SFPC BANK Flashcards

CERTIFICATION

1
Q

Which of the following is a true statement regarding the special handling requirements of Foreign Government Information (FGI)?

A

A U.S. document containing FGI cannot be declassified or downgraded below the highest level of FGI contained in the document without the permission of the foreign government or international organization that originated the information.
Reference: 5200.01 Vol 1 and 4, Feb 24, 2012

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A paragraph of a document which includes an “N” as part of the portion marking indicates what specific type of classified information is contained in the paragraph?

A
The additional (N) in the portion marking denotes that the classified material in the paragraph contains Critical Nuclear Weapons Designation Information (CNWDI).
Reference: 5200.01 Vol 2, Mar 19, 2013 p17-18
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following is a requirement for access to North Atlantic Treaty Organization (NATO) Information?

A

Personnel has been subject of a favorably adjudicated background investigation (BI) 10 year scope, Tier 5, current within five years prior to the assignment, and completed a NATO brief.
Reference: 5200.01 Vol 1, Feb 24, 2012 p30

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

According to Executive Order 13556, which of the following is considered a type of controlled unclassified information (CUI)?

A

Law Enforcement Sensitive (LES) Information- ref Ex Ord 13556

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the purpose of the marking classified materials?

A

To alert holders to the presence of classified information, how to properly protect it, and for how long.
Reference: 5200.01 Vol 2, Mar 19, 2013 p17-18

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is included in the markings of classified information?

A

Document holder as the sole authority to make transfer and dissemination determinations.
Reference: 5200.01 Vol 2, Mar 19, 2013 p17-18

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the purpose of the Controlled Access Program Coordination (CAPCO) register?

A

To identify the official classification and control markings, and their authorized abbreviations and portion markings.
Reference: 5200.01 Vol 2, Mar 19, 2013

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

When a classified data spill occurs, who is responsible for ensuring that policy requirements for addressing an unauthorized disclosure are met?

A

Activity Security Manager

Reference: DoDM 5200.01

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

There are five information assurance attributes that are important to protect and defend DoD Networks and information. If there was a loss in non-repudiation, what would this cause in relation to information assurance?

A

Data is no longer reliable, accurate, nor trusted.

Reference: DoDM 5200.01 v3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following examples describes a security violation rather than a security infraction?

A

At the end of the day, Karen was leaving and taking with her unclassified documents she would review at home. When she began to review those documents that night, she realized that classified materials had slipped in between the unclassified materials.
Reference: 5200.01 v3, March 19, 2013 p86

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The inability to deny you are the sender of an email would be an indication of a lapse in?

A

Non-repudiation

Reference: Committee on National Security Systems Instruction No. 4009, Glossary. 5200.01 v3, March 19, 2013 p105

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Unauthorized disclosure and loss of privacy is a lapse in?

A

Confidentiality

Reference: 4009, 5200.01 March 19, 2013 p86

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following is the first action done to downgrade, declassify, or remove classification markings?

A

Through the appropriate chain of command, contact the original classification authority (OCA) to confirm that information does not have an extended classification period.
Reference: 5200.01, v2 March 19, 2013 p35-6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

All of the following are requirements to perform classified activities from non-traditional locations, except:

A

The employee must receive written approval for use of classified information and equipment at home.
Reference: 5200.01 v3, March 19, 2013 p108-9

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the purpose of the Personnel Security Program (PSP)?

A

To ensure that only loyal, trustworthy, and reliable individuals may access classified information or perform sensitive duties.
Reference: 5200.2-R, Feb 23, 1996, p13-93

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

DoD reciprocally accepts existing national security eligibility determinations or clearances from other Government agencies in accordance with which of the following policy documents?

A

Executive Order 13526, “Classified National Security Information”.
Reference: 5200.02-R

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Current association with an organization dedicated to overthrowing the government by any means including violence is an example of which adjudication guideline?

A

Allegiance to the United States

Reference: 5200.02-R, App 8

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which of the following is considered an element of the Personnel Security Program?

A

Continuous Evaluation

Reference: 5200.02-R, Feb 23, 1996, p13-93

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Limited access to classified information for specific programs may be approved for non-US citizens only under which of the following conditions?

A

The prior 10 years of the subject’s can be appropriately investigated.
Reference: 5200.02

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which of the following investigative requirement for access to Single Integrated Operational Plan-Extremely Sensitive Information (SIOP-ESI)?

A

Individual has a valid favorably adjudicated Tier 5 or Single Scope Background (SSBI) Investigation.
Reference: 5200.02-R, Feb 23, 1996

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which of the following is not qualifying criteria for personnel assigned to nuclear weapons personnel reliability assurance positions?

A

Individual is subject to a periodic reinvestigation every three years
Reference: 5200.02-R

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which is the following is correct regarding the investigation requirement for initial assignment to a Presidential Support Activities (i.e. Yankee White) Category 2 position?

A

Favorably completed Tier 5/Single Scope Background Investigation (SSBI) within 36 months preceding selection.
Reference: 5200.02-R, Feb 23, 1996, p29-31

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Which of the following adjudication processes refers to a person’s identifiable character traits and conduct sufficient to decide whether employment or continued employment would or would not protect the integrity or promote the efficiency of the Federal Service?

A

Suitability adjudication

Reference: 5200.02-R

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

All unclassified DoD information in the possession or control of non-DoD entities on non-DoD information systems, to the extent provided by the applicable grant, shall minimally be safeguarded under which of the following standards?

A

Organizational wireless connections holding such information must be encrypted, and those accessing such information must use encrypted wireless connections where available when traveling.
Reference: 5200.01, v2 and v3, March 19, 2013; 5220.22-R, Dec 4, 1985; 5220.22-M Feb 28, 2006

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Copies of personnel security investigative reports must be destroyed by DoD recipient organizations, within how many days following completion of the necessary personnel security determination?

A

90 days

Reference: 5200.2-R

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Which of the following limitations is true regarding Limited Access Authorization (LAA) to non-U.S. citizens?

A

LAAs shall only be granted access at the Secret and Confidential levels.
Reference: 5200.2-R

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Which of the following is NOT considered when making a security clearance eligibility determination?

A

Education Level

Reference: 5200.2-R

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

A position designated as a DoD noncritical-sensitive civilian position may fall under any of the following criteria, EXCEPT:

A

A position requiring eligibility for access to Top Secret information.
Reference: 5200.2-R

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What information must a statement of reasons (SOR) include?

A

SOR must state why an unfavorable national security eligibility determination is being proposed. SOR must explain each security concern and state the specific facts that trigger each security concern. The SOR must identify applicable adjudicative guidelines for each concern, and provide the disqualifying conditions and mitigating conditions for each guideline. ALL OF THE ABOVE
Reference: 5200.2-R

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Which type of briefing is used to obtain confirmation that a cleared employee agrees never to disclose classified information to an unauthorized person?

A

Special Briefings- Non-disclosure

Reference: 5200.01-M, Feb 24, 2012

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

DETERENCE

A

DETERRENCE is the security system performance goal of immediate indication of deliberate attempts; security probing and warning for inadvertent or mistaken intention is an example of which system security capability. Reference: 5200.08-R

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

When it comes to secure rooms, containers, and vaults… weapons or sensitive items should not be stored in the same security container as classified information. General Services Administration approves security containers used to store classified information.

A

TRUE

Reference: 5200.01 v3, Feb 24, 2012 p45-6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Which is the following is NOT a distinct phase of the Intrusion Detection System?

A

CONTROL

Reference: DoDM 5200.01-V3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Which of the following would be considered a public safety crime?

A

Theft of ammunition shipment for the purpose of criminal or gang related activity.
Reference: DoDM 5200.08R, May 27, 2009

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Which of the following best describes the goal of the Physical Security Program?

A

To protect assets against compromise resulting from activities such as espionage, sabotage, terrorism, damage or loss, and criminal.
Reference: 5200.08-R, May 27, 2009, p 12-15

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

The process of integrating active and passive complementary physical security measures to ensure the protection of DoD assets is known as which of the following concepts?

A

Security-in-depth.

Reference: 5200.08-R, May 27, 2009, p 12-15

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

The stealing of sensitive, proprietary information related to U.S. aerospace and defense technologies with the intent to provide such information to a foreign adversary is an example of which type of threat to DoD assets?

A

Economic espionage.

Reference: 5200.08-R, May 27, 2009

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Requests for authorizing disclosure of classified information during visits must include all the following information EXCEPT:

A

Expected time and location of the meeting.

Reference: 5220.22-M

39
Q

Security procedures for visits and meetings state:

A

Visits must serve a specific U.S. Government purpose.

Reference: 5220.22-M, February 28, 2006, p 6-2-2

40
Q

Executive Order 12829, signed in January 1993, mandated that which of the following entities be responsible for implementing and monitoring the National Industrial Security Program (NISP)?

A

Director of the Information Security Oversight Office (ISOO)

Executive Order 12829

41
Q

What is the role of the government contracting activity (GCA), or cleared prime contractor, when a contractor that does not have a Facility Clearance (FCL) wants to bid on a Request for Proposal (RFP) that requires access to classified information?

A

The GCA must sponsor the contractor for a facility security clearance by submitting a sponsorship request to DSS, which initiates the facility clearance process.
Reference: 5220.22-M, February 28, 2006, p 7-1-1

42
Q

What is the purpose of the Federal Acquisition Regulations (FAR)?

A

To codify and publish uniform policies and procedures for acquisition by all executive agencies.
Reference: 5220.22-M, February 28, 2006, p 2-1-1, 4-1 -2

43
Q

What is the role of the security professional during the “award contract” step of the contracting process?

A

To review and define the specific security requirements with the contracting officer- specifically, block 13 of DD Form 254.
Reference: 5220.22-M, February 28, 2006, p 7-1-1

44
Q

What is the purpose of DD Form 254?

A

To convey security classification guidance and to advise contractors on the handling procedures for classified material.
Reference: 5220.22-R, December 4, 1985, p 213

45
Q

As part of Operations Security (OPSEC) a program coordinator should use which of the following tools to assess assets as part of the risk management process for critical information?

A

Critical Information List.

Reference: 5205.02-M, November 3, 2008

46
Q

is the role of the Special Access Program Oversight Committee (SAPOC) during the maintenance phase of the Special Access Program (SAP) lifecycle?

A

To review existing programs annually to determine whether to revalidate them as SAPs.
Reference: 5205.11, February 6, 2013, p22-26

47
Q

Which of the following describes a Special Access Program (SAP) that is established to protect sensitive research, development, testing and evaluation, modification, and procurement activities?

A

Acquisition SAP.

Reference: 5205.07, p 3, 18-19

48
Q

Which step of the Operations Security (OPSEC) process would be applied when conducting exercises, red teaming and analyzing operations?

A

Apply OPSEC Countermeasures.

Reference: 5205.02-M

49
Q

Which step of the Operations Security (OPSEC) process would be applied when identifying potential adversaries and the associated capabilities and intentions to collect, analyze, and exploit critical information and indicators?

A

Conduct a Threat Analysis.

Reference: 5205.02-M

50
Q

Please determine which of the following is an element of an Operations Security (OPSEC) Assessment?

A

Uses external resources collectively to conduct with or without the use of indigenous resources.
Reference: 5205.02-M

51
Q

Who’s responsibility is it during the categorize steps to identify a potential impact (low, moderate, or high) due to loss of confidentiality, integrity, and availability if a security breach occurs?

A
Information Owner (IO).
Reference: DoDI 8501.01
52
Q

Please determine which of the following is an example of reportable foreign intelligence contacts, activities, indicators, and behaviors

A

Authorizing others to acquire unauthorized access to classified or sensitive information systems.
Reference: DoDD 5240.06

53
Q

Limiting nonsecure computer e-mail messages to nonmilitary activities and not providing operational information in nonsecure e-mail messages are functions of which OPSEC measure?

A

Technical measures.

Reference: JP-313.3

54
Q

Which of the following is NOT a category of Information Technology?

A

Information Technology Applications

55
Q

What step within the Risk Management Framework (RMF) would you develop a system-level continuous monitoring strategy?

A

Select Security Controls.

56
Q

What step within the Risk Management Framework (RMF) does system categorization occur?

A

Categorize Information System

57
Q

One responsibility of the Information System Security Manager (ISSM) during Step 6 of the Risk Management Framework (RMF) is?

A

Monitor the system for security relevant events and configuration changes that affect the security posture negatively.
Reference: DoDI 8510.01, March 12, 2014, p 20-38

58
Q

What family of controls does Security Functionality Verification belong to?

A

System and Information Integrity.

Reference: Revision 4, April 2013

59
Q

Information Security Program

A

The Information Security (INFOSEC) Program establishes policies, procedures, and requirements to protect classified and controlled unclassified information (CUI) that, if disclosed, could cause damage to national security.

60
Q

Purpose of Information Security

A

The purpose of the Department of Defense Information Security Program is to promote the proper and effective way to classify, protect, and downgrade official information requiring protection in the interest of national security.

61
Q

Executive Order 13526- Info Security

A

The current Executive Order 13526 was issued by President Barack Obama in 2009.

62
Q

Responsibility of the Information Security Oversight Office (ISOO)

A

is to oversee and manage the information security program, under the guidance of the National Security Council, or NSC.

63
Q

National Security Council responsibility

A

The NSC provides the overall policy direction for the Information Security Program

64
Q

Executive Order 12958

A

made the ISOO responsible for the administration and monitoring of the Information Security Program for the NSC. In other words, the ISOO is the operating arm for information security. The ISOO issues the Classified National Security Information Directive, 32 CFR, Parts 2001 and 2003, Final Rule; which implements the Executive Order and further defines what the Executive Branch agencies must do to comply with the Executive Order requirements.

65
Q

The Under Secretary of Defense for Intelligence

A

primary responsibility for providing guidance, oversight, and approval authority of policies and procedures that govern the DoD Information Security Program.

66
Q

DoD Instruction 5200.01

A

This Directive establishes the basic information security policies for the DoD and authorizes the publication of DoDM 5200.01, Volumes 1 through 4, the DoD Information Security Program. This regulation establishes the baseline for security requirements for all of DoD.

67
Q

Executive Order 13526 establishes uniform information security requirements for the Executive Branch and the DoD community.

A

TRUE

68
Q

Protection of Classified Information

A

following the requirements for properly identifying, safeguarding, handling, transmitting, and destroying classified materials. In order to protect this information you will need to identify it as sensitive, classify it, and then ensure that only authorized personnel with a need-to-know gain access to it.

69
Q

Define Classified Materials

A

Classified materials contain information that requires protection against unauthorized disclosure in order to protect our national security.

70
Q

Marking and Designating Classified Info

A

Marking and designating classified information are the specific responsibilities of original and derivative classifiers

71
Q

Executive Order 13526

A

The three levels of classification that can be designated are Top Secret, Secret, and Confidential, which are delineated by Executive Order 13526

72
Q

OCA

A

Original Classification Authorities apply a process to making classification determinations

73
Q

SCG

A

A security classification guide, also known as an SCG, is a document issued by an OCA that provides derivative classification instructions It describes the elements of information that must be protected, as well as the level and duration of classification.

74
Q

Compilation

A

In some circumstances, combining elements of information that are individually unclassified may be classified if the compiled information reveals an additional association or relationship that qualifies for classification under DoD policy, and the information is not otherwise revealed when standing alone

75
Q

Derivative Classification

A

Derivative classification means the incorporating, paraphrasing, restating, or generating in new form any information that is already classified, and marking the newly developed material consistent with the classification markings that apply to the source information.

76
Q

Original Classification Process

A

is the six step process an OCA applies in making classification determinations

77
Q

Automatic Declassification

A

Executive Order 13526 has set up a system to declassify information when the records become 25 years old. This is called automatic declassification

78
Q

Declassification

A

The declassification system where an OCA, at the time the information is originally classified, sets a date or event for declassification

79
Q

General Services Administration (GSA)

A

An approved security container MUST be used whenever the classified material is not under supervision by a custodian

80
Q

Open Storage

A

is a term used to describe the ability to store classified information openly in an area that has been designated for this purpose. Open Storage areas are designed to meet the safeguarding requirements of a vault or secure working space.

81
Q

SF-312

A

The SF-312 is a contractual agreement betweenthe U.S. Government and a cleared employee that must be executed as condition of access to classified information. By signing the SF-312, the cleared employee agrees never to disclose classified information to an unauthorized person.

82
Q

Classified Cover Sheets (SF-703, SF-704, SF-705)

A

There are three cover sheets that you will need to use. The SF-703 is used for Top Secret documents, the SF-704 is used for Secret documents, and the SF-705 is used for Confidential documents

83
Q

SF-701 Activity Security Checklist

A

Each activity that processes or stores classified information must establish a system of security checks at the close of each working day. The SF 701, or the Activity Security Checklist, is used to record these checks. The list involves verifying that the security container is properly locked.

84
Q

SF-702 Security Container Check Sheet

A

SF 702, or the Security Container Check Sheet, which is used to record the opening and closing of your security container.

85
Q

Security Violation

A

Executive Order 13526 provides a three part definition: A security violation occurs when any knowing, willful, or negligent action that could reasonably be expected to result in an unauthorized disclosure of classified information; any knowing, willful, or negligent action to classify or continue the classification of information contrary to the requirements of the order or its implementing directives; or any knowing, willful, or negligent action to create or continue a special access program contrary to the requirements of the order.

86
Q

Security Violations

A

If someone fails to classify information to the proper level, or downgrade or declassify information properly, this is a security violation. If someone establishes a Special Access Program without the proper authority, or fails to shut down a SAP after being instructed to do so, this is a security violation. Security violations can be administrative in nature. It could be as simple as someone failing to mark a document correctly.

87
Q

Security Infractions

A

An infraction is defined as a security incident involving failure to comply with Executive Order 13526, or its implementing directives, which cannot reasonably be expected to and does not result in the loss, suspected compromise, or actual compromise of classified information.

88
Q

Unauthorized Disclosure- defined as a communication or physical transfer of classified information to an unauthorized recipient.

A

Actual compromise is an unauthorized disclosure of classified information. In other words, in this case we know for sure that an unauthorized individual had access to the information. On the other hand, potential compromise means that the possibility of compromise could exist, but it is not known with certainty that it has occurred.

89
Q

Communications Security, or COMSEC

A

is defined as the protection resulting from all measures designed to deny unauthorized persons, information of value that might be derived from the possession and study of telecommunications, and to ensure the authenticity of such communications.

90
Q

The most common example of COMSEC requirements involves secure telephonic equipment such as the STE.

A

COMSEC includes crypto security, emission security, transmission security, and physical security of COMSEC material and information. COMSEC requirements affect how we transmit classified information

91
Q

COMSEC is the protection resulting from the measures designed to deny unauthorized persons information of value that might be derived from the possession and study of telecommunications and to ensure the authenticity of such communications.

A

COMSEC information is subject to special transmission procedures found in the National Telecommunications and Information Systems Security Instruction 4001.

92
Q

Transportation of Classified Material

A

The DoDM 5200.01, Volume 3 outlines the baseline policies and procedures that must be followed to assist in safeguarding the information while it is being transported.

93
Q

Security Fundamentals Professional Certification requires foundational knowledge of

A
Personnel Security 
Physical Security
Information Security
Industrial Security
General Security