Download SFPC Practice Test 2025-2026. Questions & Correct Verified Answers. Graded A and more Exams Security Analysis in PDF only on Docsity!
SFPC Practice Test 2025-2026.
Questions & Correct Verified Answers.
Graded A
___________is the security system performance goal of immediate indication of deliberate attempts, security probing and warning for inadvertent or mistaken intention is an example of which system security capability? a. Detect b. Assessment c. Deterrence d. Delay - ANSC
- Which of the following is considered an element of the Personnel Security Program (PSP)? a. Risk Assessment and Analysis b. Implementation c. Classification d. Continuous Evaluation - ANSD
- Which of the following is not considered when making a security clearance eligibility determination? a. Education Level b. Alcohol consumption c. Financial considerations
d. Psychological Conditions - ANSA A position designated as a DoD noncritical-sensitive civilian position may fall under any of the following criteria, EXCEPT: a. A position not requiring eligibility for access to classified information, but having the potential to cause significant or serious damage to the national security. b. A position requiring eligibility for access to Top Secret information. c. A position requiring eligibility for access to confidential information. d. A position requiring eligibility for access to secret information. - ANSB According to Executive Order 13556, which of the following is considered a type of controlled unclassified information (CUI)? a. Communications Security (COMSEC) Information b. Declassified Information c. Law Enforcement Sensitive (LES) Information d. North Atlantic Treaty Organization (NATO) Information - ANSC. Law Enforcement Sensitive Information All of the following are requirements to perform classified activities from non- traditional locations (e.g., the employees home), EXCEPT: a. The employee must be trained to operate classified information systems. b. The employee must be trained on protection and storage of classified information and Communications Security (COMSEC) materials. c. The employee must receive written approval for use of classified information and equipment at home.
d. Security Classification Guide - ANSA At what step of the Risk Management Framework (RMF) would you develop a system-level continuous monitoring strategy?" ** a. Categorize Information System b. Select Security Controls c. Implement Security Controls d. Assess Security Controls e. Authorize f. Monitor Security Controls - ANSB Copies of personnel security investigative reports must be destroyed by DoD recipient organizations, within how many days following completion of the necessary personnel security determination? a. 30 days b. 45 days c. 60 days d. 90 days - ANSD DoD reciprocally accepts existing national security eligibility determinations or clearances from other Government agencies in accordance with which of the following policy documents? a. Office of Management and Budget Memorandum M-05-24, "Implementation of Homeland Security Presidential Directive (HSPD) 12 - Policy for a Common Identification Standard for Federal Employees and Contractors,".
b. Executive Order 13467, "Reforming Processes Related to Suitability for Government Employment, Fitness for Contractor Employees, and Eligibility for Access to Classified National Security Information". c. Sections 301 and 7532 of title 5, United States Code. d. Executive Order 13526, "Classified National Security Information". - ANSB Executive Order 12829, signed in January 1993, mandated that which of the following entities be responsible for implementing and monitoring the National industrial Security Program (NISP)? a. Director of the Information Security Oversight Office (ISOO) b. Secretary of Defense c. National Security Council (NSC) d. Director, Defense Security Services (DSS) - ANSA In which step of the Risk Management Framework (RMF) would you implement the decommissioning strategy? A. Step 3 - Implement security controls B. Step 4 - Assess security controls C. Step 5 - Authorize system D. Step 6 - Monitor security controls - ANSD Limited access to classified information for specific programs may be approved for non-U.S. citizens only under which of the following conditions?
d. Coordinate the organization of the Information System (IS) and Platform Information Technology (PIT) systems with the Program Manager (PM)/System Manager (SM), Information System Owner (ISO), Information Owner (IO), mission owner(s), Action Officer (AO) or their designated representatives. - ANSB Please determine which of the following is an element of an Operations Security (OPSEC) Assessment. a. Small in scale and focused on evaluating the effectiveness of the OPSEC program. b. Conducted on an annual basis. c. Uses external resources collectively to conduct with or without the use of indigenous resources. d. Determines the likelihood that critical information can be protected based on procedures that are currently in place. - ANSC Please determine which of the following is an example of reportable foreign intelligence contacts, activities, indicators, and behaviors. a. Authorizing others to acquire unauthorized access to classified or sensitive information systems. b. Unauthorized downloads or uploads of sensitive data. c. Network spillage incidents or information compromise. d. Use of DoD account credentials by unauthorized parties. - ANSA Preventing unauthorized access to information and equipment, safeguarding DoD assets against espionage and criminal activity, and providing the means to counter threats when preventative
measures are ignored, best characterize the primary functions of which of the following programs or processes? a. Physical Security Program b. Operations Security (OPSEC) process c. Security incident response process d. Personnel Security Program - ANSA Requests for authorizing disclosure of classified information during visits must include all the following information, EXCEPT: a. The explanation of the government purpose to perform when disclosing classified information. b. The subject of the meeting, scope of classified topics and classification level c. Expected time and location of the meeting. d. The main content of the invitation to send to the participants. - ANSC Review of Tier 5 on an individual disclosed that the subject had been a member of an anarchist organization dedicated to disestablishing existing Federal laws and overthrowing the U.S. government by any means necessary, including violence. Although the subject terminated his membership with the organization upon learning he would be investigated for a clearance for his new position, he still maintains social contact with several members of the anarchist organization. Based on this information, which of the following adjudicative guidelines is most appropriate for an adjudicator to apply to the case? a. Psychological Conditions b. Foreign Preference
Select ALL of the correct responses. What is included in the security authorization package? A Security Assessment Report (SAR) B Plan of Action and Milestones (POA&M) C Security Plan D None of the above - ANSA, B & C Select ALL of the correct responses. Which of the following are cybersecurity skill standards needed by security personnel? A Identify and manage all cybersecurity concepts B Explain their role in protecting DoD's information systems C Identify fundamental cybersecurity concepts that are related to the protection of classified and controlled unclassified information D Conduct assessment and evaluation of all IT systems - ANSB & C The cybersecurity attributes are confidentiality, integrity, availability, authentication, and: A Validity B Non-repudiation C Architecture D Stability - ANSB The inability to deny you are the sender of an email would be an indication of a lapse in:**
a. Non-Repudiation b. Confidentiality c. Integrity d. Availability - ANSA. Non-repudiation The process of integrating active and passive complementary physical security measures to ensure the protection of DoD assets is known as which of the following concepts? a. Area security b. Threat-vulnerability assessment c. Security-in-depth d. Point security - ANSC The stealing of sensitive, proprietary information related to U.S. aerospace and defense technologies with the intent to provide such information to a foreign adversary is an example of which type of threat to DoD assets? a. Criminal activity b. Economic espionage c. Treason d. Terrorism - ANSB There are five information assurance attributes that are important to protect and defend DoD networks and information. If there was a loss in non- repudiation, what would this cause in relation to information assurance?** a. Data is no longer reliable, accurate, nor trusted. b. Data may potentially be available to unauthorized users via electronic form.
Two security professionals - Paul and Ashley - are discussing secure rooms, containers, and vaults. Paul says weapons or sensitive items such as funds, jewels, or precious metals should not be stored in the same security container as classified information. Ashley says the General Service Administration approves security containers used to store classified information. Who is correct? a. Paul is correct b. Ashley is correct c. Paul and Ashley are both correct d. Paul and Ashley are both incorrect - ANSC Two security professionals - Paul and Ashley - are discussing security program areas. Paul says that Information Security practitioners train and/or advise Original Classification Authorities in the application of the process for making classification determinations. Ashley says that Physical Security practitioners work with a facility's Antiterrorism Officer to deploy defensive measures designed to reduce the facility's vulnerability from terrorist attacks. Who is correct? A. Paul is correct B. Ashley is correct C. Paul and Ashley are both correct D. Paul and Ashley are both incorrect - ANSC. Paul and Ashley are both correct
Two security professionals - Paul and Ashley - are discussing security program areas. Paul says that Information Security practitioners work with a facility's Antiterrorism Officer to deploy defensive measures designed to reduce the facility's vulnerability from terrorist attacks. Ashley says that Personnel Security practitioners train and/or advise Original Classification Authorities in the application of the process for making classification determinations. Who is correct? A. Paul is correct B. Ashley is correct C. Paul and Ashley are both correct D. Paul and Ashley are both incorrect - ANSD. Paul and Ashley are both incorrect Unauthorized disclosure and loss of privacy is a lapse in:** a. Confidentiality b. Integrity c. Availability d. Authentication - ANSA What activities occur during implementation of security controls? (Select all that apply) A Communicate updates to appropriate audiences
What activities occur when authorizing the system? (select all that apply) a. Implement decommissioning strategy b. Develop, review, and approve Security Assessment Plan c. Prepare the Plan of Action and Milestones (POA&M) d. Submit security authorization package - ANSC & D What activities occur when monitoring security controls? (Select all that apply) A. Prepare the Plan of Action and Milestones (POA&M) B. Develop, review, and approve Security Assessment Plan C. Implement decommissioning strategy D. Determine impact of changes - ANSC & D What are the components of the Risk Management System? (Select all that apply) A Revision B Analysis C Evaluation D Assessment E Mitigation - ANSC, D & E What are the cybersecurity attributes? Select all that apply. A Confidentiality B Integrity C Availability
D Authentication E Non-repudiation - ANSAll of the above What are the cybersecurity drivers? A NIST 800-30 Rev 1 Guide for Conducting Risk Assessments B DoD 8530.01 Cybersecurity Activities Support to DoD Information Network Operations C DoD 8510.01 Risk Management Framework D DoD 8500. E DoD Security Policy - ANSAll of the above What are the steps in the Risk Management Framework (RMF)? (Select all that apply) A Monitor Security Controls B Categorize System C Authorize System D Assess Security Controls E Select Security Controls F Implement Security Controls - ANSAll of the above What does "AO" stand for? - ANSAuthorizing Official What evolving threats are attempts by hackers to damage or destroy a computer network or system? A. Insider Threat B. Social Media C. Cyber Attack
c. Document holder as the sole authority to make transfer and dissemination determinations. d. Sources and reasons for the classification. - ANSC What is security personnel's primary skill in relationship to cybersecurity? A Analyze duties B Manage risk C Execute training D Respond to incidents - ANSB What is the first step in the Risk Management Framework (RMF)? A. Categorize System B. Authorize System C. Implement Security Controls D. Select Security Controls E. Assess Security Controls F. Monitor Security Controls - ANSA What is the primary responsibility of security personnel? A Monitor, evaluate, and provide advice to the Secretary of Defense B Protect classified information and controlled unclassified information C Direct the operation of and assure the security of the global DoD network D Coordinate all DoD network operations - ANSB What is the purpose of DD Form 254? a. To convey security classification guidance and to advise contractors on the handling procedures for classified material.
b. To document the formal agreement between the US government and a cleared contractor in which the contactor agrees to maintain a security program in compliance with the NISPOM and the government agrees to security guidance and program oversight. c. To validate details regarding the foreign ownership, control or influence affecting that cleared contractor facility. d. It replaces the actual contract document for any contract requiring access to classified information. - ANSA What is the purpose of marking classified materials? a. To alert holders to the presence of classified information, how to properly protect it, and for how long. b. To deter foreign adversaries from committing actions aimed at accessing such information. c. To provide guidance for interpretation and analysis of classified information. d. To alert holders to the methods used to collect classified information. - ANSA What is the purpose of the Controlled Access Program Coordination (CAPCO) register? a. To identify the categories, types, and levels of Special Access Programs (SAPs.) b. To define the authorities for classifying, declassifying, and regrading sensitive documents. c. To identify the official classification and control markings, and their authorized abbreviations and portion markings.
