Download SPēD SFPC EXAM: All Areas Test Bank 2025-2026.Questions & Correct Verified Answers.Grade A and more Exams Security Analysis in PDF only on Docsity!
SPēD SFPC EXAM: All Areas Test
Bank 2025-2026. Questions & Correct
Verified Answers. Graded A
3 Types of Authorized Sources – ANS
- Security classification guide (SCG)
- properly marked source document
- DD Form 254 *when conflict is present, SCG always takes precedence 4 Phases of SAP Lifecycle – ANS
- Establishment (is extra protection warranted?)
- Management and Administration (continued need? processes followed?)
- Apportionment (proper measures in place? approval received)
- Disestablishment (program no longer needed?) 6 Step Original Classification Process - ANS1. Official (is info owned/produced/controlled by government?)
- Eligibility (does it fall into one of eight classification eligibility categories? are there prohibitions or limitations against classification? has info already been classified?)
- Impact (does unauthorized disclosure create potential for damage to national security?)
- Classification Level (confidential, secret, TS)
- Duration (downgrade? declassify?)
- Communication (via SCG or properly marked source document) 8 classification eligibility categories - ANS1. military plans/weapon systems/operations
- foreign government information (FGI)
- intelligence activities/sources/methods
- foreign relations/activities of U.S.
- scientific/technological/economic matters relating to national security
- programs for safeguarding nuclear materials/facilities
- vulnerabilities/capabilities of systems/installations/projects/plans relating to national security
- weapons of mass destruction (WMDs) A cleared individual can only have access at the _______ level as the facility clearance - ANSSame A contractor must adhere to the security rules of the __________ commander when working at a government installation - ANSInstallation Access - ANSOccurs when individual has security eligibility, NTK, and a signed SF 312 (NDA); permitted to access classified information Access National Agency Check with Inquiries (ANACI) - ANSFor civilians: · Noncritical-Sensitive positions · Confidential/Secret, "L" info, systems containing PII
Automated access control systems - ANSAllows biometric (e.g., fingerprints, hand geometry, iris scan) and non-biometric (e.g., card swipe reader, key system, pin) forms of identification Automatic declassification - ANSPermanently Valuable Historical records are declassified 25 years from original classification date Barrier Types - ANS1. Active-require action by personnel to permit entry
- Passive-effectiveness relies on bulk/mass; no moving parts
- natural-define boundaries and provide protection Categories of approved classified material storage locations - ANSStorage Containers
- Security containers (e.g., field safes, cabinets)
- Vaults (including modular vaults)
- Open storage area (secure area/secure room) Storage Facilities
- SCIF (SCI information)
- AA&E storage facility (arms, ammunition, and explosives)
- Nuclear storage facility (nuclear weapons) Chapter 8 of the NISPOM - ANSIf you are a government contractor working on a contractor-owned system at a contractor facility, you must follow the security provisions of this reference
Characteristics of each Force Protection Conditions (FPCONS) - ANSNormal: general global threat of possible terrorist activity--> routine security posture (i.e., access control at all installations) Alpha: increased general threat of possible terrorist activity against personnel/facilities; nature and extent unpredictable--> ALPHA measures must be capable of being maintained indefinitely Bravo: increased/more predictable threat or terrorist activity--> sustaining BRAVO measures may affect operational capability and military/civilian relationships Charlie: incident occurs or intelligence indicates some form of terrorist action is likely against personnel/facility---> sustaining CHARLIE measures may create hardship and affect activity of unit/personnel Delta: immediate area where terrorist attack has occurred of when intelligence indicates terrorist action against specific location/person is imminent (localized condition)--> not to be sustained for extended period of time CI Support (individual involved in PHYSEC) - ANSResponsible for providing valuable information on the capabilities, intentions, and threats of adversaries classification prohibitions - ANS1. concealing violations of law, inefficiency, or administrative error
- preventing embarrassment
- restraining competition
- preventing/delaying release of information that does not require protection
COMSEC - ANSThe protection resulting from the measures designed to deny unauthorized persons information of value that might be derived from the possession and study of telecommunications and to ensure the authenticity of such communications. Requires more stringent protection requirements Confidential - ANSUnauthorized disclosure of this information could reasonably be expected to cause damage to our national security. Construction requirements for vault doors - ANS1. Constructed of hardened steel
- Hung on non-removable hinge pins or with interlocking leaves.
- Equipped with a GSA-approved combination lock.
- Emergency egress hardware (deadbolt or metal bar extending across width of door). Contained in - ANSIncorporating classified information from source document into new document and no additional analysis needed to determine classification Continuous Evaluation/Vetting - ANSOngoing review of individual's background to determine whether they should continue to hold security clearance or not Contracting Officer - ANS*Government role Enter into, administer, and/or terminate contracts
Contracting Officer's Representative (COR) - ANS*Government role
- assigned to specific contract
- communicate security requirements
- verify/sponsor FCL
- subject matter expert with regular contact with contractor Criticality - ANSDetermination based on asset's importance to national security and effect of loss Custodians - ANSPeople who are in possession of, or who are otherwise charged with safeguarding classified information DD Form 254: DoD Contract Security Classification Specification - ANSOutlines security requirements and classification guidance (coordinated between contract knowledge, program knowledge, subject matter expert, and industrial/info security knowledge) DD Form 441: DoD Security Agreement - ANS- Legally binding contract between government and contractor
- Contractor agrees to comply with NISPOM and acknowledge government review to ensure compliance
- Government agrees to process contractor PCLs and provide guidance/oversight (must be completed before work begins) Declassification - ANSChange in status from classified to unclassified
DISA, Joint Interoperability Test Command (JITC) - ANSThis organization maintains a register of certified security digital facsimiles DISS - ANSA DoD system of record for personnel security clearance information Document destruction method - ANSBurned, shredded, or chemically decomposed of DoD 5200.08-R - ANSPhysical Security Program regulation DoD 5200.2-R - ANSImplements and maintains the DoD personnel security policies and procedures DoD 5220.22-M - ANSNational Industrial Security Program Operating Manual (NISPOM) DoD CAF responsibilities - ANS1. Making adjudicative decisions by applying whole person concept
- A repository for investigative records
- Initiating special investigations DoD Manual 5200.01, Volumes 1-3 - ANSManual that governs DoD Information Security Program DoD position sensitivity types - ANS1. Critical/Special Sensitive--> TS
- Non-Critical Sensitive--> Confidential and Secret
- Non-Sensitive--> not national security positions DoD Special Access Central Office (SAPCO) - ANS"One voice to Congress"/DoD SAP legislative liaison--> notifies Congress of SAP approval decision DoDI 5200.01 - ANSAuthorizes the publication of DoDM 5200.01 Vol 1-3, the DoD Information Security Program e-QIP - ANSSystem used to document personal information from Personnel Security Questionnaire E.O. 12968 - ANSThe Executive Order (E.O.) that establishes a uniform Personnel Security Program E.O. 13526 - ANSExecutive order that governs DoD Information Security Program Electromechanical combination lock - ANSForm of built-in combination lock. Permitted for securing classified info. Ex: X-07/08/09/10 and CDX- 07/08/09/ Elements that security professional should consider when assessing and managing risks to DoD assets (risk management process) - ANS1. Assess assets
- Assess threats
- Assess Vulnerabilities
- SF-86 must be current within one year;
- Limited Access;
- Waivers required for foreign cohabitants, spouses, and immediate family members. Within Industrial Security: The SecDef or DepSecDef can approve carve-out provision to relieve Defense Security Service of industrial security oversight responsibilities. Within Physical Security:
- Access Control;
- Maintain SAP Facility;
- Access Roster;
- All SAPs must have unclassified nickname/ Codeword (optional). Within Information Security:
- The use of HVSACO;
- Transmission requirements (order of precedence). EO 12869 - ANSEstablishes National Industrial Security Program Facility security officer (FSO) responsibilities - ANS*industry role
- Manage day-to-day security program operations at contractor facility (FCLs, PCLs, security education, safeguarding, reporting to government, self-inspections)
- Ensure compliance with NISP and contract documentation
- Work with DCSA to monitor classified info and educate personnel Factors for determining
whether U.S. companies are under Foreign Ownership, Control or Influence (FOCI) - ANS1. Record of economic and government espionage against the U.S. targets
- Record of enforcement/engagement in unauthorized technology transfer
- Type and sensitivity of information that shall be accessed
- Source, nature and extent of FOCI
- Record of compliance with pertinent U.S. laws, regulations and contracts
- Nature of bilateral & multilateral security & information exchange agreements
- Ownership/control, in whole or part, by foreign government Floppy disk destruction method - ANSBurned, overwritten, or demagnetized For the purpose of a visit to another cleared facility, a clearance can be verified by looking in ________ - ANSDISS Force Protection Condition (FPCONS) levels - ANSMeasures taken to protect personnel and assets from attack; issued by COCOMs and installation commanders/facility directors Levels: Normal, Alpha, Bravo, Charlie, Delta
- Unexplainable affluence/living above one's means
- Illegal downloads of information/files Information Security Oversight Office (ISOO) - ANS-Oversee and manages information security program under guidance of NSC. -NSC provides overall policy direction -ISOO is the operating arm -Annual report to president about each agency's security classification program, analysis and reports Intrusion Detection Systems (IDS) - ANSDetect, deter, and document intrusion. DO NOT prevent. Sends signal through wires when triggered Investigative requirement for a Critical/Special-Sensitive position - ANSSingle scope background investigation (SSBI aka T5), SSBI-PR (T5R), or PPR Investigative requirement for a Non-Critical Sensitive position - ANSANACI or NACLC (T3) ISOO 32 CFR Parts 2001 & 2003, "Classified National Security Information; Final Rule" - ANSProvides guidance to all government agencies on classification, downgrading, declassification, and safeguarding of classified national security information
JAMS - ANSThis sub-system (used by adjudicators) and JCAVS make up the JPAS/DISS system JCAVS - ANSA security manager uses this system to communicate with the DoD CAF Law Enforcement (individual involved in PHYSEC) - ANSMust be integrated into intelligence gathering process; part of coordinating emergency responses and criminal incidents on a Federal installation Low security padlock - ANSKey-operated padlock that has limited resistance to forced entry Low terrorist threat level - ANSNo terrorist group is detected or terrorist group is non-threatening Mandatory Declassification Review (MDR) - ANSProcess for public to request review for declassification and public release of classified information Marking for inner wrapper used for transportation of classified information - ANS1. recipient mailing address (include name of recipient)
- sender's address
- highest classification of document
- special markings
Microfiche destruction method - ANSBurned, shredded, destroyed with chemicals that destroy imprints Moderate terrorist threat level - ANS1. Anti-U.S. terrorists are present
- No indications of anti-U.S. activity
- Operating environment favors host nation or U.S. NACI - ANSNational Agency Check with Inquiries for civilians and contractors: · Non-Sensitive positions · Low Risk · HSPD-12 Credentialing National Agency Check (NAC) - ANSThe fingerprint portion of personnel security investigation (PSI) National Agency Check with Local Agency and Credit Check (NACLC) - ANSFor military and contractors: · Noncritical-Sensitive · Confidential/Secret clearance eligibility · Equivalent to Tier 3 National Industrial Security Program (NISP) - ANSThe program that covers protection of classified information by government contractors National Security Council (NSC) - ANSProvides overall policy direction for the Information Security Program
Neither confirm nor deny - ANSIf classified information appears in the public media, DoD personnel must be careful not to make any statement of comment that would confirm the accuracy or verify the classified status of the information OPSEC Officer (individual involved in PHYSEC) - ANSAnalyzes threats to assets and their vulnerabilities Options an OCA has when determining declassification - ANSSpecific Date, Specific Event, or 50X1-HUM Exemption Original Classification - ANSInitial determination that information requires protection against unauthorized disclosure Original Classification Authority (OCA) - ANS-Authorized to make initial classification determination -Request for OCA contains mission justification and position title -Delegated in writing by president to occupant of position, not to an individual by name -Not able to delegate further unless "acting" -Specifies highest level OCA can classify piece of information and their jurisdiction -OCA training -Demonstrable and continuing need for such authority at least 2x a year
