Cyber Awareness 2023

Cyber Awareness 2023 Spillage: how should uou respond if you receive an inquiry for info not clear for public release? - ANS Refer your order to PAO. Spillage: what will help prevent spillage? - ANS Follow procedures for transfering data to and from outside agency and networks. Classified data: what is the basis for handling classified data? - ANS Classification level and handling caveats Classified data: who designates classified data? - ANS Original Classification Authority Insider Threat: which is the following of a potential insider threat? - ANS Difficult life circumstances Insider threat: what function do insider threat programs aim to fulfill? - ANS Proactively identify future threats and formulate wholistic mitigation responses Insider threats: what is a reportable insider threat? - ANS A colleague removes sensitive info w/o seeking authorization in order to perform authorized telework Social Networking: when might you be subject to criminal, disciplinary, or administrative action due to online harassment, bullying, stalking, etc? - ANS If you participate/condone it in anyway Social Networking: which of the following is a security best practice when using social networking sites? - ANS Avoid posting pii (mothers maiden name) Social Networking: Protect yourself on social networking sites? - ANS Delete posts containing Personal information on a regular basis Controlled Unclass Info: which Desi marks information that does not have the potential to damage national security - ANS Unclassified Controlled Unclass Info: What's true for CUI? - ANS CUI must have diseminating controls Controlled Unclass Info: best way to transmit CUI? - ANS Make sure recipients are clear and need to know then send via encrypted email Physical security: which CPCON establishes a protection policy focus critical functions only - ANS CPCON 1 Identity Management: strong password? - ANS @rF+13gtK5! Identify Management: whats true about CACs? - ANS It contains certificates for ID, encryption, and digital signature SCI: what's true of sharing info in a SCIF? - ANS Avoid referencing derivitavely classified reports classified higher than the recipient SCI: what's true for transmitting SCI? - ANS Only transmit SCI if you're courier briefed for SCI Removable media in SCIF: what's true of PEDs in a SCIF? - ANS Only connect government-owned PEDs to the same level classification information system when authorized Malicious Code: what's true for downloading apps? - ANS For government devices, use approved and authorized apps only Website use: how should you respond to theft of identity? - ANS Contact reporting agencies, financial institutions, monitor credit card statements and report crime to law enforcement Social engineering: how to protect from social engineering? - ANS Verify identity of individuals Social engineering: common indicator of phishng attempt? - ANS Claim that you update or validate information Social engineering: what security issue is associated with compressed URLs? - ANS Can be used to mask malicious intent Travel: problems w/ public wifi? - ANS May expose information sent to theft GFE: what is personally owned monitor you shouldn't connect to your GFE? - ANS USB Mobile Devices: which is a best practice for using removable media? - ANS Avoid inserting removable media with unknown content into your computer Mobile devices: how can you protect data on your mobile computing and portable e-devices (PEDs)? - ANS Auto screen locking Home Computer: best practice for securing home computer? - ANS Install system security patches Spillage: how should uou respond if you receive an inquiry for info not clear for public release? - ANS Refer your order to PAO. Spillage: what will help prevent spillage? - ANS Follow procedures for transfering data to and from outside agency and networks. Classified data: what is the basis for handling classified data? - ANS Classification level and handling caveats Classified data: who designates classified data? - ANS Original Classification Authority Insider Threat: which is the following of a potential insider threat? - ANS Difficult life circumstances Insider threat: what function do insider threat programs aim to fulfill? - ANS Proactively identify future threats and formulate wholistic mitigation responses Insider threats: what is a reportable insider threat? - ANS A colleague removes sensitive info w/o seeking authorization in order to perform authorized telework Social Networking: when might you be subject to criminal, disciplinary, or administrative action due to online harassment, bullying, stalking, etc? - ANS If you participate/condone it in anyway Social Networking: which of the following is a security best practice when using social networking sites? - ANS Avoid posting pii (mothers maiden name) Social Networking: Protect yourself on social networking sites? - ANS Delete posts containing Personal information on a regular basis Controlled Unclass Info: which Desi marks information that does not have the potential to damage national security - ANS Unclassified Controlled Unclass Info: What's true for CUI? - ANS CUI must have diseminating controls Controlled Unclass Info: best way to transmit CUI? - ANS Make sure recipients are clear and need to know then send via encrypted email Physical security: which CPCON establishes a protection policy focus critical functions only - ANS CPCON 1 Identity Management: strong password? - ANS @rF+13gtK5! Identify Management: whats true about CACs? - ANS It contains certificates for ID, encryption, and digital signature SCI: what's true of sharing info in a SCIF? - ANS Avoid referencing derivitavely classified reports classified higher than the recipient SCI: what's true for transmitting SCI? - ANS Only transmit SCI if you're courier briefed for SCI Removable media in SCIF: what's true of PEDs in a SCIF? - ANS Only connect government-owned PEDs to the same level classification information system when authorized Malicious Code: what's true for downloading apps? - ANS For government devices, use approved and authorized apps only Website use: how should you respond to theft of identity? - ANS Contact reporting agencies, financial institutions, monitor credit card statements and report crime to law enforcement Social engineering: how to protect from social engineering? - ANS Verify identity of individuals Social engineering: common indicator of phishng attempt? - ANS Claim that you update or validate information Social engineering: what security issue is associated with compressed URLs? - ANS Can be used to mask malicious intent Travel: problems w/ public wifi? - ANS May expose information sent to theft GFE: what is personally owned monitor you shouldn't connect to your GFE? - ANS USB Mobile Devices: which is a best practice for using removable media? - ANS Avoid inserting removable media with unknown content into your computer Mobile devices: how can you protect data on your mobile computing and portable e-devices (PEDs)? - ANS Auto screen locking Home Computer: best practice for securing home computer? - ANS Install system security patches