Question Distractors References Linked Competency

Similar documents
Security Asset Protection Professional Certification (SAPPC) Competency Preparatory Tools (CPT)

August Initial Security Briefing Job Aid

Question Distractors References Linked Competency

Introduction to Industrial Security, v3

Personnel Clearances in the NISP

General Security. Question Answer Policy Resource

Department of Defense MANUAL

Question Distractors References Linked Competency

Industrial Security Program

REPORT ON COST ESTIMATES FOR SECURITY CLASSIFICATION ACTIVITIES FOR 2005

Security Classification Guidance v3

Student Guide: North Atlantic Treaty Organization

DODEA ADMINISTRATIVE INSTRUCTION , VOLUME 1 DODEA PERSONNEL SECURITY AND SUITABILITY PROGRAM

Department of Health and Human Services (HHS) National Security Information Manual, February 1, 2005

GAO INDUSTRIAL SECURITY. DOD Cannot Provide Adequate Assurances That Its Oversight Ensures the Protection of Classified Information

DoD M OPERATING MANUAL. February

Course No. S-3C-0001 Student Guide Lesson Topic 7.2 LESSON TOPIC 7.2. Personnel Security Investigations

Department of Defense INSTRUCTION

February 11, 2015 Incorporating Change 4, August 23, 2018

Department of Defense DIRECTIVE

PREPARATION OF A DD FORM 254 FOR SUBCONTRACTING. Cal Stewart ISP

Department of Defense INSTRUCTION. SUBJECT: DoD Information Security Program and Protection of Sensitive Compartmented Information

DEPARTMENT OF DEFENSE (DoD) INITIAL TRAINING GUIDE

Contract Security Classification Specification. DD-254 Guidance

Student Guide Course: Original Classification

Department of Defense INSTRUCTION. DoD Unclassified Controlled Nuclear Information (UCNI)

Introduction to Personnel Security

Department of Defense INSTRUCTION

Department of Defense INSTRUCTION

Department of Defense INSTRUCTION

Department of Defense DIRECTIVE

FSO Role in the NISP. Student Guide. Lesson 1: Course Introduction. Course Information. Course Overview

Department of Defense MANUAL

Department of Defense INSTRUCTION. Access to and Dissemination of Restricted Data and Formerly Restricted Data

OVERLOOK SYSTEMS TECHNOLOGIES, INC. Standard Practice Procedure

Department of Defense DIRECTIVE

Department of Defense MANUAL

Department of Defense MANUAL

Department of Defense INSTRUCTION. SUBJECT: Security of Unclassified DoD Information on Non-DoD Information Systems

COMPLIANCE WITH THIS PUBLICATION IS MANDATORY (AFMC)

A Guide. Preparation. DD Form 254. for the. of a. National Classification Management Society. Defense Security Service

Defense Security Service Academy OCA Desk Reference Guide

Department of Defense DIRECTIVE. DoD Executive Agent (EA) for the DoD Cyber Crime Center (DC3)

The DD254 & You (SBIR)

SUMMARY FOR CONFORMING CHANGE #1 TO DoDM , National Industrial Security Program Operating Manual (NISPOM)

8/15/2013. Security Incidents Involving Special Circumstances. Information Security Webinar. Danny Jennings. DCO Meeting Room Navigation

CHAPTER 1 General Provisions and Requirements

Acquisitions and Contracting Basics in the National Industrial Security Program (NISP)

Department of Defense DIRECTIVE

Preserving Investigative and Operational Viability in Insider Threat

Overview of Physical Security and Protective Measures

Department of Defense INSTRUCTION

Question Distractors References Linked Competency

Department of Defense DIRECTIVE

Q-53 Security Training: Transmitting and Transporting Classified Information, Part I

This page left blank.

SECURITY OF CLASSIFIED MATERIALS W130119XQ STUDENT HANDOUT

Army Regulation Security. Department of the Army. Information Security Program. Headquarters. Washington, DC 29 September 2000 UNCLASSIFIED

Suggested Contractor File Folder Headings

Department of Defense DIRECTIVE

This publication is available digitally on the AFDPO WWW site at:

NATO SECURITY INDOCTRINATION

CHAIRMAN OF THE JOINT CHIEFS OF STAFF INSTRUCTION

Department of the Navy. Information Security Program

Department of Defense DIRECTIVE

Defense Security Service Intelligence Oversight Awareness Training Course Transcript for CI

Self-Inspection Handbook for NISP Contractors

Protection of Classified National Intelligence, Including Sensitive Compartmented Information

COMPLIANCE WITH THIS PUBLICATION IS MANDATORY

DEPUTY SECRETARY OF DEFENSE 1010 DEFENSE PENTAGON WASHINGTON, D.C

SUBJECT: Directive-Type Memorandum (DTM) Law Enforcement Reporting of Suspicious Activity

EXECUTIVE ORDER 12333: UNITED STATES INTELLIGENCE ACTIVITIES

Department of Defense INSTRUCTION

NATIONAL INDUSTRIAL SECURITY PROGRAM OPERATING MANUAL

Department of Defense DIRECTIVE. SUBJECT: Department of Defense Unclassified Controlled Nuclear Information (DoD UCNI)

Department of the Army TRADOC Memorandum Headquarters, United States Army Training and Doctrine Command Fort Eustis, Virginia

Department of Defense INSTRUCTION

DEPARTMENT OF DEFENSE CONTRACT SECURITY CLASSIFICATION SPECIFICATION

Department of Defense MANUAL

Department of Defense Suitability and Fitness Guide

Department of Defense DIRECTIVE

NATIONAL DEFENSE INDUSTRIAL (NDIA)

CHAPTER 3. SECURITY TRAINING AND BRIEFINGS Section 1. Security Training and Briefings 3-1-1

DEPARTMENT OF THE NAVY OFFICE OF THE CHIEF OF NAVAL OPERATIONS 2000 NAVY PENTAGON WASHINGTON, DC

Subj: DEPARTMENT OF THE NAVY (DON) INFORMATION SECURITY PROGRAM (ISP) INSTRUCTION

Department of Defense DIRECTIVE

Department of Defense INSTRUCTION

Department of Defense MANUAL

Department of Defense DIRECTIVE

AskPSMO-I: Interim Determination Process

INSIDER THREATS. DOD Should Strengthen Management and Guidance to Protect Classified Information and Systems

Revised Mar Standard Practice Procedures For Security Services. George Mason University 4400 University Drive, MSN 6D4, Fairfax, Virginia 22030

Department of Defense DIRECTIVE

SECURITY OF CLASSIFIED MATERIALS B STUDENT HANDOUT

Balancing Requirements

NATO UNCLASSIFIED. 5 December 2006 DOCUMENT C-M(2002)49-COR3 SECURITY WITHIN THE NORTH ATLANTIC TREATY ORGANISATION

Introduction to the Department of the Navy Information and Personnel Security Program

Department of Defense INSTRUCTION

Department of Defense INSTRUCTION

APPENDIX N. GENERIC DOCUMENT TEMPLATE, DISTRIBUTION STATEMENTS AND DOCUMENT DATA SHEET and THE IMPORTANCE OF MARKING DOCUMENTS

Transcription:

SFPC Example Questions Please note: Cyber items are indicated with a ** at the end of the practice test questions. 1. Which of the following is a true statement regarding the special handling requirements of Foreign Government Information (FGI)? a. When the classification marking on a document containing FGI is not in English, or when the foreign government marking requires a different degree of protection than the same U.S. classification designation, a U.S. marking that results in a degree of protection equivalent to that required by the foreign government shall be applied. b. A U.S. document containing FGI cannot be declassified or downgraded below the highest level of FGI contained in the document without the permission of the foreign government or international organization that originated the information. c. Those holding security clearances issued by the U.S. government cannot access U.S. documents containing FGI without written consent from the originating foreign government. d. The receiving DoD Components must maintain records for 1 year of the receipt, internal distribution, destruction, annual inventory, access, reproduction, and transmittal of foreign government Top Secret information. 5200.01, Volume 4, February 24, 2012 5200.01, Volume 1, February 24, 2012 SFPC CPT Page 1

2. Two security professionals Paul and Ashley are discussing the destruction of classified information. Paul says the destruction of classified documents and material shall be accomplished by means that eliminate risk of reconstruction of the classified information they contain. Ashley says the material that has been identified for destruction shall continue to be protected, as appropriate, for its classification until it is actually destroyed. Who is correct? a. Paul is correct b. Ashley is correct c. Paul and Ashley are both correct d. Paul and Ashley are both incorrect 5200.01, Volume 3, March 19, 2013, page 60-61 3. A paragraph of a document which includes an (N) as part of the portion marking indicates what specific type of classified information is contained in the paragraph? a. The additional (N) in the portion marking denotes that the classified material in the paragraph contains North Atlantic Treaty Organization (NATO) information. b. The additional (N) in the portion marking denotes that the classified material in the paragraph contains Critical Nuclear Weapons Design Information (CNWDI). c. The additional (N) in the portion marking indicates that only those with Sensitive Compartmented Information (SCI) access eligibility may access such information. d. The additional (N) in the portion marking denotes that dissemination of such information may be made only to properly cleared Nuclear Regulatory Commission (NRC) personnel. 5200.01, Volume 2, March 19, 2013, pages 17-18 SFPC CPT Page 2

4. Which of the following is a requirement for access to North Atlantic Treaty Organization (NATO) information? a. Personnel has been subject of a Single Scope Background Investigation (SSBI), including a National Agency Check (NAC) on the spouse and all members of the individual s immediate family of 18 years of age or over who are United States citizens other than by birth or who are resident aliens. b. Personnel has been subject of a favorably adjudicated background investigation (BI) (10-year scope), Tier 5, current within five years prior to the assignment, and completed a NATO brief. c. Personnel has been subject of a favorably adjudicated BI (10-year scope), Defense National Agency Check with Inquiries (DNACI)/ National Agency Check with Inquiries (NACI) or NACI Entrance National Agency Check (ENTNAC), current within five years prior to the assignment. d. Personnel requiring access to NATO COSMIC (Top Secret) or SECRET information must at least possess the equivalent interim U.S. security clearance. 5200.01, Volume 1, February 24, 2012, page 30 5. According to Executive Order 13556, which of the following is considered a type of controlled unclassified information (CUI)? a. Communications Security (COMSEC) Information b. Declassified Information c. Law Enforcement Sensitive (LES) Information d. North Atlantic Treaty Organization (NATO) Information Executive Order 13556 SFPC CPT Page 3

6. What is the purpose of marking classified materials? a. To alert holders to the presence of classified information, how to properly protect it, and for how long. b. To deter foreign adversaries from committing actions aimed at accessing such information. c. To provide guidance for interpretation and analysis of classified information. d. To alert holders to the methods used to collect classified information. 5200.01, Volume 2, March 19, 2013, pages 17-18 7. What is included in the markings of classified information? a. Derivative classifier as the authority to make declassification determinations. b. Agencies and authorities that have previously accessed the classified information. c. Document holder as the sole authority to make transfer and dissemination determinations. d. Sources and reasons for the classification. 5200.01, Volume 2, March 19, 2013, pages 17-18 8. What is the purpose of the Controlled Access Program Coordination (CAPCO) register? a. To identify the categories, types, and levels of Special Access Programs (SAPs.) b. To define the authorities for classifying, declassifying, and regrading sensitive documents. c. To identify the official classification and control markings, and their authorized abbreviations and portion markings. d. To define the requirements, restrictions, and measures necessary to safeguard classified information from unauthorized disclosure. 5200.01, Volume 2, March 19, 2013 SFPC CPT Page 4

9. When a classified data spill occurs, who is responsible for ensuring that policy requirements for addressing an unauthorized disclosure are met? a. Activity Security Manager b. Information Assurance Staff c. Information Assurance Manager d. Information Assurance Officer DoDM 5200.01 10. There are five information assurance attributes that are important to protect and defend DoD networks and information. If there was a loss in nonrepudiation, what would this cause in relation to information assurance?** a. Data is no longer reliable, accurate, nor trusted. b. Data may potentially be available to unauthorized users via electronic form. c. General communications are no longer trusted. d. Potential of unauthorized access to classified data. e. Data is no longer available to authorized users, and missions cannot be conducted. DoDM 5200.01- V3 & Cyber SFPC CPT Page 5

11. Which of the following examples describes a security violation rather than a security infraction? a. On a busy day, Karen printed classified documents on the printer in her open storage/secure room. She forgot about the documents and they remained on the printer for about an hour before she retrieved them. b. Karen was late for a meeting in a different area of her building. She put a classified document in a folder she believed was marked for carrying classified materials. When handing out the materials, Karen realized that the folder was not marked for carrying classified materials, she had put the documents in the wrong folder. c. At the end of the day, Karen was leaving and taking with her unclassified documents she would review at home. When she began to review those documents that night, she realized that classified materials had slipped in between the unclassified materials. d. Karen was working a mission related to Mexican Drug cartel operating out of Playa Carmen. Her husband planned a golf trip with friends to that area. She advised him not to go, and believing that it was a safety issue, she provided sensitive details about the cartel to make sure that he did not go. 5200.01, Volume 3, March 19, 2013, page 86 12. The inability to deny you are the sender of an email would be an indication of a lapse in:** a. Non-Repudiation b. Confidentiality c. Integrity d. Availability Committee on National Security Systems Instruction No. 4009, Glossary 5200.01, Volume 3, March 19, 2013, page 105 & Cyber SFPC CPT Page 6

13. Unauthorized disclosure and loss of privacy is a lapse in:** a. Confidentiality b. Integrity c. Availability d. Authentication Committee on National Security Systems Instruction No. 4009, Glossary 5200.01, Volume 3, March 19, 2013, page 86 14. Which of the following is the first action done to downgrade, declassify or remove classification markings? a. Through the appropriate chain of command, contact the original classification authority (OCA) to confirm that information does not have an extended classification period. b. Change the classification authority block to indicate Declassify ON: to show the new declassification instructions. c. Take all classification markings off the document and redistribute. d. Request a waiver from the Information Security Oversight. Office (ISOO) to remove the declassification markings. 5200.01, Volume 2, March 19, 2013, page 35-36 15. All of the following are requirements to perform classified activities from non-traditional locations (e.g., the employees home), EXCEPT: a. The employee must be trained to operate classified information systems. b. The employee must be trained on protection and storage of classified information and Communications Security (COMSEC) materials. c. The employee must receive written approval for use of classified information and equipment at home. d. The employee must have an office space that meets requirements comparable to the Sensitive Compartmented Information Facility (SCIF). 5200.01, Volume 3, March 19, 2013, page 108-109 SFPC CPT Page 7

16. What is the purpose of the Personnel Security Program (PSP)? a. To define original classification for DoD assets and information. b. To designate individuals for positions requiring access to classified information. c. To ensure that only loyal, trustworthy, and reliable individuals may access classified information or perform sensitive duties. d. To describe the safeguarding requirements personnel must employ when handling classified materials at a cleared contractor facility. 5200.2-R, February 23, 1996, pages 13-93 17. DoD reciprocally accepts existing national security eligibility determinations or clearances from other Government agencies in accordance with which of the following policy documents? a. Office of Management and Budget Memorandum M-05-24, Implementation of Homeland Security Presidential Directive (HSPD) 12 - Policy for a Common Identification Standard for Federal Employees and Contractors,. b. Executive Order 13467, Reforming Processes Related to Suitability for Government Employment, Fitness for Contractor Employees, and Eligibility for Access to Classified National Security Information. c. Sections 301 and 7532 of title 5, United States Code. d. Executive Order 13526, Classified National Security Information. 5200-02-R SFPC CPT Page 8

18. Review of Tier 5 on an individual disclosed that the subject had been a member of an anarchist organization dedicated to disestablishing existing Federal laws and overthrowing the U.S. government by any means necessary, including violence. Although the subject terminated his membership with the organization upon learning he would be investigated for a clearance for his new position, he still maintains social contact with several members of the anarchist organization. Based on this information, which of the following adjudicative guidelines is most appropriate for an adjudicator to apply to the case? a. Psychological Conditions b. Foreign Preference c. Allegiance to the United States d. Criminal Activity 5200-02-R, Appendix 8 19. Which of the following is considered an element of the Personnel Security Program (PSP)? a. Risk Assessment and Analysis b. Implementation c. Classification d. Continuous Evaluation 5200.2-R, February 23, 1996, pages 13-93 SFPC CPT Page 9

20. Limited access to classified information for specific programs may be approved for non-u.s. citizens only under which of the following conditions? a. The subject is eligible to access material marked by a foreign government that is equivalent to a U.S. Top Secret classification marking. b. The subject will only have one-time access to specific material, after which the material will be appropriately destroyed or returned to the originating U.S. agency c. The subject will only have access to classified U.S. documents containing Foreign Government Information (FGI) originating from the foreign country of which the subject is a citizen. d. The prior 10 years of the subject s life can be appropriately investigated. 5200-02-R 21. Which of the following is the investigative requirement for access to Single Integrated Operational Plan-Extremely Sensitive Information (SIOP- ESI)? a. Individual has a valid favorably adjudicated Tier 5 or Single Scope Background (SSBI) Investigation. b. Individual has a valid favorable adjudicated Tier 3 or National Agency Check with Local Agency Check (NACLC) investigation. c. Individual has a valid favorably adjudicated Tier 3 or Access National Agency Check with Written Inquiries and Credit Check (ANACI) investigation. d. Individual has a valid favorably adjudicated Tier. 5200.2-R, February 23, 1996 SFPC CPT Page 10

22. Which of the following is not qualifying criteria for personnel assigned to nuclear weapons personnel reliability assurance positions? a. Individual must be a U.S. Citizen b. Individual has a security clearance eligibility in accordance with the position c. Individual is subject to a periodic reinvestigation every three years d. Individual must be continuous evaluated 5200-02-R 23. Which of the following is correct regarding the investigation requirement for initial assignment to a Presidential Support Activities (i.e. Yankee White) Category 2 position? a. Favorably completed Tier 5/Single Scope Background Investigation (SSBI) within 36 months preceding selection. b. Favorably completed Tier 3/National Agency Check with Local Agency Check (NACLC) within 36 months preceding selection. c. Favorably completed Tier 5/SSBI within 24 months preceding selection. d. Favorably completed Tier 3/NACLC within 24 months preceding selection. 5200.2-R, February 23, 1996, pages 29-31 SFPC CPT Page 11

24. Which of the following adjudication processes refers to a person s identifiable character traits and conduct sufficient to decide whether employment or continued employment would or would not protect the integrity or promote the efficiency of the Federal service? a. Homeland Security Presidential Directory (HSPD) 12 credentialing b. National security adjudication c. Suitability adjudication d. Continuous evaluation 5200-02-R 25. All unclassified DoD information in the possession or control of non-dod entities on non-dod information systems, to the extent provided by the applicable grant, shall minimally be safeguarded under which of the following standards? a. Information holders must use the Secret Internet Protocol Router Network (SIPRNET) to transmit such information. b. Such information may be store in an open storage area, provided the room is equipped with an Intrusion Detection System (IDS) with the personnel responding to an alarm within 15 minutes of the alarm annunciation. c. Such information must be stored in a General Services Administration (GSA)-approved security container equipped with a lock meeting FF-L-2740 standards. d. Organizational wireless connections holding such information must be encrypted, and those accessing such information must use encrypted wireless connections where available when traveling. 5200.01, Volume 2, March 19, 2013 5200.01, Volume 3, March 19, 2013 5220.22-R, December 4, 1985 5220.22-M, February 28, 2006 SFPC CPT Page 12

26. Copies of personnel security investigative reports must be destroyed by DoD recipient organizations, within how many days following completion of the necessary personnel security determination? a. 30 days b. 45 days c. 60 days d. 90 days DoD 5200.2-R 27. Which of the following limitations is true regarding Limited Access Authorization (LAA) to non-u.s. citizens? a. LAAs shall only be granted access at the Secret and Confidential levels. b. A favorably completed and adjudicated Tier 3 or National Agency Check with Local Agency Check (NACLC). investigation within the last five years is required. c. An LAA is the same as a security clearance eligibility. d. Access to classified information Is not limited to a specific program or project. DoD 5200.2-R 28. Which of the following is not considered when making a security clearance eligibility determination? a. Education Level b. Alcohol consumption c. Financial considerations d. Psychological Conditions DoD 5200.2-R 29. A position designated as a DoD noncritical-sensitive civilian position may fall under any of the following criteria, EXCEPT: a. A position not requiring eligibility for access to classified information, but having the potential to cause significant or serious damage to the national security. b. A position requiring eligibility for access to Top Secret information. c. A position requiring eligibility for access to confidential information. d. A position requiring eligibility for access to secret information. DoD 5200.2-R SFPC CPT Page 13

30. What information must a statement of reasons (SOR) include? a. SOR must state why an unfavorable national security eligibility determination is being proposed. b. SOR must explain each security concern and state the specific facts that trigger each security concern. c. The SOR must identify applicable adjudicative guideline(s) for each concern, and provide the disqualifying conditions and mitigating conditions for each guideline. d. All of the Above DoD 5200.2-R 31. Which type of briefing is used to obtain confirmation that a cleared employee agrees never to disclose classified information to an unauthorized person? a. Special Briefings Courier b. Original Classification Authority (OCA) Briefing c. Special Briefings Non-Disclosure d. Debriefing 5200.01-M February 24, 2012 32. is the security system performance goal of immediate indication of deliberate attempts, security probing and warning for inadvertent or mistaken intention is an example of which system security capability? a. Detect b. Assessment c. Deterrence d. Delay DoD 5200.08- R Phys Sec SFPC CPT Page 14

33. Two security professionals - Paul and Ashley - are discussing secure rooms, containers, and vaults. Paul says weapons or sensitive items such as funds, jewels, or precious metals should not be stored in the same security container as classified information. Ashley says the General Service Administration approves security containers used to store classified information. Who is correct? a. Paul is correct b. Ashley is correct c. Paul and Ashley are both correct d. Paul and Ashley are both incorrect 5200.01-V3 February 24, 2012, page 45-46 Phys Sec 34. Which of the following is not a distinct phase of the Intrusion Detection System? a. Detection b. Control c. Assessment d. Response DoDM 5200.01-V3 Phys Sec 35. Which of the following would be considered a public safety crime? a. Theft of ammunition shipment for the purpose of criminal or gang related activity. b. Theft of sensitive, proprietary information relating to US aerospace and defense technologies. c. Deliberate destruction of DoD assets or interruption of normal operations. d. Theft of an item and use of it outside of its intended purpose or without permission. 5200.08-R, May 27, 2009 Phys Sec SFPC CPT Page 15

36. Which of the following best describes the goal of the Physical Security Program? a. To ensure that industry safeguards the classified information in their possession, while performing work on contracts, bids, or research and development efforts on behalf of the government. b. To protect assets against compromise resulting from activities such as espionage, sabotage, terrorism, damage or loss, and criminal. c. To ensure that only loyal, trustworthy, and reliable individuals may access classified information or perform sensitive duties. d. To create uniform policies and procedures for defense acquisition by all executive agencies. 5200.08-R, May 27, 2009, page 12-15 Phys Sec 37. Preventing unauthorized access to information and equipment, safeguarding DoD assets against espionage and criminal activity, and providing the means to counter threats when preventative measures are ignored, best characterize the primary functions of which of the following programs or processes? a. Physical Security Program b. Operations Security (OPSEC) process c. Security incident response process d. Personnel Security Program 5200.08-R, May 27, 2009, page 12-15 Phys Sec SFPC CPT Page 16

38. The process of integrating active and passive complementary physical security measures to ensure the protection of DoD assets is known as which of the following concepts? a. Area security b. Threat-vulnerability assessment c. Security-in-depth d. Point security 5200.08-R, May 27, 2009, page 12-15 Phys Sec 39. The stealing of sensitive, proprietary information related to U.S. aerospace and defense technologies with the intent to provide such information to a foreign adversary is an example of which type of threat to DoD assets? a. Criminal activity b. Economic espionage c. Treason d. Terrorism 5200.08-R, May 27, 2009 Phys Sec 40. When a Terrorism Threat Level is escalated from LOW to MODERATE, a DoD Component Head should employ which of the following countermeasures? a. Cease all flying except for specifically authorized operational sorties. b. Direct the execution of advance site reviews to facilitate the antiterrorism planning process. c. Encourage dependent family members to complete Level I Antiterrorism Awareness Training before any travel outside the continental United States (OCONUS). d. Conduct an immediate Terrorism Vulnerability Assessment for off-installation housing, schools, daycare centers, transportation. 2000.12, September 9, 2013 Phys Sec SFPC CPT Page 17

41. Requests for authorizing disclosure of classified information during visits must include all the following information, EXCEPT: a. The explanation of the government purpose to perform when disclosing classified information. b. The subject of the meeting, scope of classified topics and classification level c. Expected time and location of the meeting. d. The main content of the invitation to send to the participants. DoD 5220.22-M Indus Sec 42. Two security professionals Paul and Ashley are discussing the security procedures for visits and meetings. Paul says visits must serve a specific U.S. Government purpose. Ashley says DoD Components should, as a minimum, establish procedures that include verification of the identity, personnel security clearance, access (if appropriate), and need-to-know for all visitors. Who is correct? a. Paul is correct b. Ashley is correct c. Paul and Ashley are both correct d. Paul and Ashley are both incorrect 5220.22-M, February 28, 2006 page 6-2-2 Indus Sec 43. Executive Order 12829, signed in January 1993, mandated that which of the following entities be responsible for implementing and monitoring the National industrial Security Program (NISP)? a. Director of the Information Security Oversight Office (ISOO) b. Secretary of Defense c. National Security Council (NSC) d. Director, Defense Security Services (DSS) Executive Order 12829 Indus Sec SFPC CPT Page 18

44. What is the role of the government contracting activity (GCA), or cleared prime contractor, when a contractor that does not have a Facility Clearance (FCL) wants to bid on a Request for Proposal (RFP) that requires access to classified information? a. The GCA must issue a formal letter rejecting the contractor s bid since the contractor does not have the requisite FCL. b. The contractor must submit a sponsorship request to DSS, who will decide whether to allow the contractor to bid on the contract. c. The GCA must sponsor the contractor for a facility security clearance by submitting a sponsorship request to DSS, which initiates the facility clearance process. d. The GCA must ensure that the all owners and senior management of the uncleared contractor are U.S. citizens and are eligible to be processed for a personnel security clearance. 5220.22-M February 28, 2006, page #7-1-1 Indus Sec 45. What is the purpose of the Federal Acquisition Regulations (FAR)? a. To codify and publish uniform policies and procedures for acquisition by all executive agencies. b. To manage DoD funds and prioritize the development of vital research and technology. c. To provide small businesses and minority owned companies an opportunity to compete in the government acquisition process. d. To promote uniform standards and best practices of technology acquisition across U.S. industry. 5220.22-M, February 28, 2006, 2-2-1, 4-1-2 Indus Sec 46. What is the role of the security professional during the Award Contract step of the contracting process? a. To ensure the appropriate classification level for the bid, and to define unique security requirements associated with the product. b. To interface with the Cognizant Security Organization (CSO) to ensure oversight is performed and review results of and previous assessments on behalf of component. c. To ensure that the contractor follows proper safeguarding and disposition guidance. d. To review and define the specific security requirements with the contracting officer specifically, block 13 of DD Form 254. 5220.22-M February 28, 2006, page #7-1-1 Indus Sec SFPC CPT Page 19

47. What is the purpose of DD Form 254? a. To convey security classification guidance and to advise contractors on the handling procedures for classified material. b. To document the formal agreement between the US government and a cleared contractor in which the contactor agrees to maintain a security program in compliance with the NISPOM and the government agrees to security guidance and program oversight. c. To validate details regarding the foreign ownership, control or influence affecting that cleared contractor facility. d. It replaces the actual contract document for any contract requiring access to classified information. 5220.22-R, December 4, 1985, page 213 and throughout Indus Sec 48. As part of Operations Security (OPSEC), a program coordinator should use which of the following tools to assess assets as part of the risk management process for critical information? a. Critical Information List b. Threat vulnerability matrix c. Risk Rating Table d. Security Classification Guide 5205.02-M, November 3, 2008 Gen Sec 49. What is the role of the Special Access Program Oversight Committee (SAPOC) during the maintenance phase of the Special Access Program (SAP) lifecycle? a. To ensure that the SAP has adequate Internal Review and Audit Compliance (IRAC) support, including accessed auditors at supporting offices, to meet program audit needs. b. To review existing programs annually to determine whether to revalidate them as SAPs. c. To provide oversight of SAP program and budget accomplishments. d. To provide oversight of SAP audits and inspections. 5205.11, February 6, 2013, page 22-26 Gen Sec SFPC CPT Page 20

50. Which of the following describes a Special Access Program (SAP) that is established to protect sensitive research, development, testing and evaluation, modification, and procurement activities? a. Research and Technology SAP b. Operations and Support SAP c. Acquisition SAP d. Intelligence SAP DoDM 5205.07 pgs3 18-19 Gen Sec 51. Which type of briefing is used to identify security responsibilities, provide a basic understanding of DoD security policies, and explain the importance of protecting government assets? a. Indoctrination Briefing b. Original Classification Authority (OCA) Briefing c. Foreign Travel Briefing d. Debriefing 5105.21-M, October 19, 2012, page 12 Gen Sec 52. Which type of briefing is used to reinforce the information provided during the initial security briefing and to keep cleared employees informed of appropriate changes in security regulations? a. Annual Refresher Briefings b. Indoctrination Briefings c. Attestation Briefings d. Courier Briefings 5200.2-R February 23, 1996 page 82 Gen Sec 53. Which step of the Operations Security (OPSEC) process would be applied when conducting exercises, red teaming and analyzing operations? a. Conduct a Risk Assessment b. Apply OPSEC Countermeasures c. Conduct a Threat Analysis d. Conduct a Vulnerability Analysis DoD 5205.02- M Gen Sec SFPC CPT Page 21

54. Which step of the Operations Security (OPSEC) process would be applied when identifying potential adversaries and the associated capabilities and intentions to collect, analyze, and exploit critical information and indicators? a. Conduct a Vulnerability Analysis b. Conduct a Threat Analysis c. Conduct a Risk Assessment d. Apply OPSEC Countermeasures DoD 5205.02-M Gen Sec 55. Please determine which of the following is an element of an Operations Security (OPSEC) Assessment. a. Small in scale and focused on evaluating the effectiveness of the OPSEC program. b. Conducted on an annual basis. c. Uses external resources collectively to conduct with or without the use of indigenous resources. d. Determines the likelihood that critical information can be protected based on procedures that are currently in place. DoD 5205.02-M Gen Sec 56. To provide access to Social Media sites, the DoD agency must provide all of the following, EXCEPT: a. Protection against malware and advance threats. b. Blocked access to prohibited sites and content. c. Individual compliance with Joint Ethics Regulations and guidelines. d. Constant monitoring to deter inappropriate site access. DoDMI 5200.01, Volume 3, March 19, 2013, page 110; Directive-Type Memorandum 09-026 SFPC CPT Page 22

57. Who s responsibility is it during the categorize steps to identify a potential impact (low, moderate, or high) due to loss of confidentiality, integrity, and availability if a security breach occurs?** a. Information System Owner (ISO) b. Information Owner (IO) c. Information System Security Manager (ISSM) d. Authorizing Official (AO) DoDI 8510.01 Gen Sec & Cyber 58. Please determine which of the following is an example of reportable foreign intelligence contacts, activities, indicators, and behaviors. a. Authorizing others to acquire unauthorized access to classified or sensitive information systems. b. Unauthorized downloads or uploads of sensitive data. c. Network spillage incidents or information compromise. d. Use of DoD account credentials by unauthorized parties. DoDD 5240.06 Gen Sec 59. Limiting nonsecure computer e-mail messages to nonmilitary activities and not providing operational information in nonsecure e-mail messages are functions of which OPSEC measure? a. Operational and Logistic Measures b. Technical Measures c. Administrative Measures d. Operations Security and Military Deception JP-3-13.3 Gen Sec SFPC CPT Page 23

60. Which of the following is NOT a category of Information Technology (IT)?** a. Platform Information Technology (PIT) b. Information Technology Services c. Information Technology Products d. Information Technology Applications DoDI 8510.01 Gen Sec & Cyber 61. What step within the Risk Management Framework (RMF) does system categorization occur?** a. Categorize Information System b. Select Security Controls c. Implement Security Controls d. Assess Security Controls e. Authorize f. Monitor Security Controls DoDI 8510.01 March 12, 2014, page 20-38 DoDI 8530.01, March 7, 2016 Gen Sec & Cyber 62. At what step of the Risk Management Framework (RMF) would you develop a system-level continuous monitoring strategy? ** a. Categorize Information System b. Select Security Controls c. Implement Security Controls d. Assess Security Controls e. Authorize f. Monitor Security Controls DoDI 8510.01 March 12, 2014, page 20-38 Gen Sec & Cyber SFPC CPT Page 24

63. One responsibility of the Information System Security Manager (ISSM) during Step 6 of the Risk Management Framework (RMF) is:** a. Review and approve the security plan and system-level continuous monitoring strategy developed and implemented by the DoD Components. b. Monitor the system for security relevant events and configuration changes that affect the security posture negatively. c. Determine and documents a risk level in the Security Assessment Report (SAR) for every non-compliant security control in the system baseline. d. Coordinate the organization of the Information System (IS) and Platform Information Technology (PIT) systems with the Program Manager (PM)/System Manager (SM), Information System Owner (ISO), Information Owner (IO), mission owner(s), Action Officer (AO) or their designated representatives. DoDI 8510.01 March 12, 2014, page 20-38 Gen Sec & Cyber 64. What family of controls does Security Functionality Verification belong to?** a. System and Communications Protection b. Maintenance c. System and Information Integrity d. Audit and Accountability Revision 4, April 2013 Cyber SFPC CPT Page 25

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback