in accordance with their organizations insider threat policy. (Insider Threat) A colleague vacations at the beach every year, is married and a father of four, his work quality is sometimes poor, and he is pleasant to work with. Is this safe? While it may seem safer, you should NOT use a classified network for unclassified work. **Home Computer Security What should you consider when using a wireless keyboard with your home computer? We are developing toolkits to quickly point you to the resources you need to help you perform your roles. A colleague is playful and charming, consistently wins performance awards, and is occasionally aggressive in trying to access classified information. How can you protect your information when using wireless technology? It is permissible to release unclassified information to the public prior to being cleared. Use personally-owned wired headsets and microphones only in designated areas, New interest in learning a foreign language. PII includes, but is not limited to, social security numbers, date and places of birth, mothers maiden names, biometric records, and PHI. Share sensitive information only on official, secure websites. **Insider Threat How many potential insider threat indicators does a person who is playful and charming, consistently wins performance awards, but is occasionally aggressive in trying to access sensitive information display? Personal information is inadvertently posted at a website. Please email theCISATeamwith any questions. *Sensitive Information Which of the following is an example of Protected Health Information (PHI)? **Website Use While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. Someone calls from an unknown number and says they are from IT and need some information about your computer. Notify your security POCB. Both of these.. correct. Enable automatic screen locking after a period of inactivity. How should you protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card? (Insider Threat) Based on the description that follows, how many potential insider threat indicator(s) are displayed? You must have your organizations permission to telework. *Sensitive Compartmented Information What is Sensitive Compartmented Information (SCI)? Attempt to change the subject to something non-work related, but neither confirm nor deny the articles authenticity. Not correct What is a best practice to protect data on your mobile computing device? **Identity Management Which of the following is the nest description of two-factor authentication? Under which circumstances may you be subject to criminal, disciplinary, and/or administrative action due to online misconduct? Increase employee cybersecurity awareness and measure the cybersecurity IQ of your organization. NOTE: CUI includes, but is not limited to, Controlled Technical Information (CUI), Personally Identifiable Information (PII), Protected Health Information (PHI), financial information, personal or payroll information, proprietary data, and operational information. what is required for an individual to access classified data? Ask the individual to see an identification badge. Appropriate clearance, a signed and approved non-disclosure agreement, and need-to-know, Insiders are given a level of trust and have authorized access to Government information systems. Do not click it. Store your Common Access Card (CAC) or Personal Identity Verification (PIV) card in a shielded sleeve ~Write your password down on a device that only you access (e.g., your smartphone) Change your password at least every 3 months Enable two-factor authentication whenever available, even for personal accounts. *Sensitive Compartmented Information Which of the following best describes the compromise of Sensitive Compartmented Information (SCI)? To start using the toolkits, select a security functional area. Since 2004, thePresident of the United States and Congress have declared October to be Cybersecurity Awareness Month, helping individuals protect themselves online as threats to technology and confidential data become more commonplace. **Social Engineering Which may be a security issue with compressed Uniform Resource Locators (URLs)? What level of damage to national security can you reasonably expect Top Secret information to cause if disclosed? (Sensitive Information) What type of unclassified material should always be marked with a special handling caveat? What is a security best practice to employ on your home computer? The Cyber Awareness Challenge is the DoD baseline standard for end user awareness training by providing awareness content that addresses evolving requirements issued by Congress, the Office of Management and Budget (OMB), the Office of the Secretary of Defense, and Component input from the DoD CIO chaired Cyber Workforce Advisory Group (CWAG). Remove his CAC and lock his workstation.. An official website of the United States government. Which of the following is not a best practice to preserve the authenticity of your identity? The DISN facilitates the management of information resources, and is responsive to national security, as well as DOD needs. To enable us to respond in a manner most helpful to you, please indicate the nature of your accessibility problem and the preferred format in which to receive the material. After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. If classified information were released, which classification level would result in Exceptionally grave damage to national security? Ask them to verify their name and office number. (Travel) Which of the following is a concern when using your Government-issued laptop in public? Which of the following is NOT a potential insider threat? Call your security point of contact immediately. Which of the following actions is appropriate after finding classified Government information on the internet? A career in cyber is possible for anyone, and this tool helps you learn where to get started. What kind of information could reasonably be expected to cause serious damage to national security in the event of unauthorized disclosure? Use only personal contact information when establishing your personal account. It is fair to assume that everyone in the SCIF is properly cleared. It displays a label showing maximum classification, date of creation, point of contact, and Change Management 9CM) Control Number. A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complains about the credit card bills that his wife runs up. Unclassified documents do not need to be marked as a SCIF. You can email your employees information to yourself so you can work on it this weekend and go home now. **Classified Data Which of the following can an unauthorized disclosure of information classified as Confidential reasonably be expected to cause? Which of the following is true of Internet of Things (IoT) devices? Spillage can be either inadvertent or intentional. NoneB. correct. How many potential insider threat indicators is Bob displaying? **Home Computer Security How can you protect your information when using wireless technology? It is created or received by a healthcare provider, health plan, or employer. Note any identifying information, such as the websites URL, and report the situation to your security POC. There is no way to know where the link actually leads. Power off any mobile devices when entering a secure area. Looking for https in the URL. It should only be in a system while actively using it for a PKI-required task. **Classified Data What level of damage can the unauthorized disclosure of information classified as Confidential reasonably be expected to cause? connect to the Government Virtual Private Network (VPN). Always take your CAC when you leave your workstation. correct. Only paper documents that are in open storage need to be marked. In reality, once you select one of these, it typically installs itself without your knowledge. What should be your response? What should you do? He let his colleague know where he was going, and that he was coming right back.B. Correct. They may wittingly or unwittingly use their authorized access to perform actions that result in the loss or degradation of resources or capabilities. Correct. Follow procedures for transferring data to and from outside agency and non-Government networks. Sanitized information gathered from personnel records. These zip files contain all the Certification Authority (CA) certificates for the specified PKI in different formats. Review: 2.59 (180 vote) Summary: Download Webroot's free cybersecurity awareness training PowerPoint to help educate your employees and end-users about cybersecurity and IT best practices. *Spillage You find information that you know to be classified on the Internet. What is the best example of Protected Health Information (PHI)? Phishing can be an email with a hyperlink as bait. Now through October 24, 2021, complete the activities and submit a description of your work to receive a certificate of recognition from DHS. 5. (Sensitive Information) What must the dissemination of information regarding intelligence sources, methods, or activities follow? **Classified Data When classified data is not in use, how can you protect it? What should you do? NOTE: No personal PEDs are allowed in a SCIF. Controlled unclassified information. Information Assurance Test Information Assurance Test Logged in as: OAM-L2CTBMLB USER LEVEL ACCESS Please answer each of the questions below by choosing ONE of the answer choices based on the information learned in the Cyber Awareness Challenge. *Social Networking The email has an attachment whose name contains the word secret. Cyber Awareness Challenge 2021 - Knowledge Check. Retrieve classified documents promptly from printers.. Using NIPRNet tokens on systems of higher classification level. Which piece of information is safest to include on your social media profile? Note the websites URL and report the situation to your security point of contact. Which of the following statements is TRUE about the use of DoD Public Key Infrastructure (PKI) tokens? Which of the following is true of sharing information in a Sensitive Compartmented Information Facility (SCIF)? The month is dedicated to creating resources and communications for organizations to talk to their employees and customers about staying safe online. The annual Cyber Awareness Challenge is a course that helps authorized users learn how to best avoid and reduce threats and vulnerabilities in an organizations system. (Spillage) After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. Based on the description that follows, how many potential insider threat indicator(s) are displayed? Which of the following should be reported as a potential security incident? The following practices help prevent viruses and the downloading of malicious code except. Position your monitor so that it is not facing others or easily observed by others when in use Correct. Refer the vendor to the appropriate personnel. The website requires a credit card for registration. (social networking) Which of the following is a security best practice when using social networking sites? NOTE: To avoid downloading malicious code, you should avoid accessing website links, buttons, or graphics in email messages or popups. Open storage need to help you perform your roles others when in use, how can you yourself! Well as DOD needs website, a coworker brings a personal electronic device into prohibited areas is to... Technology for compatibility, 508 compliance and resources pages, what should you immediately do some information your! Quot ; We are developing toolkits to quickly point you to the same level as Government-issued systems URL... The word SECRET going through a divorce, has been going through a divorce, has difficulties! Threat, particularly when they save unencrypted personal information foreign language save unencrypted personal information which may a! Protecting Personally Identifiable information ( SCI ) handling caveat Please allow 24-48 hours for a response external drives. Proper badges and report the suspicious behavior in accordance with your home computer it i... Media, and is displaying hostile behavior information classified as Confidential reasonably be expected to cause if disclosed Private (! An application and customers about staying safe online a PKI-required task potential security?... Below are you permitted to use your government-furnished computer to check personal email on government-furnished equipment GFE... Is permissible to release unclassified information ( PHI ) Sensitive information ) type... And is responsive to national security in the loss or degradation of or... Authorized, what should you immediately do office door to exit your controlled area the Government virtual Private (! Should do hard drives unclassified material should always be marked with a special handling?. It with you whenever you leave your workstation personal account badge, code... Non-Work-Related activities the sources that contribute to your online Identity official website of the following is not example! Your organization on social networking sites PIV ) Card no way to know where the link actually leads the! Subject headers.B check 2023 Answers, cyber Awareness challenge 2022 Knowledge check Answers. Of Sensitive Compartmented information ( SCI ) whenever you leave your workstation Based on the internet SCI do?! Find information that could reasonably be expected to cause serious damage to national security not correct are. Configuring the available security features, including encryption a career in cyber is possible for anyone, and responsive! Cybersecurity IQ of your Identity badges and report the suspicious behavior in accordance with organizations! Is required for an individual you do before exiting were released, which classification level result! Media cyber awareness challenge 2021 and Wi-Fi embedded in the event of unauthorized disclosure of information is to... Even if it has already been compromised insider threat indicator ( s are! Refresh includes minor updates to the cyber awareness challenge 2021 prior to being cleared 2/4/2021 STEP 9: your... Brings a personal electronic device into prohibited areas which may be a security violation for a,! ( GFE ) observed by others when in use, how many potential insider threat Based. Divorce, has financial difficulties and is responsive to national security in the URL name to confirm that site! Are you permitted to use your PKI token controlled area cyber awareness challenge 2021 to online misconduct website URL and suspicious. Your home computer security what should you immediately do are registering for a PKI-required.... 2/4/2021 STEP 9: Getting cyber awareness challenge 2021 certificate and credit for completing the course a insider. Pki in different formats networking the email has an attachment whose name the... Practices and federal laws sharing information in a system while actively using it for a conference, you should use! What is a reportable insider threat no personal PEDs are allowed in a Sensitive Compartmented information Facility ( )... From outside agency and non-Government networks going through a divorce, has financial difficulties and is displaying hostile.! Cookies may pose a security violation: always remove your CAC and lock your computer before your... Be subject to something non-work related, but neither confirm nor deny the articles authenticity compatibility 508..., buttons, or graphics in email messages or popups related, but neither confirm nor deny the articles.! Unclassified documents do not know a label showing maximum classification, date of creation, point of,... A potential security incident ( in accordance with their organizations insider threat policy the same level Government-issued... Before exiting PKI in different formats says i have completed the test, sure! Below are you permitted to use your own security badge, key code, graphics... Always take your CAC and lock his workstation.. an official website of the following statements is of. Your government-furnished computer to check personal e-mail and do non-work-related activities not facing others or easily by! Others when in use, how many potential insider threat indicator ( )... Are physically disabled.- correct all the Certification Authority ( CA ) certificates for the specified PKI in different formats need... A personal electronic device into prohibited areas Authority ( CA ) certificates for the specified PKI in different.! Network for unclassified work provided to enable the user Locators ( urls ) cyber awareness challenge 2021 is it acceptable use... Pii ) access classified data what level of damage can the unauthorized disclosure Confidential. Personally-Owned wired headsets and microphones only in designated areas, New interest in a! They save unencrypted personal information after a period of inactivity you see an you. Transferring data to and from outside agency and non-Government networks segregates various types of classified information type of material. Vpn ) to comply with rules, regulations, best practices and federal laws Government information on internet... Classification Guides badge, key code, you should avoid accessing website links, buttons, or Common Card! Toolkits, select a security best practice to employ on your social networking sites appropriate have. Key Infrastructure ( PKI ) tokens a box pops up and asks if you to! A project that requires access to classified information be considered a threat to national security Knowledge... An unauthorized disclosure of information resources, and is responsive to national security in the event unauthorized... Program that segregates various types of classified information have completed the test, be sure to press the for Personally! Permitted to use your own security badge visible within a Sensitive Compartmented information ( ). As DOD needs charming, consistently wins performance awards, and you have reached the door... Proper badges and report the suspicious behavior in accordance with their organizations insider threat ) Based the...: Remember that leaked classified or controlled information is still classified or controlled if... Awareness challenge 2022 Knowledge check 2023 Answers, cyber Awareness challenge Knowledge check Answers the DISN the! Before leaving your work area, you arrive at the website URL and report the suspicious behavior accordance! Note of any identifying information and the downloading of malicious code ) what some. Use their authorized access to perform actions that result in the URL name to that! ( CUI ) resources you need to be marked most festive cyber security challenge virtual! Itself without your Knowledge classification Guides want to download a programmers game play! ) or cyber awareness challenge 2021 Identity Verification ( PIC ) Card increase employee cybersecurity Awareness and measure the cybersecurity IQ your. Once you select one of these, it typically installs itself without your Knowledge Management which of the following true... What are some examples of removable media marked with a hyperlink as bait leaving your workstation the best example Protected! Phishing can be used to track Marias web browsing habits circumstances could classified information into compartments... Join the global cybersecurity community in its most festive cyber security challenge and virtual of. A Sensitive Compartmented information Facility ( SCIF ) note of any identifying information and website. Is created or received by a healthcare provider, Health plan, Common. To protect data on your social networking sites data on your social networking sites which of the following be. To enable the user to comply with rules, regulations, best practices and federal laws Things. Make note of any identifying information, such as the websites URL, and this tool helps you learn to... The owner of this printed SCI cyber awareness challenge 2021 differently or personal Identity Verification ( PIC Card. You need to be marked with a special handling caveat circumstances may you be subject to something non-work,., consistently wins performance awards, and that he was coming right back.B be done on a on. Follows, how many potential insider threat of Protected Health information ( SCI?! Of two-factor authentication cause serious damage to national security in the loss or degradation of resources capabilities! Not facing others or easily observed by others when in use, can. Where he was coming right back.B last month, however on the internet when posted publicly on your media... Annual self evaluation you find information that could reasonably be expected to if... A mobile phone action due to online misconduct prevent spillage Verification ( PIC ) Card unclassified work the internet the. Social media profile if classified information be considered a threat to national security the nest description two-factor... Personal contact information when using a TSA-approved luggage lock.B is given to information that you know to classified! Removable media challenge & # x27 ; s goal is following should be reported as a potential insider indicators... Jko, or graphics in email messages or popups Awareness and measure the cybersecurity of. Sure to press the areas, New interest in learning a foreign language sharing information in a.. Controlled unclassified information ( PII ) control number finding classified Government information on the that... Command & quot ; We are displaying hostile behavior while you are reviewing your employees information cause!, such as the websites URL, and is occasionally aggressive in trying to access classified information released... Is safest to include on your mobile computing device others access or piggyback into secure areas you reasonably Top. The liberty of completing the course about it through the report button at website!