[25 Test Answers] 2024 Cyber Awareness Challenge

Here are the test answers to the Cyber Awareness Challenge (CAC) 2024.

Overview: The Cyber Awareness Challenge serves as an annual refresher of security requirements, security best practices, and your security responsibilities. It provides an overview of current cybersecurity threats and best practices to keep information and information systems secure at home and work.

2024 Cyber Awareness Challenge test answers

Question 1. Which of the following statements about Protected Health Information (PHI) is false?
A. It requires more protection than Personally Identifiable Information (PII).
B. It includes information related to the physical or mental health of an individual, regardless of whether the individual is identified.✅
C. It is created or received by a healthcare provider, health plan, employer, or a business associate of these.
D. It is a type of Controlled Unclassified Information (CUI).

NOTE: CUI includes, but is not limited to, Controlled Technical Information (CUI), Personally Identifiable Information (PII), Protected Health Information (PHI), financial information, personal or payroll information, proprietary data, and operational information.

Question 2. Which of these is NOT a potential indicator that your device may be under a malicious code attack?
A. Loss of control of the mouse or keyboard.
B. The device slows down.
C. A notification for a system update that has been publicized.✅
D. Appearance of new extensions or tabs in your Web browser.

Note: System updates, especially those that are widely publicized, are typically legitimate efforts by software providers to improve security, fix bugs, or add new features. These updates are usually not indicators of a malicious code attack. In contrast, loss of control of the mouse or keyboard, slowdown of the device, and the appearance of new extensions or tabs in your web browser are common symptoms of a potential malicious code attack.

Question 3. Which of the following describes Sensitive Compartmented Information (SCI)? SCI is a program that _____ various types of classified information for _____ protection and dissemination or distribution control.
A. categorizes; reduced
B. describes; defining
C. segregates; added✅
D. combines; shared

NOTE: Remember that leaked classified or controlled information is still classified or controlled even if it has already been compromised. Do NOT download it or you may create a new case of spillage.

Question 4. How can you protect your home computer?
A. Regularly back up your files.✅
B. Disable firewall protection.
C. Accept all mobile code.
D. Use the default operating system password.

Question 5. Which of the following is NOT a best practice for protecting your home wireless network for telework?
A. Use your router’s pre-set Service Set Identifier (SSID) and password.✅
B. Use a Virtual Private Network (VPN) as soon as you connect.
C. Limit access, allowing access only to specific devices.
C. Implement, as a minimum, Wi-Fi Protected Access 2 (WPAC2) Personal encryption.

NOTE: You must have permission from your organization to telework. When teleworking, you should always use authorized equipment and software.

Question 6. Sylvia commutes to work via public transportation. She often uses the time to get a head start on work by making phone calls or responding to emails on her government-approved mobile device. Does this pose a security concern?
A. Yes, but only the phone calls. Sylvia should speak softly and only make calls when no one is sitting next to her.
B. Yes. Eavesdroppers may be listening to Sylvia’s phone calls, and shoulder surfers may be looking at her screen. Sylvia should be aware of these risks.✅
C. No, because Sylvia is using a government-approved device.
D. No. No one else is going to be paying attention to what Sylvia is doing, as they will be focused on their own business.

Question 7. Which of the following is NOT a best practice for traveling overseas with a mobile device?
A. Avoid using public Wi-Fi.
B. Store the device in a hotel safe when sightseeing.✅
C. Do not travel with a mobile device if you can avoid it.
D. Assume that any voice or data transmission is monitored.

Question 8. Where are you permitted to use classified data?
A. Only in areas with security appropriate to the classification level
B. Anywhere you have a reasonable expectation of privacy, including while teleworking
C. Within a government facility in an area where you have a reasonable expectation of privacy, like a closed office
D. Only in a SCIF✅

Question 9. Which of the following is an appropriate use of government e-mail?
A. Sending e-mails to personal contacts
B. Using a digital signature when sending attachments✅
C. Sharing an order form for your child’s school fundraiser
D. Forwarding DoD-related memes or jokes

Question 10. Which of the following contributes to your online identity?
A. Social networking sites
B. Audio-enabled digital assistants(e.g., Siri, Alexa)
C. Fitness trackers
D. All of these✅

Question 11. Which best describes an insider threat? Someone who uses ____ access, _____, to harm national security through unauthorized disclosure, data modification, espionage, terrorism, or kinetic actions.
A. unauthorized; undetected
B. unauthorized; detected; undetected
C. authorized; wittingly or unwittingly✅
D. authorized; with good intentions

Question 12. How can you mitigate the potential risk associated with a compressed URL (e.g., TinyURL, goo.gl)?
A. Open the link in a new tab or window.
B. Open the link in your browser’s incognito mode.
C. Select the link to see where it leads.
D. Use the preview function to see where the link actually leads.✅

NOTE: Malicious code can cause damage by corrupting files, erasing your hard drive, and/or allowing hackers access.

Question 13. How should government-owned removable media be stored?
A. Removable media is not permitted in government facilities.
B. In a GSA-approved container according to the appropriate security classification.✅
C. With your organization’s IT department.
D. In any type of container where it is not visible, such as a desk drawer.

Question 14. Which of the following is permitted when using an unclassified laptop within a collateral classified space?
A. A personally-owned wired headset with a microphone.
B. A Government-issued wired headset with a microphone.✅
C. A Government-issued wireless headset without a microphone.
D. Wi-Fi

NOTE: Use caution when connecting laptops to hotel Internet connections. Use public for free Wi-Fi only with the Government VPN.

Question 15. How can you protect your home computer?
A. Disable any pre-installed antivirus software.
B. Turn on the password feature.✅
C. Decline security updates.
D. Use the administrator account for all users.

Question 16. Which of the following is an example of a strong password?
A. 123Maple
B. 1970June30!
C. p@55w0rd
D. d+Uf_4RimUz✅

Question 17. Which of the following personally owned peripherals can you use with government-furnished equipment (GFE)?
A. A Bluetooth headset
B. A wired keyboard that requires installed drivers
C. A monitor connected via USB
D. A USB hub✅

Question 18. You receive a text message from a package shipper notifying you that your package delivery is delayed due to needing updated delivery instructions from you. It provides a shortened link for you to provide the needed information. You are not expecting a package. What is the best course of action?
A. Delete message✅
B. Open the link to provide the information
C. Open the link to inspect the website
D. Reply to the message and ask for more information

Question 19. Terry sees a post on her social media feed that says there is smoke billowing from the Pentagon. The post includes a video that shows smoke billowing from a building that is not readily identifiable as the Pentagon. Terry is not familiar with the source of the post. Which of the following describes what Terry has likely seen?
A. This is probably sensationalism, which is harmless.
B. This is probably a post designed to attract Terry’s attention to click on a link and steal her information.
C. This is probably breaking news because video cannot be faked.
D. This is probably disinformation unless Terry can verify it on a legitimate news site.✅

Question 20. Under which Cyberspace Protection Condition (CPCON) is the priority focus limited to critical and essential functions?
A. CPCON 1
B. CPCON 2
C. CPCON 3
D. CPCON 4✅

Question 21. Which of the following uses of removable media is allowed?
A. Unclassified government-owned removable media on a personal laptop.
B. Government-owned removable media that is approved as operationally necessary.✅
C. Connecting a personal phone to an Unclassified government laptop to charge only.
D. Personally owned removable media on Unclassified government laptops.

NOTE: No personal PEDs are allowed in a SCIF. Government-owned PEDs must be expressly authorized by your agency.

Question 22. Which of the following is true of transmitting or transporting Sensitive Compartmented Information (SCI)?
A. Anyone with eligibility to access SCI may hand-courier SCI.
B. SCI does not require a cover sheet in an open storage environment.
C. A collateral classified fax machine may be used to fax SCI with the appropriate cover sheet.
D. Printed SCI must be retrieved promptly from the printer.✅

Question 23. How can you prevent viruses and malicious code?
A. Download apps from your device’s official app store because these are guaranteed to have no vulnerabilities.
B. Allow mobile code to run on all websites.
C. Scan all external files before uploading to your computer.✅
D. View email using the Preview Pane rather than opening it.

NOTE: Malicious code can mask itself as a harmless email attachment, downloadable file, or website. In reality, once you select one of these, it typically installs itself without your knowledge.

Question 24. You receive a phone call offering you a $50 gift card if you participate in a survey. Which course of action should you take?
A. Participate in the survey, as phone surveys pose no risk.
B. Participate in the survey and take detailed notes about the interaction.
C. Participate in the survey and provide your address to receive the gift card.
D. Decline to participate in the survey. This may be a social engineering attempt.✅

Question 25. Which of the following is NOT a best practice for teleworking in an environment where Internet of Things (IoT) devices are present?
A. Check the devices periodically for Bluetooth connections.
B. Set strong passwords for the devices.
C. Use the devices’ default security settings.✅
D. Remove any voice-enabled device.