2023 Cyber Awareness Knowledge Check
48 community-sourced questions and answers. Free — no login.
(Spillage) Which of the following is a good practice to prevent spillage?
Always check to make sure you are using the correct network for the level of data
(Spillage) What does "spillage" refer to?
Information improperly moved from a higher protection level to a lower protection level
(Spillage) Which of the following may help to prevent spillage?
Follow procedures for transferring data to and from outside agency and non-Government networks
(Spillage) A vendor conducting a pilot program with your organization contacts you for organizational data to use in a prototype. How should you respond?
Refer the vendor to the appropriate personnel
(Spillage) You receive an inquiry from a reporter about government information not cleared for public release. How should you respond?
Refer to reporter to your organization's public affairs office
(Spillage) You find information that you know to be classified on the Internet. What should you do?
Note the website's URL and report the situation to your security point of contact
(Classified Data) Who designates whether information is classification level?
Original classification authority
(Classified Data) Which of the following must you do before using an unclassified laptop and peripherals in a collateral classified environment?
Ensure that any cameras, microphones, and Wi-Fi embedded in the laptop are physically disabled
(Classified Data) Which of the following is a good practice to protect classified information?
Don't assume open storage in a secure facility is authorized
(Classified Data) What is the basis for the handling and storage of classified data?
Classification markings and handling caveats
(Insider Threat) Based on the description that follows, how many potential insider threat indicator(s) are displayed? A colleague abruptly becomes hostile and unpleasant after previously enjoying positive working relationship with peers, purchases an unusually expensive new car, and has unexplained absences from work.
3 or more indicators
(Insider Threat) Which scenario might indicate a reportable insider threat?
A colleague removes sensitive information without seeking authorization in order to perform authorized telework.
(Insider Threat) Which of the following is a reportable insider threat activity?
Attempting to access sensitive information without need-to-know
(Insider Threat) Which of the following is a potential insider threat indicator?
Unusual interest in classified information
(Insider Threat) What is an insider threat?
Someone who uses authorized access, wittingly or unwittingly, to harm national security through unauthorized disclosure or other actions that may cause the loss or degradation of resources or capabilities.
(Social Networking) How can you protect your organization on social networking sites?
Ensure there are no identifiable landmarks visible in any photos taken in a work setting that you post
(Social Networking) Which of the following statements is true?
Adversaries exploit social networking sites to disseminate fake news.
(Social Networking) When may you be subject to criminal, disciplinary, and/or administrative action due to online harassment, bullying, stalking, hazing, discrimination, or retaliation?
If you participate in or condone it at any time
(Controlled Unclassified Information) Which of the following is true of Protected Health Information (PHI)?
It is created or received by a healthcare provider, health plan, or employer.
(Controlled Unclassified Information) Which is a best practice for protecting Controlled Unclassified Information (CUI)?
Store it in a locked desk drawer after working hours
(Controlled Unclassified Information) Which designation marks information that does not have potential to damage national security?
Unclassified
(Controlled Unclassified Information) Which of the following is NOT an example of Personally Identifiable Information (PII)?
High school attended
(Controlled Unclassified Information) Which of the following is true of Controlled Unclassified Information (CUI)?
CUI must be handled using safeguarding or dissemination controls.
(Controlled Unclassified Information) Which designation includes Personally Identifiable Information (PlI) and Protected Health Information (PHI)?
Controlled Unclassified Information (CUI)
(Controlled Unclassified Information) Which of the following is a security best practice for protecting Personally Identifiable Information (PII)?
Only use Government-furnished or Government-approved equipment to process PIl.
(Physical Security) Which of the following is a best practice for physical security?
Report suspicious activity
(Physical Security) Which of the following best describes good physical security?
Lionel stops an individual in his secure area who is not wearing a badge.
(Identity Management) Which of the following is true of using a DoD Public Key Infrastructure (PKI) token?
It should only be in a system while actively using it for a PKI-required task.
(Identity Management) Which of the following is true of the Common Access Card (CAC)?
It contains certificates for identification, encryption, and digital signature.
(Identity Management) Which of the following is an example of two-factor authentication?
A Common Access Card and Personal Identification Number
(Identity Management) What is the best way to protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card?
Store it in a shielded sleeve
(Physical Security) Which Cyber Protection Condition (CPCON) establishes a protection priority focus on critical functions only?
CPCON 1
(Sensitive Compartmented Information) What must authorized personnel do before permitting another individual to enter a Sensitive Compartmented Information Facility (SCIF)?
Confirm the individual's need-to-know and access
(Sensitive Compartmented Information) Which of the following is true of sharing information in a Sensitive Compartmented Information Facility (SCIF)?
Individuals must avoid referencing derivatively classified reports classified higher than the recipient.
(Sensitive Compartmented Information) Which of the following is true of Security Classification Guides?
The provide guidance on reasons for and duration of classification of information.
(Removable Media in a SCIF) Which of the following is true of portable electronic devices (PEDs) in a Sensitive Compartmented Information Facility (SCIF)?
Only connect government-owned PEDs to the same level classification information system when authorized
(Removable Media in SCIF) Which of the following is NOT a potential consequence of using removable media unsafely in a Sensitive Compartmented Information Facility (SCIF)?
Damage to the removable media
(Malicious Code) Which of the following is a way to prevent the spread of malicious code?
Scan all external files before uploading to your computer
(Malicious Code) Which of the following is NOT a type of malicious code?
Executables
(Website Use) Which of the following actions ean help to protect your identity?
Shred personal documents
(Social Engineering) What type of social engineering targets senior officials?
Whaling
(Social Engineering) Which of the following is true?
Digitally signed e-mails are more secure.
(Social Engineering) Which is an appropriate use of govemment e-mail?
Use a digital signature when sending attachments or hyperlinks
(Travel) What security risk does a public Wi-Fi connection pose?
It may expose the information sent to theft.
(Use of GFE) Which of the following represents an ethical use of your Government-furnished equipment (GFE)?
Checking personal e-mail when allowed by your organization
(Mobile Devices) How can you protect data on your mobile computing and portable electronic devices (PEDs)?
Enable automatic screen locking after a pekod of inactivity
(Mobile Devices) Which of the following is an example of removable media?
Flash Drive / External hard drive
(Home Computer Security) How should you secure your home wireless network for teleworking?
Implement Wi-Fi Protected Access 2 (WPA2) Personal encryption at a minimum
Looking for a different version?
CBTs get updated every year. Search for the exact version you're taking (e.g. "cyber awareness 2025").
Search all study materials