ANNUAL DOD TRAINING - CYBER
AWARENESS/INFORMATION
ASSURANCE CHALLENGE QUIZ
QUESTIONS WITH COMPLETE
SOLUTIONS
The defense contractor's information system was made vulnerable by outdated and
unpatched software. How does your organization handle this?
A. System administrators are on top of it and we have a strict policy. I pay close
attention to notices to upgrade and apply patches.
B. We use what works; we're not necessarily concerned with upgrading to the latest and
greatest thing.
C. I have no idea; I'm busy enough as it is. I see notices about upgrades and patches,
but I don't have time to worry about software versions or if my computer has every
software patch installed. - ANSWER -A
The defense contractor was targeted via removable media. What is your organization's
policy on thumb drives and other removable media?
A. We use removable media; it's convenient and is an efficient way of sharing and
transferring information.
B. Removable media is strictly prohibited.
C. I'm not sure. - ANSWER -B
Which of the following is a best practice for managing connection requests on social
networking sites?
A. Make your posts publicly available so that everyone can view them without
connecting with you
B. Assume that people are who they say they are on social networking sites
C. Validate connection requests through another source if possible
D. Accept connection requests from people with whom you share mutual connections -
ANSWER -C
, Which of the following is NOT a best practice for protecting data on a mobile device?
A. Maintain visual or physical control of your device at all times
B. Lock your device when not in use
C. Use two-factor authentication
D. Disable automatic screen locking after a period of inactivity - ANSWER -D
If you received an email asking for personal information, how would you respond?
A. If the email is from within my organization, there's no harm in providing the
information. I'd provide the requested information.
B. I'm not sure why my user name and password would be required. I'd notify my
security point of contact or help desk.
C. I don't care who is requesting my password, I would never provide it. I'd delete the e-
mail. - ANSWER -B
Selecting the link downloaded malicious code. Would you have selected the link?
A. Definitely, my organization has strong anti-virus software. I'd open the link.
B. No, I wouldn't open a link from an unknown forum poster.
C. It depends. If I was on a reputable site, I'd have no problem opening it. - ANSWER -B
What philosophy do you follow when creating passwords?
A. I use the same, very secure password for everything. It's 8 characters and includes
lower and upper case letters, numbers, and special characters. There's no way a
password cracker is getting my information.
B. I change passwords frequently and always use a combination of numbers, letters,
and special characters. I'm fairly confident my passwords are secure.
C. I don't worry about my password; my organization's security is strong enough to
defeat a hacker. I make sure to use something I can remember like a significant date or
name. - ANSWER -B
Which of the following is a step you should NOT take to protect against spillage?
A. Purge any device's memory before connecting it to a classified network
B. Verify that you are using the correct network for the level of data
C. Follow procedures for transferring data to non-Government networks
D. Label all files with appropriate classification markings - ANSWER -C
AWARENESS/INFORMATION
ASSURANCE CHALLENGE QUIZ
QUESTIONS WITH COMPLETE
SOLUTIONS
The defense contractor's information system was made vulnerable by outdated and
unpatched software. How does your organization handle this?
A. System administrators are on top of it and we have a strict policy. I pay close
attention to notices to upgrade and apply patches.
B. We use what works; we're not necessarily concerned with upgrading to the latest and
greatest thing.
C. I have no idea; I'm busy enough as it is. I see notices about upgrades and patches,
but I don't have time to worry about software versions or if my computer has every
software patch installed. - ANSWER -A
The defense contractor was targeted via removable media. What is your organization's
policy on thumb drives and other removable media?
A. We use removable media; it's convenient and is an efficient way of sharing and
transferring information.
B. Removable media is strictly prohibited.
C. I'm not sure. - ANSWER -B
Which of the following is a best practice for managing connection requests on social
networking sites?
A. Make your posts publicly available so that everyone can view them without
connecting with you
B. Assume that people are who they say they are on social networking sites
C. Validate connection requests through another source if possible
D. Accept connection requests from people with whom you share mutual connections -
ANSWER -C
, Which of the following is NOT a best practice for protecting data on a mobile device?
A. Maintain visual or physical control of your device at all times
B. Lock your device when not in use
C. Use two-factor authentication
D. Disable automatic screen locking after a period of inactivity - ANSWER -D
If you received an email asking for personal information, how would you respond?
A. If the email is from within my organization, there's no harm in providing the
information. I'd provide the requested information.
B. I'm not sure why my user name and password would be required. I'd notify my
security point of contact or help desk.
C. I don't care who is requesting my password, I would never provide it. I'd delete the e-
mail. - ANSWER -B
Selecting the link downloaded malicious code. Would you have selected the link?
A. Definitely, my organization has strong anti-virus software. I'd open the link.
B. No, I wouldn't open a link from an unknown forum poster.
C. It depends. If I was on a reputable site, I'd have no problem opening it. - ANSWER -B
What philosophy do you follow when creating passwords?
A. I use the same, very secure password for everything. It's 8 characters and includes
lower and upper case letters, numbers, and special characters. There's no way a
password cracker is getting my information.
B. I change passwords frequently and always use a combination of numbers, letters,
and special characters. I'm fairly confident my passwords are secure.
C. I don't worry about my password; my organization's security is strong enough to
defeat a hacker. I make sure to use something I can remember like a significant date or
name. - ANSWER -B
Which of the following is a step you should NOT take to protect against spillage?
A. Purge any device's memory before connecting it to a classified network
B. Verify that you are using the correct network for the level of data
C. Follow procedures for transferring data to non-Government networks
D. Label all files with appropriate classification markings - ANSWER -C
