ANNUAL DOD CYBER AWARENESS CHALLENGE TESTED
QUESTIONS WITH ANSWERS 2025/2026 GRADED A+
When using a fax machine to send sensitive information, the sender should do which of
the following? - Contact the recipient to confirm receipt
What should be done to protect against insider threats? - Report any suspicious
behavior
Which of the following is NOT a potential insider threat? - Member of a religion or faith
Of the following, which is NOT a security awareness tip? - Remove security badge as
you enter a restaurant or retail establishment
ActiveX is a type of this? - Mobile code
Which of the following is NOT a security best practice when saving cookies to a hard
drive? - Looking for "https" in the URL. All https sites are legitimate.
Which is NOT a requirement for telework? - Telework is only authorized for unclassified
and confidential information
Someone calls from an unknown number and says they are from IT and need some
information about your computer. What should you do? - Request the user's full name
and phone number
Which is NOT a wireless security practice? - Turning off computer when not in use
Malicious code can do the following except? - Make your computer more secure
What type of data must be handled and stored properly based on classification
markings and handling caveats? - Classified
What information should you avoid posting on social networking sites? - All of the above
A coworker has left an unknown CD on your desk. What should you do? - Put the CD in
the trash
Which of the following is NOT a DoD special requirement for tokens? - Using NIPRNet
tokens on systems of higher classification level
UNCLASSIFIED is a designation to mark information that does not have potential to
damage national security. - TRUE
, You receive a call on your work phone and you're asked to participate in a phone
survey. As part of the survey the caller asks for birth date and address. What type of
attack might this be? - Social Engineering
"Spillage" occurs when - Personal information is inadvertently posted at a website
What should be done to sensitive data on laptops and other mobile computing devices?
- Encrypt the sensitive data
Which of the following should be done to keep your home computer secure? - All of the
above
How are Trojan horses, worms, and malicious scripts spread? - By email attachments
The following practices help prevent viruses and the downloading of malicious code
except. - Scan external files from only unverifiable sources before uploading to
computer
It is getting late on Friday. You are reviewing your employees annual self evaluation.
Your comments are due on Monday. You can email your employees information to
yourself so you can work on it this weekend and go home now. Which method would be
the BEST way to send this information? - Use the government email system so you can
encrypt the information and open the email on your government issued laptop
What should you do if someone asks to use your government issued mobile device
(phone/laptop..etc)? - Decline to lend your phone / laptop
Where should you store PII / PHI? - Information should be secured in a cabinet or
container while not in use
Of the following, which is NOT an intelligence community mandate for passwords? -
Maximum password age of 45 days
Which of the following is NOT Government computer misuse? - Checking work email
Which is NOT a telework guideline? - Taking classified documents from your workspace
What should you do if someone forgets their access badge (physical access)? - Alert
the security office
What can you do to protect yourself against phishing? - All of the above
What should you do to protect classified data? - Answer 1 and 2 are correct
What action is recommended when somebody calls you to inquire about your work
environment or specific account information? - Ask them to verify their name and office
number
QUESTIONS WITH ANSWERS 2025/2026 GRADED A+
When using a fax machine to send sensitive information, the sender should do which of
the following? - Contact the recipient to confirm receipt
What should be done to protect against insider threats? - Report any suspicious
behavior
Which of the following is NOT a potential insider threat? - Member of a religion or faith
Of the following, which is NOT a security awareness tip? - Remove security badge as
you enter a restaurant or retail establishment
ActiveX is a type of this? - Mobile code
Which of the following is NOT a security best practice when saving cookies to a hard
drive? - Looking for "https" in the URL. All https sites are legitimate.
Which is NOT a requirement for telework? - Telework is only authorized for unclassified
and confidential information
Someone calls from an unknown number and says they are from IT and need some
information about your computer. What should you do? - Request the user's full name
and phone number
Which is NOT a wireless security practice? - Turning off computer when not in use
Malicious code can do the following except? - Make your computer more secure
What type of data must be handled and stored properly based on classification
markings and handling caveats? - Classified
What information should you avoid posting on social networking sites? - All of the above
A coworker has left an unknown CD on your desk. What should you do? - Put the CD in
the trash
Which of the following is NOT a DoD special requirement for tokens? - Using NIPRNet
tokens on systems of higher classification level
UNCLASSIFIED is a designation to mark information that does not have potential to
damage national security. - TRUE
, You receive a call on your work phone and you're asked to participate in a phone
survey. As part of the survey the caller asks for birth date and address. What type of
attack might this be? - Social Engineering
"Spillage" occurs when - Personal information is inadvertently posted at a website
What should be done to sensitive data on laptops and other mobile computing devices?
- Encrypt the sensitive data
Which of the following should be done to keep your home computer secure? - All of the
above
How are Trojan horses, worms, and malicious scripts spread? - By email attachments
The following practices help prevent viruses and the downloading of malicious code
except. - Scan external files from only unverifiable sources before uploading to
computer
It is getting late on Friday. You are reviewing your employees annual self evaluation.
Your comments are due on Monday. You can email your employees information to
yourself so you can work on it this weekend and go home now. Which method would be
the BEST way to send this information? - Use the government email system so you can
encrypt the information and open the email on your government issued laptop
What should you do if someone asks to use your government issued mobile device
(phone/laptop..etc)? - Decline to lend your phone / laptop
Where should you store PII / PHI? - Information should be secured in a cabinet or
container while not in use
Of the following, which is NOT an intelligence community mandate for passwords? -
Maximum password age of 45 days
Which of the following is NOT Government computer misuse? - Checking work email
Which is NOT a telework guideline? - Taking classified documents from your workspace
What should you do if someone forgets their access badge (physical access)? - Alert
the security office
What can you do to protect yourself against phishing? - All of the above
What should you do to protect classified data? - Answer 1 and 2 are correct
What action is recommended when somebody calls you to inquire about your work
environment or specific account information? - Ask them to verify their name and office
number
