Cyber Awareness Challenge 2021

Which of the following is NOT an example of CUI?

Press release data

Explanation: Controlled Unclassified Information (CUI) typically includes sensitive but unclassified information that requires safeguarding. Press release data is usually information that an organization intentionally releases to the public, and it’s not considered sensitive or protected. CUI, on the other hand, involves information that, while unclassified, requires protection due to its sensitive nature.

Which of the following is NOT a correct way to protect CUI?

CUI may be stored on any password-protected system

Explanation: Storing Controlled Unclassified Information (CUI) on any password-protected system might not provide sufficient security. CUI typically requires specific security measures, and a general password protection may not meet those requirements. Secure storage and handling practices are essential for CUI protection.

Which of the following does NOT constitute spillage?

Classified information that should be unclassified and is downgraded

Explanation: Spillage refers to the unauthorized or accidental exposure, transmission, or release of classified information. In this case, the information was correctly classified, and the downgrading process was intentional and proper. Spillage usually involves the mishandling of classified information, and a proper classification review resulting in downgrading does not constitute spillage.

Which of the following is NOT an appropriate way to protect against inadvertent spillage?

Use the classified network for all work, including unclassified work

Explanation: Using the classified network for all work, including unclassified tasks, is not an appropriate way to protect against inadvertent spillage. Classified networks are designed for handling classified information, and using them for unclassified work may increase the risk of spillage. Proper segregation of classified and unclassified tasks and networks is essential.

Which of the following should you NOT do if you find classified information on the internet?

Download the information

Explanation: Downloading classified information from the internet without proper authorization is a security violation. If classified information is encountered on the internet, it should be reported to the appropriate authorities for investigation and proper handling. Downloading such information without authorization can lead to unauthorized disclosure and potential legal consequences.


Very High DoD Risk Level; Priority Critical Functions

Explanation: CPCON (Defense Condition) 1 indicates a very high Department of Defense (DoD) risk level. It signifies that priority critical functions are at risk, and immediate actions and precautions are necessary to address the heightened threat level.


High DoD Risk Level; Priority Critical and Essential Functions

Explanation: CPCON 2 signifies a high DoD risk level. It indicates that both priority critical and essential functions are at risk. While not as severe as CPCON 1, CPCON 2 still requires heightened awareness and precautionary measures.

What should the employee do differently?

Remove his CAC and lock his workstation

Explanation: To enhance security, employees should remove their Common Access Card (CAC) and lock their workstations when they are away. This helps prevent unauthorized access and protects sensitive information.

What should the employee do differently?

Decline to let the person in and redirect her to security

Explanation: Employees should prioritize security and follow access control procedures. If uncertain about someone’s authorization, it’s important to decline entry and redirect the person to security for verification.

When is it appropriate to have your security badge visible?

At all times when in the facility

Explanation: Security badges should be visible at all times when an individual is in a secure facility. This makes it easier for security personnel to identify authorized personnel and enhances overall facility security.

What should the owner of this printed SCI do differently?

Retrieve classified documents promptly from printers

Explanation: Classified documents should be handled with care. Owners of printed Sensitive Compartmented Information (SCI) should promptly retrieve such documents from printers to prevent unauthorized access and protect sensitive information.

What should the participants in this conversation involving SCI do differently?

Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed

Explanation: When discussing Sensitive Compartmented Information (SCI), participants should ensure that everyone within listening distance is cleared and has a legitimate need-to-know for the information. This physical assessment helps prevent unauthorized disclosure of sensitive information.

What level of damage to national security can you reasonably expect Top Secret information to cause if disclosed?

Exceptionally grave damage

Explanation: Top Secret information is the highest level of classified information, and its unauthorized disclosure can cause exceptionally grave damage to national security. It includes information that, if disclosed, could have severe consequences.

Which of the following is true about telework?

You must have your organization’s permission to telework

Explanation: Telework often requires explicit permission from the organization. It involves working remotely, and organizations typically establish policies and procedures to govern telework arrangements.

Which of the following is true of protecting classified data?

Classified material must be appropriately marked

Explanation: Proper marking of classified material is a crucial aspect of protecting classified data. Clear and accurate markings help ensure that individuals handling the information are aware of its classification level and the security measures required.

Social Media Profile Privacy Settings

Everything Friends Only except your Name and Profile Picture – turn off “Check in location via GPS”

Explanation: To enhance privacy and security on social media, it’s advisable to set profile information to “Friends Only” and disable location tracking features. This minimizes the exposure of personal information to a wider audience and helps protect against unauthorized access or tracking.