which of the following is not a way that malicious code spreads

get which of the following is not a way that malicious code spreads from EN Bilgi.

DoD Cyber Awareness Challenge 2020 — Your Ultimate Guide

The DoD Cyber Awareness Challenge is an unclassified training that helps government & business employees be more security-minded. Here's what to know...

May 4, 2020 0

DoD Cyber Awareness Challenge 2020 — Your Ultimate Guide

in CYBER SECURITY

(26 votes, average: 4.38 out of 5)

Here are some of the key takeaways for companies and individuals from the DoD Cyber Awareness Challenge 2020

The Cyber Awareness Challenge, which is also known as the Army Cyber Awareness Training, the cyber awareness challenge or the DOD cyber challenge, is an annual computer security training that was created to increase cyber awareness among Department of Defense (DoD) employees.

It’s available online, it’s free of cost for everyone, and it’s also accessible from any part of the world so long as you have a reliable internet connection!

Everyone with a computer or that handles any type of sensitive information would benefit from it. In this guide, we’ll explore the key lessons of the DoD cyber challenge and the summary of the entire training materials.

Download: Certificate Management Checklist Essential 14 Point Free PDF

DoD Cyber Awareness Challenge: Who Can Take It?

Army, other armed force branches, government employees.Companies and organizations can use this cyber awareness challenge as an excellent resource to provide cybersecurity training to their employees.All individuals — especially those who value privacy and security, who work with sensitive information, or those who work in the IT field — should take this training to protect themselves and their clients from potential cyber-attacks.

You can complete this cyber awareness challenge training on the official DoD Cyber Awareness Challenge 2020 website.

Even though its lessons are focusing on securing the nation’s classified data, the cyber awareness challenge contains lots of cybersecurity takeaway for non-military users like you and me.

The Format and Main Content of the DoD Cyber Awareness Challenge

There are three main sections and their subsections in the DoD Cyber Awareness Challenge tutorials:

Each section has definitions, vulnerabilities, real-life scenarios, and talks about the types of decisions you should make or avoid to prevent a cyber attack.

1) Data Spillage

In the government, “spillage” is a term that refers to information that’s leaked from a higher classification or protection level to a lower one. A spillage poses a serious risk to national security. Spillage occurs when someone accidentally or intentionally makes an unauthorized data disclosure, data modification, or engages in espionage, which results in loss or degradation of resources or capabilities.

2) Sensitive Information

For any type of business or organization that handles sensitive information, it’s crucial that you do everything you can to protect this information — both for the sake of your customers as well as to remain compliant with laws and regulatory data protection requirements. Some of these regulations include:

The Health Insurance Portability and Accountability Act (HIPAA),

The European Union’s General Data Protection Regulation (GDPR),

The California Consumer Privacy Act (CCPA), and

The Payment Card Industry Data Security Standards (PCI DSS), etc.

But what is considered “sensitive information?” Sensitive information includes:

Controlled technical information (CTI),

Personally identifiable information (PII),

Protected health information (PHI),

Financial information,

Personal or payroll information,

For official use only (FOUO),

Controlled unclassified information (CUI), and

Proprietary data.

These types of sensitive information must be protected because their leakage can compromise government missions or interests. An example of such sensitive information includes data or information that’s provided by a confidential source (person, commercial business, or foreign government) with the condition it would not be released.

For businesses and healthcare organizations, examples of these types of information include:

Employee or customers’ names, addresses, phone numbers, etc.,

Financial records and account information,

User credentials and passwords,

Patient medical records and health-related information, and

Medicare or insurance information.

3) Malicious Code

Malicious code can be spread by downloading corrupted email attachments and files or visiting infected websites. Malicious code includes viruses, trojan horses, worms, macros, and scripts. They can damage or compromise digital files, erase your hard drive and/or allow hackers access to your PC or mobile from a remote location.

Key Lessons for Corporations and Individuals from the DoD Cyber Awareness Challenge

Here, we have written a summary of cyber awareness challenge training, covering the key takeaway lessons.

Please note that we have included only handpicked the lessons which we deem beneficial to a general audience. It doesn’t have all the teachings of the course, though. To get access to all of that, you must complete the DoD Cyber Awareness Challenge yourself!

Source : sectigostore.com

Cyber Awareness Challenge 2022 Answers and Notes » Quizzma

We thoroughly check each answer to a question to provide you with the most correct answers. Found a mistake? Let us know about it through the REPORT button at the bottom of the page. What is the best response if you find classified government data on the internet? Note any identifying information, such as the … Cyber Awareness Challenge 2022 Answers and Notes Read More »

Cyber Awareness Challenge 2022 Answers And Notes

By Quizzma Team

We thoroughly check each answer to a question to provide you with the most correct answers. Found a mistake? Let us know about it through the REPORT button at the bottom of the page.

What is the best response if you find classified government data on the internet?

Note any identifying information, such as the website’s URL, and report the situation to your security POC.

What is a good practice to protect classified information?

Ensure proper labeling by appropriately marking all classified material and when required, sensitive material.

How many potential insider threat indicators does a person who is playful and charming, consistently wins performance awards, but is occasionally aggressive in trying to access information display?

Secret.

Who might “insiders” be able to cause damage to their organizations more easily than others.

Insiders are given a level of trust and have authorized access to Government information systems.

*Spillage

After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. You know this project is classified. What should be your response?

Attempt to change the subject to something non-work related, but neither confirm nor deny the article’s authenticity.

*Spillage

Which of the following may help prevent inadvertent spillage?

Label all files, removable media, and subject headers with appropriate classification markings.

*Spillage

A user writes down details marked as Secret from a report stored on a classified system and uses those details to draft a briefing on an unclassified system without authorization. What is the best choice to describe what has occurred?

Spillage because classified data was moved to a lower classification level system without authorization.

*Spillage

What should you do when you are working on an unclassified system and receive an email with a classified attachment?

Call your security point of contact immediately

*Spillage

What should you do if a reporter asks you about potentially classified information on the web?

Ask for information about the website, including the URL.

*Spillage

.What should you do if a reporter asks you about potentially classified information on the web?

Refer the reporter to your organization’s public affairs office.

*Spillage

What is a proper response if spillage occurs?

~Immediately notify your security POC.

*Spillage

Which of the following is a good practice to aid in preventing spillage?

Be aware of classification markings and all handling caveats.

**Classified Data

When classified data is not in use, how can you protect it?

Store classified data appropriately in a GSA-approved vault/container.

**Classified Data

What is required for an individual to access classified data?

Appropriate clearance, a signed and approved non-disclosure agreement, and need-to-know

**Classified Data

Which classification level is given to information that could reasonably be expected to cause serious damage to national security?

Secret **Classified Data

What is a good practice to protect classified information?

Ensure proper labeling by appropriately marking all classified material and, when required, sensitive material.

**Classified Data

Which of the following is true of protecting classified data?

Classified material must be appropriately marked.

**Classified Data

Which of the following can an unauthorized disclosure of information classified as Confidential reasonably be expected to cause?

Damage to national security

**Insider Threat

Which of the following is NOT considered a potential insider threat indicator?

New interest in learning a foreign language

**Insider Threat

A colleague has visited several foreign countries recently, has adequate work quality, speaks openly of unhappiness with U.S. foreign policy, and recently had his car repossessed. How many potential insider threat indicators does this employee display?

1 Indicator(wrong)

~3 or more indicators

**Insider Threat

A colleague vacations at the beach every year, is married and a father of four, his work quality is sometimes poor, and he is pleasant to work with. How many potential insider threat indicators does this employee display?

1 indicator **Insider Threat

How many potential insider threat indicators does a coworker who often makes others uneasy by being persistent in trying to obtain information about classified projects to which he has no access, is boisterous about his wife putting them in credit card debt, and often complains about anxiety and exhaustion display?

3 or more indicators

**Insider Threat

How many potential insider threat indicators does a person who is playful and charming, consistently wins performance awards, but is occasionally aggressive in trying to access sensitive information display?

1 indicator **Insider Threat

What advantages do “insider threats” have over others that allows them to cause damage to their organizations more easily?

Source : quizzma.com

Cyber Awareness Challenge Complete Questions and Answers — I Hate CBT's

This article will provide you with all the questions and answers for Cyber Awareness Challenge. ActiveX is a type of this? -Mobile code All https sites are legitimate and there is no risk to entering your personal info online. -FALSE Bob, a coworker, has been going through a divorce, has

MENU

I Hate CBT's

I Hate CBT's Cyber Awareness Challenge Complete Questions and Answers

October 18, 2019

This article will provide you with all the questions and answers for Cyber Awareness Challenge.

ActiveX is a type of this?

-Mobile code

All https sites are legitimate and there is no risk to entering your personal info online.

-FALSE

Bob, a coworker, has been going through a divorce, has financial difficulties and is displaying hostile behavior. How many potential insider threat indicators is Bob displaying?

-3

The CAC/PIV is a controlled item and contains certificates for:

-All of the above

Classified Information can only be accessed by individuals with

-All of the above

Classified Information is

-Assigned a classification level by a supervisor

A coworker has left an unknown CD on your desk. What should you do?

-Put the CD in the trash

DoD employees are prohibited from using a DoD CAC in card-reader-enabled public devices.

-TRUE

The following practices help prevent viruses and the downloading of malicious code except.

-Scan external files from only unverifiable sources before uploading to computer

How are Trojan horses, worms, and malicious scripts spread?

-By email attachments

How can you guard yourself against Identity theft?

-All of the above

How should you securely transport company information on a removable media?

-Encrypt the removable media

If authorized, what can be done on a work computer?

-Check personal email

If classified information were released, which classification level would result in "Exceptionally grave damage to national security"?

-Top Secret

If your wireless device is improperly configured someone could gain control of the device? T/F

-TRUE

An individual who has attempted to access sensitive information without need-to-know and has made unusual requests for sensitive information is displaying indicators of what?

-Potential Insider Threat

It is getting late on Friday. You are reviewing your employees annual self evaluation. Your comments are due on Monday. You can email your employees information to yourself so you can work on it this weekend and go home now. Which method would be the BEST way to send this information?

-Use the government email system so you can encrypt the information and open the email on your government issued laptop

It is permissible to release unclassified information to the public prior to being cleared.

-False

Malicious code can do the following except?

-Make your computer more secure

Maria is at home shopping for shoes on Amazon.com. Before long she has also purchased shoes from several other websites. What can be used to track Maria's web browsing habits?

-Cookies

Media containing Privacy Act information, PII, and PHI is not required to be labeled.

-FALSE

A medium secure password has at least 15 characters and one of the following.

-Special character

Of the following, which is NOT a characteristic of a phishing attempt?

-Directing you to a web site that is real

Of the following, which is NOT a method to protect sensitive information?

-After work hours, storing sensitive information in unlocked containers, desks, or cabinets if security is not present

Of the following, which is NOT an intelligence community mandate for passwords?

-Maximum password age of 45 days

Of the following, which is NOT a problem or concern of an Internet hoax?

-Directing you to a website that looks real

Of the following, which is NOT a security awareness tip?

-Remove security badge as you enter a restaurant or retail establishment

P2P (Peer-to-Peer) software can do the following except:

-Allow attackers physical access to network assets

PII, PHI, and financial information is classified as what type of information?

-Sensitive

Should you always label your removable media?

-Yes

Someone calls from an unknown number and says they are from IT and need some information about your computer. What should you do?

-Request the user's full name and phone number

Spear Phishing attacks commonly attempt to impersonate email from trusted entities. What security device is used in email to verify the identity of sender?

-Digital Signatures

Spillage occurs when

-Personal information is inadvertently posted at a website

There are many travel tips for mobile computing. Which of the following is NOT one?

-When using a public device with a card reader, only use your DoD CAC to access unclassified information

Thumb drives, memory sticks, and flash drives are examples of

-Removable media

UNCLASSIFIED is a designation to mark information that does not have potential to damage national security.

-TRUE

The use of webmail is

-is only allowed if the organization permits it

Using webmail may bypass built in security features.

-TRUE

What action is recommended when somebody calls you to inquire about your work environment or specific account information?

-Ask them to verify their name and office number

What actions should you take prior to leaving the work environment and going to lunch?

-All of the above

Source : www.ihatecbts.com