We thoroughly check each answer to a question to provide you with the most correct answers. Found a mistake? Tell us about it through the REPORT button at the bottom of the page. Ctrl+F (Cmd+F) will help you a lot when searching through such a large set of questions.
The annual Cyber Awareness Challenge is a course that helps authorized users learn how to best avoid and reduce threats and vulnerabilities in an organization’s system.
You are viewing: Which Of The Following Does Not Constitute Spillage
In addition to offering an overview of cybersecurity best practices, the challenge also provides awareness of potential and common cyber threats. The challenge’s goal is simple: To change user behavior to reduce the risks and vulnerabilities DoD Information Systems face.
Here you can find answers to the DoD Cyber Awareness Challenge 2024, 2023, and 2022.
Cyber Awareness Challenge 2024 Knowledge Check Answers
- Which of the following is true of spillage?The correct answer is:
- It can be either inadvertent or intentional.Spillage refers to transferring classified or sensitive information to individuals, systems, or networks that are not authorized to access such information. This transfer can occur either inadvertently or intentionally, making this statement true regarding spillage.
- Which of the following statements about Protected Health Information (PHI) is false?The correct answer is:
- It requires more protection than Personally Identifiable Information (PII).It might be considered false depending on the specific context and regulatory environment. Both Protected Health Information (PHI) and Personally Identifiable Information (PII) require strong protection measures, and the level of protection required may vary based on the nature of the information, the regulatory environment, and the potential impact of unauthorized disclosure. While PHI is a subset of PII focused specifically on health-related information, saying it requires more protection might not always be accurate as PII can also contain highly sensitive information that requires stringent protection measures.
- On your home computer, how can you best establish passwords when creating separate user accounts?The best practice among the provided options for establishing passwords when creating separate user accounts on your home computer is:
- Have each user create their own, strong password.This approach promotes good security hygiene by ensuring that each user has a unique, strong password, which can help prevent unauthorized access and protect the privacy and data of each user. Strong passwords typically include a mix of uppercase and lowercase letters, numbers, and special characters, and are of a sufficient length, usually at least 12 characters.
- Which of the following statements is true of DoD Unclassified data?Among the provided options, the following statement is true regarding Department of Defense (DoD) Unclassified data:
- It may require access and distribution controls.Even though the data is unclassified, there might still be access and distribution controls in place to manage who can access the data and how it is shared, especially when it falls under Controlled Unclassified Information (CUI) which might include sensitive but unclassified data.
- You receive a text message from a package shipper notifying you that your package delivery is delayed due to needing updated delivery instructions from you. It provides a shortened link for you to provide the needed information. You are not expecting a package. What is the best course of action?The best course of action in this scenario would be to:
- Delete the message.It’s advisable not to engage with suspicious messages or click on any links they provide, as doing so can expose you to various security risks including identity theft or malware infection.
- When is the safest time to post on social media about your vacation plans?The safest time to post on social media about your vacation plans is:
- After the trip.Posting about your vacation plans before or during the trip can expose you to various risks such as burglary or stalking since it publicly announces that you are away from home. It’s advisable to share your vacation experiences on social media after you have returned, to maintain your personal safety and the security of your property.
- You receive a phone call offering you a $50 gift card if you participate in a survey. Which course of action should you take?Among the options provided, the most cautious approach would be to:
- Decline to participate in the survey. This may be a social engineering attempt.Unsolicited calls offering rewards in exchange for personal information or participation in a survey can be a form of social engineering, where attackers attempt to trick individuals into revealing sensitive information. It’s generally advisable to be cautious and avoid engaging with unsolicited offers over the phone, especially when you didn’t initiate the contact or if the offer seems too good to be true.
- Which of the following is NOT an appropriate use of your Common Access Card (CAC)?Among the provided options, the following is NOT an appropriate use of your Common Access Card (CAC):
- Using it as photo identification with a commercial entity.The Common Access Card is a form of identification issued by the Department of Defense for military and other affiliated personnel. It’s intended for official use, such as accessing secure facilities or systems, rather than for general identification purposes with commercial entities.
- Which of the following is an example of behavior that you should report?Among the provided options, the behavior that should be reported is:
- Taking sensitive information home for telework without authorization.This action can pose a significant security risk as it may lead to unauthorized access, loss, or disclosure of sensitive information. It’s essential to report such behavior to ensure the security and integrity of sensitive data and to comply with organizational and legal requirements.
- How should government owned removable media be stored?The correct way to store government-owned removable media is:
- In a GSA-approved container according to the appropriate security classification.Storing removable media in General Services Administration (GSA)-approved security containers helps ensure that the media is protected against unauthorized access, loss, or damage. The storage should align with the security classification of the information contained on the media to ensure compliance with established security protocols and regulations.
- Which of the following is NOT a best practice for protecting your home wireless network for telework?Among the provided options, the following is NOT a best practice for protecting your home wireless network for telework:
- Use your router’s pre-set Service Set Identifier (SSID) and password.Using the pre-set SSID and password that comes with your router can be insecure as these default credentials are often well-known or easily guessable, which could allow unauthorized individuals to access your network. It’s advisable to change the SSID to something unique and set a strong, unique password to enhance the security of your wireless network.
- Which of the following contributes to your online identity?The correct answer is:
- All of these.
- Which of the following is NOT a way that malicious code can spread?The correct answer is:
- Running a virus scan.
- Which of the following is NOT a best practice for protecting data on a mobile device?Among the provided options, the following is NOT a best practice for protecting data on a mobile device:
- Disable automatic screen locking after a period of inactivity.It’s actually advisable to enable automatic screen locking after a period of inactivity to secure your device and protect the data on it in case it gets lost or stolen. Automatic screen locking acts as a first line of defense against unauthorized access.
- Beth taps her phone at a payment terminal to pay for a purchase. Does this pose a security risk?The correct answer is:
- Yes, there is a risk that the signal could be intercepted and altered.
- How can you protect your home computer?Among the provided options, the following is a recommended practice to protect your home computer:
- Regularly back up your files.
- Which of the following uses of removable media is appropriate?Among the provided options, the following is an appropriate use of removable media:
- Encrypting data stored on removable media.Encrypting data helps to protect the information stored on removable media by making it unreadable to unauthorized individuals. This is a crucial step to ensure the security and confidentiality of the data, especially if the removable media gets lost or stolen. Other actions like avoiding labels, discarding unneeded removable media in the trash, or downloading data from classified networks without proper authorization and security measures can pose significant security risks.
- Which of the following is true of working within a Sensitive Compartmented Information Facility (SCIF)?Among the provided options, the following is true regarding working within a Sensitive Compartmented Information Facility (SCIF):
- Authorized personnel who permit another individual to enter the SCIF are responsible for confirming the individual’s need-to-know and access.
- Tom is working on a report that contains employees’ names, home addresses, and salary. Which of the following is Tom prohibited from doing with the report?Among the provided options, the following action is prohibited for Tom when dealing with a report containing sensitive personal information:
- Using his home computer to print the report while teleworking.
- Which of these is NOT a potential indicator that your device may be under a malicious code attack?Among the provided options, the following is NOT a potential indicator of a malicious code attack on your device:
- A notification for a system update that has been publicized.
- Under which Cyberspace Protection Condition (CPCON) is the priority focus limited to critical and essential functions?Answer: The priority focus on critical and essential functions is established under Cyber Protection Condition (CPCON) level 1.
- Which of the following is a best practice for using government e-mail?Among the provided options, the following is a best practice for using government e-mail:
- Do not send mass e-mails.
- Carl receives an e-mail about a potential health risk caused by a common ingredient in processed food. Which of the following actions should Carl NOT take with the e-mail?Among the provided actions, Carl should NOT:
- Forward it.
- Which of the following is permitted when using an unclassified laptop within a collateral classified space?Among the provided options, the following is permitted when using an unclassified laptop within a collateral classified space:
- A Government-issued wired headset with microphone.
- Annabeth becomes aware that a conversation with a co-worker that involved Sensitive Compartmented Information (SCI) may have been overheard by someone who does not have the required clearance. What action should Annabeth take?Annabeth should take the following action:
- Contact her security POC with detailed information about the incident.It’s crucial to report security incidents promptly to the appropriate personnel to ensure that the necessary steps are taken to address the situation and prevent further security lapses.
- Which of the following is an appropriate use of government e-mail?Answer: Using a digital signature when sending attachments.
- Sylvia commutes to work via public transportation. She often uses…Answer: Yes. Eavesdroppers may be listening to Sylvia’s phone calls, and shoulder surfers may be looking at her screen.
- Which of the following is true of transmitting or transporting SCI?Answer: Printed SCI must be retrieved promptly from the printer.
- What conditions are necessary to be granted access to SCI?Answer: Top Secret clearance and indoctrination into the SCI program.
- Terry sees a post on her social media feed that says there is smoke billowing from the Pentagon…Answer: This is probably a post designed to attract Terr’s attention to click on a link and steal her information.
- Which of the following statements about PHI is false?Answer: It is created or received by a healthcare provider, health plan, or employer of a business associate of these.
- How can you prevent viruses and malicious code?Answer: Scan all external files before uploading to your computer.
- Which of the following is an appropriate use of a DoD PKI token?Answer: Do not use a token approved for NIPR on SIPR.
- Which of the following is a best practice when browsing the internet?Answer: Only accept cookies from reputable, trusted websites.
- Where are you permitted to use classified data?Answer: Only in areas with security appropriate to the classification level.
- What is the goal of an Insider Threat Program?Answer: Deter, detect, and mitigate.
- Which of the following uses of removable media is allowed?Answer: Government owned removable media that is approved as operationally necessary.
- Which of the following is NOT an appropriate use of your CAC?Answer: Using it as photo identification with a commercial entity.
- Which of the following is an authoritative source for derivative classification?Answer: Security Classification Guide.
- How can an adversary use information available in public records to target you?Answer: Combine it with information from other data sources to learn how best to bait you with a scam.
- Which of the following is an allowed use of government furnished equipment (GFE)?Answer: Checking personal e-mail if your organization allows it.
- Which best describes an insider threat? Someone who uses _ access, __, to harm national security through unauthorized disclosure, data modification, espionage, terrorism, or kinetic actions.Answer: authorized, wittingly or unwittingly.
- After a classified document is leaked online, it makes national headlines. Which of the following statements is true of the leaked information that is now accessible by the public?Answer: You should still treat it as classified even though it has been compromised.
- When linked to a specific individual, which of the following is NOT an example of Personally Identifiable Information (PII)?Answer: Automobile make and model.
- What does the Common Access Card (CAC) contain?Answer: Certificates for identification, encryption, and digital signature.
Unclassified Information
Meeting Notes:Your meeting notes are Unclassified. This means that your notes:Answer: Do not have the potential to damage national security.
Personnel Roster:
What type of information does this personnel roster represent?Answer: Controlled Unclassified Information (CUI). This is an example of Personally Identifiable Information, which is a type of CUI.
When e-mailing this personnel roster, which of the following should you do?Answer:- Encrypt the PII- Digitally sign the e-mail- Use your Government e-mail account
Sensitive Compartment Information
- Select an action to take in response to compromised Sensitive Compartment Information (SCI).– Call your security point of contact (POC).
- Dr. Dove printed a classified document and retrieved it promptly from the printer. Does this behavior represent a security concern?– Yes
- Col. Cockatiel worked on an unmarked document on the classified network. Does this behavior represent a security concern?– Yes
- Mr. Macaw and Colleague had a conversation about a shared project in the SCIF after verifying no one was nearby. Does this behavior represent a security concern?– Yes.
- Which of these individuals demonstrated behavior that could lead to the compromise of SCI?– Col. Cockatiel.
Government Resources
Is this an appropriate use of government-furnished equipment (GFE)?– No
This is not an appropriate use of GFE. Why?– You should not use government e-mail to sell anything- You should use a digital signature when sending hyperlinks.- You should not use unauthorized services, such as fileshare services, on GFE.
Cyber Awareness Challenge 2024 Standard Challenge Answers
The Cyber Awareness Challenge aims to shape user behavior by highlighting actionable steps authorized users can take to reduce risks and fortify the Department of Defense’s (DoD) Information Systems against threats.
This training is kept up-to-date, is designed to capture the user’s attention, and is tailored to be relevant to the user. Serving as the DoD’s foundational standard for end-user awareness training, the Cyber Awareness Challenge delivers awareness content that aligns with evolving mandates from Congress, the Office of Management and Budget (OMB), the Office of the Secretary of Defense, as well as feedback from the DoD CIO-led Cyber Workforce Advisory Group (CWAG).
The course offers a snapshot of the prevailing cybersecurity threats and outlines best practices for safeguarding information and information systems at work and home. It emphasizes the importance of protecting classified, controlled unclassified information (CUI), and personally identifiable information (PII).
For those who have completed earlier versions of the course, a Knowledge Check option is provided. As users navigate through the incident board, they encounter questions based on previous Cyber Awareness Challenges.
Correct answers allow users to proceed to the incident’s end, while incorrect responses require users to review and complete all tasks within the incident.
Unclassified Information
Mission: Protect unclassified information.
Meeting Notes
- Your meeting notes are Unclassified. This means that your notes:- May be released to the public.- Do not have the potential to damage national security.– Do not have the potential to affect the safety of personnel missions, or systems.- Do not require any markings.
Personnel Roster
Read more : Which Celebrities Live In Miami
What type of information does this personnel roster represent?
- Controlled Unclassified Information (CUI). This is an example of Personally Identifiable Information, which is a type of CUI.
When e-mailing this personnel roster, which of the following should you do?
- Encrypt the PII
- Digitally sign the e-mail
- Use your Government e-mail account
Classified Information
Mission: Securely process classified information and prevent spillage.
Your Office
- Pick the Designated Secure Area to earn the Document Coversheets!
Sensitive Compartment Information
Mission: Identify potential causes of Sensitive Compartment Information (SCI) being compromised.
- Select an action to take in response to compromised Sensitive Compartment Information (SCI).- Call your security point of contact (POC).
- Dr. Dove printed a classified document and retrieved it promptly from the printer. Does this behavior represent a security concern?- Yes
- Col. Cockatiel worked on an unmarked document on the classified network. Does this behavior represent a security concern?- Yes
- Mr. Macaw and Colleague had a conversation about a shared project in the SCIF after verifying no one was nearby. Does this behavior represent a security concern?- Yes.
- Which of these individuals demonstrated behavior that could lead to the compromise of SCI?- Col. Cockatiel.
Physical Facilities
Mission: Protect physical facilities.
Open Office Area
- Which of the following poses a physical security risk?- Posting an access roster in public view.
Collateral Classified Space
- Which of the following must you do when using an unclassified laptop in a collateral classified environment?– Disable the embedded camera, microphone, and Wi-Fi– Use government-issued wired peripherals
SCIF
- Which of the following must you do when working in a SCIF?– Verify that all personnel in listening distance have a need-to-know– Ensure that monitors do not provide unobstructed views– Escort uncleared personnel and warn others in the SCIF
Government Resources
Mission: Protect government resources
Is this an appropriate use of government-furnished equipment (GFE)?- No
This is not an appropriate use of GFE. Why?– You should not use government e-mail to sell anything– You should use a digital signature when sending hyperlinks.– You should not use unauthorized services, such as fileshare services, on GFE.
Identity Authentication
Mission: Identify best practices for identity authentication.
Alex
I receive a text message code when logging in with a password.- Good.
Bailey
I use password1 as one of my passwords.- Bad
Charlie
How do you protect your Common Access Card (CAC)? I use my CAC occasionally as a secondary photo identification.- Bad
Select the individual who securely authenticates their identity.- Alex
Malicious Code
Mission: Escape the network maze without being infected by malicious code.
- How can malicious code spread? Select all that apply.– E-mail attachments– Downloading files– Visiting infected websites
- How can you prevent the download of malicious code? Select all that apply:
– Scan external files before uploading to your device
– Research apps and their vulnerabilities before downloading
- Which of the following may indicate a malicious code attack? Select all that apply.
Read more : Which Statement Accurately Describes The Habitability Of The Planets
– A new app suddenly appears on the device.
– The device slows down.
– A new tab appears in the Web browser.
Social Engineering
Mission: Identify social engineering indicators.
- DoD IT. How many social engineering indicators are present in this e-mail?– 3+
- DoD Software. How many social engineering indicators are present in this e-mail?- 3+.
Removable Media
Mission: Safely handle removable media.
You find an unlabeled thumb drive in the parking area outside your workplace. What should you do?- Turn it in to your security officer.
Mobile Devices
Mission: Reduce security risks associated with mobile devices.
- Which payment method poses the least risk?- Cash.
- Which method of getting online poses the least risk?- Approved mobile hotspot.
- Which action will keep DoD data the safest?- Leave the coffee shop.
Social Networking
Mission: Safely navigate a social networking site.
- Everyone should see the new superhero movie! The special effects are fantastic on the big screen!- Delete.
- Shaun S:- Deny
- Important info for everyone! I had no idea.- Keep scrolling.
Website Use
Mission: Safely handle a potential internet hoax.
- Save Thanksgiving.- Research the link and ignore the link.
Identity Management
Mission: Stop the mole from stealing your identity.
- True or false? Voice-activated smart devices can collect and share your personal information.- True.
- True or false? The best way to keep your password safe is to carry it with you.- False.
- True or false? You should monitor your credit cars statements for unauthorized purchases.- True.
Insider Threat
Mission: Protect against insider threats.
- Does Bob demonstrate potential insider threat indicators?- Yes.
- How should Bob’s colleagues respond?- Report Bob.
Telework
Mission: Reduce security risks associated with telework.
- What step should be taken next to securely telework?- Secure the area so others cannot view your monitor.
- Which of these personally-owned computer peripherals may be used with government-furnished equipment?– HDMI monitor– USB keyboard
- Does this action pose a potential security risk?– Yes.
Home Computer Security
Mission: Protect your home computer.
- Virus and Threat Protection. Install the software.
- User accounts. Create a user profile.
- Firewall protection. Enable it.
Cyber Awareness Challenge 2023 Answers
Cyber Awareness Challenge 2023 Standard Challenge Answers
Spillage
If spillage occurs:
- Immediately notify your security POC;
- Do not delete the suspected files;
- Do not forward, read further, or manipulate the file;
- Secure the area.
Classified Data
Insider Threat
Social Networking
Controlled Unclassified Information
Physical Security
Identity Management
Sensitive Compartmented Information
Removable Media in a SCIF
Malicious Code
Malicious code can do damage by corrupting files, erasing your hard drive, and/or allowing hackers access.
Website Use
Social Engineering
To protect against social engineering:
- Do not participate in telephone surveys;
- Do not give out personal information
- Do not give out computer or network information
- Do not follow instructions from unverified personnel
- Contact your security POC or help desk
Travel
Use of GFE
Mobile Devices
Home Computer Security
Cyber Awareness Challenge 2023 Knowledge Check Answers
Spillage
Classified Data
Insider Threat
Social Networking
Controlled Unclassified Information
Physical Security
Identity Management
Sensitive Compartmented Information
Removable Media in a SCIF
Malicious Code
Website Use
Social Engineering
Travel
Use of GFE
Mobile Devices
Home Computer Security
Older Cyber Awareness Challenge Knowledge Check Answers
In this section, we provide answers to the Cyber Awareness Challenge Knowledge Check from previous years.
Sources
- https://public.cyber.mil/training/cyber-awareness-challenge/
Source: https://t-tees.com
Category: WHICH
