DOD Cyber Awareness Challenge 2025 Knowledge check

Which of the following is true of compressed URLs (e.g., TinyURL, goo.gl)?

They may be used to mask malicious intent

What is a best practice for creating user accounts for your home computer?

Create separate accounts for each user and have each user create their own password.

Which of the following is a best practice to protect your identity?

Ask how information will be used before giving it out. (Correct)

Ref: Cyber Awareness Challenge 2025 / Identity Protection

John receives an e-mail about a potential shutdown of a major social service unless a petition receives enough signatures. Which of the following actions should John NOT take with the e-mail?

Forward it (Correct)

Ref: Cyber Awareness Challenge 2025 / Phishing

Which of the following is an appropriate use of government e-mail?

Using a digital signature when sending hyperlinks

Steve occasionally runs errands during virtual meetings. He joins the meetings using his approved government device. Does this pose a security concern?

Yes. Eavesdroppers may be listening to Steve's conversation

How can you prevent viruses and malicious code?

Scan all e-mail attachments (Correct)

Ref: Cyber Awareness Challenge 2025 / Protecting Against Malicious Code

Matt is a government employee who needs to share a document containing source selection data with his supervisor. Which of the following describes the most appropriate way for Matt to do this?

Encrypt it and send it via digitally signed Government e-mail. (Correct)

Ref: Cyber Awareness Challenge 2025 / Protecting PII/PHI

You receive an e-mail with a link to run an anti-virus scan. Your IT department has not sent links like this in the past. The e-mail is not digitally signed. What action should you take?

Report the e-mail to your security POC or help desk. (Correct)

Ref: Cyber Awareness Challenge 2025 / Phishing

Which of the following is a way to protect classified data?

Store it in a GSA-approved container

How can you protect yourself from identity theft?

Review your credit report annually

How can you protect your home computer?

Use legitimate, known antivirus software (Correct)

Install spyware protection software. (Correct)

Ref: Cyber Awareness Challenge 2025 / Best Practices for Home Computer Security

Which of the following poses a security risk while teleworking in an environment where Internet of Things (IoT) devices are present?

All of these.

Which of these is NOT a potential indicator that your device may be under a malicious code attack?

An operating system update (Correct)

Ref: Cyber Awareness Challenge 2025 / Incident Indicators

What are the requirements for access to Sensitive Compartmented Information (SCI)?

Top Secret clearance and indoctrination into the SCI program

Which of the following is an example of removable media?

Compact disc

Which of the following is an example of behavior that you should report?

Bringing a phone into a prohibited area

Which of the following is NOT an appropriate use of your Common Access Card (CAC)?

Exchanging it for a visitor pass in another building. (Correct)

Ref: Cyber Awareness Challenge 2025 / CAC/PIV Card Protection

You receive a phone call from an unknown person asking for a directory name on your government furnished laptop so that a software update can be made. Which course of action should you take?

Document the interaction and contact your security POC or help desk

How can you protect your home computer?

Install spyware protection software

Which of the following is an appropriate use of a DoD Public Key Infrastructure (PKI) token?

Only leave it in a system while actively using it for a PKI-required task

How can you protect yourself on social networking sites?

Validate connection requests through another source if possible. (Correct)

Ref: Cyber Awareness Challenge 2025 / Social Networking: Protect Yourself

How can you protect data on a mobile device?

Use two-factor authentication

You receive an e-mail marked important from your agency head asking you to call them using a number you do not recognize. The e-mail was sent from a personal e-mail address that you do not recognize, but it addresses you by name. What action should you take?

This may be a spear phishing attempt. Report it to your security POC or help desk.

Which of the following is permitted when using an unclassified laptop within a collateral classified space?

A personally-owned wired headset without a microphone (Correct)

Ref: Cyber Awareness Challenge 2025 / Collateral Classified Spaces

Tessa is processing payroll data that includes employees' names, home addresses, and salary. Which of the following is Tessa prohibited from doing with the data?

Using her home computer to print the data while working remotely. (Correct)

Ref: Cyber Awareness Challenge 2025 / Telework and Home Computer Security

Which type of data could reasonably be expected to cause damage to national security?

Secret

Which of the following is true of Sensitive Compartmented Information Facilities (SCIFs)?

SCIFs are not permitted to be constructed with windows unless fixed, unalterable window coverings are in place.

When allowed, which of the following is an appropriate use of removable media?

Labeling media that contains personally identifiable information (PII) (Correct)

Ref: Cyber Awareness Challenge 2025 / Appropriate Use of Removable Media

Which of the following is a potential Insider threat indicator?

Financial windfall from an inheritance

Which of the following is a best practice when browsing the Internet?

Look for h-t-t-p-s in the URL name

Which of the following would work in combination for tow-factor authentication?

Common Access Card (CAC) and Personal Identification Number (PIN)

Which of the following is a best practice for protecting your home wireless network for telework or remote work?

Implement, as a minimum, Wi-Fi Protected Access 2 (WPA2) Personal encryption.

Which of the following is true of removable media and portable electronic devices (PEDs)

Removable media pose more risks than PEDs and are not permitted in government facilities?

Which of the following statements about Protected Health Information (PHI) is true?

It refers to all health information, regardless of the source or recipient.

Does it pose a risk to tap your smartwatch to pay for a purchase at a store?

Only if you do not have two-factor authentication enables on your linked phone

Which of the following is an allowed use of government furnished equipment (GFE)?

E-mailing your supervisor

Based on the description provided, how many insider threat indicators are present? Edward has worked for the DoD agency for 2 years. He is an analyst who takes a great deal of interest in his work. He occasionally takes a somewhat aggressive interest in others' work as well, including asking for classified details of their projects. He otherwise gets along well with his colleagues.

1-2 (Unsure)

Ref: Cyber Awareness Challenge 2025 / Detecting Insider Threats

How can you protect a mobile device while traveling?

Connect with a Government VPN. (Correct)

Ref: Cyber Awareness Challenge 2025 / Traveling with Mobile Devices

What is an insider threat?

Someone who uses authorized access, either wittingly or unwittingly, to harm national security. (Correct)

Ref: Cyber Awareness Challenge 2025 / Insider Threat

Which of the following is a best practice for telework and remote work?

Connect to your Government Virtual Private Network (VPN) (Correct)

Ref: Cyber Awareness Challenge 2025 / Telework and Home Computer Security

Which of the following is true of spillage?

It can be inadvertent or intentional. (Correct)

Ref: Cyber Awareness Challenge 2025 / Spillage

Which of the following would work in combination for two-factor authentication?

Common Access Card (CAC) and Personal Identification Number (PIN) (Correct)

Ref: Cyber Awareness Challenge 2025 / Identity Authentication

Under which Cyberspace Protection Condition (CAPCON) is the priority focus limited to critical functions?

CPCON 1 (Correct)

Ref: Cyber Awareness Challenge 2025 / Cyberspace Protection Conditions (CPCON)

Which of the following is true of working within a Sensitive Compartmented Information Facility (SCIF)?

Badges must be worn while in the facility and removed when leaving the facility. (Correct)

Ref: Cyber Awareness Challenge 2025 / Sensitive Compartmented Information Facilities (SCIFs)

When linked to a specific individual, which of the following is NOT an example of Personally Identifiable Information (PII)?

Smartphone brand and model (Correct)

Ref: Cyber Awareness Challenge 2025 / Personally Identifiable Information (PII)

Which is an example of a strong password?

bRobr@79I*P (Correct)

Ref: Cyber Awareness Challenge 2025 / Passwords

Which of the following describes Sensitive Compartmented Information (SCI)?

SCI introduces an overlay of security to Top Secret, Secret, and Confidential information. (Correct)

Ref: Cyber Awareness Challenge 2025 / Sensitive Compartmented Information (SCI)

When is the safest time to post on social media about your work-related travel?

After the trip (Correct)

Ref: Common Sense

As you browse a social media site, you come across photos of information with classified markings. What should you do?

Notify your security point of contact. (Correct)

Ref: Cyber Awareness Challenge 2025 / Responding to Spillage