Download SFPC Exam Prep Best Verified Study Guide 2023/2024 and more Exams Security Analysis in PDF only on Docsity! SFPC Exam Prep Best Verified Study Guide 2023/2024 What are the 5 elements of PERSEC? 1. Designation 2. Investigation 3. Adjudication 4. Reinvestigation 5. Continuous Evaluation What is the 5 criteria adjudicators use when determining eligibility for a security clearance? 1. Honesty 2. Reliability 3. Character 4. Loyalty 5. Trustworthiness Define continuous evaluation uninterrupted assessment of an individual for retention of a security clearance eligibility or a continuing assignment to sensitive duties What does the Continuous Evaluation Program (CEP) do? Monitors employees for new information or changes since the last investigation or reinvestigation What the prerequisites for interim clearance eligibility? 1. Valid need for access 2. Favorable review of SF-86 3. All minimum requirements are met What are the 4 civilian personnel designations? 1. Special-sensitive 2. Critical-sensitive 3. Noncritical-sensitive 4. Nonsensitive What are special-sensitive positions? Civilian position with potential for inestimable damage to NS or inestimable adverse impact to the efficiency of the DoD/Military; consists of SCI, SAP, or positions the DoD component head determines to be at a higher level of security What are critical-sensitive positions? A civilian NS position that has the potential to cause exceptionally grave damage to NS; consists of TOP SECRET duties, fiduciary duties or designation from DoD component head What are noncritical sensitive positions? A civilian NS position with the potential to cause significant or serious damage to NS; consists of positions requiring access to CONFIDENTIAL/SECRET info Define the Hatch Act of 1939 Established the initial guidelines for personnel security - requiring employees to pledge allegiance to the US What are the objectives of Joint Clearance and Access Verification System (JCAVS)? 1. Update security accesses 2. Allow communication amongst other offices and CAFs 3. Facilitate management tasks (personnel actions/reports/notifications) What is the objective of JPAS? What are the 4 characteristics of controls? 1. Testable 2. Measurable 3. Assignable 4. Accountable What are the 6 steps of RMF Assessment & Authorization? 1. Categorize system 2. Select security controls 3. Implement security controls 4. Assess security controls 5. Authorize system 6. Monitor security controls What are the 5 types of IS security violations? 1. Unauthorized access 2. Data spills 3. Processing classified info on an unclassified system 4. Failure to report suspicious contacts 5. Inadvertent exposure Define E.O. 13467 (PERSEC) Established an efficient, reciprocal, and aligned system to investigate and determine suitability and national security eligibility What the 5 Tiers of National Security adjudication? Tier 1: non-sensitive, low risk positions Tier 2: non-sensitive, moderate risk positions Tier 3: non-critical sensitive positions requiring confidential, secret, or "L" access eligibility Tier 4: non-sensitive, high risk public trust Tier 5: Critical sensitive and special sensitive positions requiring TOP SECRET, SCI, or Q eligibility What are the requirements for initial assignment to a Presidential Support Activities (Yankee White) Category 2 position? Favorable completion of T5 SSBI within 36 months preceding selection What is the purpose of the Federal Acquisition Regulation (FAR)? To codify and publish uniform policies and procedures for acquisition by all executive agencies What is the role of the Special Access Program Oversight Committee (SAPOC) during the maintenance phase of the SAP lifecycle? To review existing programs annually to determine whether to revalidate them as SAPs Define acquisition SAP A SAP established to protect sensitive research, development, testing, and evaluation, modification, and procurement activities Define intelligence SAP A SAP established primarily to protect the planning and execution of especially sensitive intelligence or CI operations or collection activities Define operations and support SAP A SAP established primarily to protect the planning for, execution of, and support to especially sensitive military operations. An operations and support SAP may protect organizations, property, operational concepts, plans, or activities Define Security-in-Depth Layered and complementary security controls sufficient to deter, detect, and document unauthorized entry and movement within the facility What is the purpose of Intrusion Detection System (IDS) Deter, detect, and document What are the components of IDS? Sensors, control or transmission units, monitor units, and computer monitoring stations List and define the four operational phases of IDS 1. Detection: begins as soon as a detector or sensor reacts to the stimuli 2. Reporting: begins when the premise control unit (PCU) receives signals from sensors in the protected area and incorporates the signals into a communication scheme 3. Dispatch: the first phase requiring human interaction - operator initiates the appropriate response 4. Response/Assessment: initiated once a response force is dispatched and continues when they arrive at the scene of the alarm What are the 3 types of IDS monitoring? 1. Local 2. Proprietary 3. Central Station What are the 2 types of locks? 1. Combination (electromechanical/mechanical/padlock) 2. Key operated (high security padlock/low security padlock/mortise lock) What are the 4 types of lighting? 1. Continuous 2. Standby 3. Emergency 4. Movable What kind of electromechanical locks meet the FF-L-2740 standard to secure classified material in security containers, vaults, or other secure rooms? Kaba Mas X-07, X-08, X-09, X-10, CDX-07, CDX-08, CDX-09 and CDX-10 locks and S&G 2740, 2740B, and 2890 Pedestrian Door Locks. What are vulnerabilities? Weaknesses, characteristics, or circumstances that can be exploited by an adversary to gain access to information/assets What are the objectives of physical security? Identify assets, identify threats, identify vulnerabilities What are host organization responsibilities for facility visits? Determine the need for the visit, confirm visitor PCL, determine NTK, control visitor access during visit What is classification by compilation? Combining or associating unclassified individual elements of information with one classification level to reveal additional association or relationship that warrants a classified level of protection What is derivative classification? Incorporating, paraphrasing, restating, or generating in a new form any information that is already classified and then marking the newly developed material consistent with guidance from the SCG What is DD Form 254? Contract Security Classification Specification - specifies security requirements of the contract, covers clearance and access requirements, authorizes contractor to generate classified information What is Statement of Work (SOW)? A document that is provided by the government to the contractor which outlines in detail what will be required to complete a contract What is DD Form 441? DoD Security Agreement - a legally binding document between the government and the cleared contract that performs the work What is SF 328? Certificate pertaining to Foreign Influence What are the 5 elements to obtaining a facility clearance? 1. Sponsorship 2. Security Agreement 3. A certificate pertaining to foreign interests 4. Organization 5. Key management personnel clearances What are the 4 systems of declassification? 1. Scheduled 2. Automatic 3. Mandatory 4. Systematic PSI reports must be destroyed by DoD recipient organizations within how many days following completion of the necessary security determination? 90 days What is an initial/indoctrination briefing? Used to identify security responsibilities, provide a basic understanding of DoD security policies, and explain the importance of protecting government assets What requirements are necessary to perform classified activities from non-traditional locations? 1. Employee must be trained to operate classified information systems 2. Employee must be trained on protection and storage of classified information and COMSEC 3. Employee must receive written approval for use of classified material the location