As long as the document is cleared for public release, you may release it outside of DoD. The Chinese Spy Balloon Showdown The discovery of a Chinese surveillance balloon floating over the United States has added to the rising tensions between the two superpowers. correct. (GFE) When can you check personal e-mail on your Government-furnished equipment (GFE)? Use personally-owned wired headsets and microphones only in designated areas, New interest in learning a foreign language. 10-3 X-ray Interaction with Matter, Fundamentals of Engineering Economic Analysis, David Besanko, Mark Shanley, Scott Schaefer. Cyber Awareness Challenge Knowledge Check 2023 Answers, Cyber Awareness Challenge 2022 Knowledge Check Answers. Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed. Attempting to access sensitive information without need-to-know, Avoid talking about work outside of the workplace or with people without a need-to-know, Report the suspicious behavior in accordance with their organizations insider threat policy. A Coworker has asked if you want to download a programmers game to play at work. We thoroughly check each answer to a question to provide you with the most correct answers. Teams. Of the following, which is NOT a characteristic of a phishing attempt? *Spillage What should you do if you suspect spillage has occurred? Infographic - Text version Infographic [PDF - 594 KB] Report a problem or mistake on this page Date modified: 2020-12-14 You must possess security clearance eligibility to telework. CUI includes, but is not limited to Controlled Technical Information (CTI), Personally Identifiable Information (PII), Protected Health Information (PHI), financial information, personal or payroll information, proprietary data and operational information. A trusted friend in your social network posts a link to vaccine information on a website unknown to you. What certificates are contained on the Common Access Card (CAC)? CUI may be stored only on authorized systems or approved devices. **Identity Management Your DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approved for access to the NIPRNet. not correct. *Spillage After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. *Spillage What should you do if a reporter asks you about potentially classified information on the web? *Spillage A user writes down details marked as Secret from a report stored on a classified system and uses those details to draft a briefing on an unclassified system without authorization. classified-document. Make note of any identifying information and the website URL and report it to your security office. After you have returned home following the vacation. What is considered a mobile computing device and therefore shouldnt be plugged in to your Government computer? Which of the following may help to prevent spillage? Maintain visual or physical control of the device. When using a public device with a card reader, only use your DoD CAC to access unclassified information, is only allowed if the organization permits it. ~All documents should be appropriately marked, regardless of format, sensitivity, or classification. (Physical Security) which Cyberspace Protection Condition (CPCON) establishes a protection priority focus on critical and essential functions only? Use only personal contact information when establishing personal social networking accounts, never use Government contact information. Correct. Of the following, which is NOT a method to protect sensitive information? Even within a secure facility, dont assume open storage is permitted. **Social Engineering Which may be a security issue with compressed Uniform Resource Locators (URLs)? (Identity Management) Which of the following is an example of two-factor authentication? (Malicious Code) What are some examples of removable media? (Spillage) Which of the following practices may reduce your appeal as a target for adversaries seeking to exploit your insider status? When is it okay to charge a personal mobile device using government-furnished equipment (GFE)? No. Correct Spillage can be either inadvertent or intentional. Where. **Identity management Which of the following is an example of two-factor authentication? (Malicious Code) What is a common indicator of a phishing attempt? Since the URL does not start with https, do not provide you credit card information. *Social Networking d. giving a spanking or a scolding. Data about you collected from all sites, apps, and devices that you use can be aggregated to form a profile of you. What should you do? c. ignoring a tantrum Scan external files from only unverifiable sources before uploading to computer. **Classified Data What is required for an individual to access classified data? What is NOT Personally Identifiable Information (PII)? Government-owned PEDs when expressly authorized by your agency. (Wrong). Executive Order 13526 Classified National Security Information, PersonallyIdentifiable Information (PII), Sensitive Personally Identifiable Information (SPII), Proprietary Business Information (PBI) or currently known within EPA as Confidential Business Information (CBI), Unclassified Controlled Technical Information (UCTI). Unusual interest in classified information. Updated 8/5/2020 8:06:16 PM. Correct. Which of the following is not Controlled Unclassified Information (CUI)? Which of the following is true of Internet of Things (IoT) devices? 1 Answer/Comment. The proper security clearance and indoctrination into the SCI program. What type of social engineering targets senior officials? Which of the following is NOT a correct way to protect CUI? A colleague abruptly becomes hostile and unpleasant after previously enjoying positive working relationships with peers, purchases an unusually expensive car, and has unexplained absences from work. Which of the following statements is TRUE about the use of DoD Public Key Infrastructure (PKI) tokens? It contains certificates for identification, encryption, and digital signature. Which of the following should be reported as a potential security incident? Note any identifying information and the websites URL. What should you do? A smartphone that transmits credit card payment information when held in proximity to a credit card reader. **Social Networking What should you do if you receive a game application request that includes permission to access your friends, profile information, cookies, and sires visited? correct. Store it in a shielded sleeve to avoid chip cloning. which of the following is true about unclassified data. Third, the neighbor ground points of an unclassified point are searched from multiple subspaces. Your password and the second commonly includes a text with a code sent to your phone. Insiders are given a level of trust and have authorized access to Government information systems. CPCON 3 (Medium: Critical, Essential, and Support Functions) *Sensitive Information Which of the following is the best example of Personally Identifiable Information (PII)? Top Secret information could be expected to cause exceptionally grave damage to national security of disclosed. (Travel) Which of the following is a concern when using your Government-issued laptop in public? Which of the following is an example of punishment by application? Unclassified documents do not need to be marked as a SCIF. **Identity management Which is NOT a sufficient way to protect your identity? You receive an inquiry from a reporter about potentially classified information on the internet. (Sensitive Information) What guidance is available from marking Sensitive Information information (SCI)? Which of the following can an unauthorized disclosure of information classified as Confidential reasonably be expected to cause? *Spillage What is a proper response if spillage occurs? Correct, Someone who uses authorized access, wittingly or unwittingly, to harm national security through unauthorized disclosure or other actions that may cause the loss or degradation of resources or capabilities. Which of the following is a security best practice when using social networking sites? Someone who uses authorized access, wittingly or unwittingly, to harm national security through unauthorized disclosure or other actions that may cause the loss or degradation of resources or capabilities. What should you do? A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. Set hasDigit to true if the 3-character passCode contains a digit, Critical, Essential, and Support Functions. It is created or received by a healthcare provider, health plan, or employer. Do not use any personally owned/non-organizational removable media on your organizations systems. Linda encrypts all of the sensitive data on her government-issued mobile devices. What is the best choice to describe what has occurred? When teleworking, you should always use authorized and software. Remove your security badge after leaving your controlled area or office building. What is best practice while traveling with mobile computing devices? How can you protect your organization on social networking sites? Which of the following is an example of removable media? Remove and take it with you whenever you leave your workstation. Share sensitive information only on official, secure websites. Your health insurance explanation of benefits (EOB). Controlled Unclassified Information (CUI) Purpose of the CUI Program. On a NIPRNet system while using it for a PKI-required task, Something you possess, like a CAC, and something you know, like a PIN or password. Q&A for work. Organizational Policy Not correct Controlled Unclassified Information (CUI) is information that requires safeguarding or dissemination controls pursuant to and consistent with applicable law, regulations, and government-wide policies but is not classified under Executive Order 13526 or the Atomic Energy Act, as amended. Delete email from senders you do not know. What should be done to sensitive data on laptops and other mobile computing devices? The email has an attachment whose name contains the word secret. Which of the following is true of downloading apps? Explain. The CAC/PIV is a controlled item and contains certificates for: An individual who has attempted to access sensitive information without need-to-know and has made unusual requests for sensitive information is displaying indicators of what? Classification markings and handling caveats. Classified data: (Scene) Which of the following is true about telework? How many potential insider threat indicators does this employee display? What can help to protect the data on your personal mobile device. At EPA, the CUI Program is housed in the Libraries and Accessibility Division (LAD) within the Office of Mission Supports (OMS), Office of Enterprise Information Programs (OEIP). You receive a call on your work phone and youre asked to participate in a phone survey. ?Access requires Top Secret clearance and indoctrination into SCI program.??? Darryl is managing a project that requires access to classified information. Store classified data in a locked desk drawer when not in use Maybe This lets the service person know when the tank is "full." correct. How should you respond? true-statement. Ask them to verify their name and office number. Search by Subject Or Level. Who designates whether information is classified and its classification level? When is the best time to post details of your vacation activities on your social networking website? They may wittingly or unwittingly use their authorized access to perform actions that result in the loss or degradation of resources or capabilities. Someone calls from an unknown number and says they are from IT and need some information about your computer. correct. What actions should you take prior to leaving the work environment and going to lunch? The email states your account has been compromised and you are invited to click on the link in order to reset your password. CUI is an umbrella term that encompasses many different markings toidentifyinformationthat is not classified but which should be protected. Within a secure area, you see an individual you do not know. (Spillage) Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authorization? What can be used to track Marias web browsing habits? Which of the following best describes the sources that contribute to your online identity. What should you do if a reporter asks you about potentially classified information on the web? Alex demonstrates a lot of potential insider threat indicators. *Sensitive Compartmented Information Which of the following best describes the compromise of Sensitive Compartmented Information (SCI)? February 8, 2022. Let us know if this was helpful. Maria is at home shopping for shoes on Amazon.com. Which of the following should be reported as a potential security incident (in accordance with your Agencys insider threat policy)? The challenges goal is simple: To change user behavior to reduce the risks and vulnerabilities DoD Information Systems face. correct. **Insider Threat A colleague vacations at the beach every year, is married and a father of four, his work quality is sometimes poor, and he is pleasant to work with. For Government-owned devices, use approved and authorized applications only. (social networking) When is the safest time to post details of your vacation activities on your social networking profile? Unclassified information is a threat to national security. Of the following, which is NOT a security awareness tip? E-mailing your co-workers to let them know you are taking a sick day. b. Always use DoD PKI tokens within their designated classification level. Use only your personal contact information when establishing your account. A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complains about the credit card bills that his wife runs up. Use online sites to confirm or expose potential hoaxes, Follow instructions given only by verified personnel, Investigate the links actual destination using the preview feature, Determine if the software or service is authorized. Your favorite movie. Correct. You must have your organization's permission to telework. Which of the following individuals can access classified data? Based on the description that follows, how many potential insider threat indicator(s) are displayed? Senior government personnel, military or civilian. Classified material must be appropriately marked. You know this project is classified. After clicking on a link on a website, a box pops up and asks if you want to run an application. Which of the following is true about telework? asked in Internet by voice (265k points) Question : Which of the following is true about unclassified data? Always check to make sure you are using the correct network for the level of data. Insiders are given a level of trust and have authorized access to Government information systems. Briefly describe what you have learned. Use your own security badge, key code, or Common Access Card (CAC)/Personal Identity Verification (PIV) card. You should remove and take your CAC/PIV card whenever you leave your workstation. Which of the following does not constitute spillage. Which of the following is true about telework? A Common Access Card and Personal Identification Number. Keeping a database from being accessed by unauthorized visitors C. Restricting a subject at a lower classification level from accessing data at a higher classification level D. Preventing an . What should you do to protect yourself while on social networks? Media containing Privacy Act information, PII, and PHI is not required to be labeled. CPCON 4 (Low: All Functions) EPAs CUI Program is responsible for issuing CUI policy, procedures, training, and guidance to program offices and regions, along with providing oversight and reporting on the Agencys progress on meeting NARAs CUI deadlines. How can you protect data on your mobile computing and portable electronic devices (PEDs)? You are leaving the building where you work. ~All documents should be appropriately marked, regardless of format, sensitivity, or classification. d. How do the size and shape of a human epithelial cell differ from those of the Elodea and onion cells that you examined earlier? Is it okay to run it? A colleague is playful and charming, consistently wins performance awards, and is occasionally aggressive in trying to access classified information. What is required for an individual to access classified data? Which of the following is true of protecting classified data? Only documents that are classified Secret, Top Secret, or SCI require marking. **Classified Data Which of the following is true of telework? That trust is bounded by the Oath of Office we took willingly. It never requires classified markings, it is true about unclassified data. What should be your response? The annual Cyber Awareness Challenge is a course that helps authorized users learn how to best avoid and reduce threats and vulnerabilities in an organizations system. A colleague vacations at the beach every year, is married and a father of four, sometimes has poor work quality, and works well with his team. Malicious code can include viruses, worms, and macros. They can become an attack vector to other devices on your home network. Added 8/5/2020 8:06:16 PM. Coworker making consistent statements indicative of hostility or anger toward the United States and its policies. Preventing an authorized reader of an object from deleting that object B. Spillage occurs when information is spilled from a higher classification or protection level to a lower classification or protection level. What is considered ethical use of the Government email system? -TRUE The use of webmail is -is only allowed if the organization permits it Using webmail may bypass built in security features. **Website Use While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. **Identity management What is the best way to protect your Common Access Card (CAC)? *Sensitive Information What is the best example of Personally Identifiable Information (PII)? cyber. Photos of your pet Correct. Sanitized information gathered from personnel records. You many only transmit SCI via certified mail. not correct Which of the following is true about unclassified data? *Sensitive Compartmented Information What should the participants in this conversation involving SCI do differently? Ensure proper labeling by appropriately marking all classified material and, when required, sensitive material. What should you do? What is a best practice to protect data on your mobile computing device? A program that segregates various types of classified information into distinct compartments for added protection and dissemination or distribution control. Tell us about it through the REPORT button at the bottom of the page. *Controlled Unclassified Information Which of the following best describes a way to safely transmit Controlled Unclassified Information (CUI)? Enable automatic screen locking after a period of inactivity. What does Personally Identifiable information (PII) include? **Insider Threat A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. asked in Internet by voice (265k points) internet. What are the requirements to be granted access to sensitive compartmented information (SCI)? Thiswill enabletimely and consistent informationsharing andincreasetransparency throughout the Federal government and with non-Federal stakeholders. Refer the reporter to your organizations public affairs office. Correct. What should you do after you have ended a call from a reporter asking you to confirm potentially classified information found on the web? Report the crime to local law enforcement. As a security best practice, what should you do before exiting? It never requires classification markings, is true about unclassified data. Use a single, complex password for your system and application logons. A lock (LockA locked padlock) or https:// means youve safely connected to the .gov website. (Malicious Code) What is a good practice to protect data on your home wireless systems? There are many travel tips for mobile computing. What is an indication that malicious code is running on your system? It includes a threat of dire circumstances. Which designation marks information that does not have potential to damage national security? Of the following, which is NOT a problem or concern of an Internet hoax? 1 Cyber Awareness Challenge 2023 Answers. Is it permitted to share an unclassified draft document with a non-DoD professional discussion group? 4. What should you do? Use TinyURL's preview feature to investigate where the link leads. A colleague is playful and charming, consistently wins performance awards, and is occasionally aggressive in trying to access classified information. Phishing can be an email with a hyperlink as bait. correct. You receive an email at your official Government email address from an individual at the Office of Personnel Management (OPM). Like the number of people in a class, the number of fingers on your hands, or the number of children someone has. It displays a label showing maximum classification, date of creation, point of contact, and Change Management 9CM) Control Number. 1.1.5 Controlled Unclassified Information. Search What should you do? *Sensitive Compartmented Information When should documents be marked within a Sensitive Compartmented Information Facility (SCIF). A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. Which of the following may be helpful to prevent inadvertent spillage? Which of the following is true of Unclassified information? Using NIPRNet tokens on systems of higher classification level. You may use your personal computer as long as it is in a secure area in your home b. A vendor conducting a pilot program with your organization contacts you for organizational data to use in a prototype. The following practices help prevent viruses and the downloading of malicious code except. Click the card to flip Flashcards Learn Test Match Created by Jamie_Lancaster Terms in this set (24) Is this safe? *Controlled Unclassified Information Which of the following is NOT a correct way to protect CUI? Search the Registry: Categories, Markings and Controls: Category list CUI markings A medium secure password has at least 15 characters and one of the following. **Classified Data Which of the following can an unauthorized disclosure of information classified as Confidential reasonably be expected to cause? 1.1.2 Classified Data. However, unclassified data. A coworker uses a personal electronic device in a secure area where their use is prohibited. Here you can find answers to the DoD Cyber Awareness Challenge. All https sites are legitimate and there is no risk to entering your personal info online. The emission rate of CO 2 from the soils reached the maximum on the 1st day of incubation and the sequence of CO 2 emission rate and cumulative emission under different amendment treatments was as SG > S > G > CK > N (Fig. *Malicious Code After visiting a website on your Government device, a popup appears on your screen. A coworker has asked if you want to download a programmer's game to play at work. **Insider Threat What do insiders with authorized access to information or information systems pose? Badges must be visible and displayed above the waist at all times when in the facility. A colleague asks to leave a report containing protected health information (PHI) on his desk overnight so he can continue working on it the next day. Which is NOT a way to protect removable media? Which type of information includes personal, payroll, medical, and operational information? Never allow sensitive data on non-Government-issued mobile devices. Security Classification Guides (SCGs).??? *Insider Threat Which of the following is a potential insider threat indicator? Which of the following is a best practice to protect information about you and your organization on social networking sites and applications? Which of the following includes Personally Identifiable Information (PII) and Protected Health Information (PHI)? difficult life circumstances such as substance abuse, divided loyalty or allegiance to the U.S., and extreme, persistent interpersonal difficulties. Your DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approves for access to the NIPRNET. Sensitive information. Who can be permitted access to classified data? a. putting a child in time-out Which of the following is true of sharing information in a Sensitive Compartmented Information Facility (SCIF)? **Insider Threat Based on the description that follows, how many potential insider threat indicator(s) are displayed? A type of phishing targeted at senior officials. The attributes of identified ground seeds are modified to ground points. tell your colleague that it needs to be secured in a cabinet or container. (Identity Management) What certificates are contained on the Common Access Card (CAC)? Mobile devices and applications can track your location without your knowledge or consent. Compute The Average Kids Per Family. What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF. In addition to avoiding the temptation of greed to betray his country, what should Alex do differently? Directives issued by the Director of National Intelligence. Which of the following is NOT a typical result from running malicious code? UNCLASSIFIED is a designation to mark information that does not have potential to damage national security. At all times while in the facility. Which of the following is a good practice to prevent spillage. What is required for an individual to access classified data? Store it in a General Services Administration (GSA)-approved vault or container. Follow procedures for transferring data to and from outside agency and non-Government networks. internet-quiz. **Social Engineering Which of the following is a way to protect against social engineering? What is an individual's Personally Identifiable Information (PII) or Protected Health Information (PHI) considered? An investment in knowledge pays the best interest.. How should you securely transport company information on a removable media? Which of the following actions can help to protect your identity? A type of phishing targeted at high-level personnel such as senior officials. Carrying his Social Security Card with him, DoD employees are prohibited from using a DoD CAC in card-reader-enabled public device, Assigned a classification level by a supervisor. (Mobile Devices) When can you use removable media on a Government system? Which of the following is NOT a DoD special requirement for tokens? *Spillage Which of the following is a good practice to aid in preventing spillage? Avoid talking about work outside of the workplace or with people without a need-to-know. data. What should be done if you find classified Government Data/Information Not Cleared for Public Release on the Internet? **Insider Threat Which of the following should be reported as a potential security incident? What information relates to the physical or mental health of an individual? They broadly describe the overall classification of a program or system. Dofficult life circumstances, such as death of spouse. Understanding and using the available privacy settings. Not correct. Remove security badge as you enter a restaurant or retail establishment. be wary of suspicious e-mails that use your name and/or appear to come from inside your organization. **Social Networking Which of the following is a security best practice when using social networking sites? -Classified information that should be unclassified and is downgraded. When operationally necessary, owned by your organization, and approved by the appropriate authority. *Malicious Code Which of the following is NOT a way that malicious code spreads? How many insider threat indicators does Alex demonstrate? When unclassified data is aggregated, its classification level may rise. It is permissible to release unclassified information to the public prior to being cleared. CPCON 5 (Very Low: All Functions). -It never requires classification markings. Which of the following is NOT sensitive information? A pop-up window that flashes and warns that your computer is infected with a virus. Download the information. Do not forward, read further, or manipulate the file; Do not give out computer or network information, Do not follow instructions from unverified personnel. (Malicious Code) Which are examples of portable electronic devices (PEDs)? is petersen graph eulerian,