DOD Cyber Awareness Challenge 2026 Exam
VERIFIED SOLUTIONS (GUARANTEED PASS)
Question: 1
You receive a text message on your government-issued mobile device
warning you that your account has been locked and directing you to
click a link to reset your password. The message appears to come from
your agency's IT department. What is the appropriate response?
A. Click the link immediately to restore access to your account.
B. Reply to the text message asking for more information about the
lockout.
C. Forward the text to your coworkers to warn them about possible
account issues.
D. Delete the text and report it to your security office or help desk as a
suspected phishing attempt. - VERIFIED ANSWER - D. Delete the text
and report it to your security office or help desk as a suspected
phishing attempt.
Rationale: Phishing attacks can occur through text messages
(smishing) as well as email. Official entities will not request
password resets via unsecured text messages with embedded
links. Reporting the attempt helps protect the entire network.
Question: 2
,You are working at an airport and connect to the public Wi-Fi to check
your government email. A pop-up appears stating you must agree to
new terms and install a "security certificate" to continue. What should
you do?
A. Install the certificate as requested to maintain internet connectivity.
B. Disconnect from the Wi-Fi immediately and do not install the
certificate.
C. Click "agree" but only to read the terms and conditions first.
D. Ignore the pop-up and continue checking email in the background.
- VERIFIED ANSWER - B. Disconnect from the Wi-Fi immediately
and do not install the certificate.
Rationale: Installing an untrusted security certificate can allow a
malicious actor to intercept and decrypt your encrypted traffic
(man-in-the-middle attack). You should never install software or
certificates from untrusted public networks. Only use approved,
secure connections.
Question: 3
You are cleared for Top Secret information and are working on a
special project. You receive an email from a coworker with an
unclassified attachment about an upcoming office party. The
attachment contains a hidden watermark that reads "TOP SECRET."
What is the first thing you should do?
A. Delete the email and attachment from your inbox.
B. Reply to the coworker warning them about the watermark.
,C. Do not open the attachment and report the incident to your security
point of contact.
D. Remove the watermark and save the file as unclassified. - VERIFIED
ANSWER - C. Do not open the attachment and report the incident
to your security point of contact.
Rationale: This is a potential data spillage incident where
classified information may have been improperly placed in an
unclassified document. Opening or manipulating the file could
further expose classified data. The proper procedure is to report
it immediately without taking further action.
Question: 4
Which of the following is an example of a strong password or
passphrase?
A. Password1234
B. My dog's name and birth year (Rex2005)
C. A random combination: GJ3$k9#mP2!qR
D. The current season and year (Spring2026) - VERIFIED ANSWER - C.
A random combination: GJ3$k9#mP2!qR
Rationale: Strong passwords are long, complex, and
unpredictable. They should avoid dictionary words, personal
information, and predictable patterns. A random mix of
uppercase, lowercase, numbers, and special characters provides
the best protection against brute-force attacks.
, Question: 5
You are cleaning out your office and find a stack of old CDs labeled
"Project X - 2019 Backup." You no longer have a CD drive and want to
dispose of them properly. What is the correct method of disposal for
media that may have contained controlled unclassified information
(CUI)?
A. Throw them in the regular trash or recycling bin.
B. Break the CDs in half by hand and place them in different trash bags.
C. Give them to a coworker who might still have a CD drive.
D. Follow your organization's policy for media destruction, such as
shredding or authorized disposal. - VERIFIED ANSWER - D. Follow
your organization's policy for media destruction, such as
shredding or authorized disposal.
Rationale: Media containing CUI or other sensitive information
must be destroyed in accordance with established policies to
prevent unauthorized disclosure. Simply breaking or trashing the
media is not a secure disposal method.
Question: 6
While checking your government email on a trip, you notice a pop-up
message indicating your system is infected with a virus and instructing
you to call a toll-free number for immediate technical support. What
should you do?
A. Call the number immediately to prevent damage to your system.
B. Ignore the pop-up and continue working since it's probably a scam.
VERIFIED SOLUTIONS (GUARANTEED PASS)
Question: 1
You receive a text message on your government-issued mobile device
warning you that your account has been locked and directing you to
click a link to reset your password. The message appears to come from
your agency's IT department. What is the appropriate response?
A. Click the link immediately to restore access to your account.
B. Reply to the text message asking for more information about the
lockout.
C. Forward the text to your coworkers to warn them about possible
account issues.
D. Delete the text and report it to your security office or help desk as a
suspected phishing attempt. - VERIFIED ANSWER - D. Delete the text
and report it to your security office or help desk as a suspected
phishing attempt.
Rationale: Phishing attacks can occur through text messages
(smishing) as well as email. Official entities will not request
password resets via unsecured text messages with embedded
links. Reporting the attempt helps protect the entire network.
Question: 2
,You are working at an airport and connect to the public Wi-Fi to check
your government email. A pop-up appears stating you must agree to
new terms and install a "security certificate" to continue. What should
you do?
A. Install the certificate as requested to maintain internet connectivity.
B. Disconnect from the Wi-Fi immediately and do not install the
certificate.
C. Click "agree" but only to read the terms and conditions first.
D. Ignore the pop-up and continue checking email in the background.
- VERIFIED ANSWER - B. Disconnect from the Wi-Fi immediately
and do not install the certificate.
Rationale: Installing an untrusted security certificate can allow a
malicious actor to intercept and decrypt your encrypted traffic
(man-in-the-middle attack). You should never install software or
certificates from untrusted public networks. Only use approved,
secure connections.
Question: 3
You are cleared for Top Secret information and are working on a
special project. You receive an email from a coworker with an
unclassified attachment about an upcoming office party. The
attachment contains a hidden watermark that reads "TOP SECRET."
What is the first thing you should do?
A. Delete the email and attachment from your inbox.
B. Reply to the coworker warning them about the watermark.
,C. Do not open the attachment and report the incident to your security
point of contact.
D. Remove the watermark and save the file as unclassified. - VERIFIED
ANSWER - C. Do not open the attachment and report the incident
to your security point of contact.
Rationale: This is a potential data spillage incident where
classified information may have been improperly placed in an
unclassified document. Opening or manipulating the file could
further expose classified data. The proper procedure is to report
it immediately without taking further action.
Question: 4
Which of the following is an example of a strong password or
passphrase?
A. Password1234
B. My dog's name and birth year (Rex2005)
C. A random combination: GJ3$k9#mP2!qR
D. The current season and year (Spring2026) - VERIFIED ANSWER - C.
A random combination: GJ3$k9#mP2!qR
Rationale: Strong passwords are long, complex, and
unpredictable. They should avoid dictionary words, personal
information, and predictable patterns. A random mix of
uppercase, lowercase, numbers, and special characters provides
the best protection against brute-force attacks.
, Question: 5
You are cleaning out your office and find a stack of old CDs labeled
"Project X - 2019 Backup." You no longer have a CD drive and want to
dispose of them properly. What is the correct method of disposal for
media that may have contained controlled unclassified information
(CUI)?
A. Throw them in the regular trash or recycling bin.
B. Break the CDs in half by hand and place them in different trash bags.
C. Give them to a coworker who might still have a CD drive.
D. Follow your organization's policy for media destruction, such as
shredding or authorized disposal. - VERIFIED ANSWER - D. Follow
your organization's policy for media destruction, such as
shredding or authorized disposal.
Rationale: Media containing CUI or other sensitive information
must be destroyed in accordance with established policies to
prevent unauthorized disclosure. Simply breaking or trashing the
media is not a secure disposal method.
Question: 6
While checking your government email on a trip, you notice a pop-up
message indicating your system is infected with a virus and instructing
you to call a toll-free number for immediate technical support. What
should you do?
A. Call the number immediately to prevent damage to your system.
B. Ignore the pop-up and continue working since it's probably a scam.
