DOD CYBER AWARENESS QUIZ
QUESTIONS AND ANSWERS
Which of the following is a potential insider threat indicator? - ANSWER -1) Unusual
interest in classified information. 2) Difficult life circumstances, such as death of spouse.
Which piece of information is safest to include on your social media profile? - ANSWER
-Your favourite movie.
Which of the following statements is true? - ANSWER -Many apps and smart devices
collect and share your personal information and contribute to your online identity.
How can you protect your organization on social networking sites? - ANSWER -Ensure
there are no identifiable landmarks visible in any photos taken in a work setting that you
post.
Which is a best practice for protecting Controlled Unclassified Information (CUI)? -
ANSWER -Store it in a locked desk drawer after working hours.
Which of the following best describes a way to safely transmit Controlled Unclassified
Information (CUI)? - ANSWER -Paul verifies that the information is CUI, includes a CUI
marking in the subject header, and digitally signs an e-mail containing CUI.
Which designation includes Personally Identifiable Information (PII) and Protected
Health Information (PHI)? - ANSWER -Controlled Unclassified Information (CUI)
Which of the following is NOT an example of CUI? - ANSWER -Press release data.
Which of the following is NOT a correct way to protect CUI? - ANSWER -CUI may be
stored on any password-protected system.
Which of the following best describes good physical security? - ANSWER -Lionel stops
an individual in his secure area who is not wearing a badge.
Which of the following is an example of two-factor authentication? - ANSWER -A
Common Access Card and Personal Identification Number.
What is the best way to protect your Common Access Card (CAC) or Personal Identity
Verification (PIV) card? - ANSWER -Store it in a shielded sleeve.
A vendor conducting a pilot program with your organization contacts you for
organizational data to use in a prototype. How should you respond? - ANSWER -Refer
the vendor to the appropriate personnel.
, When classified data is not in use, how can you protect it? - ANSWER -Store classified
data appropriately in a GSA-approved vault/container.
What is the basis for handling and storage of classified data? - ANSWER -Classification
markings and handling caveats.
Which of the following must you do before using an unclassified laptop and peripherals
in a collateral classified environment? - ANSWER -Ensure that any cameras,
microphones, and Wi-Fi embedded in the laptop are physically disabled.
What level of damage to national security can you reasonably expect Top secret
information to cause if disclosed? - ANSWER -Exceptionally grave damage.
Which of the following is true about telework? - ANSWER -You must have your
organization's permission to telework.
Which of the following is true of protecting classified data? - ANSWER -Classified
material must be appropriately marked.
Which of the following is a reportable insider threat activity? - ANSWER -Attempting to
access sensitive information without need-to-know.
Which scenario might indicate a reportable insider threat? - ANSWER -a colleague
removes sensitive information without seeking authorization in order to perform
authorized telework.
What must authorized personnel do before permitting another individual to enter a
Sensitive Compartmented Information Facility (SCIF)? - ANSWER -Confirm the
individual's need-to-know and access.
Which of the following is true of Sensitive Compartmented Information (SCI)? -
ANSWER -Access requires Top Secret clearance and indoctrination into the SCI
program.
Which of the following is NOT a potential consequence of using removable media
unsafely in a Sensitive Compartmented Information Facility (SCIF)? - ANSWER -
Damage to the removable media.
What portable electronic devices (PEDs) are permitted in a SCIF? - ANSWER -Only
expressly authorized government-owned PEDs.
What is the response to an incident such as opening an uncontrolled DVD on a
computer in a SCIF? - ANSWER -All of these.
Which of the following is NOT a type of malicious code? - ANSWER -Executables.
QUESTIONS AND ANSWERS
Which of the following is a potential insider threat indicator? - ANSWER -1) Unusual
interest in classified information. 2) Difficult life circumstances, such as death of spouse.
Which piece of information is safest to include on your social media profile? - ANSWER
-Your favourite movie.
Which of the following statements is true? - ANSWER -Many apps and smart devices
collect and share your personal information and contribute to your online identity.
How can you protect your organization on social networking sites? - ANSWER -Ensure
there are no identifiable landmarks visible in any photos taken in a work setting that you
post.
Which is a best practice for protecting Controlled Unclassified Information (CUI)? -
ANSWER -Store it in a locked desk drawer after working hours.
Which of the following best describes a way to safely transmit Controlled Unclassified
Information (CUI)? - ANSWER -Paul verifies that the information is CUI, includes a CUI
marking in the subject header, and digitally signs an e-mail containing CUI.
Which designation includes Personally Identifiable Information (PII) and Protected
Health Information (PHI)? - ANSWER -Controlled Unclassified Information (CUI)
Which of the following is NOT an example of CUI? - ANSWER -Press release data.
Which of the following is NOT a correct way to protect CUI? - ANSWER -CUI may be
stored on any password-protected system.
Which of the following best describes good physical security? - ANSWER -Lionel stops
an individual in his secure area who is not wearing a badge.
Which of the following is an example of two-factor authentication? - ANSWER -A
Common Access Card and Personal Identification Number.
What is the best way to protect your Common Access Card (CAC) or Personal Identity
Verification (PIV) card? - ANSWER -Store it in a shielded sleeve.
A vendor conducting a pilot program with your organization contacts you for
organizational data to use in a prototype. How should you respond? - ANSWER -Refer
the vendor to the appropriate personnel.
, When classified data is not in use, how can you protect it? - ANSWER -Store classified
data appropriately in a GSA-approved vault/container.
What is the basis for handling and storage of classified data? - ANSWER -Classification
markings and handling caveats.
Which of the following must you do before using an unclassified laptop and peripherals
in a collateral classified environment? - ANSWER -Ensure that any cameras,
microphones, and Wi-Fi embedded in the laptop are physically disabled.
What level of damage to national security can you reasonably expect Top secret
information to cause if disclosed? - ANSWER -Exceptionally grave damage.
Which of the following is true about telework? - ANSWER -You must have your
organization's permission to telework.
Which of the following is true of protecting classified data? - ANSWER -Classified
material must be appropriately marked.
Which of the following is a reportable insider threat activity? - ANSWER -Attempting to
access sensitive information without need-to-know.
Which scenario might indicate a reportable insider threat? - ANSWER -a colleague
removes sensitive information without seeking authorization in order to perform
authorized telework.
What must authorized personnel do before permitting another individual to enter a
Sensitive Compartmented Information Facility (SCIF)? - ANSWER -Confirm the
individual's need-to-know and access.
Which of the following is true of Sensitive Compartmented Information (SCI)? -
ANSWER -Access requires Top Secret clearance and indoctrination into the SCI
program.
Which of the following is NOT a potential consequence of using removable media
unsafely in a Sensitive Compartmented Information Facility (SCIF)? - ANSWER -
Damage to the removable media.
What portable electronic devices (PEDs) are permitted in a SCIF? - ANSWER -Only
expressly authorized government-owned PEDs.
What is the response to an incident such as opening an uncontrolled DVD on a
computer in a SCIF? - ANSWER -All of these.
Which of the following is NOT a type of malicious code? - ANSWER -Executables.
