ISOC Example Questions 1. Which statement regarding a corporation s common business structure and Facility Security Clearances (FCLs) is TRUE? Select all that apply. a. If a director does not require access to classified information to conduct the organization s business, he is not required to be cleared provided that all the members in a legal quorum of the board of directors or similar executive body are cleared. b. Officers requiring access to classified information when conducting business may be cleared at a lower level, provided their performance will not adversely impact the organization s practices with higherlevel classified contracts. c. Officers who do not occupy positions that would enable them to adversely affect the organization s policies are required to be cleared. d. The chairman of the board and all principal officers must be cleared. M, February 28, 2-1-1 ISOC CPT Page 1
2. Which statement BEST describes contractor requirements related to Insider Threat programs? a. Contractors must designate an employee who is a United States citizen, a senior official, and who holds a personnel security clearance to establish and execute an Insider Threat program. b. Contractors may not appoint their Facility Security Officer (FSO) as their Insider Threat program lead. c. Contractor FSOs are not integral to successfully implementing an Insider Threat program. M, February 28, 2006, Change 2, 1-2-1 3. Which statement regarding contractors access to classified information is TRUE? a. Cleared contractors can access classified information outside the United States. b. Government Contracting Activity (GCA) consultants are processed for Personnel Security Clearances (PCLs) by Defense Security Service (DSS) in accordance with the NISPOM. c. Contractors may use a clearance for any job requiring a personnel security clearance. d. Contractors can access classified information without a consultant agreement. M, February 28, 2006, Change 2, 10-6-1 4. When is a Board Resolution normally adequate to mitigate the risk of Foreign Ownership, Control or Influence (FOCI)? a. When a foreign interest does not own voting interests to elect or otherwise is not entitled to representation on the company s governing board. b. As long as the foreign owner is identified. c. When the foreign owner maintains representation on the board and is identified in the resolution. d. As long as the foreign owner does not require access to classified information. M, February 28, 2006, Change 2, 2-3-2 ISOC CPT Page 2
5. What are examples of Foreign Ownership, Control or Influence (FOCI) mitigation Implementation Procedures? a. Electronic Communication Plans, Foreign Affiliate Plan, Technology Share Plan, and Visitation Policies. b. Standard Operating Procedure, Limited Access Plan, and Foreign Shareholder Plan. c. National Interest Determination, Electronic Communication Plans and Technology Control Plans. d. Electronic Communication Plans, Technology Control Plans, Affiliated Operations Plans, Facilities Location Plans, and Visitation Policies. http://www. dss.mil/isp/foci/ implementationprocedures.html 6. What must occur annually when entering into and using any method, agreement, or similar arrangement to negate or reduce risk in foreign ownership cases? a. Selection of board members and a Foreign Ownership, Control or Influence (FOCI) review. b. Selection of board members and an implementation and compliance report. c. A FOCI review and an implementation and compliance report. d. Selection of board members, a FOCI review, and an implementation and compliance report. R, Dec. 4, 1985, p 125-126 7. What does the Annual Review meeting for contractors operating under a Voting Trust, Proxy Agreement, Special Security Agreement (SSA), or Security Control Agreement (SCA) include? a. Examination of acts of compliance or noncompliance with the approved security arrangement, standard rules, and applicable laws and regulations. b. Examination of whether security controls, practices, or procedures warrant adjustment. c. Examination of problems or impediments associated with the practical application or utility of the security arrangement. d. All of the above 2006 Change 2, 05/18/2016 2-3-4 ISOC CPT Page 3
8. A cyber intrusion that may be considered actual or possible acts of espionage should be reported to whom? a. The Federal Bureau of Investigation (FBI), with a copy to the Cognizant Security Agency (CSA). b. The National Counterintelligence and Security Center, with a copy to the FBI. c. The Department of Defense (DoD) Chief Information Officer (CIO), with a copy to the FBI. d. The Information Security Oversight Office (ISOO) (with a copy to the CSA). 2006 Change 2, 05/18/2016 p.1-3-1 9. Contractors are responsible for reporting? a. adverse information concerning any of their cleared employees. b. adverse information concerning any of their un-cleared employees. c. adverse information concerning temporary un-cleared consultants. 1-3-1 10. What should be reported to the Federal Bureau of Investigation (FBI) regarding a change in cleared employee status? a. Death b. A change in name c. A change in citizenship d. None of the above 2006 Change 2, 1-3-1 ISOC CPT Page 4
11. What action should a contractor take if an employee no longer wishes to be processed for a clearance or to continue an existing clearance? a. The contractor shall submit a written report to the Federal Bureau of Investigation (FBI). b. The contractor shall submit a written report to the Cognizant Security Agency (CSA). c. The contractor shall conduct an exit briefing with the employee; and submit a written report to the National Counterintelligence and Security Center (NCSC). d. The contractor shall conduct an exit briefing with the employee; no written report is required. 2006 Change 2, 05/18/2016 1-3-1 12. What is the purpose of DD Form 441, Department of Defense Security Agreement? a. To request a Commercial and Government Entity (CAGE) code for facilities requiring clearance. b. To provide a security agreement between a cleared organization and the U.S. Government. c. To petition for the termination of a granted facility clearance due to security violations. d. To report the foreign involvement of facilities applying for clearance. http://www.dss. mil/isp/fac_clear/ fac_clear_check. html 13. Under what circumstance will a facility security clearance survey be discontinued? a. When the cleared defense contractor only requires an upgrade. b. When the contract does not require access to classified information. c. When the contractor has foreign employees. d. When the contractor is a non-u.s. entity. http://www.dss. mil/documents/ facilityclearances/ welcome_ packet_2014.pdf ISOC CPT Page 5
14. What document ensures that industrial organizations will follow all regulations on the safeguarding of classified information specified by the Department of Defense (DoD) Program? a. SF-312, Classified Information Nondisclosure Agreement b. DD-254, Department of Defense Contract Security Classification Specification c. DD-441, Department of Defense Security Agreement d. SF-86, Questionnaire for National Security Positions R, Dec. 4, 1985, p 14 15. Which eligibility requirement must a company meet before it can be granted a Facility Security Clearance (FCL)? a. A company must need access to the classified information in connection to a legitimate U.S. government or foreign government requirement. b. The company can be organized and exist under the laws of a foreign country, but reside in the United States. c. The company can be barred from participating in U.S. government contracts. d. The company must meet a Foreign Ownership, Control or Influence (FOCI) agreement without mitigation. 2-1-1 ISOC CPT Page 6
16. A contractor is applying for a TOP SECRET Facility Security Clearance (FCL). What does the contractor need to be eligible? a. All employees at the facility must have SECRET Personnel (Security) Clearances (PCL) or higher. b. All officials at the facility must have TOP SECRET Personnel (Security) Clearances (PCL) or higher. c. The Insider Threat Program Senior Official must have a SECRET Personnel (Security) Clearance (PCL) or higher. d. The senior management official must have a TOP SECRET Personnel (Security) Clearance (PCL) or higher. 2-1-1 17. The owner of a contracting company with a Facility Security Clearance (FCL) has died and his daughter inherited ownership of the company. What must be done? a. The company must apply for a new FCL. b. The daughter must apply for a Personnel (Security) Clearance (PCL) of the same level of the FCL or higher. c. The contractors must submit a report to the Cognizant Security Agency (CSA). d. The company must submit a report to the Facility Security Officer (FSO). 1-3-2 18. Which is a change condition that would affect a Facility Clearance (FCL)? a. Any adverse information concerning any cleared employees; even reports based on rumor or innuendo. b. Efforts by any individual, regardless of nationality, to obtain illegal or unauthorized access to classified information or to compromise a cleared employee. c. Significant vulnerabilities identified in security equipment used to protect classified material. d. Any material change concerning the information previously reported by the contractor concerning Foreign Ownership, Control or Influence (FOCI). 1-3-2 ISOC CPT Page 7
19. What does preinspection research include? a. Identify all security elements that apply. b. Have a basic knowledge of your company s classified programs. c. Know your facility s physical layout. d. All of the above Self-Inspection Handbook for NISP Contractors, May 2016, p 3 20. Who must be present to witness the examination of the contents/ interior space of equipment that is not authorized to secure classified material? a. A representative for the contractor b. A Cognizant Security Agency (CSA) representative c. An Information System Security Officer (ISSO) d. An Information System Security Manager (ISSM) 5220.22-M, February 28, 2006, 1-2-1 21. Which statement(s) regarding exit briefings is TRUE? a. Exit briefings should not disclose vulnerabilities. b. Exit briefings should provide contractors with identified vulnerabilities. c. Exit briefings do not need to include senior managers. d. Exit briefings are not required. http://www.cdse. edu/documents/ student-guides/ dss-securityrating-process. pdf, p.22-23 ISOC CPT Page 8
22. If management objects to a spot check of their nonapproved areas or repositories, where on the close-out report should this fact and the purported rationale be indicated? a. Item 18. Approved Storage Facilities b. Item 20. Remarks c. Item 15. Scope of Inspection d. Item 15c. Results of Inspection R, Dec. 4, 1985, p 196 & 270 23. For which reason can The Defense Information System for Security (DISS) be utilized during a security assessment? a. Reviewing the total number of cleared employees who potentially access North Atlantic Treaty Organization (NATO) information. b. Ensuring records of SF 312, Nondisclosure Agreements are being maintained. c. Ensuring eligible employees are still within the scope of their investigation. d. All of the above. http://www.dss. mil/diss/ 24. For how long must the contractor retain a formal report of their security review selfinspection? a. Until the next Cognizant Security Agency (CSA) inspection. b. Until it is certified by the Information Security Oversight Office (ISOO). c. Until any issues found have been fully resolved. d. As long as the contractor maintains the cleared site. 1-2-2 ISOC CPT Page 9
25. Which of the following changes is likely to affect a Facility Security Clearance (FCL)? Select all that apply. a. A change of phone number of a company s cleared location. b. A change of address of a company s cleared location. c. A change of operating name of the company. d. A change to key personnel, a new employee. 1-3-2 26. When conducting a security assessment, which of the following contractor personnel should be interviewed? a. Program manager b. Receptionist c. Network/Information technology administrator d. Business development personnel e. All of the above 8-2-1 27. What would the corrective actions be if an employee left a classified document outside of a General Services Administration (GSA)-approved container, but no one entered the room and no compromise occurred? a. A report must be provided to the Cognizant Security Agency (CSA), the item must be secured in the approved container, and the employee must be briefed. b. A report must be provided to the Cognizant Security Agency (CSA), the item must be destroyed, and the employee must be briefed. c. A change condition report must be filed, the item must be secured in the approved container, and the employee must be briefed. 1-3-2 ISOC CPT Page 10
28. Which Governmentsigned document is required for all cleared facilities? a. A properly-executed SF 312 b. A properly-executed DD441 c. A properly-executed EQIP d. A properly-executed SF86 http://www.dss. mil/isp/fac_clear/ fac_clear_check. html 29. Under which condition is the Cognizant Security Agency (CSA) responsible for conducting a preliminary inquiry of loss, compromise, or suspected compromise at a contractor facility? a. When the contractor is not able to confirm the accuracy of a reported loss, compromise, or suspected compromise of classified information. b. When the reported loss, compromise, or suspected compromise of classified information occurs in a facility located on a government installation. c. When the Government Contracting Agency (GCA) defers submission of the preliminary inquiry report. d. None, the contractor is responsible for conducting a preliminary inquiry. 1-3-2 30. If the Commander of a User Agency determines an on-site contractor s activity requires a Facility Security Clearance (FCL), which entity should be assigned to accompany the installation security inspector during scheduled security inspections? a. The Specialist (ISS) b. The Information Security Systems Manager (ISSM) c. The Administrative Contracting Officer (ACO) d. The Facility Security Officer (FSO) R, Dec. 4, 1985, p 22 ISOC CPT Page 11
31. Which statement regarding loss, compromise and suspected compromise is TRUE? a. Contractors have 30 days from receipt of a report of loss, compromise, or suspected compromise to report to the Cognizant Security Agency (CSA). b. Contractors must immediately report loss, compromise, or suspected compromise to the CSA. c. Contractors must immediately report loss, compromise, or suspected compromise to the Federal Bureau of Investigation (FBI). d. Contractors must immediately report loss, compromise, or suspected compromise to the Defense Manpower Data Center (DMDC). 10-7-3 32. If a determination is made that a loss, compromise, or suspected compromise did occur, the Cognizant Security Office (CSO) prepares a final report. Which section of the report contains specific actions taken to preclude a recurrence of similar incidents and the disciplinary action, if any, taken against responsible individuals? a. Conclusions b. Essential facts c. Authority d. Corrective action 1-3-3 ISOC CPT Page 12
33. How long can the initial period of an Interim Authorization to Operate (IATO) last? a. 30 days b. 60 days c. 90 days d. 180 days 8-2-1 34. Which statement correctly describes the role of a Designated Government Representative (DGR)? a. A DGR is designated by the Facility Security Officer (FSO). b. A DGR must be cleared to the same level as the Facility Security Clearance (FCL). c. A DGR is a cleared person designated by a U.S. or foreign government agency to act on the government s behalf to transfer custody or accept custody for classified material and assume security responsibility. d. Being the DGR is a responsibility of the intelligence program s senior official. http://www.cdse. edu/multimedia/ shorts/dgr/ common/cw/ data/cdse_dgr_ Short_Student_ Guide.pdf, p. 1-1 35. What must all contractors do in order to access classified Communications Security (COMSEC) information to utilize for a duty? a. Undergo a briefing before being granted access to the classified COMSEC information. b. Undergo a briefing within 30 days of accessing the classified COMSEC information. c. Undergo a briefing no later than 10 days after being granted access to the classified COMSEC information. d. Undergo a briefing by the Security Management Office (SMO). 9-4-1 ISOC CPT Page 13
36. How often must a contractor provide all cleared employees with a refresher of security education and training? a. Cleared employees are responsible for maintaining their security education independent of their organization. b. Once every two years. c. Once a year. d. Every six months. 2006 Change 2, 3-1-2 37. Who is responsible for authenticating, by signature, the DD Form 254 Department of Defense Contract Security Classification Specification for a subcontract? a. The Administrative Contracting Officer (ACO) b. The Procuring Contracting Officer (PCO) c. The Cognizant Security Office (CSO) d. The principal prime contractor R, Dec. 4, 1985, p 217 38. Which statement describes a contractor s responsibility regarding marking? a. Contractors must report their new marking to subcontractors. b. Contractors have no way of challenging classification from the Government Contracting Activity (GCA). c. Contractors must automatically downgrade information if it is believed to be marked too high. d. Contractors are authorized to challenge classification in writing to the GCA if they believe information is improperly or unnecessarily marked. 4-1-2 ISOC CPT Page 14
39. Which organization develops the approved security container listing? a. Defense Security Service (DSS) b. National Security Agency (NSA) c. General Services Administration (GSA) d. Defense Intelligence Agency (DIA) 5-3-2 40. How often must patrols be conducted in the event security guards are an authorized supplemental protection? a. Every hour for TOP SECRET material b. Every 4 hours for SECRET material c. Every 2 hours for SECRET material d. Every 8 hours for personally identifiable information (PII) e. None of the above http://www.cdse. edu/documents/ cdse/storage- of-classified- Information- Summary.pdf 41. To conduct a meeting in which classified information is disclosed and government sponsorship is required, what information must the request for authorization include? a. An explanation of the non-government purpose served by disclosing classified information at the meeting. b. The subject of the meeting and scope of classified topics, including the classification level, to be disclosed at the meeting. c. A list of any and all possible attendees, including their names, birthdates, and organizational affiliations, of the proposed meeting. d. A Security Review report of the meeting location. 6-2-1 ISOC CPT Page 15
42. Please determine if the following statement is True or False: If the government agency does not approve the disclosure of information related to a proposed meeting, it has the authority to deny the visit request. a. True b. False 10-5-2 43. In which instance is a Visit Authorization Letter required? a. If the visitor requires access to classified information. b. When a contractor needs to access a military installation. c. When the contractor submits a proposal. d. When the DD 254, Department of Defense Contract Security Classification Specification, is issued. e. When the Cognizant Security Agency (CSA) conducts an assessment. 6-1-1 44. Which statement regarding CRYPTOSYSTEMS is TRUE? a. When approved, a CRYPTOSYSTEM may be used by the contractor to transmit classified information no higher than what is approved for the CRYPTOSYSTEM. b. Use of a CRYPTOSYSTEM may not be authorized for encrypting of unclassified national security-related communications. c. Use of a CRYPTOSYSTEM is limited to the contract for which it was originally approved. d. Following the issuance of a CRYPTOSYSTEM, procedures must be established to provide for physically safeguarding communication security (COMSEC) materials and for the secure and efficient operation of the CRYPTOSYSTEM. R, Dec. 4, 1985, p 62 ISOC CPT Page 16
45. The protection of unclassified information that may individually or in the aggregate lead to the compromise of classified information and sensitive activities is related to which security practice? a. Communications Security (COMSEC) b. Operations Security (OPSEC) c. Sensitive Compartmented Information (SCI) d. Personally Identifiable Information (PII) e. Emanations Security R, Dec. 4, 1985, p 277 46. Who may establish Special Access Programs with special access, distribution, or protection requirements beyond those normally provided for access to TOP SECRET, SECRET, or CONFIDENTIAL information? a. The Secretaries of the Military Departments designated by the President of the United States. b. Executive Branch Agency Heads, designated by the President of the United States. c. The Deputy Under Secretary of Defense for Policy (DUSD(P)). d. The Director, Defense Security Service (DSS). R, Dec. 4, 1985, p 32 47. Which situation describes suspicious cyber activity? a. A cleared contractor downloading and installing a foreign computer application, as assigned by a superior. b. A cleared contractor using an authorized flash drive to transfer classified information. c. A cleared contractor sending personal emails to a foreign destination. d. All of the above. Defense Security Service, Counterintelligence Directorate. [Pamphlet]. Counterintelligence awareness: Examples of suspicious activities, behaviors, and contacts ISOC CPT Page 17
48. When a need exists for special investigative techniques in a case of loss, compromise, or suspected compromise of classified information, from whom may the Cognizant Security Office (CSO) request professional investigative support? a. Naval Criminal Investigative Service (NCIS) b. United States Air Force Office of Special Investigations (OSI) c. United States Army Intelligence and Security Command (INSCOM) d. All of the above R, Dec. 4, 1985, p 203 49. What is the purpose of a suspicious contact? a. To obtain illegal or unauthorized access to classified information or to compromise a cleared employee. b. To further professional development. c. To obtain legitimate US contracts. d. To identify personnel not working on a particular contract. 1-3-1 50. A contractor has received classified material from foreign interests outside of government channels. To whom should the contractor report? a. Director, Defense Security Service (DSS), ATTN: Director, Field Operations) b. The Government Contracting Activity (GCA) c. The Cognizant Security Agency (CSA) d. The Cognizant Security Office (CSO) 10-3-2 ISOC CPT Page 18
51. What system(s) did the National System (NISS) replace? Select all that apply. a. National Program (NISP) Central Access Information Security System (NCAISS) b. Facilities Database (ISFD) c. Electronic Facility Clearance System (e-fcl) d. Defense Information System for Security (DISS), (previously JPAS) http://www.dss. mil/diss/niss.html 52. What systems did the Defense Information System for Security (DISS) replace? Select all that apply. a. Defense Information System for Security (DISS), (previously JPAS) b. Facilities Database (ISFD) c. Case Adjudication Tracking System (CATS) d. Electronic Questionnaires for Investigations Processing (e-qip) DAA-0361-20 14-0014, National Archives and Records Administration, May 4, 2015 53. What is the capability of the National Industrial Security Program (NISP) Contracts Classification System (NCCS)? a. It retrieves real-time statuses of DD Form 254 Department of Defense Contract Security Classification Specification submissions. b. It increases mission efficiency by providing a centralized System Access Request (SAR) process. c. It provides upcoming Security Vulnerability Assessments (SVA) alerts. d. It provides reminders for outstanding submissions to Defense Security Service (DSS). http://www.dss. mil/diss/nccs. html ISOC CPT Page 19
54. In the National Industrial Security Program (NISP) Contracts Classification System (NCCS), what access is needed to allow users to recommend, reject, hold, or recall certification? a. Originator Access b. Reviewer Access c. Certifying Official Access d. None of the above http://www.cdse. edu/documents/ cdse/introducing-nccs-presentation.pdf ISOC CPT Page 20