The following are the total amount donated by top contributors to each state ballot measure that is pending Secretary of State verification or are still circulating for signatures. These lists reflect contributions as reported by Primarily Formed Committees.
Prop #Circulating TitleTop Aggregated
Contributions1Constitutional Right to Reproductive Freedom. Legislative Constitutional Amendment. Support - $14,764,06326Allows In-Person Roulette, Dice Games, Sports Wagering on Tribal Lands. Initiative Constitutional Amendment and Statute
Support - $128,853,797*
Oppose - $44,439,801
27Allows Online and Mobile Sports Wagering Outside Tribal Lands. Initiative Constitutional Amendment and Statute.Support - $169,111,799
Oppose: $245,811,236*
28Provides Additional Funding for Arts and Music Education in Public Schools. Initiative Statute.Support - $10,714,83029Requires On-Site Licensed Medical Professional at Kidney Dialysis Clinics and Establishes Other State Requirements. Initiative Statute.Oppose - $86,357,62930Provides Funding for Programs to Reduce Air Pollution and Prevent Wildfires by Increasing Tax on Personal Income Over $2 Million. Initiative Statute.Support - $50,262,671
Oppose - $16,421,416
31Referendum On 2020 Law That Would Prohibit the Retail Sale of Certain Flavored Tobacco Products.Support - $47,529,179Oppose - $23,265,396
Total from top contributors: $708,678,020
OfficeCandidate Aggregated
ContributionsControllerMalia CohenSupport - $1,486,202*ControllerLanhee ChenOppose - $1,486,202*Superintendent of Public InstructionTony ThurmondSupport - $2,775,000Senate District 10Aisha WahabSupport - $1,034,084Assembly District 35Jasmeet BainsSupport - $1,482,301*Assembly District 35Leticia PerezOppose - $1,482,301*
Total from top contributors: $6,777,587
We thoroughly check each answer to a question to provide you with the most correct answers. Found a mistake? Let us know about it through the REPORT button at the bottom of the page. Ctrl+F [Cmd+F] will help you a lot when searching through such a large set of questions.
The annual Cyber Awareness Challenge is a course that helps authorized users learn how to best avoid and reduce threats and vulnerabilities in an organization’s system. In addition to offering an overview of cybersecurity best practices, the challenge also provides awareness of potential and common cyber threats. The challenge’s goal is simple: To change user behavior to reduce the risks and vulnerabilities DoD Information Systems face.
Here you can find answers to the DoD Cyber Awareness Challenge.
Cyber Awareness Challenge 2023 Answers
Standard Challenge Answers
Spillage
If spillage occurs:
- Immediately notify your security POC;
- Do not delete the suspected files;
- Do not forward, read further, or manipulate the file;
- Secure the area.
Which of the following does NOT constitute spillage?
Classified information that should be unclassified and is downgraded. Spillage occurs when information is “spilled” from a higher classification or protection level to a lower classification or protection level. Spillage can be either inadvertent or intentional.
Which of the following is NOT an appropriate way to protect against inadvertent spillage?
Use the classified network for all work, including unclassified work. Being cognizant of classification markings and labeling practices are good strategies to avoid inadvertent spillage. While it may seem safer, you should NOT use a classified network for unclassified work.
Which of the following should you NOT do if you find classified information on the internet?
Download the information. Leaked classified or controlled information is still classified/controlled even if it has already been compromised. Do not download it.
Classified Data
What level of damage to national security can you reasonably expect Top Secret information to cause if disclosed?
Exceptionally grave damage. Top Secret information could be expected to cause exceptionally grave damage to national security of disclosed.
Which of the following is true about telework?
You must have your organization’s permission to telework. When teleworking, you should always use authorized and software.
Which of the following is true of protecting classified data?
Classified material must be appropriately marked. Even within a secure facility, don’t assume open storage is permitted.
Insider Threat
In addition to avoiding the temptation of greed to betray his country, what should Alex do differently?
Avoid talking about work outside of the workplace or with people without a need-to-know.
How many insider threat indicators does Alex demonstrate?
Three or more. Alex demonstrates a lot of potential insider threat indicators.
What should Alex’s colleagues do?
Report the suspicious behavior in accordance with their organization’s insider threat policy.
Social Networking
Privacy settings
All to Friends Only. Only friends should see all biographical data such as where Alex lives and works.
Controlled Unclassified Information
Which of the following is NOT an example of CUI?
Press release data. CUI includes, but is not limited to Controlled Technical Information [CTI], Personally Identifiable Information [PII], Protected Health Information [PHI], financial information, personal or payroll information, proprietary data and operational information.
Which of the following is NOT a correct way to protect CUI?
CUI may be stored on any password-protected system. CUI may be stored only on authorized systems or approved devices.
Select the information on the data sheet that is personally identifiable information [PII].
PII includes, but is not limited to, social security numbers, date and places of birth, mothers’ maiden names, biometric records, and PHI.
Physical Security
CPCON LevelDoD Risk LevelPriority FocusCPCON 1Very HighCritical FunctionsCPCON 2HighCritical and Essential FunctionsCPCON 3MediumCritical, Essential, and Support FunctionsCPCON 4LowAll FunctionsCPCON 5Very LowAll Functions
What should the employee do differently?
Remove his CAC and lock his workstation.
What should the employee do differently?
Decline to let the person in and redirect her to security. Don’t allow other access or to piggyback into secure areas.
Identity Management
Identify security violations:
Always take your CAC when you leave your workstation. Never write down the PIN for your CAC.
Sensitive Compartmented Information
When is it appropriate to have your security badge visible?
At all times while in the facility. Badges must be visible and displayed above the waist at all times when in the facility.
What should the owner of this printed SCI do differently?
Retrieve classified documents promptly from printers. ALways mark classified information appropriately and retrieve classified documents promptly from the printer.
What should the participants in this conversation involving SCI do differently?
Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed.
Removable Media in a SCIF
What portable electronic devices [PEDs] are permitted in a SCIF?
Only expressly authorized government-owned PEDs.
What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF
All of these. Classified DVD distribution should be controlled just like any other classified media.
Malicious Code
Malicious code can do damage by corrupting files, erasing your hard drive, and/or allowing hackers access.
Which of the following is an example of malicious code?
Software that installs itself without the user’s knowledge. Malicious code can mask itself as a harmless e-mail attachment, downloadable file, or website.
How can malicious code cause damage?
All of these.
How can you avoid downloading malicious code?
Do not access website links in e-mail messages.
Website Use
What to choose?
Look for the HTTPS in URL.
Social Engineering
To protect against social engineering:
- Do not participate in telephone surveys;
- Do not give out personal information
- Do not give out computer or network information
- Do not follow instructions from unverified personnel
- Contact your security POC or help desk
Required Profile Update
Report e-mail.
Account Alert
Delete e-mail.
Great Book Deals
Delete e-mail.
Travel
What should Sara do when publicly available Internet, such as hotel Wi-Fi?
Only connect with the Government VPN.
What is the danger of using public Wi-Fi connections?
Both of these.
Use of GFE
Permitted Uses of Government-Furnished Equipment [GFE]
Viewing or downloading pornography – No
Gambling online – No
Conducting a private money-making venture – No
Using unauthorized software – No
Illegaly downloading copyrighted material – No
Making unauthorized configuration changes – No
Mobile Devices
When is it okay to charge a personal mobile device using government-furnished equipment [GFE]?
This is never okay.
Which of the following demonstrates proper protection of mobile devices?
Linda encrypts all of the sensitive data on her government issued mobile devices.
Home Computer Security
What to choose?
Update – Install – Enable – Exit
Cyber Awareness Challenge Knowledge Check 2023 Answers
Spillage
What does “spillage” refer to?
Information improperly moved from a higher protection level to a lower protection level. – Correct
You find information that you know to be classified on the Internet. What should you do?
Note the website’s URL and report the situation to your security point of contact. – Correct
You receive an inquiry from a reporter about government information not cleared for public release. How should you respond?
Refer the reporter to your organization’s public affairs office. – Correct
A vendor conducting a pilot program with your organization contacts you for organizational data to use in a prototype. How should you respond?
Refer the vendor to the appropriate personnel. – Correct
Which of the following may help to prevent spillage?
Follow procedures for transferring data to and from outside agency and non-Government networks. – Correct.
Which of the following is a good practice to prevent spillage?
Always check to make sure you are using the correct network for the level of data. – Correct
Classified Data
Which of the following is a good practice for telework?
Position your monitor so that it is not facing others or easily observed by others when in use – Correct
What level of damage can the unauthorized disclosure of information classified as Top Secret reasonably be expected to cause?
Exceptionally grave damage to national security. – Correct
Which of the following is a good practice to protect classified information?
Power off any mobile devices when entering a secure area. – Not correct. Store classified data in a locked desk drawer when not in use – Maybe Transmit classified information via fax machine only – Not correct Don’t assume open storage in a secure facility is authorized – Maybe
What level of damage can the unauthorized disclosure of information classified as confidential reasonably be expected to cause?
Damage to national security. – Correct
Which of the following must you do before using an unclassified laptop and peripherals in a collateral classified environment?
Ensure that any cameras, microphones, and Wi-Fi embedded in the laptop are physically disabled.- Correct
What is the basis for the handling and storage of classified data?
Classification markings and handling caveats. – Not correct Security Classification Guides [SCGs].??? Organizational Policy – Not correct General Services Administration [GSA] approval
Who designates whether information is classified and its classification level?
Original classification authority – Correct
Insider Threat
Which of the following is a potential insider threat indicator?
Unusual interest in classified information. – Correct Dofficult life circumstances, such as death of spouse
What function do Insider Threat Programs aim to fulfill?
Proactively identify potential threats and formulate holistic mitigation responses. – Correct
What is an insider threat?
Someone who uses authorized access, wittingly or unwittingly, to harm national security through unauthorized disclosure or other actions that may cause the loss or degradation of resources or capabilities. – Correct
Based on the description that follows, how many potential insider threat indicator[s] are displayed? A colleague is playful and charming, consistently wins performance awards, and is occasionally aggressive in trying to access classified information.
1 indicator.
Based on the description that follows, how many potential insider threat indicator[s] are displayed? A colleague enjoys playing video games online, regularly use social media, and frequently forgets to secure her smartphone elsewhere before entering areas where it is prohibited.
1 indicator.
Based on the description that follows, how many potential insider threat indicator[s] are displayed? A colleague abruptly becomes hostile and unpleasant after previously enjoying positive working relationships with peers, purchases an unusually expensive new car, and has unexplained absences from work.
3 or more indicators. – Correct
Which of the following is a reportable insider threat activity?
Attempting to access sensitive information without need-to-know. – Not correct.
Which scenario might indicate a reportable insider threat?
A colleague removes sensitive information without seeking authorization in order to perform authorized telework. – Correct
Social Networking
A trusted friend in your social network posts a link to vaccine information on a website unknown to you. What action should you take?
Research the source to evaluate its credibility and reliability.
Which piece of information is safest to include on your social media profile?
Your favorite movie. – Correct Photos of your pet – Correct
When may you be subject to criminal, disciplinary, and/or administrative action due to online harassment, bullying, stalking, hazing, discrimination, or retaliation?
If you participate in or condone it at any time.
How can you protect yourself on social networking sites?
Validate friend requests through another source before confirming them. – Correct
Which of the following statements is true?
Many apps and smart devices collect and share your personal information and contribute to your online identity.
Which of the following statements is true?
Adversaries exploit social networking sites to disseminate fake news – Correct.
Which of the following is a security best practice when using social networking sites?
Accepting the default privacy settings. – Maybe
Controlled Unclassified Information
Which designation marks information that does not have potential to damage national security?
Unclassified – Correct
Which designation includes Personally Identifiable Information [PII] and Protected Health Information [PHI]?
Controlled unclassified information. – correct
What is a best practice for protecting controlled unclassified information [CUI]?
Store it in a locked desk drawer after working hours. – correct
Which of the following is true of Controlled Unclassified information [CUI]?
CUI must be handled using safeguarding or dissemination controls. – Correct
Which of the following is true of Protected Health Information [PHI]?
It is created or received by a healthcare provider, health plan, or employer. – Correct
Which of the following is NOT an example of Personally Identifiable Information [PII]?
High school attended. – correct
Which of the following is a security best practice for protecting Personally Identifiable Information [PII]?
Only use Government-furnished or Government-approved equipment to process PII. – correct
Which of the following best describes a way to safely transmit Controlled Unclassified Information [CUI]?
Paul verifies that the information is CUI, includes a CUI marking in the subject header, and digitally signs an e-mail containing CUI. – Maybe John submits CUI to his organization’s security office to transmit it on his behalf. not – correct Debra ensures – not correct Prudence faxes CUI using an Unclassified cover sheet via a Secret fax machine. – not correct
Which of the following is true of Unclassified Information?
It does not require markings or distribution controls. – not correct Aggregating it does not affect its sensitivyty level. – not correct It is releasable to the public without clearance. – not correct
Physical Security
Which of the following best describes good physical security?
Lionel stops an individual in his secure area who is not wearing a badge. – Correct
Which Cyber Protection Condition [CPCON] establishes a protection priority focus on critical functions only?
CPCON 1. – Correct
Identity Management
Which of the following is an example of a strong password?
%2ZN=Ugq – correct
What is the best way to protect your Common Access Card [CAC] or Personal Identity Verification [PIV] card?
Store it in a shielded sleeve. – Correct
Which of the following is true of the Common Access Card [CAC] or Personal Identity Verification [PIV] card?
You should remove and take your CAC/PIV card whenever you leave your workstation. – correct
Which of the following is true of using DoD Public key Infrastructure [PKI] token?
It should only be in a system while actively using it for a PKI-required task. – Correct
Which of the following is true of the Common Access Card [CAC]?
It contains certificates for identification, encryption, and digital signature. – correct
Which of the following is an example of two-factor authentication?
A Common Access Card and Personal Identification Number. – correct
Sensitive Compartmented Information
What must authorized personnel do before permitting another individual to enter a Sensitive Compartmented Information Facility [SCIF]?
Confirm the individual’s need-to-know and access. – correct
Which of the following is true of Security Classification Guides?
They broadly describe the overall classification of a program or system. – Not correct They provide guidance on reasons for and duration of classification of information.
Which of the following is true of Sensitive Compartmented Information [SCI]?
Access requires a formal need-to-know determination issued by the Director of National Intelligence.??Access requires Top Secret clearance and indoctrination into SCI program.???
Which of the following is true of sharing information in a Sensitive Compartmented Information Facility [SCIF]?
Individuals must avoid referencing derivatively classified reports classified higher than the recipient.???
A compromise of Sensitive Compartmented Information [SCI] occurs when a person who does not have the required clearance or access caveats comes into possession of SCI_________.???
In any manner.
Which of the following is true of transmitting Sensitive Compartmented Information [SCI]?
You many only transmit SCI via certified mail. – not correct
Malicious Code
Which of the following is NOT a type of malicious code?
Macros. – Not correct.
Which of the following is true of downloading apps?
For Government-owned devices, use approved and authorized applications only. – Correct
Website Use
Which of the following actions can help to protect your identity?
Shred personal documents.
Social Engineering
What type of social engineering targets senior officials?
Whaling. – correct
How can you protect yourself from social engineering?
Verify the identity of all individuals.???
What actions should you take with a compressed Uniform Resource Locator [URL] on a website known to you?
Right-click the link and select the option to preview???
Which of the following is true?
Digitally signed e-mails are more secure. – correct
Which of the following is true of internet hoaxes?
They can be part of a distributed denial-of-service [DDoS] attack. – correct
Travel
Which of the following is a concern when using your Government-issued laptop in public?
Others may be able to view your screen. The physical security of the device. – Correct
Use of GFE
Which of the following personally-owned computer peripherals is permitted for use with Government-furnished equipment?
A headset with a microphone through a Universal Serial Bus [USB] port. – correct
Mobile Devices
Which of the following is an example of removable media?
Memory sticks, flash drives, or external hard drives. – correct
How can you protect data on your mobile computing and portable electronic devices [PEDs]?
Enable automatic screen locking after a period of inactivity. – correct
Home Computer Security
Which of the following is true of Internet of Things [IoT] devices?
They can become an attack vector to other devices on your home network. – correct
Cyber Awareness Challenge 2022 Knowledge Check Answers
*UNCONTROLLED CLASSIFIED INFORMATION*
Which of the following is NOT a correct way to protect CUI?
CUI may be stored on any password-protected system.
Which of the following is a good practice to prevent spillage
Be aware of classification markings and all handling caveats.
*Spillage
Which of the following may help prevent inadvertent spillage?
Label all files, removable media, and subject headers with appropriate classification markings.
Which of the following is not considered a potential insider threat indicator?
New interest in learning another language
Which of the following is a good practice to protect classified information
Ensure proper labeling by appropriately marking all classified material.
Which of the following is true of traveling overseas with a mobile phone
Physical security of mobile phones carried overseas is not a major issue.
*Classified Data Which of the following individuals can access classified data?
Darryl is managing a project that requires access to classified information. He has the appropriate clearance and a signed, approved, non-disclosure agreement.
Which of the following best describes the sources that contribute to your online identity
Data about you collected from all sites, apps, and devices that you use can be aggregated to form a profile of you.
Which of the following is true of telework?
You must have your organization’s permission to telework.
*SOCIAL NETWORKING*
Which of the following is a security best practice when using social networking sites?
Understanding and using the available privacy settings.
Which scenario might indicate a reportable insider threat security incident?
A coworker is observed using a personal electronic device in an area where their use is prohibited.
Based on the description that follows how many potential insider threat indicators are displayed?
3 or more indicators
What can help to protect the data on your personal mobile device
Secure personal mobile devices to the same level as Government-issued systems.
You receive an inquiry from a reporter about potentially classified information on the internet. How do you respond?
Refer the reporter to your organization’s public affairs office
How should you protect a printed classified document when it is not in use?
Store it in a GSA approved vault or container.
Which of the following actions is appropriate after finding classified Government information on the internet?
Note any identifying information and the website’s URL
How many insider threat indicators does Alex demonstrate?
Three or more.
Which of the following information is a security risk when posted publicly on your social networking profile?
Your birthday
Which may be a security issue with compressed urls?
There is no way to know where the link actually leads.
Which of the following may help to prevent inadvertent spillage?
Label all files, removable media, and subject headers with appropriate classification markings.
A colleague asks to leave a report containing protected health information [PHI] on his desk overnight so he can continue working on it the next day. How do you respond?
tell your colleague that it needs to be secured in a cabinet or container
**Insider Threat Which type of behavior should you report as a potential insider threat?
Hostility or anger toward the United States and its policies.
Which of the following represents an ethical use of your Government-furnished equipment [GFE]?
E-mailing your co-workers to let them know you are taking a sick day
Which of the following is NOT an example of sensitive information?
press release data
What do you do if a spillage occurs?
Immediately notify your security point of contact.
What does Personally Identifiable information [PII] include?
Social Security Number, date and place of birth, mother’s maiden name
What is an indication that malicious code is running on your system?
file corruption
What should you consider when using a wireless keyboard with your home computer?
Reviewing and configuring the available security features, including encryption.
[Physical Security] which Cyberspace Protection Condition [CPCON] establishes a protection priority focus on critical and essential functions only?
CPCON 2 [High: Critical and Essential Functions] – CPCON 1 [Very High: Critical Functions] CPCON 3 [Medium: Critical, Essential, and Support Functions] CPCON 4 [Low: All Functions] CPCON 5 [Very Low: All Functions]
Which of the following is true of protecting classified data?
Classified material must be appropriately marked.
What is required for an individual to access classified data?
Appropriate clearance; signed and approved non-disclosure agreement; and need-to-know.
Which of the following is a best practice for physical security?
Report suspicious activity.
Which of the following should be reported as a potential security incident?
A coworker removes sensitive information without authorization
What are some potential insider threat indicators?
difficult life circumstances such as substance abuse, divided loyalty or allegiance to the U.S., and extreme, persistent interpersonal difficulties
When is the best time to post details of your vacation activities on your social networking website?
When your vacation is over, and you have returned home.
When can you check personal email on your government furnished equipment?
If your organization allows it.
Which of the following does not constitute spillage
Classified information that should be unclassified and is downgraded.
Which of the following is a best practice to protect information about you and your organization on social networking sites and applications?
Use only personal contact information when establishing personal social networking accounts, never use Government contact information.
You have reached the office door to exit your controlled area. As a security best practice, what should you do before exiting?
Remove your security badge, common access card [CAC], or personal identity verification [PIV] card.
What certificates are contained on the DoD Public Key Infrastructure [PKI] implemented by the Common Access Card [CAC]/Personal Identity Verification [PIV] card?