SFPC STUDY

Question 1

SOX1-HUM

Answer 1

• Declassification designation. Up to 75 years in protection of a human intel source

Question 2

50X2-WMD

Answer 2

• Declassification designation. Up to 75 years in protection of WMD.

Question 3

PIE-FAO

Answer 3

• Protection, information, equipment, facilities, activities, and operations.

Question 4

Criticality Determination - Is 2 things:

Answer 4

1) an asset’s importance to national security, and

2) the effect of its partial or complete loss.

Question 5

Point Security.

Answer 5

• Protecting a specific asset or resource

Question 6

Secure Room -

Answer 6

An unreinforced area designated (and authorized) for the open storage of classified
information.

Question 7

Vault -

Answer 7

A reinforced area designated (and authorized) for the open storage of classified information.

Question 8

SCIF -

Answer 8

An intelligence community area used for SCI storage.

Question 9

Terrorist Threat Levels -

Answer 9

What is provided to senior leaders in order to assist in determining the
appropriate FPCON level.

Question 10

Force Protection Conditions (FPCON5) -

Answer 10

The DoD-approved system that standardizes the Department’s

sentifcation and recommended preventive actions and responses to terrorist threats to US. assets.

Question 11

force Protection -

Answer 11

The actions taken to prevent or mitigate hostile actions against DoD personnel,
Including family members, resources, facilities, and critical information.

Question 12

Principle incident-

Answer 12

events required to be reported to DoD counterintelligence (CI) organizations
espionage, sabotage, terrorism, cyber

Question 13

Indicators of insider threats

Answer 13

1. Failure to report overseas travel or contact with foreign nationals
2. Seeking to gain higher clearance or expand access outside the job scope
3. Engaging in classified conversations without a need to know
4. Working hours inconsistent with job assignment or insistence on working in private
5. Exploltable behavior traits
6. Repeated security violations
7. Attempting to enter areas not granted access to
8. Unexplainable affluence/living above one’s means
9. Anomalies (adversary taking actions which indicate they are knowledgeable to information)
   10, Illegal downloads of information/files

Question 14

Elements that should be considered in identifying Critical Program Information - Elements which if compromised could:

Answer 14

1. cause significant degradation in mission effectiveness,
2. shorten the expected combat-effective life of the system
3. reduce technological advantage
4. significantly alter program direction; or
5. enable an adversary to defeat, counter, copy, or reverse engineer the technology or capability.

Question 15

Asset, threat, vulnerability, risk, countermeasures -

Answer 15

Elements that a security professional should

consider when assessing and managing risks to DoD assets

Question 16

The three categories of Special Access Programs -

Answer 16

acquisition, inteligence, and operations and support

Question 17

Three different types of threats to classified information

Answer 17

• Insider Threat, Foreign Inteligence Entities (FIE) and Cybersecurity Threat

Question 18

The concept of an insider threat.

Answer 18

An emplove who may represent a threat to national security These Threats encompass potential espionage, Violent acts against the government or the nation and unauthorized disclosure of classified information, including the vast amounts of classified data available On interconnected United states Government computer networks and systems

Question 19

The purpose of the Foreign Visitor Program -

Answer 19

To track and approve access by a foreien entity to information that is classified; and to approve access by a foreign entity to information that is unclassified, related to a U.S. Government contract, or plant visits covered by ITAR

Question 20

special Acces Program -

Answer 20

A program established for a specific class of classified information that imposes
Safeguarding and access requirements that exceed those normally required for information at the same classification level.

Question 21

Enhanced security requirements for protecting Special Access Program (SAP) information - Within Personnel Security:

Answer 21

Access Rosters;
• Billet Structures (if required);
• Indoctrination Agreement;
• Clearance based on an appropriate investigation completed within the last 5 years:
• Individual must materially contribute to the program in addition to having the need to know:
• All individuals with access to SAP are subject to a random counterintelligence scope polygraph examination;
• Polygraph examination, if approved by the Deputy Secretary of Defense, may be used as a mandatory access determination;
• Tier review process;
• Personnel must have a Secret or Top-Secret clearance;
• SF-86 must be current within one year;
• Limited Access;
• Waivers required for foreign cohabitants, spouses, and immediate family members.

Question 22

Within Industrial Security:

Answer 22

The SecDef or DepSecDef can approve a carve-out provision to relieve Defense Security Service of industrial security oversight responsibilities.

Question 23

Within Physical Security:

Answer 23

• Access Control;
• Maintain a SAP Facility;
• Access Roster;
• All SAPs must have an unclassified nickname/ Codeword (optional).

Question 24

Within Information Security:

Answer 24

• The use of HVSACO:

* Transmission requirements (order of precedence).

Question 25

responsibilities of the Government SAP Security Officer/Contractor Program Security Officer (GSSO/CPSO) - From Revision 1 Department of Defense Overprint to the National industrial Security Program Operating Manual Supplement - 1 April 2004:

Answer 25

• Possess a personnel clearance and Program access at least equal to the highest level of Program classified information involved.
• Provide security administration and management for his/her organization.
Ensure personnel processed for access to a SAP meet the prerequisite personnel clearance and or investigative requirements specified.
• Ensure adequate secure storage and work spaces.
• Ensure strict adherence to the provisions of the NISPOM, its supplement, and the Overprint.
• When required, establish and oversee a classified material control program for each SAP.
• When required, conduct an annual inventory of accountable classified material.
• When required, establish a SAPF.
• Establish and oversee a visitor control program
• Monitor reproduction and/or duplication and destruction capability of SAP information
• Ensure adherence to special communications capabilities within the SAPF.
• Provide for initial Program indoctrination of employees after their access is approved; rebrief and debrief personnel as required.
• Establish and oversee specialized procedures for the transmission of SAP material to and from Program elements
• When required, ensure contractual specific security requirements such as TEMPEST Automated Information System (AIS), and Operations Security (OPSEC) are accomplished.
• Establish security training and briefings specifically tailored to the unique requirements of the SAP.

Question 26

The four Cognizant Security Agencies (CSAs)

Answer 26

Department of Defense (DoD), Director of National Intelligence (DNI), Department of Energy (DoE), and the Nuclear Regulatory Commission (NRC).

Question 27

Cognizant Security Agencies (CA)s’ role in the National Industrial Security Program (NISP). -

Answer 27

Establish an industrial security program to safeguard classified information under its jurisdiction.

Question 28

Critical Program Information in DoD-

Answer 28

1. U.S. capability elements that contribute to the warfighter’s advantage throughout the life cycle, which if compromised or subject to unauthorized disclosure, decrease the advantage.
2. Elements or components of a Research, Development, and Acquisition (RDA) program that, if compromised, could cause significant degradation in mission effectiveness; shorten the expected combat-effective life of the system; reduce technological advantage; significantly alter program
   direction; or enable an adversary to defeat, counter, copy, or reverse engineer the technology or capability. Includes information about applications, capabilities, processes and end-items. Includes
   elements or components critical to a military system or network mission effectiveness. Includes technology that would reduce the U.S. technological advantage if it came under foreign control.

Question 29

Primary authorities governing foreign disclosure of classified military information -

Answer 29

1. Arms Export Control Act
2. National Security Decision Memorandum 119
3. National Disclosure Policy-1
4. International Traffic in Arms Regulation (ITAR)
5. E.O.s 12829, 13526
6. Bilateral Security Agreements
7. DoD 5220.22-M. “NISPOM.”

Question 30

The purpose of the DD Form 254 -

Answer 30

Convey security requirements, classification guidance and provide
handling procedures for classified material received and/or generated on a classified contract.

Question 31

Factors for determining whether U.S. companies are under Foreign Ownership, Control or Influence (FOCI) -

Answer 31

1. Record of economic and government espionage against the U.S. targets
2. Record of enforcement/engagement in unauthorized technology transfer
3. Type and sensitivity of the information that shall be accessed
4. The source, nature and extent of FOCI
5. Record of compliance with pertinent U.S. laws, regulations and contracts
6. Nature of bilateral & multilateral security & information exchange
   agreements
7. Ownership or control, in whole or part, by a foreign government

Question 32

The purpose and the function of the Militarily Critical Technologies List (MCTL).

Answer 32

1. Serves as a technical reference for the development and implementation of DoD technology, security policies on international transfers of defense-related goods, services, and technologies as administered by the Director, Defense Technology Security Administration (DTSA).
2. Formulation of export control proposals and export license review

Question 33

Security Infraction -

Answer 33

This event cannot reasonably be expected to and does not result in the loss. compromise, or suspected compromise of classified information

Question 34

DOD Manual 5200.01, Volumes 1-4 -

Answer 34

The manual that governs the DoD Information Security Program

Question 35

E.O. 13526 -

Answer 35

The executive order that governs the DoD Information Security Program

Question 36

32 CFR Parts 2001 & 2003, “Classified National Security Information; Final Rule” -

Answer 36

The Information Security Oversight Office (IS00) document that governs the DoD Information Security Program

Question 37

Security Violation

Answer 37

An event that results in or could be expected to result in the loss or compromise of
classified information

Question 38

Unauthorized Disclosure

Answer 38

• Communication or physical transfer of classified or controlled unclassified
  information to an unauthorized recipient

Question 39

The purpose of intrusion detection systems

Answer 39

To detect unauthorized penetration into a secured area

Question 40

The purpose of perimeter barriers -

Answer 40

To define the physical limits of an installation, activity, or area,
restrict, channel, impede access, or shield activities within the installation from immediate and direct observation

Question 41

The purpose of an Antiterrorism Program -

Answer 41

Protect DoD personnel, their families, installations, facilities, information, and other material resources from terrorist acts

Question 42

Force Protection Condition levels -

Answer 42

Normal, Alpha, Bravo, Charlie, Delta

Question 43

The concept of security in-depth -

Answer 43

Layered and complementary security controls sufficient to deter, detect, and document unauthorized entry and movement within an installation or facility.

Question 44

What SAPs aim to achieve -

Answer 44

1. Protect technological breakthroughs
2. Cover exploitation of adversary vulnerabilities
3. Protect sensitive operational plans
4. Reduce intelligence on U.S. capabilities

Question 45

Protection Level

Answer 45

This communicates how the SAP is acknowledged and protected

Question 46

Acknowledged -

Answer 46

This protection level describes a SAP whose existence may be openly recognized. Its
purpose may be identified. However, the details of the program (including its technologies, materials, and techniques) are classified as dictated by their vulnerability to exploitation and the risk of compromise. The funding is generally unclassified.

Question 47

Unacknowledged -

Answer 47

This protection level describes a SAP whose existence and purpose are protected.
The details, technologies, materials, and techniques are classified as dictated by their vulnerability to exploitation and the risk of compromise. The program funding is often classified, unacknowledged, or not directly linked to the program.

Question 48

SAP Lifecycle

Answer 48

1. Establishment (is extra protection warranted?)
2. Management and Administration (continued need? processed followed?)
3. Apportionment (proper measures in place? approval received)
4. Disestablishment (program no longer needed?)

Question 49

Component-level SAP Central Offices -

Answer 49

Exist for each military component, the Joint Chiefs of Staff, Defense Advanced Research Projects Agency (DARPA), and Missile Defense Agency (MDA)

Question 50

Special Access Program Oversight Committee (SAPOC) -

Answer 50

The final SAP approving body chaired by the Deputy Secretary of Defense

Question 51

Senior Review Group (SRG)

Answer 51

• This group ensures there are no duplicative efforts across SAPs

Question 52

DoD Special Access Central Office (SAPCO)

Answer 52

• DoD SAP legislative liaison that notifies Congress of SAP approval

Question 53

Authorization, Appropriations, and Intelligence Congressional -

Answer 53

Congressional committees granted SAP access

Question 54

OSD-level SAP Central Offices

Answer 54

• Exercise oversight authority for the specific SAP category under their purview.

Question 55

PIE-FAO -

Answer 55

Protection, information, equipment, facilities, activities, and operations

Question 56

Antiterrorism Officer

Answer 56

• This person is responsible for the installation’s antiterrorism program

Question 57

CI Support

Answer 57

• Responsible for providing valuable information on the capabilities, intentions, and threats of adversaries

Question 58

OPSEC Officer -

Answer 58

This person analyzes threats to assets and their vulnerabilities