Download Fundamentals of DoD Information Security and Physical Security and more Exams Nursing in PDF only on Docsity! SAPPC CERTIFICATION 2024/2025 WITH 100% ACCURATE SOLUTIONS Sharing and reporting information is essential to detecting potential insider threats. True or False? - Precise Answer ✔✔True Two security professionals - Paul and Ashley - are discussing security program areas. Paul says that Information Security practitioners train and/or advise Original Classification Authorities in the application of the process for making classification determinations. Ashley says that Physical Security practitioners work with a facility's Antiterrorism Officer to deploy defensive measures designed to reduce the facility's vulnerability from terrorist attacks. - Precise Answer ✔✔Paul and Ashley are both correct Two security professionals - Paul and Ashley - are discussing security program areas. Paul says that Information Security practitioners work with a facility's Antiterrorism Officer to deploy defensive measures designed to reduce the facility's vulnerability from terrorist attacks. Ashley says that Personnel Security practitioners train and/or advise Original Classification Authorities in the application of the process for making classification determinations. - Precise Answer ✔✔Paul and Ashley are both incorrect SPeD is an abbreviation for? - Precise Answer ✔✔Security Professional Education Development SPed is a certification program of what agency? - Precise Answer ✔✔Department of Defense Security Fundamentals Professional Certification (SFPC) definition? - Precise Answer ✔✔The individual understands foundational security concepts, principles, and practices. (Core Certification for SPed). Security Asset Protection Professional Certification (SAPPC) definition? - Precise Answer ✔✔The Individual applies foundational security concepts, principles, and practices. (Core Certification for SPed). Security Program Integration Professional Certification (SPIPC) definition? - Precise Answer ✔✔The individual understands and applies risk assessment and security program management based on security concepts, principles, and practices. (Core Certification for SPed). Briefly describe the concept of insider threat? - Precise Answer ✔✔An employee who may represent a threat to national security. These threats encompass potential espionage, violent acts against the Government or the nation, and unauthorized disclosure of classified information, including the vast amounts of classified data available on interconnected United States Government computer networks and systems. List three elements that a security professional should consider when assessing and managing risks to DoD assets? - Precise Answer ✔✔Asset Threat Vulnerability Risk Countermeasures Describe the purpose of the Foreign Visitor Program? - Precise Answer ✔✔To track and approve access by a foreign entity to information that is classified; and to approve access by a foreign entity to information that is unclassified, related to a U.S. Government contract, or plant visits covered by ITAR. Briefly define a Special Access Program (SAP)? - Precise Answer ✔✔A program established for a specific class of classified information that imposes safeguarding and access requirements that exceed those normally required for information at the same classification level. List three enhanced security requirements for protecting Special Access Program (SAP) Information within Personnel Security? - Precise Answer ✔✔Access Rosters Billet Structures (if required) Indoctrination Agreement Clearance based on an appropriate investigation completed within the last 5 years Individual must materially contribute to the program in addition to having the need to know All individuals with access to SAP are subject to a random counterintelligence-scope polygraph Identify the four Cognizant Security Agencies (CSA)? - Precise Answer ✔✔Department of Defense (DoD) Director of National Intelligence (DNI) Department of Energy (DoE) Nuclear Regulatory Commission (NRC). Describe the CSA's role in the National Industrial Security Program (NISP)? - Precise Answer ✔✔To establish an industrial security program to safeguard classified information under its jurisdiction. List three factors for determining whether U.S. companies are under Foreign Ownership, Control, or Influence (FOCI)? - Precise Answer ✔✔Record of economic and government espionage against the U.S. targets Record of enforcement/engagement in unauthorized technology transfer Type and sensitivity of the information that shall be accessed The source, nature and extent of FOCI Record of compliance with pertinent U.S. laws, regulations and contracts Define the purpose and function of the Militarily Critical Technologies List (MCTL)? - Precise Answer ✔✔Serves as a technical reference for the development and implementation of DoD technology, security policies on international transfers of defense-related goods, services, and technologies as administered by the Director, Defense Technology Security Administration (DTSA). Formulation of export control proposals and export license review. List three primary authorities governing foreign disclosure of classified military information? - Precise Answer ✔✔Arms Export Control Act National Security Decision Memorandum 119 National Disclosure Policy-1 International Traffic in Arms Regulation (ITAR) E.O.s 12829, 13526 Bilateral Security Agreements DoD 5220.22-M, "NISPOM," Briefly describe the purpose of the DD Form 254? - Precise Answer ✔✔Convey security requirements and classification guidance, and Describe the purpose of due process in Personnel Security Program (PSP)? - Precise Answer ✔✔Ensures fairness by providing the subject the opportunity to appeal an unfavorable adjudicative determination. List the key procedures for initiating Personnel Security Investigations(PSIs)? - Precise Answer ✔✔Validate the need for an investigation Initiate e-QIP Review Personnel Security Questionnaire (PSQ) for completeness Submit electronically to OPM List three DoD position sensitivity types and their investigative requirements? - Precise Answer ✔✔Critical Sensitive: SSBI, SSBI-PR, PPR Non-Critical Sensitive: ANACI, NACLC Nonsensitive: NACI Describe the difference between revocation and denial in Personnel Security Program? - Precise Answer ✔✔Revocation: A current security eligibility determination is rescinded. Denial: An initial request for security eligibility is not granted. Describe the purpose of a Statement of Reason (SOR)? - Precise Answer ✔✔The purpose of the SOR is to provide a comprehensive and detailed written explanation of why a preliminary unfavorable adjudicative determination was made. List five adjudicative guidelines? - Precise Answer ✔✔1. Allegiance to the United States 2. Foreign Influence 3. Foreign Preference 4. Sexual Behavior 5. Personal Conduct 6. Financial Considerations 7. Alcohol Consumption 8. Drug Involvement 9. Psychological Conditions 10. Criminal Conduct 11. Handling Protected Information 12. Outside Activities 13. Use of Information Technology List three different types of approved classified material storage areas? - Precise Answer ✔✔GSA-approved storage containers Vaults (including modular vaults) Open storage area (secure rooms, to include SCIFs and bulk storage areas) List three construction requirements for vault doors? - Precise Answer ✔✔Constructed of metal Hung on non-removable hinge pins or with interlocking leaves. Equipped with a GSA-approved combination lock. Emergency egress hardware (deadbolt or metal bar extending across width of door). What is the purpose of intrusion detection systems? - Precise Answer ✔✔Detect unauthorized penetration into a secured area. What is the purpose of perimeter barriers? - Precise Answer ✔✔Defines the physical limits of an installation, activity, or area, restrict, channel, impede access, or shield activities within the installation from immediate and direct observation. What is the purpose of an Antiterrorism Program? - Precise Answer ✔✔Protect DoD personnel, their families, installations, facilities, information, and other material resources from terrorist acts. List three Force Protection Condition levels? - Precise Answer ✔✔Normal, Alpha, Bravo, Charlie, Delta Describe the concept of security-in-depth? - Precise Answer ✔✔Layered and complementary security controls sufficient to deter, detect, and document unauthorized entry and movement within an installation or facility. Maintain a SAP Facility Access Roster All SAPs must have an unclassified nickname/Codeword (optional). List an enhanced security requirement for protecting Special Access Program (SAP) Information within Information Security? - Precise Answer ✔✔The use of HVSACO Transmission requirements (order of precedence) List five responsibilities of the Government SAP Security Officer/Contractor Program Security Officer (GSSO/CPSO)? - Precise Answer ✔✔• Possess a personnel clearance and Program access at least equal to the highest level of • Program classified information involved. • Provide security administration and management for his/her organization. • Ensure personnel processed for access to a SAP meet the prerequisite personnel clearance and/or investigative requirements specified. • Ensure adequate secure storage and work spaces. • Ensure strict adherence to the provisions of the NISPOM, its supplement, and the Overprint. • When required, establish and oversee a classified material control program for each SAP. • When required, conduct an annual inventory of accountable classified material. • When required, establish a SAPF. • Establish and oversee a visitor control program. • Monitor reproduction and/or duplication and destruction capability of SAP information • Ensure adherence to special communications capabilities within the SAPF. • Provide for initial Program indoctrination of employees after their access is approved; rebrief and debrief personnel as required. • Establish and oversee specialized procedures for the transmission of SAP material to and from Program elements. • When required, ensure contractual specific security requirements such as TEMPEST Automated Information System (AIS), and Operations Security (OPSEC) are accomplished. • Establish security training and briefings specifically tailored to the unique requirements of the SAP. What is the definition of Critical Program Information in DoD? - Precise Answer ✔✔Elements or components of a Research, Development, and Acquisition (RDA) program that, if compromised, could cause significant degradation in mission effectiveness; shorten the expected combat-effective life of the system; reduce technological advantage; significantly alter program direction; or enable an adversary to defeat, counter, copy, or reverse engineer the technology or capability. Includes information about applications, capabilities, processes and end-items. Includes elements or components critical to a military system or network mission effectiveness. Includes technology that would reduce the U.S. technological advantage if it came under foreign control. How does lack of attention to the concept of compilation introduce risks to DoD assets? (It can cause) - Precise Answer ✔✔• Unauthorized disclosure • Misclassification • Security violation • Improper safeguarding • Improper dissemination • Improper handling • Improper destruction List three transmission and transportation requirements that help manage risks to DoD assets? - Precise Answer ✔✔• Safeguarding • Briefings • Documentation • Personal control • Safeguard • Report • Inquire (under unusual circumstances) • Investigate (under unusual circumstances) • Recommend Describe how the roles of the security professional and the information assurance (IA) professional differ in regard to protecting DoD classified information on information technology (IT) systems. - Precise Answer ✔✔• The IA professional must ensure that all DoD information systems maintain appropriate levels of availability, integrity, authentication, confidentiality, and non-repudiation in order to protect and defend DoD information and networks. They must also ensure the systems are certified and accredited. • The security professional coordinates with the IA professional during the C&A process. The security professional must be aware of the nature, scope, and schedule of ongoing C&A activities within a given organization, in order to provide timely and relevant classification management direction and to ensure the physical environment is properly secured and accredited for the operations planned and that users are properly cleared and have all requisite access in time to support the mission. Explain how the adjudication process contributes to effective risk management of DoD assets? - Precise Answer ✔✔Ensures that, based upon all available information, an individual's loyalty, reliability, and trustworthiness are such that entrusting assigned persons with eligibility to classified information or sensitive duties is in the best interest of national security. Explain how effective implementation of the continuous evaluation process contributes to management of risks to DoD assets? - Precise Answer ✔✔Ensures that individuals with national security eligibility and access are continuously assessed through utilization of accessible databases and other lawfully available information; continue to meet adjudicative standards; and that any issues that may arise are promptly reported. List three factors that should be considered when determining position sensitivity? - Precise Answer ✔✔• Level of Access to Classified Information • IT level needed • Duties associated with position List three individuals in the personnel security investigation (PSI) process and describe their roles? - Precise Answer ✔✔• FSO/Security Manager/Human Resource Officer: Initiates, Reviews, Forwards investigation to investigation service provider (ISP) • Subject: Completes forms and provides additional information if required • Investigator: Conducts PSI • Adjudicator: Determines eligibility for National Security access Describe the function of e-QIP in the personnel security program (PSP)? - Precise Answer ✔✔• Initiate investigations • Complete forms • Forward forms to ISP List three factors that a security professional should consider before requesting a Limited Access Authority (LAA)? - Precise Answer ✔✔• Can a U.S. citizen perform the duties • Is classified access limited to Secret or Confidential • Does the person possess a rare or unusual skill or expertise List the five steps in the DoD risk management model? - Precise Answer ✔✔Assess Assets Assess Threats Assess Vulnerabilities Assess Risks Determine Countermeasures Identify the three core components of the risk assessment process? - Precise Answer ✔✔Asset Criticality Threat Assessment Vulnerability Assessment