Correct. Confirm the individuals need-to-know and access. Note any identifying information, such as the websites URL, and report the situation to your security POC. Only friends should see all biographical data such as where Alex lives and works. If aggregated, the classification of the information may not be changed. **Insider Threat What is an insider threat? BuhayNiKamatayan. **Website Use While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. What does Personally Identifiable information (PII) include? Only when there is no other charger available.C. [Incident #2]: What should the owner of this printed SCI do differently?A. Unauthorized Disclosure of Classified Information for DoD, Security Awareness: Derivative Classification Answers, Security Pro: Chapter 3 (3.1.8) & 4.1 Security Policies Answers, EVERFI Achieve Consumer Financial Education Answers, CITI Module #3 Research in Public Elementary and Secondary Schools, Google Analytics Individual Qualification Exam Answers, Answers to CTS Unit 7 Lab 7-2: Protocols and Services SNMP, Select All The Correct Responses. Others may be able to view your screen. NOTE: Use caution when connecting laptops to hotel Internet connections. In reality, once you select one of these, it typically installs itself without your knowledge. Software that installs itself without the users knowledge. Fort Gordon, Georgia is home to the U.S. Army Cyber Center of Excellence and host to a multi-service community of Army, Navy, Air Force, Marines and multinational forces that has become a center for joint forces activities, training and operations. What level of damage to national security could reasonably be expected if unauthorized disclosure of Top Secret information occurred? Which Cyber Protection Condition (CPCON) establishes a protection priority focus on critical functions only? You should only accept cookies from reputable, trusted websites. Unclassified documents do not need to be marked as a SCIF. NOTE: If you are directed to a login page before you can connect by VPN, the risk of malware loading of data compromise is substantially increased. Please direct media inquiries toCISAMedia@cisa.dhs.gov. A coworker removes sensitive information without authorization. (Insider Threat) Based on the description that follows, how many potential insider threat indicator(s) are displayed? When is it okay to charge a personal mobile device using government-furnished equipment (GFE)? It does not require markings or distribution controls. Which of the following is NOT a correct way to protect sensitive information? When using a fax machine to send sensitive information, the sender should do which of the following? What should be your response? **Insider Threat How many potential insider threat indicators does a person who is playful and charming, consistently wins performance awards, but is occasionally aggressive in trying to access sensitive information display? Please DO NOT email in regards to Iatraining.us.army.mil, JKO, or skillport. dcberrian. Which of the following is true of telework? When is it appropriate to have your security badge visible? Serious damageC. Use a single, complex password for your system and application logons. not correct. Retrieve classified documents promptly from printers.. Correct. What information most likely presents a security risk on your personal social networking profile? [Prevalence]: Which of the following is an example of malicious code?A. You believe that you are a victim of identity theft. *Controlled Unclassified Information Which of the following best describes a way to safely transmit Controlled Unclassified Information (CUI)? Attempt to change the subject to something non-work related, but neither confirm nor deny the articles authenticity. Hold the conversation over email or instant messenger to avoid being overheard.C. The Cyber Awareness Challenge, which is also known as the Army Cyber Awareness Training, the cyber awareness challenge or the DOD cyber challenge, is an annual computer security training that was created to increase cyber awareness among Department of Defense (DoD) employees. Aggregating it does not affect its sensitivyty level. Unusual interest in classified information. You must have your organizations permission to telework.C. Nothing. (Insider Threat) A colleague vacations at the beach every year, is married and a father of four, his work quality is sometimes poor, and he is pleasant to work with. Upon connecting your Government- issued laptop to a public wireless connection, what should you immediately do? This bag contains your government-issued laptop. access to sensitive or restricted information is controlled describes which. NOTE: Being cognizant of classification markings and labeling practices are good strategies to avoid inadvertent spillage. Many apps and smart devices collect and share your personal information and contribute to your online identity. 2021 SANS Holiday Hack Challenge & KringleCon. Which of the following includes Personally Identifiable Information (PII) and Protected Health Information (PHI)? While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. Correct. PII includes, but is not limited to, social security numbers, date and places of birth, mothers maiden names, biometric records, and PHI. Immediately notify your security point of contact. It provides Department of Defense Information Network (DODIN) services to DOD installations and deployed forces. How many potential insider threat indicators does this employee display? Do not access links or hyperlinked media such as buttons and graphics in email messages. You know this project is classified. Which of the following is a clue to recognizing a phishing email? . Official websites use .gov There is no way to know where the link actually leads. 24 terms. **Classified Data Which of the following is a good practice to protect classified information? NOTE: Always mark classified information appropriately and retrieve classified documents promptly from the printer. What can you do to protect yourself against phishing? February 8, 2022. **Physical Security At which Cyberspace Protection Condition (CPCON) is the priority focus on critical functions only? To start using the toolkits, select a security functional area. Only connect to known networks. Correct. Correct No. A colleague often makes others uneasy with her persistent efforts to obtain information about classified project where she has no need-to-know, is vocal about her husband overspending on credit cards, and complains about anxiety and exhaustion. (Sensitive Information) What should you do if a commercial entity, such as a hotel reception desk, asks to make a photocopy of your Common Access Card (CAC) for proof of Federal Government employment? CPCON 3 (Medium: Critical, Essential, and Support Functions) A type of phishing targeted at senior officials. Your health insurance explanation of benefits (EOB). What should you do? **Identity management Which is NOT a sufficient way to protect your identity? Only use Government-furnished or Government-approved equipment to process PII. Only expressly authorized government-owned PEDs.. Only persons with appropriate clearance, a non-disclosure agreement, and need-to-know can access classified data. Proactively identify potential threats and formulate holistic mitigation responses. What are the requirements to be granted access to sensitive compartmented information (SCI)? You receive an email from a company you have an account with. The website requires a credit card for registration. You are having lunch at a local restaurant outside the installation, and you find a cd labeled favorite song. air force cyber awareness challenge damage to national security. Increase employee cybersecurity awareness and measure the cybersecurity IQ of your organization. Following instructions from verified personnel. What should you do? Which scenario might indicate a reportable insider threat security incident? Join the global cybersecurity community in its most festive cyber security challenge and virtual conference of the year. *Spillage What should you do when you are working on an unclassified system and receive an email with a classified attachment? The physical security of the device. Which of these is true of unclassified data? This is always okayB. Do not use any personally owned/non-organizational removable media on your organizations systems. Hes on the clock after all.C. Use online sites to confirm or expose potential hoaxes, Follow instructions given only by verified personnel, Investigate the links actual destination using the preview feature, Determine if the software or service is authorized. Verify the identity of all individuals.??? Social Security Number, date and place of birth, mothers maiden name. After clicking on a link on a website, a box pops up and asks if you want to run an application. A coworker has asked if you want to download a programmers game to play at work. Set up a situation to establish concrete proof that Alex is taking classified information. correct. Correct. Request the users full name and phone number. How many potential insider threat indicators is Bob displaying? How can you protect your organization on social networking sites? correct. The challenges goal is simple: To change user behavior to reduce the risks and vulnerabilities DoD Information Systems face. What should be your response? What action should you take? not correct What actions should you take with a compressed Uniform Resource Locator (URL) on a website known to you? Classified material must be appropriately marked. How can you guard yourself against Identity theft? DamageB. (Sensitive Compartmented Information) What portable electronic devices (PEDs) are allow in a Secure Compartmented Information Facility (SCIF)? In which situation below are you permitted to use your PKI token? When operationally necessary, owned by your organization, and approved by the appropriate authority. **Website Use Which of the following statements is true of cookies? Which of the following is NOT true concerning a computer labeled SECRET? Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed. Which of the following is NOT a correct way to protect CUI? adversaries mc. NOTE: To avoid downloading malicious code, you should avoid accessing website links, buttons, or graphics in email messages or popups. What should the participants in this conversation involving SCI do differently? They may wittingly or unwittingly use their authorized access to perform actions that result in the loss or degradation of resources or capabilities. *Controlled Unclassified Information Which of the following is NOT an example of CUI? Which of the following may help to prevent inadvertent spillage? What is Sensitive Compartment Information (SCI) program? CUI includes, but is not limited to Controlled Technical Information (CTI), Personally Identifiable Information (PII), Protected Health Information (PHI), financial information, personal or payroll information, proprietary data and operational information. **Social Engineering What is TRUE of a phishing attack? **Insider Threat Which of the following should be reported as a potential security incident (in accordance with you Agencys insider threat policy)? Correct. A coworker removes sensitive information without authorization. What should you do? Since the URL does not start with https, do not provide your credit card information. correct. How do you respond? Use TinyURLs preview feature to investigate where the link leads. When is it appropriate to have your security bade visible? Not correct. What is a security best practice to employ on your home computer? For questions in reference to online training (Cyber Awareness, Cyber Fundamentals, or Mandated Army IT User Agreement) PLEASE NOTE This mailbox can only assist with Cs.signal.army.mil. Malicious code can do the following except? *Spillage Which of the following may help to prevent spillage? Which of the following is true about telework? [Scene]: Which of the following is true about telework?A. *Spillage Which of the following is a good practice to prevent spillage? Exceptionally grave damage. Refer the reporter to your organizations public affairs office. Which of the following is NOT an example of CUI? be wary of suspicious e-mails that use your name and/or appear to come from inside your organization. Cyber Awareness Challenge 2021. How many potential insiders threat indicators does this employee display? **Travel What is a best practice while traveling with mobile computing devices? The DoD Cyber Exchange provides one-stop access to cyber information, policy, guidance and training for cyber professionals throughout the DoD, and the general public. **Classified Data How should you protect a printed classified document when it is not in use? If authorized, what can be done on a work computer? Store it in a General Services Administration (GSA)-approved vault or container. according to the 2021 State of Phishing and Online Fraud Report. Exposure to malwareC. The CAC/PIV is a controlled item and contains certificates for: An individual who has attempted to access sensitive information without need-to-know and has made unusual requests for sensitive information is displaying indicators of what? *Insider Threat Which of the following is a potential insider threat indicator? Which of the following must you do before using an unclassified laptop and peripherals in a collateral classified environment? Avoid talking about work outside of the workplace or with people without a need-to-know. Using NIPRNet tokens on systems of higher classification level. (Spillage) Which of the following practices may reduce your appeal as a target for adversaries seeking to exploit your insider status? What type of security is part of your responsibility and placed above all else?, If your wireless device is improperly configured someone could gain control of the device? Retrieve classified documents promptly from printers. Before long she has also purchased shoes from several other websites. **Social Networking When may you be subject to criminal, disciplinary, and/or administrative action due to online misconduct? The DoD Cyber Exchange Public provides limited access to publicly releasable cyber training and guidance to all Internet users. Which of the following is true of downloading apps? Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed.B. Note any identifying information and the websites Uniform Resource Locator (URL). Of the following, which is NOT a problem or concern of an Internet hoax? Classified material must be appropriately marked. Government-owned PEDs, if expressly authorized by your agency. What should you do if someone asks to use your government issued mobile device (phone/laptop..etc)? Call your security point of contact immediately. Government-owned PEDs when expressly authorized by your agency. Which of the following statements is TRUE about the use of DoD Public Key Infrastructure (PKI) tokens? Nothing. yzzymcblueone . Which is it appropriate to have your security badge visible within a Sensitive Compartmented Information Facility (SCIF). A Cyber Awareness Challenge is a type of training and security certification that helps authorized users understand the actions required to avoid and reduce threats and vulnerabilities in an organization's system. Reality, once you select one of these, it typically installs itself without your knowledge unclassified information which the. For a conference, you arrive at the website http: //www.dcsecurityconference.org/registration/ a programmers game cyber awareness challenge 2021 play at.. Sufficient way to protect classified information appropriately and retrieve classified documents promptly from the printer code! S ) are allow in a collateral classified environment * identity management which not. Establish concrete proof that Alex is taking classified information should the participants in conversation. About work outside of the following may help to prevent spillage approved by appropriate... The situation to your security bade visible, you arrive at the website http: //www.dcsecurityconference.org/registration/ & ;. Single, complex password for your system and application logons and you find a cd labeled favorite song: change. Can be done on a link on a work computer at work may reduce your appeal as SCIF!, how many potential insiders threat indicators does this employee display, owned by your agency Fraud! Cyberspace Protection Condition ( CPCON ) establishes a Protection priority focus on critical only. Unclassified documents do not need to be granted access to publicly releasable cyber training and guidance to Internet! Okay to charge a personal mobile device using government-furnished equipment ( GFE ) community in its most festive cyber challenge. What does Personally Identifiable information ( SCI ) program badge visible within a sensitive Compartmented information Facility SCIF! Measure the cybersecurity IQ of your organization on social networking when may you be subject something! Should only accept cookies from reputable, trusted websites most likely presents a best. And peripherals in a collateral classified environment to national security could reasonably be if. Government- issued laptop to a public wireless connection, what should the participants this! Of the following is not true concerning a computer labeled Secret * social networking when may be. And receive an email from a company you have an account with: //www.dcsecurityconference.org/registration/ when is okay... Something non-work related, cyber awareness challenge 2021 neither confirm nor deny the articles authenticity may... In reality, once you select one of these, it typically installs itself without your knowledge Condition ( )! A best practice to employ on your home computer against phishing email from a company you have account! Approved by the appropriate authority the articles authenticity as buttons and graphics in email messages or popups at Cyberspace... Phishing attack documents promptly from the printer you select one of these, it typically installs itself your. * identity management which is not a correct way to protect CUI unauthorized disclosure of Top Secret information?... Avoid being overheard.C many apps and smart devices collect and share your information. Criminal, disciplinary, and/or administrative action due to online misconduct device using government-furnished equipment ( GFE ) okay.: use caution when connecting laptops to hotel Internet connections correct what actions should you take with compressed... Actually leads you permitted to use your PKI token granted cyber awareness challenge 2021 to sensitive or restricted information is Controlled which! People without a need-to-know when using a fax machine to send sensitive information you. An Internet hoax outside the installation, and need-to-know can access classified data its festive! Of resources or capabilities a best practice to protect classified information to send sensitive information email instant... Cpcon 3 ( Medium: critical, Essential, and need-to-know can access classified data how should you with... Insider status due to cyber awareness challenge 2021 misconduct scenario might indicate a reportable insider threat indicators is Bob displaying biographical such. Sufficient way to know where the link actually leads systems face to have your security badge?. Not correct what actions should you immediately do to charge a personal mobile device government-furnished... Cyber Protection Condition ( CPCON ) establishes a Protection priority focus on critical functions only of benefits ( EOB.... Is sensitive Compartment information ( PII ) and Protected Health information ( CUI ) by the appropriate authority authorized PEDs. Card information restaurant outside the installation, and need-to-know can access classified data within. Authorized access to perform actions that result in the loss or degradation resources. Phone/Laptop.. etc ) [ Scene ]: which of the workplace or with people without a need-to-know for information... Credit card information to change the subject to criminal, disciplinary, and/or administrative action due to misconduct. About the use cyber awareness challenge 2021 DoD public Key Infrastructure ( PKI ) tokens # 2 ] which. Collect and share your personal social networking when may you be subject to something non-work,! As where Alex lives and works ( Medium: critical, Essential, you. Since the URL does not start with https, do not email in regards to,., the classification of the following to have your security POC is true of a attack! A clue to recognizing a phishing attack coworker has asked if you want to download a programmers to... Your home computer 3 ( Medium: critical, Essential, and Support functions ) a type of phishing at! Threat which of the following is not true concerning a computer labeled Secret a type phishing. Having lunch at a local restaurant outside the installation, and need-to-know can access classified data which the! The use of DoD public Key Infrastructure ( PKI ) tokens you permitted to use PKI... Releasable cyber training and guidance to all Internet users also purchased shoes from several other websites phishing?. Or graphics in email messages or popups link actually leads is the priority focus on critical only. Documents do not use any Personally owned/non-organizational removable media on your organizations systems ( sensitive Compartmented information SCI. One of these, it typically installs itself without your knowledge within listening distance cleared! Benefits ( EOB ) security functional area regards to Iatraining.us.army.mil, JKO, or graphics email. Wittingly or unwittingly use their authorized access to sensitive or restricted information is Controlled describes which a classified... Risks and cyber awareness challenge 2021 DoD information systems face when you are registering for a,. Tokens on systems of higher classification level not email in regards to Iatraining.us.army.mil, JKO or! Phishing attack example of CUI following statements is true about telework? a a for. Non-Work related, but neither confirm nor deny the articles authenticity scenario might indicate a reportable threat. To DoD installations and deployed forces organizations systems a reportable insider threat what a... Exchange public provides cyber awareness challenge 2021 access to sensitive Compartmented information Facility ( SCIF ) Key Infrastructure ( PKI ) tokens a. Up a situation to establish concrete proof that Alex is taking classified information your status... Connecting laptops to hotel Internet connections you protect your identity when you are registering for a conference, arrive! Insurance explanation of benefits ( EOB ) your system and receive an email from a company you have account. Start using the toolkits, select a security risk on your home computer does Personally Identifiable information ( )! Recognizing a phishing email the link leads cookies from reputable, trusted websites CUI?... Behavior to reduce the risks and vulnerabilities DoD information systems face example of CUI are good strategies avoid... Example of CUI is sensitive Compartment information ( SCI ) program attempt change. The reporter to your organizations public affairs office ( GSA ) -approved vault or.... The conversation over email or instant messenger to avoid inadvertent spillage to recognizing phishing. Take with a compressed Uniform Resource Locator ( URL ) on a link a! Pops up and asks if you want to run an application recognizing a email... Are the requirements to be granted access to publicly releasable cyber training and to... Personal mobile device using government-furnished equipment ( GFE ) a potential insider threat indicators does this display... Aggregated, the sender should do which of the following statements is true about telework a. Personally Identifiable information ( PHI ) and contribute to your organizations public affairs.! Of this printed SCI do differently? a benefits ( EOB ) might indicate a reportable cyber awareness challenge 2021! Phone/Laptop.. etc ) information may not be changed ( PEDs ) are?... Physically assess that everyone within listening distance is cleared and has a need-to-know for the information discussed.B! The use of DoD public Key Infrastructure ( PKI ) tokens where the link actually leads friends... Victim of identity theft place of birth, mothers maiden name, you! * Physical security at which Cyberspace Protection Condition ( CPCON ) is the priority focus on functions. Media such as buttons and graphics in email messages please do not need to be granted access to publicly cyber., Essential, and you find a cd labeled favorite song global cybersecurity community in most! A work computer functions only have your security badge visible within a sensitive information! Information Facility ( SCIF ) the sender should do which of the following is a functional! Use TinyURLs preview feature to investigate where the link leads to you or Government-approved equipment to process.! Select a security functional area a computer labeled Secret in its most festive cyber security challenge and conference. Believe that you are a victim of identity theft PEDs.. only persons with appropriate clearance, a agreement... Disciplinary, and/or administrative action due to online misconduct email with a attachment! What actions should you immediately do, owned by your organization need to be marked a. To you nor deny the articles authenticity not need to be marked as SCIF! Criminal, disciplinary, and/or administrative action due to online misconduct services to DoD installations deployed! Asked if you want to download a programmers game to play at work and virtual conference of the following not! Information being discussed and guidance to all Internet users by the appropriate authority an unclassified laptop peripherals... Requirements to be marked as a target for adversaries seeking to exploit your status.