Cyber Awareness Challenge
MyLearning and DAF E-Learning are the same
Knowledge Check Option (Pre-Test)
Q: Which of the following is an appropriate use of government e-mail?
A: Using a digital signature when sending hyperlinks.
Q: How can you prevent viruses and malicious code?
A: Scan all e-mail attachments
Q: Tessa is processing payroll data that includes employees’ names, home addresses, and salary. Which of the following is Tessa prohibited from doing with the data?
A: Using her home computer to print the data while working remotely.
Q: You receive a text message from a vendor notifying you that your order is on hold due to needing updated payment information from you. It provides a shortened link for you to provide the needed information. What is your best course of action?
A: Delete the message
Q: Matt is a government employee who needs to share a document containing source selection data with his supervisor. Which of the following describes the most appropriate way for Matt to do this?
A: Encrypt it and send it via digitally signed Government e-mail.
Q: You receive an e-mail marked important from your agency head asking you to call them using a number that you don’t recognize. The e-mail was sent from a personal e-mail address that you do not recognize, but it addresses you by name. What action should you take?
A: This may be a spear fishing attempt. Report it to your security POC or help desk.
Q: Which of the following is a best practice to protect your identity?
A: Ask how information will be used before giving it out.
Q: How can you protect your home computer?
A: Version 1 – Use legitimate, known antivirus software | Version 2 – Install spyware protection software.
Q: Which of the following is a best practice for using government e-mail?
A: Do not solicit sales
Q: What are the requirements for access to Sensitive Compartmented Information (SCI)?
A: Top Secret clearance and indoctrination into the SCI Program
Q: Which of these is NOT a potential indicator that your device may be under a malicious code attack?
A: An operating system update
Q: When is the safest time to post on social media about your work-related travel?
A: After the trip
Q: Which of the following is an example of removable media?
A: A compact disc
Q: Adam sees a coworker who does not have the required clearance with a printed document marked as Sensitive Compartmented Information (SCI). What should he do?
A: Contact his security POC to report the incident.
Q: Which of the following is permitted within a Sensitive Comptartmented Information Facility (SCIF)?
A: An authorized Government-owned Portable Electronic Device (PED).
Q: Which of the following would work in combination for two-factor authentication?
A: Common Access Card (CAC) and Personal Identification Number (PIN)
Q: Which of the following personally owned peripherals can you use with government furnished equipment (GFE)?
A: A wired keyboard connected via USB
Q: Which of the following is a way to protect classified data?
A: Store it in a GSA-approved container
Q: How can you protect yourself on social media websites?
A: Validate connection requests through another source if possible.
Q: Which of the following is safest to share on a social networking site?
A: Your favorite movie
Q: Which of the following is true of compressed URLs (e.g., TinyURL, goo.gl)?
A: They may be used to mask malicious intent
Q: Which of the following is a potential insider threat indicator?
A: Financial windfall from an inheritance
Q: Which of the following is a best practice for telework and remote work?
A: ensure others do not have access to your work area when processing classified information
Q: Does it pose a security risk to tap your smartwatch to pay for a purchase at a store?
A: Yes, there is a risk that the signal could be intercepted and altered.
Q: Which of the following is true of Sensitive Compartmented Information Facilities (SCIFs)?
A: SCIFs are not permitted to be constructed with windows unles fixed, unalterable window coverings are in place.
Q: Under which Cyberspace Protection Condition (CPCON) is the priority focus limited to critical functions?
A: CPCON 4
Q: How can you protect data on a mobile device?
A: Use two-factor authentication
Q: John receives e-mail about a potential shutdown of a major social service unless a petition receives enough signatures. Which of the following actions should John NOT take with the e-mail?
A: Forward it
Q: Steve occasionally runs errands during virtual meetings. He joins the meetings using his approved government device. Does this pose a security concern?
A: Yes. Eavesdroppers may be listening to Steve’s conversation.
Q: Which of the following poses a security risk while teleworking in an environment where Internet of Things (IoT) devices are present?
A: All of these
Q: How can malicious code do damage?
A: All of these
Q: Which of the following statements about Protected Health Information (PHI) is true?
A: It is health information that identifies the individual.
Q: When allowed, which of the following is an appropriate use of removable media?
A: Labeling media that contains personally identifiable information (PII)
Q: Which of the following uses of removable media is allowed?
A: Sam uses approved Government-owned removable media to transfer files between government systems as authorized.
Q: You receive a phone call from an unknown person asking for a directory name on your government furnished laptop so that a software update can be made. Which course of action should you take?
A: Document the interaction and contact your security POC or help desk.
Q: Which of the following is true of spillage?
A: It can be either inadvertent or intentional
Q: Which of the following is a best practice when browsing the internet?
A: Look for the h-t-t-p-s in the URL name
Q: Which of the following is an appropriate use of a DoD Public Key Infrastructure (PKI) token?
A: Only leave it in a system when actively using it for a PKI-related task.
Q: What is a best practice for creating user accounts for your home computer?
A: Create separate accounts for each user and have each user create their own password.
Notes
Due to changes from previous years, the course will still require you to complete some items after the test: Government Resources, Physical Facilities, Insider Threat, and/or Telework. It seems to be random after 4 tests with confirmed answers. Answers to “forced to complete” sections are below.
Physical Facilities
- Roster in view
- Cover the camera;government issued wired accessories only
- Unobstructed view of the monitor; make sure only need-to-know personnel are in hearing distance; escort non-cleared individuals and notify personnel of their presence.
Government Facilities
- No
- Not allowed for selling, digital signature for sending links, no file sharing allowed
Insider Threat
- Yes
- Report Bob
Telework
- Secure the area so others cannot view your monitor
- HDMI Monitor, USB Keyboard
- Yes
