DOD ANNUAL SECURITY AWARENESS REFRESHER (5
PARTS) | QUESTIONS AND ANSWERS | VERIFIED
ANSWERS GRADED A+ | LATEST EXAM
Part 1: Questions 1–50
1. What is the primary purpose of the DoD Security Awareness Program?
To protect national security information and systems by ensuring
personnel understand security responsibilities
2. Who is responsible for safeguarding classified and controlled unclassified
information (CUI)?
Every individual who handles or has access to the information
3. What does CUI stand for?
Controlled Unclassified Information
4. Which document establishes the DoD Cybersecurity Program?
DoD Instruction 8500.01
5. What classification level is applied to information that could cause
serious damage to national security?
Secret
6. What classification level is applied to information that could cause
exceptionally grave damage to national security?
Top Secret
7. Which of the following is an example of Personally Identifiable
Information (PII)?
Social Security number
8. What should you do if you suspect a phishing email?
Report it to your organization’s security or IT office
9. Which of the following is a common indicator of a phishing attempt?
Urgent language requesting immediate action
,10.What is the safest action when receiving an email from an unknown
sender with an attachment?
Do not open the attachment and report the email
11.What does OPSEC stand for?
Operations Security
12.What is the goal of OPSEC?
To prevent adversaries from obtaining sensitive information
13.Which information should never be shared on social media?
Sensitive mission-related details
14.What is considered a weak password?
A short password using common words
15.How often should passwords be changed according to DoD policy?
When compromised or as required by system policy
16.What is multifactor authentication (MFA)?
A security method requiring two or more forms of verification
17.Which of the following is an example of MFA?
Password and CAC
18.What should you do if your CAC is lost or stolen?
Report it immediately to security and your chain of command
19.What is spillage?
The improper transfer of classified or sensitive information to an
unauthorized system
20.What is the correct response to a spillage incident?
Stop work, secure the system, and report immediately
21.What is malware?
Malicious software designed to damage or disrupt systems
22.Which of the following is an example of malware?
Ransomware
23.What should you do before connecting removable media to a DoD
system?
Ensure it is authorized and scanned
24.What is the primary risk of using unauthorized USB devices?
Introduction of malware
, 25.What does the principle of least privilege mean?
Users are granted only the access necessary to perform their duties
26.Who approves access to classified information?
The appropriate security authority
27.What is insider threat?
A risk posed by individuals with authorized access who misuse it
28.Which behavior may indicate an insider threat?
Unusual downloading of large amounts of data
29.What should you do if you observe suspicious behavior?
Report it through proper channels
30.What is social engineering?
Manipulating individuals into divulging confidential information
31.Which method is commonly used in social engineering attacks?
Impersonation
32.What should you verify before sharing sensitive information?
The recipient’s identity and authorization
33.What is a secure practice when working remotely?
Use a VPN and approved devices
34.What should you do when leaving your workstation unattended?
Lock the screen
35.What is tailgating?
Unauthorized individuals following authorized personnel into secure
areas
36.How can tailgating be prevented?
Challenge or report unauthorized individuals
37.What is the proper disposal method for classified paper documents?
Approved shredding or destruction
38.What marking indicates information is classified?
Classification banners and portion markings
39.What does “need-to-know” mean?
Access is granted only if required for official duties
40.What is a data breach?
Unauthorized access to sensitive information
PARTS) | QUESTIONS AND ANSWERS | VERIFIED
ANSWERS GRADED A+ | LATEST EXAM
Part 1: Questions 1–50
1. What is the primary purpose of the DoD Security Awareness Program?
To protect national security information and systems by ensuring
personnel understand security responsibilities
2. Who is responsible for safeguarding classified and controlled unclassified
information (CUI)?
Every individual who handles or has access to the information
3. What does CUI stand for?
Controlled Unclassified Information
4. Which document establishes the DoD Cybersecurity Program?
DoD Instruction 8500.01
5. What classification level is applied to information that could cause
serious damage to national security?
Secret
6. What classification level is applied to information that could cause
exceptionally grave damage to national security?
Top Secret
7. Which of the following is an example of Personally Identifiable
Information (PII)?
Social Security number
8. What should you do if you suspect a phishing email?
Report it to your organization’s security or IT office
9. Which of the following is a common indicator of a phishing attempt?
Urgent language requesting immediate action
,10.What is the safest action when receiving an email from an unknown
sender with an attachment?
Do not open the attachment and report the email
11.What does OPSEC stand for?
Operations Security
12.What is the goal of OPSEC?
To prevent adversaries from obtaining sensitive information
13.Which information should never be shared on social media?
Sensitive mission-related details
14.What is considered a weak password?
A short password using common words
15.How often should passwords be changed according to DoD policy?
When compromised or as required by system policy
16.What is multifactor authentication (MFA)?
A security method requiring two or more forms of verification
17.Which of the following is an example of MFA?
Password and CAC
18.What should you do if your CAC is lost or stolen?
Report it immediately to security and your chain of command
19.What is spillage?
The improper transfer of classified or sensitive information to an
unauthorized system
20.What is the correct response to a spillage incident?
Stop work, secure the system, and report immediately
21.What is malware?
Malicious software designed to damage or disrupt systems
22.Which of the following is an example of malware?
Ransomware
23.What should you do before connecting removable media to a DoD
system?
Ensure it is authorized and scanned
24.What is the primary risk of using unauthorized USB devices?
Introduction of malware
, 25.What does the principle of least privilege mean?
Users are granted only the access necessary to perform their duties
26.Who approves access to classified information?
The appropriate security authority
27.What is insider threat?
A risk posed by individuals with authorized access who misuse it
28.Which behavior may indicate an insider threat?
Unusual downloading of large amounts of data
29.What should you do if you observe suspicious behavior?
Report it through proper channels
30.What is social engineering?
Manipulating individuals into divulging confidential information
31.Which method is commonly used in social engineering attacks?
Impersonation
32.What should you verify before sharing sensitive information?
The recipient’s identity and authorization
33.What is a secure practice when working remotely?
Use a VPN and approved devices
34.What should you do when leaving your workstation unattended?
Lock the screen
35.What is tailgating?
Unauthorized individuals following authorized personnel into secure
areas
36.How can tailgating be prevented?
Challenge or report unauthorized individuals
37.What is the proper disposal method for classified paper documents?
Approved shredding or destruction
38.What marking indicates information is classified?
Classification banners and portion markings
39.What does “need-to-know” mean?
Access is granted only if required for official duties
40.What is a data breach?
Unauthorized access to sensitive information
