CYBER AWARENESS CHALLENGE
2026 EXAM Q&A
Which of the following is NOT a best practice for protecting data on a mobile device? -
ANSWER -Disable automatic screen locking after a period of inactivity
Annabeth becomes aware that a conversation with a co-worker that involved Sensitive
Compartmented Information (SCI) may have been overheard by someone who does not
have the required clearance. What action should Annabeth take? - ANSWER -Contact
her security POC to report the incident.
On your home computer, how can you best establish passwords when creating
separate user accounts? - ANSWER -Have each user create their own, strong
password
Which of the following is an allowed use of government furnished equipment (GFE)? -
ANSWER -Checking personal e-mail if your organization allows it
How can you prevent viruses and malicious code? - ANSWER -Scan all external files
before uploading to your computer
Which best describes an insider threat? Someone who uses __________ access,
___________, to harm national security through unauthorized disclosure, data
modification, espionage, terrorism, or kinetic actions. - ANSWER -authorized, wittingly
or unwittingly
Which of the following is an example of behavior that you should report? - ANSWER -
Taking sensitive information home for telework without authorization
Which of the following is true of telework? - ANSWER -You must have permission from
your organization to telework.
After a classified document is leaked online, it makes national headlines. Which of the
following statements is true of the leaked information that is now accessible by the
public? - ANSWER -You should still treat it as classified even though it has been
compromised.
What conditions are necessary to be granted access to Sensitive Compartmented
Information (SCI)? - ANSWER -Top Secret clearance and indoctrination into the SCI
program
Which of the following is permitted when using an unclassified laptop within a collateral
classified space? - ANSWER -A Government-issued wired headset with microphone
, Which of the following is an authoritative source for derivative classification? - ANSWER
-Security Classification Guide
Carl receives an e-mail about a potential health risk caused by a common ingredient in
processed food. Which of the following actions should Carl NOT take with the e-mail? -
ANSWER -Forward it
How can an adversary use information available in public records to target you? -
ANSWER -Combine it with information from other data sources to learn how best to bait
you with a scam
Which of the following is an appropriate use of government e-mail? - ANSWER -Using a
digital signature when sending attachments
How should government owned removable media be stored? - ANSWER -In a GSA-
approved container according to the appropriate security classification
When linked to a specific individual, which of the following is NOT an example of
Personally Identifiable Information (PII)? - ANSWER -Automobile make and model
What does the Common Access Card (CAC) contain? - ANSWER -Certificates for
identification, encryption, and digital signature
Sylvia commutes to work via public transportation. She often uses the time to get a
head start on work by making phone calls or responding to e-mails on her government
approved mobile device. Does this pose a security concern? - ANSWER -Yes.
Eavesdroppers may be listening to Sylvia's phone calls, and shoulder surfers may be
looking at her screen. Sylvia should be aware of these risks.
Beth taps her phone at a payment terminal to pay for a purchase. Does this pose a
security risk? - ANSWER -Yes, there is a risk that the signal could be intercepted and
altered.
Which of the following is NOT an appropriate use of your Common Access Card (CAC)?
- ANSWER -Using it as photo identification with a commercial entity
When is the safest time to post on social media about your vacation plans? - ANSWER
-After the trip
You receive a text message from a package shipper notifying you that your package
delivery is delayed due to needing updated delivery instructions from you. It provides a
shortened link for you to provide the needed information. You are not expecting a
package. What is the best course of action? - ANSWER -Delete the message
2026 EXAM Q&A
Which of the following is NOT a best practice for protecting data on a mobile device? -
ANSWER -Disable automatic screen locking after a period of inactivity
Annabeth becomes aware that a conversation with a co-worker that involved Sensitive
Compartmented Information (SCI) may have been overheard by someone who does not
have the required clearance. What action should Annabeth take? - ANSWER -Contact
her security POC to report the incident.
On your home computer, how can you best establish passwords when creating
separate user accounts? - ANSWER -Have each user create their own, strong
password
Which of the following is an allowed use of government furnished equipment (GFE)? -
ANSWER -Checking personal e-mail if your organization allows it
How can you prevent viruses and malicious code? - ANSWER -Scan all external files
before uploading to your computer
Which best describes an insider threat? Someone who uses __________ access,
___________, to harm national security through unauthorized disclosure, data
modification, espionage, terrorism, or kinetic actions. - ANSWER -authorized, wittingly
or unwittingly
Which of the following is an example of behavior that you should report? - ANSWER -
Taking sensitive information home for telework without authorization
Which of the following is true of telework? - ANSWER -You must have permission from
your organization to telework.
After a classified document is leaked online, it makes national headlines. Which of the
following statements is true of the leaked information that is now accessible by the
public? - ANSWER -You should still treat it as classified even though it has been
compromised.
What conditions are necessary to be granted access to Sensitive Compartmented
Information (SCI)? - ANSWER -Top Secret clearance and indoctrination into the SCI
program
Which of the following is permitted when using an unclassified laptop within a collateral
classified space? - ANSWER -A Government-issued wired headset with microphone
, Which of the following is an authoritative source for derivative classification? - ANSWER
-Security Classification Guide
Carl receives an e-mail about a potential health risk caused by a common ingredient in
processed food. Which of the following actions should Carl NOT take with the e-mail? -
ANSWER -Forward it
How can an adversary use information available in public records to target you? -
ANSWER -Combine it with information from other data sources to learn how best to bait
you with a scam
Which of the following is an appropriate use of government e-mail? - ANSWER -Using a
digital signature when sending attachments
How should government owned removable media be stored? - ANSWER -In a GSA-
approved container according to the appropriate security classification
When linked to a specific individual, which of the following is NOT an example of
Personally Identifiable Information (PII)? - ANSWER -Automobile make and model
What does the Common Access Card (CAC) contain? - ANSWER -Certificates for
identification, encryption, and digital signature
Sylvia commutes to work via public transportation. She often uses the time to get a
head start on work by making phone calls or responding to e-mails on her government
approved mobile device. Does this pose a security concern? - ANSWER -Yes.
Eavesdroppers may be listening to Sylvia's phone calls, and shoulder surfers may be
looking at her screen. Sylvia should be aware of these risks.
Beth taps her phone at a payment terminal to pay for a purchase. Does this pose a
security risk? - ANSWER -Yes, there is a risk that the signal could be intercepted and
altered.
Which of the following is NOT an appropriate use of your Common Access Card (CAC)?
- ANSWER -Using it as photo identification with a commercial entity
When is the safest time to post on social media about your vacation plans? - ANSWER
-After the trip
You receive a text message from a package shipper notifying you that your package
delivery is delayed due to needing updated delivery instructions from you. It provides a
shortened link for you to provide the needed information. You are not expecting a
package. What is the best course of action? - ANSWER -Delete the message
