US Navy Cyber Awareness Challenge 2025 Part 2
This flashcard explains proper handling of Sensitive Compartmented Information (SCI). It stresses that to legally transport SCI, individuals must first receive a courier briefing to ensure secure and authorized handling.
Adam sees a coworker who does not have the required clearance with a printed document marked as Sensitive Compartmented Information (SCI). What should he do?
-Contact his security POC to report the incident.
-E-mail his security POC with detailed information about the information and person involved.
-Nothing. It is not his responsibility.
-Retrieve the document and verify that the coworker did not read it.
Contact his security POC to report the incident.
Key Terms
Adam sees a coworker who does not have the required clearance with a printed document marked as Sensitive Compartmented Information (SCI). What should he do?
-Contact his security POC to report the incident.
-E-mail his security POC with detailed information about the information and person involved.
-Nothing. It is not his responsibility.
-Retrieve the document and verify that the coworker did not read it.
Contact his security POC to report the incident.
Which of the following is true for Controlled Unclassified Information (CUI)?
-It is another term for any Unclassified information that has not been cleared for public release.
-It is marked as CUI at the discretion of the information owner.
-It poses no risk to Government missions or interests.
-It belongs to a defined category established in the DoD CUI Registry.
It belongs to a defined category established in the DoD CUI Registry.
You received an e-mail marked important from your agency head asking you to call them using a number you do not recognize. The e-mail was sent from a personal e-mail address that you do not recognize, but it addresses you by name. What action should you take?
-This may be a spear phishing attempt. Report it to your security POC or help desk.
-This is an important request that requires your immediate attention. You should call immediately.
-As it does not contain any hyperlinks or attachments, you should simply delete the e-mail.
-As the e-mail addresses you by name, you should test the number by sending a text message to it.
This may be a spear phishing attempt. Report it to your security POC or help desk.
As you scroll through your social media feed, a news headline catches your eye. What should you consider before sharing it with your connections?
-How many times you have already posted today
-Whether your connection would find the information valuable
-There is nothing for you to consider before sharing
-Whether the source is credible and reliable
Whether the source is credible and reliable
When linked to a specific individual, which of the following is NOT an example of Personally Identifiable Information (PII)?
-Smartphone brand and model
-Fingerprint records
-Mother's maiden name
-Payment for the provisions of healthcare
Smartphone brand and model
How can malicious code do damage?
-Corrupt files
-Encrypting or erasing your had drive
-Allowing hackers access
-All of these
All of these
Related Flashcard Decks
Study Tips
- Press F to enter focus mode for distraction-free studying
- Review cards regularly to improve retention
- Try to recall the answer before flipping the card
- Share this deck with friends to study together
| Term | Definition |
|---|---|
Adam sees a coworker who does not have the required clearance with a printed document marked as Sensitive Compartmented Information (SCI). What should he do? | Contact his security POC to report the incident. |
Which of the following is true for Controlled Unclassified Information (CUI)? | It belongs to a defined category established in the DoD CUI Registry. |
You received an e-mail marked important from your agency head asking you to call them using a number you do not recognize. The e-mail was sent from a personal e-mail address that you do not recognize, but it addresses you by name. What action should you take? | This may be a spear phishing attempt. Report it to your security POC or help desk. |
As you scroll through your social media feed, a news headline catches your eye. What should you consider before sharing it with your connections? | Whether the source is credible and reliable |
When linked to a specific individual, which of the following is NOT an example of Personally Identifiable Information (PII)? | Smartphone brand and model |
How can malicious code do damage? | All of these |
Steve occasionally runs errands during virtual meetings. He joins the meetings using his approved government device. Does this pose a security concern? | Yes. eavesdroppers may be listening to Steve's conversation. |
Who designates whether information is classified and its classification level? | Original classification authority |
What is an insider threat? | Someone who uses authorized access, either wittingly or unwittingly, to harm national security. |
Does it pose a security risk to tap your smartwatch to pay for a purchase at a store? | Yes, there is a risk that the signal could be intercepted and altered. |
How can you protect yourself from social networking sites? | Validate connection requests through another source if possible |
Which of the following is a potential insider threat indicator? | Death of a spouse |
Which of the following is an appropriate use of a DoD Public Key Infrastructure (PKI) token? | Only leave it in a system while actively using it for a PKI-required task |
Which of the following is a best practice for telework and remote work? | Connect to your Government Virtual Private Network (VPN). |
Under which Cyberspace Protection Condition (CPCON) is the priority focus limited to critical functions? | CPCON 1 |
Which of the following uses of removable media is allowed? | Sam uses approved Government owned removable media to transfer files between government systems as authorized. |
John receives an e-mail about a potential shutdown of a major social service unless a petition receives enough signatures. Which of the following actions should John NOT take with the e-mail? | Forward it |
Which of the following is a best practice for using government e-mail? | Do not solicit sales |
When is the safest time to post on social media about your work-related travel? | After the trip |
As you browse a social media site, you come across photos of information with classification markings. What should you do? | Notify your security point of contact. |
Matt is a government employee who needs to share a document containing source selection data with his supervisor. Which of the following describes the most appropriate way for Matt to do this? | Encrypt it and send it via digitally signed Government e-mail. |
Which of the following is best practice when browsing the Internet? | Look for the h-t-t-p-s in the URL name |
Based on the description provided, how many insider threat indicators are present? | 1 |
Which of the following in NOT an appropriate use of your Common Access Card (CAC)? | Exchanging it for a visitor pass in another building |
*Unclassified Information | Do not have the potential to damage national security. |
*Unclassified Information | Controlled Unclassified Information (CUI) |
*Unclassified Information | -Encrypt the PII |
*Classified Information | Designated Secure Area |
*Sensitive Compartmented Information | Call your security point of contact (POC) |
*Sensitive Compartmented Information | No |
*Sensitive Compartmented Information | Yes |
*Sensitive Compartmented Information | No |
*Sensitive Compartmented Information | Col. Cockatiel |
*Physical Facilities | Posting an access roster in public view |
*Physical Facilities | -Disable the embedded camera, microphone, and Wi-Fi |
*Physical Facilities | -Verify that all personnel in listening distance have a need-to-know |
*Government Resources | No |
*Government Resources | -You should not use government e-mail to sell anything. |
*Identity Authentication | Yes |
*Identity Authentication | No |