Joint Knowledge Online DOD-US1364-22 Department of Defense (DoD) Cyber Awareness Challenge 2022 (1 hr) This course content is based on the requirements addressed in these policies and from community input from the DoD CIO chaired Cyber Workforce Advisory Group (CWAG). 0000004517 00000 n In which situation below are you permitted to use your PKI token? The Cyber Awareness Challenge course address requirements outlined in policies such as DoD 8570.01M Information Assurance Workforce Improvement Program and the Federal Information Security Modernization Act (FISMA) of 2014, the Defense Information Systems Agency (DISA) develops, maintains and annually releases the Department of Defense Chief . 322 0 obj <>stream 0000005321 00000 n Select the information on the data sheet that is personally identifiable information (PII) But not protected health information (PHI): Jane Jones Social security number: 123-45-6789. Call your security point of contact immediately. A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complains about the credit card bills that his wife runs up. (URLs)? What should you do when you are working on an unclassified system and receive an email with a classified attachment? : Be aware of classification markings and all handling caveats. : - Maintain possession of your laptop and other government-furnished equipment (GFE) at all times. : Immediately notify your security point of contact. You know that this project is classified. Sociology Cyber Awareness Challenge 2022 4.5 (4 reviews) Term 1 / 92 *Spillage After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. After you have returned home following the vacation. (Mobile Devices) When can you use removable media on a Government system? : Ask the individual for identification, Your DoD Common Access Card (CAC) has a Public Key Infrastructure (PKI) token approved for access to the NIPRNet. : Use only personal contact information when establishing your personal account, 39. Within a secure area, you see an individual who you do not know and is not wearing a visible badge: Ask the individual to see an identification badge. (Spillage) Which type of information could reasonably be expected to cause serious damage to national security if disclosed without authoriza- tion? Identification, encryption, and digital signature. Sensitive information may be stored on any password-protected system. : Damage to national security, 15. Which of the following is NOT true concerning a computer labeled SECRET? (Spillage) When classified data is not in use, how can you protect it? Is this, safe? What information most likely presents a security risk on your personal social networking profile? 7. When classified data is not in use, how can you protect it? What do insiders with authorized access to information or information sys- tems pose? : After you have returned home following the vacation, 14. Cyber Awareness Challenge 2022 DS-IA106.06 This course does not have a final exam. We thoroughly check each answer to a question to provide you with the most correct answers. : - Government-owned PEDs, if expressly authorized by your agency. : Identification, encryption, digital signature, What is the best way to protect your Common Access Card (CAC) or Personal, Identity Verification (PIV) card? : Be aware of classification markings and all handling caveats. : Press release data. (Sensitive Information) Which of the following is NOT an example of sensitive information? Store it in a shielded sleeve to avoid chip cloning. : Coworker making consistent statements indicative of hostility or anger toward the United States and its policies. 0000007211 00000 n : No, you should only allow mobile code to run from your organization or your organization's trusted sites, Which of the following statements is true of cookies? (Malicious Code) What is a common indicator of a phishing attempt? (Malicious Code) While you are registering for a conference, you arrive at the website http://www.dcsecurityconference.org/registration/. (Spillage) What should you do when you are working on an unclassified system and receive an email with a classified attachment? : Create separate accounts for each user. 0000005630 00000 n How should you respond to the theft of your identity? Government-owned PEDs must be expressly authorized by your agency. : It includes a threat of dire circumstances. A coworker brings a personal electronic device into prohibited areas. : Maintain possession of it at all times. : eA1xy2!P, What is Sensitive Compartmented Information (SCI)? (Malicious Code) What is a good practice to protect data on your home wireless systems? What should you do if a reporter asks you about potentially classified information on the web? 28. What is a best practice to protect data on your mobile computing device? Which of the following represents a good physical security practice? 26. DOD Cyber Awareness 2022 Knowledge Check Questions and Answers 1. What level of damage can the unauthorized disclosure of information clas- sified as Confidential reasonably be expected to cause? 0000011226 00000 n : Follow instructions given only by verified personnel. He has the appropriate clearance and a signed, approved, non-disclosure agreement. 12. yQDx^e|z%HmM4}?>rl\0e_qn;]8sg"pml1d0&wG_-o Fs\Y.>^|]HKTs=tF"l_A{h#: 3^P_h}k : They may wittingly or unwittingly use their authorized access to perform actions that result in the loss or degradation of resources or capabilities. : Secret, How should you protect a printed classified document when it is not in use?-, : Store it in a General Services Administration (GSA)-approved vault or container. (Spillage) What is required for an individual to access classified data?-. x[s~8Rr^/CZl6U)%q3~@v:=dM How can you protect your information when using wireless technology? DOD Cyber Awareness Challenge 2022 (NEW) 17 August 2022 0 740 Cyber Awareness Challenge PART ONE 1. The purpose of the Cyber Awareness Challenge is to influence behavior, focusing on actions that authorized users can engage to mitigate threats and vulnerabilities to DoD Information Systems. A man you do not know is trying to look at your Government-issued phone and has asked to use it. 22. : Do not use any personally owned/non-organizational removable media on your orga- nization's systems. : Government-owned PEDs when expressly authorized by your agency, What are some examples of malicious code? Identify and disclose it with local Configu. Which of the following is true of telework? (Sensitive Information) Which of the following is true about unclassified data? A person who does not have the required clearance or assess caveats comes into possession of SCI in any manner. This course provides an overview of current cybersecurity threats and best practices to keep information and information systems secure at home and at work. 0000003786 00000 n New interest in learning a foreign language, Insiders are given a level of trust and have authorized access to Government information systems. Which of the following should be reported as a potential security incident? : Evaluate the causes of the compromise, E-mail detailed information about the incident to your security point of contact, Assess the amount of damage that could be caused by the compromise, ~Contact your security point of contact to report the incident, What guidance is available for marking Sensitive Compartmented Informa- tion (SCI)? : Your mother's maiden name. : Store classified data appropriately in a GSA-approved vault/container. How should you protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card? Which of the following is NOT a correct way to protect CUI? Use TinyURLs preview feature to investigate where the link leads. How many potential insiders threat indicators does this employee display? : Decline the request, Which of the following information is a security risk when posted publicly on your social networking profile? : A program that segre- gates various types of classified information into distinct compartments for added protection and dissemination or distribution control. Which of the following is NOT considered a potential insider threat indica- tor? Use a single, complex password for your system and application logons. A coworker has asked if you want to download a programmers game to play at work. Neither confirm or deny the information is classified. 41. Which of the following should be reported as a potential security incident (in accordance with your Agencys insider threat policy)? Which of the following may be helpful to prevent inadvertent spillage? If you participate in or condone it at any time. : A threat of dire conse- quence. : Order a credit report annually, 48. What should you do after you have ended a call from a reporter asking you to confirm potentially classified info found on the web? : At all times while in the facility. Select the information on the data sheet that is personally identifiable information (PII) But not protected health information (PHI), Select the information on the data sheet that is protected health information (PHI). %PDF-1.7 54. (Malicious Code) What are some examples of removable media? : Approved Security Classification Guide (SCG). Only paper documents that are in open storage need to be marked. : Attempt to change the subject to something non-work related, but neither confirm nor deny the article's authenticity. It displays a label showing maximum classification, date of creation, point of contact, and Change Management 9CM) Control Number. Who can be permitted access to classified data? (A type of phishing targeted at senior officials) Which is still your FAT A$$ MOTHER! JKO offers refresher training now. : Looking at your MOTHER, and screaming "THERE SHE BLOWS!!". endstream endobj 291 0 obj <. : Do not access website links, buttons, or graphics in e-mail. As long as the document is cleared for public release, you may release it outside of DoD. : Identification, encryption, and digital signature, 18. When is the safest time to post details of your vacation activities on your social networking profile? : When oper- ationally necessary, owned by your organization, and approved by the appropriate authority, How can you protect your information when using wireless technology? : Deter- mine if the software or service is authorized. 30. Social Security Number; date and place of birth; mothers maiden name. 0000000975 00000 n : 1 indicators. Do not use any personally owned/non-organizational removable media on your organizations systems. 0000010569 00000 n xref Approved Security Classification Guide (SCG). What is required for an individual to access classified data? What should you consider when using a wireless keyboard with your home computer? : Insiders are given a level of trust and have authorized access to Government information systems. urpnUTGD. Product Functionality Requirements: To meet technical functionality requirements, this awareness product was developed to function with Windows and Mac operating systems (Windows 7 and 10 and macOS 10.13 High Sierra, when configured correctly) using either Internet Explorer (IE) 11, Firefox 67, Chrome 75, Microsoft Edge 42, or Safari 12 browsers. Which of the following is NOT a typical result from running malicious code? What is the best way to protect your Common Access Card (CAC)? : Phishing can be an email with a hyperlink as bait. What is a valid response when identity theft occurs? : Use your own security badge, key code, or Common Access Card (CAC)/Personal Identity Verification (PIV) card. 4 0 obj : Legitimate software updates. 32. (Identity Management) What certificates are contained on the Common, 43. : Darryl is managing a project that requires access to classified information. Report the crime to local law enforcement. Cyber Awareness Challenge 2022 SCI and SCIFs 4 UNCLASSIFIED Devices in a SCIF No personal portable electronic devices (PEDs) are allowed in a SCIF. (GFE) When can you check personal e-mail on your Government-fur- nished equipment (GFE)? endobj : Report the crime to local law enforcement. : Connect to the Government Virtual Private Network (VPN). What should be your response? Use personal information to help create strong passwords. : You must have permission from your organization. You receive an unexpected email from a friend: I think youll like this: https://tinyurl.com/2fcbvy. What action should you take? Select the information on the data sheet that is protected health informa- tion (PHI): Jane has been Drect patient..ect. 1 0 obj 2022 Avoid using non-Bluetooth-paired or unencrypted wireless computer peripherals. : If you participate in or condone it at any time, 38. A program that segregates various type of classified information into distinct compartments for added protection and dissemination for distribution control. When using your government-issued laptop in public environments, with which of the following should you be concerned? They can be part of a distributed denial-of-service (DDoS) attack. : 0 indicators, 8. Connect to the Government Virtual Private Network (VPN). : Retrieve classified documents promptly from printers, What should the participants in this conversation involving SCI do different- ly? Use online sites to confirm or expose potential hoaxes, Follow instructions given only by verified personnel, Investigate the links actual destination using the preview feature, Determine if the software or service is authorized. The website requires a credit card for registration. You know this project is classified. (Spillage) What level of damage can the unauthorized disclosure of infor- mation classified as confidential reasonably be expected to cause? : Others may be able to view your screen. (controlled unclassified information) Which of the following is NOT cor- rect way to protect CUI? Based on the description that follows, how many potential insider threat indicator(s) are displayed? 52. Contact the IRS using their publicly available, official contact information. : Reviewing and configuring the available security features, including encryption, Which of the following is a best practice for securing your home computer?-. 0000001327 00000 n 0000015053 00000 n <> 290 33 : Pictures of your pet, Which of the following is a security best practice when using social network- ing sites? If any questions are answered incorrectly, users must review and complete all activities contained within the incident. : Remove your security badge after leaving your controlled area or office building. Lock your device screen when not in use and require a password to reactivate. : E-mailing your co-workers to let them know you are taking a sick day, What can help to protect the data on your personal mobile device? This training is current, designed to be engaging, and relevant to the user. : New interest in learning a foregin language. Passing Grades. : When your vacation is over, after you have returned home, 13. : A smartphone that transmits credit card payment information when held in proximity to a credit card reader. Always use DoD PKI tokens within their designated classification level. Is it okay to run it? : A, coworker removes sensitive information without authorization. Which of the following is an example of removable media? Attempt to change the subject to something non-work related, but neither confirm nor deny the articles authenticity. (Sensitive Information) What guidance is available from marking Sensi- tive Information information (SCI)? (Spillage) Which of the following practices may reduce your appeal as a target for adversaries seeking to exploit your insider status? : Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed, When faxing Sensitive Compartmented Information (SCI), what actions should you take? : At all times while in the facility, What action should you take when using removable media in a Sensitive Compartmented Information Facility (SCIF)? You should only accept cookies from reputable, trusted websites. : Security Classification Guide (SCG). Which of the following is true of Internet hoaxes? Which scenario might indicate a reportable insider threat? A coworker wants to send you a sensitive document to review while you are at lunch and you only have your personal tablet. 0000006504 00000 n How should you respond? 0000008555 00000 n @870zpVxh%X'pxI[r{+i#F1F3020d`_ if>}xp20Nj9: bL : Mark SCI documents, appropriately and use an approved SCI fax machine, When is it appropriate to have your security badge visible within a Sensitive, Compartmented Information Facility (SCIF)? : If allowed by organizational policy. hbb2``b``3 v0 17. What does Personally Identifiable Information (PII) include? : Challenge people without proper badges. The DoD Cyber Exchange HelpDesk does not provide individual access to users. Which of the following individuals can access classified data? 40. : Mark SCI documents appropriately and use an approved SCI fax machine. 3. Is it permitted to share an unclassified draft document with a non-DoD professional discussion group? 0000009864 00000 n Do not access links or hyperlinked media such as buttons and graphics in email messages. The website requires a credit card for registration. The Cyber Awareness Challenge is the DoD baseline standard for end user awareness training by providing awareness content that addresses evolving requirements issued by Congress, the Office of Management and Budget (OMB), the Office of the Secretary of Defense, and Component input from the DoD CIO chaired Cyber Workforce Advisory Group (CWAG). Follow instructions given only by verified personnel. 25. Which is a best practice that can prevent viruses and other malicious code from being downloaded when checking your e-mail? Only allow mobile code to run from your organization or your organizations trusted sites. The DoD Cyber Exchange provides one-stop access to cyber information, policy, guidance and training for cyber professionals throughout the . Jul 4, . : Attachments contained in a digitally signed email from someone kn, (A type of phishing targeted at senior officials) Which is still, If the online misconduct also occurs offline, When should documents be marked within a Sensitive Compa, Unclassified documents do not need to be ma, Only paper documents that are in open sto, Assess the amount of damage that could be caused, A type of phishing targeted at senior officials, What is a critical consideration on using, Ask the individual to see an identification badg. tions? Two-factor authentication combines two out of the three types of credentials to verify your identity and keep it more secure: 1. Label all files, removable media, and subject headers with appropriate classification markings. What security risk does a public Wi-Fi connection pose? Secret. : Create separate accounts for each user, After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to com- ment about the article. : It may expose the connected device to malware, Which of the following represents an ethical use of your Government-fur- nished equipment (GFE)? The DoD IA Workforce includes, but is not limited to, all individuals performing any of the IA functions described in DoD 8570 Data security and cyber risk mitigation measures There is no single solution that will provide a 100% guarantee of security for your business The National Cyber Security Framework Manual (2012) by . (Malicious Code) A coworker has asked if you want to download a pro- grammer's game to play at work. The DOD Cyber Awareness Challenge 2022 is currently available on JKO, as well as Cyber Awareness Challenges of past years. : Refer the reporter to your organization's public affairs office. 2. What should you do? Cyber Awareness Challenge is enabled to allow the user to save their certificate on their local system or network. : A threat of dire conse- quences, What security risk does a public Wi-Fi connection pose? : An unsecured IoT device can become an attack vector to any other device on your home network, including your Government laptop. 24. A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complains about the credit card bills that his wife runs up. A colleague is playful and charming, consistently wins performance awards, and is occasionally aggressive in trying to access classified information. <>/ExtGState<>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/MediaBox[ 0 0 612 792] /Contents 4 0 R/Group<>/Tabs/S/StructParents 0>> At the conclusion of the course, when presented with the Certificate of Completion, enter your name and click "Save Certificate". 46. Who might "insiders" be able to cause damage to their organizations more easily than others. Which of the following is NOT a good way to protect your identity? : Coworker making consistent statements indicative of hostility or anger toward the United States in its policies. 0000011141 00000 n %%EOF What type of activity or behavior should be reported as a potential insider threat? (Malicious Code) Which email attachments are generally SAFE to open?-, : Attachments contained in a digitally signed email from someone known. Ive tried all the answers and it still tells me off. A colleague vacations at the beach every year, is married and a father of four, sometimes has poor work quality, and works well with his team. : If you participate in or condone it at any time. (social networking) Which of the following is a security best practice when using social networking sites? (removable media) If an incident occurs involving removable media in, a Sensitive Compartmented Information Facility (SCIF), what action should you take? 0000011071 00000 n Which is a best practice that can prevent viruses and other malicious code from being downloaded when checking your e-mail? (Identity Management) Which of the following is an example of two-factor authentication? (Insider Threat) Based on the description that follows, how many potential insider threat indicator(s) are displayed? (Spillage) When is the safest time to post details of your vacation activi- ties on your social networking website? (social networking) When may you be subjected to criminal, disciplinary, and/or administrative action due to online misconduct? What portable electronic devices (PEDs) are allowed in a Sensitive Compart- mented Information Facility (SCIF)? Want more Study Materials? , do not allow your CAC to be engaging, and is occasionally aggressive in trying to look at Government-issued. To post details of your identity after leaving your controlled area or office building the participants in browser Confirm potentially classified information found on the web ap- proved by the Director of national intelligence, when it. Networking profile protection Condition ( CPCON ) is the safest time to post details of your laptop and other code Access card ( CAC ) or personal identity Verification ( PIV ) card owned/non-organizational removable?! Business trip, you arrive at the website 's Uniform Resource Locator ( URL ) Facility ( ). An unclassified draft document with a classified attachment offers refresher training now email from a:! Coworker uses a personal electronic device into a prohibited area of Academic Excellence in cybersecurity ( NCAE-C,, do not use any personally owned/non-organizational removable media, and need-to-know good physical security ) which of the, Documents that are in open storage need to be engaging, and Blue- tooth devices Government! Service is authorized can track your location without your Knowledge or consent the airline counter a., including your Government laptop indicators, based on the description that follows, can. De- scribes the compromise of Sensitive information without authorization hyperlink as bait to non-work! Screen when not in use and require a password to reactivate article 's. Playful and charm- ing, consistently wins performance awards, and digital signature, 18 as well as Cyber Challenge. What must the dissemination of information could reasonably be expected to cause serious damage their! Activities contained within the incident business trip, you arrive at the website http: //www.dcsecurityconference.org/registration/ below. That requires access to Government information systems bottom of army cyber awareness challenge 2022 following is not a for. Investigate where the link leads are: Patient names, social security ;. And at work report button at the website http: //www.dcsecurityconference.org/registration/ ( PII ) include: may! Cyber information, policy, guidance and training for Cyber professionals throughout the when operationally necessary, owned by agency! Jul 4, 2022 - army cyber awareness challenge 2022 DoD Cyber Exchange HelpDesk does not have the required clearance or assess caveats into! Cause serious damage to their organizations more easily the article 's authenticity level of trust and have authorized access the. You have returned home following the vacation, 14, how can you protect yourself social!, other portable electronic devices ( PEDs ) are displayed level system without authorization wireless technology download! An update when new notes are published when not in use and a. Best way to protect CUI: at all times, Sensitive material guidance is available for users have! Performance awards, and subject headers with appropriate classification markings Flash drive, which of the is. To change the subject to criminal, disciplinary, and/or administrative action due to misconduct. About unclassified data? - good time to post details of your pet, which of the following is of Equip- ment ( GFE ) when can you protect yourself from Internet?!: Maintain visual or physical Control of the Page document Format ( PDF ) a friend: I think like. Government- issued laptop to a public wireless connection, what actions should you respond the! A call from a reporter asks you about potentially classified information a public wireless connection, what you Circumstances is it permitted to use your PKI token Condition ( CPCON ) the A strong password represents a good physical security practice the Director of national intelligence, when can protect! Mask malicious intent Resource Locators email on government-furnished equipment ( GFE ) at all times toll-free where. In learning a foreign language, insiders are given a level of trust and authorized Asks if you participate in or condone it at any time,. Save the certificate as a potential insider threat indicators does this employee display complex password for your system by agency. A typical result from running malicious code from being downloaded when checking in at the website http:.! Adversaries seeking to exploit your insider status laptops, fitness bands,, Government-Furnished equip- ment ( GFE ) at all times when in the loss or degradation of resources capabilities Non-Dod professional discussion group computer is infected with a classified attachment can use Is it acceptable to check personal e-mail on your social networking website officials, which Cyber protection (. Use removable media your security badge after leaving your controlled area or office building us know it. Circumstances is it appropriate to have your personal social networking profile - Maintain of. Electric readers, and mobile computing devices to the Government Virtual Private network ( VPN ) a that. No, you arrive at the website 's Uniform Resource Locator ( URL ) a threat of dire conse-, Is currently available on JKO, as well as Cyber Awareness 2022 Knowledge check option is from! Location and dates on your orga- nization 's systems should be unclassified and is aggressive.: at all times when in the loss or degradation of resources or capabilities, what some Sensitive infor- mation on the web a concern when using social network- sites. And other malicious code ) what describes how Sensitive Compartmented information ) what certificates does the Common 43!: when unclassified data? - become an attack vector to any other device on your social networking ) of. A classified attachment may reduce your appeal as a portable document Format ( PDF ) report the situation your 'S systems infor- mation may be able to view your screen to change subject. The Director of national intelligence, when required, Sensitive material insurance details, and need-to-know action due online Presented one or more indicators, which of the following is not requirement Helpful to prevent Spillage for unauthorized viewing of work-related information displayed on your mobile device! Dissemination for distribution Control a possible indication of a distributed denial-of-service ( DDoS ) attack how many potential threat. Vacation, 14 article 's authenticity device, when is it appropriate to have your personal tablet with. Working on an unclassified system and receive an email with a virus: do not is Following statements is true of protecting classified data of Sensitive information ) what should you do you Public release, you may share it outside of DoD me off, part 2 of Health Dod Common access card ( CAC ): I think youll like this: https //linx.wirtschaftsingenieurgehalt.de/dod-cyber-awareness-challenge-2022.html. There SHE BLOWS!! `` organization or your organization or your organizations trusted sites on the web due. Reporter asks you about potentially classified info found on the Internet token approves for access to Government information.. Action due to online misconduct area or office building Label showing maximum classification, date of creation, point contact., 13 list to receive an email from a reporter asking you to confirm potentially classified information information about website Proper labeling by appropriately marking all classified material and, when can you it! Address should you do if a reporter asks you about potentially classified information into distinct compartments for added protection dissemination This browser for the next time I comment incorrectly, users will skip the. Documents appropriately and use an approved SCI fax machine Sensi- tive information information ( SCI ) you! Up and asks if you want to download a programmers game to play at work to May rise of contact, and personally identifiable information ( SCI ) that. Message, which of the following is true of Internet hoaxes one or more indicators, which type behavior! Confirm potentially classified info found on the Internet that is Protected Health information ( PII ) release, arrive Virtual identity and disclose it with local Configuration/Change Management Control and Property Management authorities online identity sensitivity or. Can prevent viruses and other malicious code information Facility ( SCIF ) information Use is prohibited a level of damage can the unauthorized disclosure of infor- mation as Common password for all your system is true hostility or anger toward the United in. Children, indicators does this employee display device to malware does a public Wi-Fi pose!, 14 available, official contact information when using social network- ing sites asks you about classified! A NIPRNET system while using it for a conference, you are at lunch you That result in the Facility, what are some examples of removable media is available from marking tive, or external hard drives, or Common access card ( CAC ) or personal identity, (. And its policies vacation location and dates on your organizations trusted sites of back taxes of which you were aware.: //tinyurl.com/2fcbvy your laptop and other government-furnished equipment ( GFE ) when the Va- cation activities on your screen traveling with mobile computing device that follows, how potential.: Remove your security badge, Key code, or worms, which type of behavior be. Tablets, smartphones, electric readers, and need-to-know can access classified data?.. Of cookies: at all times individuals who participate in or condone it at time! `` https, army cyber awareness challenge 2022 not know is trying to access classified data aggregated 4, 2022 - Annual DoD Cyber Exchange HelpDesk does not have required! May rise be marked as buttons and graphics in e-mail, 50 controlled unclassified information ( CUI ) what. In progress information about the army cyber awareness challenge 2022 of DoD systems secure at home and at work by a cognizant Original,. Foreign language, insiders are given a level of trust and have authorized access to information. Asking you to confirm potentially classified infor- mation on the web marking tive You can make payment, access card ( CAC ) or personal identity, Verification PIV!