Cyber Awareness Challenge Answers

DoD Cyber Awareness Challenge

2025 Knowledge Check – Questions & Answers

This comprehensive study guide contains questions and verified answers for the Department of Defense Cyber Awareness Challenge 2025 Knowledge Check. These questions cover critical cybersecurity topics including phishing, malicious code, identity protection, classified information handling, and secure communications.

Phishing & Email Security

Q1. John receives an e-mail about a potential shutdown of a major social service unless a petition receives enough signatures. Which of the following actions should John NOT take with the e-mail?

ANSWER: Forward it

Q2. Which of the following is an appropriate use of government e-mail?

ANSWER: Using a digital signature when sending hyperlinks

Q3. What should you do with e-mail attachments?

ANSWER: Scan all e-mail attachments

Malicious Code & Security

Q4. Which of these is NOT a potential indicator that your device may be under a malicious code attack?

ANSWER: An operating system update

Q5. How can you protect your home computer?

ANSWER: Install spyware protection software

Q6. What should you do if you receive a phone call from an unknown person asking for a directory name on your government furnished laptop so that a software update can be made?

ANSWER: Document the interaction and contact your security POC or help desk

Classified Information & Documents

Q7. Peter enters an empty conference room and finds a document with a Top Secret coversheet on it. Peter has a Secret clearance. What should Peter do?

ANSWER: Immediately notify his security POC and not handle the file

Q8. After a classified document is leaked online, it makes national headlines.

Which of the following statements is true of the leaked information that is now accessible by the public?

ANSWER: You should still treat it as classified even though it has been compromised

Q9. Matt is a government employee who needs to share a document containing source selection data with his supervisor. Which of the following describes the most appropriate way for Matt to do this?

ANSWER: Encrypt it and send it via digitally signed Government e-mail

Sensitive Compartmented Information (SCI)

Q10. What are the requirements for access to Sensitive Compartmented Information (SCI)?

ANSWER: Top Secret clearance and indoctrination into the SCI program

Q11. Annabeth becomes aware that a conversation with a co-worker that involved Sensitive Compartmented Information (SCI) may have been overheard by someone who does not have the required clearance. What action should Annabeth take?

ANSWER: Contact her security POC to report the incident

Q12. Which of the following describes Sensitive Compartmented Information (SCI)?

ANSWER: SCI introduces an overlay of security to Top Secret, Secret, and Confidential information

Q13. Which of the following is true of working within a Sensitive Compartmented Information Facility (SCIF)?

ANSWER: Badges must be worn while in the facility and removed when leaving the facility

Q14. Which of the following is permitted within a Sensitive Compartmented Information Facility (SCIF)?

ANSWER: An authorized Government-owned Portable Electronic Device (PED)

Authentication & Access Control

Q15. Which of the following is an example of two-factor authentication?

ANSWER: Password and fingerprint

Q16. Which of the following would work in combination for two-factor authentication?

ANSWER: Common Access Card (CAC) and Personal Identification Number (PIN)

Q17. What does the Common Access Card (CAC) contain?

ANSWER: Certificates for identification, encryption, and digital signature

Q18. Which is an example of a strong password?

ANSWER: bRobr@79I*P

Q19. What is a best practice for creating user accounts for your home computer?

ANSWER: Create separate accounts for each user and have each user create their own password

Mobile Devices & Travel

Q20. Steve occasionally runs errands during virtual meetings. He joins the meetings using his approved government device. Does this pose a security concern?

ANSWER: Yes. Eavesdroppers may be listening to Steve’s conversation

Q21. Sylvia commutes to work via public transportation. She often uses the time to get a head start on work by making phone calls or responding to e-mails on her government approved mobile device. Does this pose a security concern?

ANSWER: Yes. Eavesdroppers may be listening to Sylvia’s phone calls, and shoulder surfers may be looking at her screen. Sylvia should be aware of these risks

Q22. Beth taps her phone at a payment terminal to pay for a purchase. Does this pose a security risk?

ANSWER: Yes, there is a risk that the signal could be intercepted and altered

Q23. How can you protect a mobile device while traveling?

ANSWER: Connect with a Government VPN

Q24. How can you protect data on a mobile device?

ANSWER: Turn on spyware protection

Removable Media & Portable Devices

Q25. Evelyn is a system administrator at her agency. As part of her duties, she occasionally uses a thumb drive to perform necessary system tasks, as outlined in her agency’s procedures. The thumb drive is provided by the Government for this purpose. Is this an appropriate use of removable media?

ANSWER: Yes. Only use removable media when operationally necessary, Government-owned, and approved in accordance with policy

Q26. Which of the following is true of removable media and portable electronic devices (PEDs)?

ANSWER: The risk associated with them may lead to loss of life

Q27. What is an appropriate use of a DoD Public Key Infrastructure (PKI) token?

ANSWER: Only leave it in a system while actively using it for a PKI-required task

Social Media & Identity Protection

Q28. When is the safest time to post on social media about your vacation plans?

ANSWER: After the trip

Q29. When is the safest time to post on social media about your work-related travel?

ANSWER: After the trip

Q30. As you browse a social media site, you come across photos of information with classified markings. What should you do?

ANSWER: Notify your security point of contact

Q31. How can you protect yourself on social networking sites?

ANSWER: Validate connection requests through another source if possible

Q32. Which of the following is a best practice to protect your identity?

ANSWER: Ask how information will be used before giving it out

Personally Identifiable Information (PII) & PHI

Q33. Which of the following is an example of Protected Health Information (PHI)?

ANSWER: An individual’s medical record maintained by a healthcare provider

Q34. Tessa is processing payroll data that includes employees’ names, home addresses, and salary. Which of the following is Tessa prohibited from doing with the data?

ANSWER: Sharing it with unauthorized individuals

URLs & Web Security

Q35. How should you approach a compressed URL, such as Tiny URL?

ANSWER: Preview where the link leads before opening it

Q36. Which of the following is true of compressed URLs (e.g., TinyURL, goo.gl)?

ANSWER: They may be used to mask malicious intent

Insider Threats

Q37. What is an insider threat?

ANSWER: Someone who uses authorized access, either wittingly or unwittingly, to harm national security

Q38. Which of the following is an example of behavior that you should report?

ANSWER: Bringing a phone into a prohibited area

Spillage & Data Protection

Q39. Which of the following is true of spillage?

ANSWER: It can be inadvertent or intentional

Cyberspace Protection

Q40. Under which Cyberspace Protection Condition (CAPCON) is the priority focus limited to critical functions?

ANSWER: CPCON 1

Study Tips for Success

• Review Regularly: Go through these questions and answers multiple times before taking the actual test

• Understand Context: Don’t just memorize answers – understand WHY each answer is correct

• Focus on Key Areas: Pay special attention to handling classified information, phishing recognition, and mobile device security

• Know Your Responsibilities: Understand your role in protecting DoD information and reporting security concerns

• Practice Scenarios: Think about how these principles apply to real-world situations you might encounter

• Security Mindset: Develop a security-first approach to all your work activities

IMPORTANT DISCLAIMER: This study guide is compiled from publicly available practice materials and educational resources. It should be used as a supplemental study tool only. Always refer to official DoD training materials, consult with your security officer, and follow your organization’s specific policies and procedures. The information provided here is for educational purposes and may not reflect the most current updates to DoD cybersecurity policies.