US Navy Cyber Awareness Challenge
2025/2026 Study Guide
Module 1: The Evolving Cyber Threat Landscape & Social
Engineering
1. What is the primary goal of most cyber adversaries targeting the DoD?
ANSWER ✓ To steal sensitive information, disrupt operations, or degrade combat
capabilities.
2. What is Social Engineering?
ANSWER ✓ A manipulation technique that exploits human error to gain private
information, access, or valuables.
3. Which of the following is a common social engineering tactic that involves a
fraudulent text message?
ANSWER ✓ Smishing (SMS Phishing).
4. You receive an urgent email from your "Commanding Officer" stating they are
stuck in a meeting and need you to purchase gift cards for a ceremony. What is
this?
ANSWER ✓ A phishing attempt, specifically a form of impersonation and urgency scam.
5. What is Vishing?
ANSWER ✓ Voice phishing; a social engineering attack conducted over the phone.
6. How can you best verify a request that seems unusual, even if it appears to
come from a superior?
ANSWER ✓ Use a verified, pre-established contact method (like a known phone number
or in-person) to confirm the request.
7. What is "Pretexting" in social engineering?
, ANSWER ✓ Creating a fabricated scenario (the pretext) to steal a victim's personal
information.
8. You see a USB drive labeled "2025 Sailor Evaluations" in the parking lot. What
should you do?
ANSWER ✓ Do not plug it into any computer. Immediately give it to your unit's
Cybersecurity Officer.
9. What is a key indicator of a phishing email?
ANSWER ✓ Poor grammar and spelling, a sense of urgency, generic greetings, and
suspicious sender addresses.
10. What should you do immediately if you click on a link in a suspicious email?
ANSWER ✓ Disconnect your device from the network (unplug Ethernet and disable Wi-
Fi/Bluetooth) and report the incident immediately.
Module 2: Classified Information and Data Spillage
11. What is Data Spillage?
ANSWER ✓ The transfer of classified or sensitive information onto a non-authorized
system or network.
12. What is the first thing you must do if you suspect a data spillage has occurred?
ANSWER ✓ Immediately notify your Chain of Command and your Information System
Security Manager (ISSM).
13. What is the maximum period of time that classified information can be left
unattended?
ANSWER ✓ Classified information must be under constant supervision by an authorized
individual.
14. You need to discuss classified information. What is the proper environment?
ANSWER ✓ In a Secure Compartmented Information Facility (SCIF) or an area approved
for classified discussions.
2025/2026 Study Guide
Module 1: The Evolving Cyber Threat Landscape & Social
Engineering
1. What is the primary goal of most cyber adversaries targeting the DoD?
ANSWER ✓ To steal sensitive information, disrupt operations, or degrade combat
capabilities.
2. What is Social Engineering?
ANSWER ✓ A manipulation technique that exploits human error to gain private
information, access, or valuables.
3. Which of the following is a common social engineering tactic that involves a
fraudulent text message?
ANSWER ✓ Smishing (SMS Phishing).
4. You receive an urgent email from your "Commanding Officer" stating they are
stuck in a meeting and need you to purchase gift cards for a ceremony. What is
this?
ANSWER ✓ A phishing attempt, specifically a form of impersonation and urgency scam.
5. What is Vishing?
ANSWER ✓ Voice phishing; a social engineering attack conducted over the phone.
6. How can you best verify a request that seems unusual, even if it appears to
come from a superior?
ANSWER ✓ Use a verified, pre-established contact method (like a known phone number
or in-person) to confirm the request.
7. What is "Pretexting" in social engineering?
, ANSWER ✓ Creating a fabricated scenario (the pretext) to steal a victim's personal
information.
8. You see a USB drive labeled "2025 Sailor Evaluations" in the parking lot. What
should you do?
ANSWER ✓ Do not plug it into any computer. Immediately give it to your unit's
Cybersecurity Officer.
9. What is a key indicator of a phishing email?
ANSWER ✓ Poor grammar and spelling, a sense of urgency, generic greetings, and
suspicious sender addresses.
10. What should you do immediately if you click on a link in a suspicious email?
ANSWER ✓ Disconnect your device from the network (unplug Ethernet and disable Wi-
Fi/Bluetooth) and report the incident immediately.
Module 2: Classified Information and Data Spillage
11. What is Data Spillage?
ANSWER ✓ The transfer of classified or sensitive information onto a non-authorized
system or network.
12. What is the first thing you must do if you suspect a data spillage has occurred?
ANSWER ✓ Immediately notify your Chain of Command and your Information System
Security Manager (ISSM).
13. What is the maximum period of time that classified information can be left
unattended?
ANSWER ✓ Classified information must be under constant supervision by an authorized
individual.
14. You need to discuss classified information. What is the proper environment?
ANSWER ✓ In a Secure Compartmented Information Facility (SCIF) or an area approved
for classified discussions.
