Cyber Awareness Challenge Exam
Review 2022/2023
What do you do if spillage occurs? - ANSWER Immediately notify your
security point of contact.
What should you do after you have ended a call from a reporter asking you
to confirm potentially classified information found on the web? - ANSWER
Alert your security point of contact.
Which of the following is NOT a requirement for telework? - ANSWER You
must possess security clearance eligibility to telework.
Who can be permitted access to classified data? - ANSWER Only persons
with appropriate clearance, a non-disclosure agreement, and need-to-know
can access classified data.
A colleague has won 10 high-performance awards, can be playful and
charming, is not currently in a relationship, and is occasionally aggressive in
trying to access sensitive information. How many potential insiders threat
indicators does this employee display? - ANSWER 1 indicator
A colleague has visited several foreign countries recently, has adequate work
quality, speaks openly of unhappiness with U.S. foreign policy, and recently
had his car repossessed. How many potential insiders threat indicators does
this employee display?
- ANSWER 3 or more indicators
A colleague complains about anxiety and exhaustion, makes coworkers
uncomfortable by asking excessive questions about classified projects, and
complains about the credit card bills that his wife runs up. How many
potential insiders threat indicators does this employee display? - ANSWER 3
or more indicators
In setting up your personal social networking service account, what email
address should you use? - ANSWER Your personal email address
What information most likely presents a security risk on your personal social
networking profile? - ANSWER Your place of birth
Which of the following is NOT an example of sensitive information? -
ANSWER Press release data
Is it permitted to share an unclassified draft document with a non-DoD
professional discussion group? - ANSWER As long as the document is
cleared for public release, you may release it outside of DoD
, Which of the following is an example of Protected Health Information (PHI)? -
ANSWER I've tried all the answers and it still tells me off. Examples are:
Patient names, Social Security numbers, Driver's license numbers, insurance
details, and birth dates
Which of the following represents a good physical security practice? -
ANSWER Use your own security badge, key code, or Common Access Card
(CAC)/Personal Identity Verification (PIC) card.
Which of the following is NOT a good way to protect your identity? - ANSWER
Use a single, complex password for your system and application logons.
Which of the following statements is TRUE about the use of DoD Public Key
Infrastructure (PKI) tokens? - ANSWER Always use DoD PKI tokens within
their designated classification level.
Which of the following is NOT a typical means for spreading malicious code?
- ANSWER Patching from a trusted source
Which of the following is a practice that helps to protect you from identity
theft? - ANSWER Ordering a credit report annually
Which of the following is a practice that helps to prevent the download of
viruses and other malicious code when checking your email? - ANSWER Do
not access links or hyperlinked media such as buttons and graphics in email
messages.
You receive an unexpected email from a friend: "I think you'll like this:
https://tinyurl.com/2fcbvy." What action should you take? - ANSWER Use
TinyURL's preview feature to investigate where the link leads.
You receive an email from the Internal Revenue Service (IRS) demanding
immediate payment of back taxes of which you were not aware. The email
provides a website and a toll-free number where you can make payment.
What action should you take? - ANSWER Contact the IRS
When using your government-issued laptop in public environments, with
which of the following should you be concerned? - ANSWER The potential for
unauthorized viewing of work-related information displayed on your screen.
Under what circumstances is it acceptable to check personal email on
Government- furnished equipment (GFE)? - ANSWER If your organization
allows it.
Which of the following is NOT a best practice to protect data on your mobile
computing device? - ANSWER Lock your device screen when not in use and
require a password to reactivate.
Review 2022/2023
What do you do if spillage occurs? - ANSWER Immediately notify your
security point of contact.
What should you do after you have ended a call from a reporter asking you
to confirm potentially classified information found on the web? - ANSWER
Alert your security point of contact.
Which of the following is NOT a requirement for telework? - ANSWER You
must possess security clearance eligibility to telework.
Who can be permitted access to classified data? - ANSWER Only persons
with appropriate clearance, a non-disclosure agreement, and need-to-know
can access classified data.
A colleague has won 10 high-performance awards, can be playful and
charming, is not currently in a relationship, and is occasionally aggressive in
trying to access sensitive information. How many potential insiders threat
indicators does this employee display? - ANSWER 1 indicator
A colleague has visited several foreign countries recently, has adequate work
quality, speaks openly of unhappiness with U.S. foreign policy, and recently
had his car repossessed. How many potential insiders threat indicators does
this employee display?
- ANSWER 3 or more indicators
A colleague complains about anxiety and exhaustion, makes coworkers
uncomfortable by asking excessive questions about classified projects, and
complains about the credit card bills that his wife runs up. How many
potential insiders threat indicators does this employee display? - ANSWER 3
or more indicators
In setting up your personal social networking service account, what email
address should you use? - ANSWER Your personal email address
What information most likely presents a security risk on your personal social
networking profile? - ANSWER Your place of birth
Which of the following is NOT an example of sensitive information? -
ANSWER Press release data
Is it permitted to share an unclassified draft document with a non-DoD
professional discussion group? - ANSWER As long as the document is
cleared for public release, you may release it outside of DoD
, Which of the following is an example of Protected Health Information (PHI)? -
ANSWER I've tried all the answers and it still tells me off. Examples are:
Patient names, Social Security numbers, Driver's license numbers, insurance
details, and birth dates
Which of the following represents a good physical security practice? -
ANSWER Use your own security badge, key code, or Common Access Card
(CAC)/Personal Identity Verification (PIC) card.
Which of the following is NOT a good way to protect your identity? - ANSWER
Use a single, complex password for your system and application logons.
Which of the following statements is TRUE about the use of DoD Public Key
Infrastructure (PKI) tokens? - ANSWER Always use DoD PKI tokens within
their designated classification level.
Which of the following is NOT a typical means for spreading malicious code?
- ANSWER Patching from a trusted source
Which of the following is a practice that helps to protect you from identity
theft? - ANSWER Ordering a credit report annually
Which of the following is a practice that helps to prevent the download of
viruses and other malicious code when checking your email? - ANSWER Do
not access links or hyperlinked media such as buttons and graphics in email
messages.
You receive an unexpected email from a friend: "I think you'll like this:
https://tinyurl.com/2fcbvy." What action should you take? - ANSWER Use
TinyURL's preview feature to investigate where the link leads.
You receive an email from the Internal Revenue Service (IRS) demanding
immediate payment of back taxes of which you were not aware. The email
provides a website and a toll-free number where you can make payment.
What action should you take? - ANSWER Contact the IRS
When using your government-issued laptop in public environments, with
which of the following should you be concerned? - ANSWER The potential for
unauthorized viewing of work-related information displayed on your screen.
Under what circumstances is it acceptable to check personal email on
Government- furnished equipment (GFE)? - ANSWER If your organization
allows it.
Which of the following is NOT a best practice to protect data on your mobile
computing device? - ANSWER Lock your device screen when not in use and
require a password to reactivate.
