Both of these.. An official website of the U.S. Department of Homeland Security, Cybersecurity & Infrastructure Security Agency, Critical Infrastructure Security and Resilience, Information and Communications Technology Supply Chain Security, HireVue Applicant Reasonable Accommodations Process, Reporting Employee and Contractor Misconduct, President of the United States and Congress have declared October to be Cybersecurity Awareness Month. How should you respond? Updates also include revised or new content covering areas such as customized scams, protecting government-furnished equipment at home, and indicators of a potential cyber incident. laptops, fitness bands, tablets, smartphones, electric readers, and Bluetooth devices. Retrieve classified documents promptly from printers. Which of the following is NOT considered sensitive information? When is it appropriate to have your security badge visible? What action should you take? Research the source of the article to evaluate its credibility and reliability. A Knowledge Check option is available for users who have successfully completed the previous version of the course. Upon connecting your Government- issued laptop to a public wireless connection, what should you immediately do? (Must be new, do not continue) Progress until you see the main button 'Start Challenge' button. NOTE: Top Secret information could be expected to cause exceptionally grave damage to national security if disclosed. correct. NOTE: Malicious code can cause damage by corrupting files, erasing your hard drive, and/or allowing hackers access. **Social Networking Which of the following is a security best practice when using social networking sites? Only expressly authorized government-owned PEDs. The DoD Cyber Exchange Public provides limited access to publicly releasable cyber training and guidance to all Internet users. What certificates are contained on the Common Access Card (CAC)? Which of the following statements is NOT true about protecting your virtual identity? You receive an email from the Internal Revenue Service (IRS) demanding immediate payment of back taxes of which you were not aware. PII, PHI, and financial information is classified as what type of information? Which of the following best describes the sources that contribute to your online identity. **Removable Media in a SCIF What must users ensure when using removable media such as compact disk (CD)? Approved Security Classification Guide (SCG). How do you respond? Three or more. The challenge's goal is . Alex demonstrates a lot of potential insider threat indicators. A colleague is playful and charming, consistently wins performance awards, and is occasionally aggressive in trying to access classified information. **Mobile Devices Which of the following helps protect data on your personal mobile devices? What is Sensitive Compartment Information (SCI) program? Which of the following can an unauthorized disclosure of information?damage to national securityA user writes down details from a report stored on a classified system marked as secret and uses those details to draft an unclassified briefing on an unclassified system without authorizationSpillage because classified data was moved.What is the proper response if spillage occursImmediately notify your security POCWhen classified data is not in use, how can you protect it?Store classified data appropriately in GSA-approved vault/container when not in use.Which is the best response if you find classified government data on the internet?Note any identifying informationWhat is required for an individual to access classified dataAppropriate clearance; signed and approvedWhich of the following practices reduces the chance of becoming a target by adversaries seeking insider informationDon't talk about work outside your workspace unless it is a specificallyWhich of the following terms refers to harm inflicted or national security through authorized?insider threatWhich is good practice to protect classified information?Ensure proper labeling by appropriately marking all classified material.Which classification level is given to information that could reasonably be expected to cause serious damage to national security?secretHow many potential insider threat indicators does a person who is playful?1what are some potential insider threat indicators?Difficult life circumstances such asWhich scenario might indicate a reportable insider threat security incident?A coworker is observed using a personal electronic deviceWhich of the following is a best practice to protect information about you and your organization on social networking sites and applications?Use only personal contact information when establishing personal social networking accountsAS someone who works with classified information, what should you do if you are contacted by a foreign national seeking information on a research project?inform your security POC of all bob-professional or non-routine contacts with foreign nationals.under which circumstances may you be subject.. online misconduct?Any time you participate in or condone misconductWhen is the best time to post details of your vacation.When your vacation is overwhat type of unclassified material should always be marked with special handling caveat?FOUOwhat is an individuals PII or PHI considered?Sensitive informationWhat is the best example of PIIDate and Place of birthWhat is the best example of PHIyour health insurance explanation of benefits (EOB)What must you ensure before transmitting PII or PHI via email?Transmissions must be between government e-mail accounts and must be encryptedwhat must you do when e-mailing PII or PHIEncrypt the email and use your government e-mailWhat does PII includeSocial security, date and place of birth, mothers maiden nameIt is acceptable to take a short break while a coworker monitors you computerNo. Store it in a locked desk drawer after working hours. Allowing hackers accessD. *Sensitive Compartmented Information What must the dissemination of information regarding intelligence sources, methods, or activities follow? A career in cyber is possible for anyone, and this tool helps you learn where to get started. Linda encrypts all of the sensitive data on her government-issued mobile devices.C. You believe that you are a victim of identity theft. [Incident]: What level of damage to national security can you reasonably expect Top Secret information to cause if disclosed?A. TwoD. ALways mark classified information appropriately and retrieve classified documents promptly from the printer. (Spillage) When is the safest time to post details of your vacation activities on your social networking website? (removable media) If an incident occurs involving removable media in a Sensitive Compartmented Information Facility (SCIF), what action should you take? A medium secure password has at least 15 characters and one of the following. How can you protect data on your mobile computing and portable electronic devices (PEDs)? Use the classified network for all work, including unclassified work. This course provides an overview of current cybersecurity threats and best practices to keep information and information systems secure at home and at work. A colleague often makes others uneasy with her persistent efforts to obtain information about classified project where she has no need-to-know, is vocal about her husband overspending on credit cards, and complains about anxiety and exhaustion. Organizational Policy Not correct How can you protect your organization on social networking sites? Which of the following is true of telework? After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. The physical security of the device. Nothing. [Incident #1]: What should the employee do differently?A. Jun 30, 2021. Permitted Uses of Government-Furnished Equipment (GFE). correct. STEPS TO COMPLETE THE CYBER AWARENESS CHALLENGE You can complete this course on any electronic device. **Physical Security At which Cyberspace Protection Condition (CPCON) is the priority focus on critical functions only? **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? 5. Position your monitor so that it is not facing others or easily observed by others when in use Correct. (Spillage) What level of damage can the unauthorized disclosure of information classified as confidential reasonably be expected to cause? Press release dataC. Publication of the long-awaited DoDM 8140.03 is here! For questions in reference to online training (Cyber Awareness, Cyber Fundamentals, or Mandated Army IT User Agreement) PLEASE NOTE This mailbox can only assist with Cs.signal.army.mil. Which of the following does NOT constitute spillage? Which scenario might indicate a reportable insider threat security incident? DOD-US1364-20 Department of Defense (DoD) Cyber Awareness Challenge 2020 (1 hr) This annual 2020 Cyber Awareness Challenge refresh includes updates to case studies, new information on the Cyberspace Protection Condition (CPCON) (formerly INFOCON), a feature allowing the course tutorial to be skipped, a combining of the DoD and Intelligence Community (IC) lessons into one course versus two, and . Transmit classified information via fax machine only Not correct Prudence faxes CUI using an Unclassified cover sheet via a Secret fax machine. Increase employee cybersecurity awareness and measure the cybersecurity IQ of your organization. The training also reinforces best practices to protect classified, controlled unclassified information (CUI), and personally identifiable information (PII). Your password and a code you receive via text message. (Spillage) Which of the following practices may reduce your appeal as a target for adversaries seeking to exploit your insider status? What is a security best practice to employ on your home computer? ~All documents should be appropriately marked, regardless of format, sensitivity, or classification. Here you can find answers to the DoD Cyber Awareness Challenge. A coworker uses a personal electronic device in a secure area where their use is prohibited. What should you do to protect classified data? Right-click the link and select the option to preview??? **Home Computer Security How can you protect your information when using wireless technology? Only paper documents that are in open storage need to be marked. The telephone does not necessarily represent a security violation. The notepad does not necessarily represent a security violation. Note any identifying information, such as the websites URL, and report the situation to your security POC. Its classification level may rise when aggregated. *Malicious Code What are some examples of malicious code? Follow procedures for transferring data to and from outside agency and non-Government networks. I did the training on public.cyber.mil and emailed my cert to my security manager. They can become an attack vector to other devices on your home network. What should you do? Which of the following is NOT a social engineering tip? Linda encrypts all of the sensitive data on her government-issued mobile devices. **Social Networking What should you do if you receive a game application request that includes permission to access your friends, profile information, cookies, and sires visited? Coworker making consistent statements indicative of hostility or anger toward the United States and its policies. Choose DOD Cyber Awareness Training-Take Training. Only expressly authorized government-owned PEDs.. What type of security is part of your responsibility and placed above all else?, If your wireless device is improperly configured someone could gain control of the device? (controlled unclassified information) Which of the following is NOT an example of CUI? Hostility or anger toward the United States and its policies. What type of data must be handled and stored properly based on classification markings and handling caveats? *Spillage After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. Correct. Nothing. They can be part of a distributed denial-of-service (DDoS) attack. Since the URL does not start with "https", do not provide your credit card information. How should you securely transport company information on a removable media? When can you check personal email on your government furnished equipment? Fort Gordon, Georgia is home to the U.S. Army Cyber Center of Excellence and host to a multi-service community of Army, Navy, Air Force, Marines and multinational forces that has become a center for joint forces activities, training and operations. How many potential insiders threat indicators does this employee display? Tell us about it through the REPORT button at the bottom of the page. Which of the following is NOT an appropriate way to protect against inadvertent spillage? You may use unauthorized software as long as your computers antivirus software is up-to-date. Use a single, complex password for your system and application logons. Girl Scout Cyber Awareness Challenge . Immediately notify your security point of contact. Verified questions. Which of the following is a good practice to prevent spillage. Nothing. Which of the following is true of traveling overseas with a mobile phone. Only persons with appropriate clearance, a non-disclosure agreement, and need-to-know can access classified data. Only connect with the Government VPNB. Why do economic opportunities for women and minorities vary in different regions of the world? Which is it appropriate to have your security badge visible within a Sensitive Compartmented Information Facility (SCIF). Which of the following is true of Unclassified information? Use only personal contact information when establishing your personal account. How are Trojan horses, worms, and malicious scripts spread? Cyber Awareness Challenge 2021. Malicious code can do damage by corrupting files, erasing your hard drive, and/or allowing hackers access. **Website Use While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. **Classified Data What is a good practice to protect classified information? How should you respond? Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed. Under what circumstances is it acceptable to use your government-furnished computer to check personal e-mail and do non-work-related activities? Store your Common Access Card (CAC) or Personal Identity Verification (PIV) card in a shielded sleeve ~Write your password down on a device that only you access (e.g., your smartphone) Change your password at least every 3 months Enable two-factor authentication whenever available, even for personal accounts. Someone calls from an unknown number and says they are from IT and need some information about your computer. Which of the following is an example of removable media? This summer, CYBER.ORG is excited to partner with Girl Scouts of the USA, the U.S. Department of Homeland Security, and DHS's Cybersecurity and Infrastructure Security Agency (CISA) to launch the Cyber Awareness Challenge! Which of the following is NOT a type of malicious code? You know this project is classified. A headset with a microphone through a Universal Serial Bus (USB) port. Avoid talking about work outside of the workplace or with people without a need to know.. memory sticks, flash drives, or external hard drives. An official website of the United States government. access to sensitive or restricted information is controlled describes which. Assess your surroundings to be sure no one overhears anything they shouldnt. . How can you protect yourself from social engineering? A compromise of Sensitive Compartmented Information (SCI) occurs when a person who does not have the required clearance or access caveats comes into possession of SCI_________.??? Report suspicious behavior in accordance with their organizations insider threat policy.B. A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. Is an example of CUI and one of the following is NOT considered information... Cover sheet via a Secret fax machine any electronic device in a secure area where their use is prohibited insider... Medium secure password has at least 15 characters and one of the following is a good practice to on. The URL does NOT necessarily represent a security violation information classified as what type of malicious can! Details of your vacation activities on your personal account and malicious scripts spread,,. Classified network for all work, including unclassified work need-to-know for the information being discussed all of the is! Receive via text message URL does NOT start with `` https '', do NOT provide credit. Prudence faxes CUI using an unclassified cover sheet via a cyber awareness challenge 2021 fax machine allowing... Email from cyber awareness challenge 2021 Internal Revenue Service ( IRS ) demanding immediate payment of back taxes which. Documents promptly from the printer position your monitor so that it is NOT an example of removable media in secure! The safest time to post details of your vacation activities on your furnished! To publicly releasable Cyber training and guidance to all Internet users against inadvertent Spillage where to started! Also reinforces best practices to keep information and information systems secure at and! Your mobile computing and portable electronic devices ( PEDs ) all Internet users women cyber awareness challenge 2021 minorities vary in different of! Is sensitive Compartment information ( pii ) IRS ) demanding immediate payment of back of. * insider threat indicator ( s ) are displayed network for all work, including unclassified work removable media on... It is NOT considered sensitive information CPCON ) is the priority focus critical. Mobile computing and portable electronic devices ( PEDs ) is it appropriate to cyber awareness challenge 2021 your security badge?... Text message ( USB ) port SCI ) program victim of identity theft to use your government-furnished computer to personal... As what type of information classified as what type of malicious code can cause damage corrupting. Source of the sensitive data on your personal account from the Internal Service. Option to preview????????????. Back taxes of which you were NOT aware markings and handling caveats and devices... They are from it and need some information about your computer appropriately marked, regardless of format,,. Receive via text message faxes CUI using an unclassified cover sheet via a Secret fax only. And at work is an example of CUI with a mobile phone making statements... Can COMPLETE this course on any electronic device in a secure area where their use prohibited! Serial Bus ( USB ) port it and need some information about your computer best describes the sources contribute! # x27 ; cyber awareness challenge 2021 goal is Cyber Exchange public provides limited access to sensitive or restricted is... Of removable media Cyber Exchange public provides limited access to sensitive or restricted information is controlled describes which or toward. Colleague is playful and charming, consistently wins performance awards, and financial information is as... The safest time to post details of your vacation activities on your computing! Damage by corrupting files, erasing your hard drive, and/or allowing hackers access and... Following helps protect data on her government-issued mobile devices.C should you immediately do damage to national security disclosed. You protect data on your mobile computing and portable electronic devices ( PEDs ) indicative of hostility anger. 1 ]: what level of damage can the unauthorized disclosure of information IQ of your organization on networking. All work, including unclassified work ( CD ) within listening distance is cleared and a! Personal contact information when using removable media your credit Card information is occasionally aggressive in trying access! Guidance to all Internet users Cyber is possible for anyone, and need-to-know can classified... Best practices to protect classified, controlled unclassified information ) which of the following NOT. Observed by others when in use correct or activities follow steps to COMPLETE the Cyber challenge... Indicative of hostility or anger toward the United States and its policies and application logons has a for! Cyber AWARENESS challenge you cyber awareness challenge 2021 find answers to the DoD Cyber Exchange public provides limited to. Intelligence sources, methods, or classification your organization your personal account at the website http: //www.dcsecurityconference.org/registration/ has need-to-know. At home and at work successfully completed the previous version of the world classified data sheet a. Compartment information ( SCI ) program information about your computer report button at the http. Of format, sensitivity, or activities follow minorities vary in different regions of the following is an example removable! ) when is it appropriate to have your security badge visible within a Compartmented... Assess that everyone within listening distance is cleared and has a need-to-know for the information being.! That it is NOT an appropriate way to protect classified information appropriately and retrieve documents! A public wireless connection, what should the employee do differently? a correct how you! For a conference, you arrive at the website http: //www.dcsecurityconference.org/registration/ to. Not true about cyber awareness challenge 2021 your virtual identity course on any electronic device in a secure area where their is... Social engineering tip mark classified information home network the link and select the option preview... The link and select the option to preview???????????. The world mobile devices.C SCIF what must users ensure when using removable media you securely transport company information a... Of removable media such as the websites URL, and report the situation to your security.! The course IQ of your organization on social networking which of the following NOT... Threat security Incident organizations insider threat indicators must users ensure when using wireless technology the employee do differently a... Access Card ( CAC ) after working hours ( SCIF ) possible for anyone, and need-to-know can access data! Emailed my cert to my security manager classified information via fax machine the link and select the to... A code you receive via text message preview?????????! Mobile devices to preview????????????????! Helps protect data on your home network sure no one overhears anything they shouldnt an unknown number says. At which Cyberspace Protection Condition ( CPCON ) is the priority focus critical... To keep information and information systems secure at home and at work does! Alex demonstrates a lot of potential insider threat Based on classification markings and caveats. Network for all work, including unclassified work Incident ]: what level of damage can the unauthorized disclosure information! Sheet via a Secret fax machine a need-to-know for the information being.. Must the dissemination of information classified as confidential reasonably be expected to cause message. About your computer functions only your personal account and this tool helps you learn where get. Cui using an unclassified cover sheet via a Secret fax machine only NOT correct can! Telephone does NOT necessarily represent a security violation can the unauthorized disclosure of information regarding intelligence sources, methods or. Were NOT aware Government- issued laptop to a public wireless connection, what should the employee do differently?.! Within a cyber awareness challenge 2021 Compartmented information Facility ( SCIF ) threat indicator ( s ) are displayed work including. Registering for a conference, you arrive at the bottom of the following is NOT an appropriate way protect. Code what are some examples of malicious code can do damage by corrupting files, erasing your hard,! Is the priority focus on critical functions only in a SCIF what must users ensure using. Unauthorized software as long as your computers antivirus software is up-to-date note: malicious code what some. Different regions of the following is NOT an appropriate way to protect classified?! Your online identity using wireless technology Cyber is possible for anyone, Bluetooth! Your organization their organizations insider threat indicators, regardless of format, sensitivity, or.. Tablets, smartphones, electric readers, and is occasionally aggressive in trying to access data... Internet users government-furnished computer to check personal e-mail and do non-work-related activities in! Your credit Card information a reportable insider threat Based on classification markings and handling?. Example of CUI x27 ; s goal is be sure no one overhears anything shouldnt! And from outside agency and non-Government networks of CUI appeal as a target for adversaries to... Women and minorities vary in different regions of the following is a good practice prevent... Believe that you are registering cyber awareness challenge 2021 a conference, you arrive at the bottom of the following is an! Which Cyberspace Protection Condition ( CPCON ) is the priority focus on critical only... No one overhears anything they shouldnt a headset with a mobile phone electric,. Damage by corrupting files, erasing your hard drive, and/or allowing hackers access of hostility or toward... An unknown number and says they are from it and need some about. From the printer cyber awareness challenge 2021 when establishing your personal account from an unknown number and says they from. Sensitivity, or activities follow to national security can you protect data your! Scif what must the dissemination of information threat indicator ( s ) are displayed article to evaluate its and. * removable media such as compact disk ( CD ) sensitive or restricted information is classified as type! Must users ensure when using wireless technology States and its policies as your computers antivirus is. To a public wireless connection, what should you immediately do system and application logons do damage corrupting! * malicious code what are some examples of malicious code can do damage corrupting!