The DOD Cyber Awareness Challenge 2025 covers mobile security, phishing, and insider threats, with key answers focusing on verifying connections, using two-factor authentication, reporting suspicious emails, and securing government-furnished equipment (GFE). It emphasizes user vigilance, such as checking links and restricting removable media usage.
Cyber Awareness Challenge 2025 Answers
Quizzma Team
Cyber Awareness Challenge 2025 Knowledge Check Answers
Contents hide
1 Cyber Awareness Challenge 2025 Knowledge Check Answers
2 Standard Challenge Answers
2.1 Unclassified Information
2.2 Classified Information
2.3 Sensitive Compartmented Information
2.4 Physical Facilities
2.5 Government Resources
2.6 Identity Authentication
2.7 Malicious Code
2.8 Social Engineering
2.9 Removable Media
2.10 Mobile Devices
2.11 Identity Management
3 Previous Cyber Awareness Challenge Answers
Question Answer
How can you protect yourself from identity theft? Review your credit report annually
Which of the following is an allowed use of
government-furnished equipment (GFE)?
E-mailing your supervisor
Which of the following is true of spillage?
It describes information that is “spilled” to either a
lower or higher protection level.
Which of the following is true of Sensitive
Compartmented Information Facilities (SCIFs)?
Personnel should physically assess whether
everyone within listening distance has a need-to-
know before starting conversations involving
classified information.
Which of the following is a potential insider threat
indicator?
Work-related foreign travel
How can you protect a mobile device while
traveling?
Connect with a Government VPN
Which of the following is true of transmitting or
transporting Sensitive Compartmented
Information (SCI)?
You must be courier-briefed for SCI to transport it.
Which of the following is a best practice for
telework and remote work?
Connect to your Government Virtual Private
Network (VPN).
When linked to a specific individual, which of the
following is NOT an example of Personally
Identifiable Information (PII)?
Smartphone brand and model
Which of the following can be used to catalog
information about you?
All of these
Tessa is processing payroll data that includes
employees’ names, home addresses, and salary.
Which of the following is Tessa prohibited from
doing with the data?
Using her home computer to print the data while
working remotely
4/9/26, 4:05 PM
Cyber Awareness Challenge 2025 Answers » Quizzma
https://quizzma.com/cyber-awareness-challenge-2025-answers/
1/10
Question Answer
John receives an e-mail about a potential
shutdown of a major social service unless a
petition receives enough signatures. Which of the
following actions should John NOT take with the
e-mail?
Forward it
How can you prevent viruses and maliciouscode? Scan all e-mail attachments
You receive an e-mail marked important from
your agency head asking you to call them using a
number you do not recognize. The e-mail was sent
from a personal e-mail address that you do not
recognize, but it addresses you by name. What
action should you take?
This may be a spear phishing attempt. Report it to
your security POC or help desk.
Which type of data could reasonably be expected
to cause damage to national security?
Confidential
Which of the following is an appropriate use of
government e-mail?
Using a digital signature when sending hyperlinks
Which of the following is an example of a strong
password?
bRobr@79I*P
Which of the following uses of removable media
is allowed?
Sam uses approved Government-owned
removable media to transfer files between
government systems as authorized.
Which of the following is a best practice to protect
your identity?
Ask how information will be used before giving it
out.
Matt is a government employee who needs to
share a document containing source selection data
with his supervisor. Which of the following
describes the most appropriate way for Matt to do
this?
Encrypt it and send it via digitally signed
Government e-mail.
Under which Cyberspace Protection Condition
(CPCON) is the priority focus limited to critical
functions?
CPCON 1
Which of the following is the safest to share on a
social networking site?
Your favorite movie
Does it pose a security risk to tap your smartwatch
to pay for a purchase at a store?
Only if you do not have two-factor authentication
enabled on your linked phone.
What is a best practice for creating user accounts
for your home computer?
Create separate accounts for each user and have
each user create their own password.
Which of the following is true of removable media
and portable electronic devices (PEDs)?
Removable media pose more risks than PEDs and
are not permitted in government facilities.
Which of the following is true of compressed
URLs (e.g., TinyURL, goo.gl)?
They may be used to mask malicious intent
You receive an e-mail with alinkto run an anti-
virus scan. Your IT department has not
sentlinkslike this in the past. The e-mail is not
digitally signed. What action should you take?
Report the e-mail to your security POC or help
desk.
Which of the following is a way to protect
classified data?
Store it in a GSA-approved container
How can you protect your home computer? Use legitimate, known antivirus software
Which of the following poses a security risk while
teleworking in an environment where Internet of
Things (IoT) devices are present?
All of these.
Which of these is NOT a potential indicator that
your device may be under a maliciouscodeattack
An operating system update
What are the requirements for access to Sensitive
Compartmented Information (SCI)?
Top Secret clearance and indoctrination into the
SCI program
4/9/26, 4:05 PM
Cyber Awareness Challenge 2025 Answers » Quizzma
https://quizzma.com/cyber-awareness-challenge-2025-answers/
2/10
Question Answer
Which of the following is an example of
removable media?
Compact disc
Which of the following is an example of behavior
that you should report?
Bringing a phone into a prohibited area
Which of the following is NOT an appropriate use
of your Common Access Card (CAC)?
Exchanging it for a visitor pass in another
building.
Which of the following is an appropriate use of a
DoD Public Key Infrastructure (PKI) token?
Only leave it in a system while actively using it
for a PKI-required task
How can you protect yourself on social
networking sites?
Validate connection requests through another
source if possible
How can you protect data on a mobile device? Use two-factor authentication
Which of the following is permitted when using an
unclassified laptop within a collateral classified
space?
A personally-owned wired headset without a
microphone
Standard Challenge Answers
Unclassified Information
Your meeting notes are Unclassified. This means that your notes:
1. May be released to the public.
2. Do not have the potential to damage national security.
3. Do not have the potential to affect the safety of personnel, missions, or systems.
4. Do not require any markings.
Correct Answer:
2. Do not have the potential to damage national security.
Employee Passport Number
Adams, Jeff A12345678
Brown, Marty B23456789
Clark, Tina C34567890
What type of information does this personnel roster represent?
1. Unclassified information
2. Controlled Unclassified Information (CUI)
3. For Official Use Only (FOUO) information
Correct Answer:
2. Controlled Unclassified Information (CUI)
When e-mailing this personnel roster, which of the following should you do?(Select all thatapply.)
4/9/26, 4:05 PM
Cyber Awareness Challenge 2025 Answers » Quizzma
https://quizzma.com/cyber-awareness-challenge-2025-answers/
3/10
