SFPC Exams (Latest 2023/ 2024 Updates STUDY BUNDLE WITH COMPLETE SOLUTIONS) Questions and Verified Answers- 100% Correct

Security Fundamentals Professional
Certificate (SFPC) Exam Prep| All Areas
Covered| Questions and Verified Answers
(Latest 2023/ 2024 Update)- 100% Correct
Q: Critical Program Information in DoD
Answer:

U.S. capability elements that contribute to the warfighter’s advantage throughout the life cycle,
which if compromised or subject to unauthorized disclosure, decrease the advantage.
Elements or components of a Research, Development, and Acquisition (RDA) program that, if
compromised, could cause significant degradation in mission effectiveness; shorten the expected
combat-effective life of the system; reduce technological advantage; significantly alter program
direction; or enable an adversary to defeat, counter, copy, or reverse engineer the technology or
capability. Includes information about applications, capabilities, processes and end-items.
Includes elements or components critical to a military system or network mission effectiveness.
Includes technology that would reduce the U.S. technological advantage if it came under foreign
control.
Q: Primary authorities governing foreign disclosure of classified military information.
Answer:
Arms Export Control Act
National Security Decision Memorandum 119
National Disclosure Policy-1
International Traffic in Arms Regulation (ITAR)
E.O.s 12829 & 13526
Bilateral Security Agreements
DoD 5220.22-M, “NISPOM”
Q: The purpose of the DD Form 254
Answer:

Convey security requirements, classification guidance and provide handling procedures for
classified material received and/or generated on a classified contract.
Q: Factors for determining whether U.S. companies are under Foreign Ownership, Control or
Influence
(FOCI)
Answer:

Record of economic and government
espionage against the U.S. targets
Record of enforcement/engagement
in unauthorized technology transfer
Type and sensitivity of the information that shall be accessed
The source, nature and extent of FOCI
Record of compliance with pertinent U.S. laws, regulations and contracts
Nature of bilateral & multilateral security & information exchange
agreements
Ownership or control, in whole or part, by a foreign government
Q: The purpose and the function of the Militarily Critical Technologies List (MCTL).
Answer:
Serves as a technical reference for the development and implementation of DoD technology,
security policies on international transfers of
defense-related goods, services, and technologies as administered by the Director, Defense
Technology Security
Administration (DTSA).
Formulation of export control proposals and export license review
Q: Security Infraction
Answer:
This event cannot reasonably be expected to and does not result in the loss, compromise, or
suspected compromise of classified information

Q: DoD Manual 5200.01, Volumes 1-4
Answer:
The manual that governs the DoD Information Security Program
Q: E.O. 13526
Answer:
The executive order that governs the DoD Information Security Program
Q: 32 CFR Parts 2001 & 2003,
Answer:
“Classified National Security
Information; Final Rule”
The Information Security Oversight Office (ISOO) document that governs the DoD Information
Security Program
Q: Security Violation
Answer:
An event that results in or could be expected to result in the loss or compromise of classified
information.
Q: Unauthorized Disclosure
Answer:
Communication or physical transfer of classified or controlled unclassified information to an
unauthorized recipient

Q: SSBI
Answer:
Initial investigation for military, contractors, and civilians:
· Special-Sensitive positions
· Critical-Sensitive positions1
· LAA
· Top Secret clearance eligibility
· IT-I duties
Q: ANACI
Answer:
Initial investigation for civilians:
· Noncritical-Sensitive positions2
· Confidential and Secret clearance eligibility
· IT-II duties
Q: NACLC
Answer:
Initial National Agency Check with Law and Credit for military and contractors:
· Secret or Confidential clearance eligibility
· All military accessions and appointments
· IT-II duties
· IT-III duties (military only)
Q: NACI
Answer:
National Agency Check with Inquiries for civilians and contractors:
· Non-Sensitive positions
· Low Risk
· HSPD-12 Credentialing
Powered by https://learnexams.com/search/study?query=aqa

SFPC : Security Fundamentals Professional
Certificate (2023/ 2024) Exam | Actual
Questions and Verified Answers (Latest
Update)- 100% Correct| Grade A
Q: You suspect a user’s computer is infected by a virus.What should you do first?
Answer:
D Install antivirus software on the computer
Q: You are trying to connect to an FTP server on the Internet from a computer in a school lab.
You cannot get a connection. You try on another computer with the same results. The computers
in the lab are able to browse the Internet.You are able to connect to this FTP server from home.
What could be blocking the connection to the server?
Answer:
C A firewall
Q: How does the sender policy framework (SPF) aim to reduce spoofed email?
Answer:
A It provides a list of IP address ranges for particular domains so senders can be verified.
Q: What are two attributes that an email message may contain that should cause a user to
question whether the message is a phishing attempt?
Answer:
B Spelling and grammar errors
C Threats of losing service

Q: When conducting a security audit the first step is to:
Answer:
A Inventory the company’s technology assets
Q: You would implement a wireless intrusion prevention system to:
Answer:
C Prevent rogue wireless access points
Q: What are three examples of two-factor authentication?
Answer:
A A fingerprint and pattern
B A password and a smart card
E A pin number and a debit card
Q: The purpose of a digital certificate is to verify that a:
Answer:
A Public key belongs to a sender
Q: Cookies impact security by enabling:
Answer:
A Storage of Web site passwords
D Web sites to track browsing habits

Q: What does implementing Windows Server Update Services (WSUS) allow a company to
manage?
Answer:
D Windows updates for workstations and servers
Q: The manager of a coffee shop hires you to securely set up WiFi in the shop.
To keep computer users from seeing each other, what should you use with an access point?
Answer:
B Client isolation mode
Q: Where should you lock up the backup tapes for your servers?
Answer:
D An offsite fire safe
Q: The client computers on your network are stable and do not need any new features.
Which is a benefit of applying operating system updates to these clients?
Answer:
D Close existing vulnerabilities
Q: The company that you work for wants to set up a secure network, but they do not have any
servers
Answer:
A 802.1x
C WPA2 Enterprise
D RADIUS
Powered by https://learnexams.com/search/study?query=aqa

Security Fundamentals Professional
Certificate Practice Exam Version 1|
Questions and Verified Answers (Latest 2023/
2024 Update)- 100% Correct
Q: What is the purpose of the Controlled
Access Program Coordination (CAPCO) register?
a. To identify the categories, types, and levels of Special Access Programs (SAPs.)
b. To define the authorities for classifying, declassifying, and regrading sensitive documents.
c. To identify the official classification and control markings, and their authorized abbreviations
and portion markings.
d. To define the requirements, restrictions, and measures necessary to safeguard classified
information from unauthorized disclosure.
Answer:
C
Q: When a classified data spill occurs, who is responsible for ensuring that policy requirements
for addressing an unauthorized disclosure are met?
a. Activity Security Manager
b. Information Assurance Staff
c. Information Assurance Manager
d. Information Assurance Officer
Answer:
A
Q: There are five information assurance attributes that are important to protect and defend DoD
networks and information. If there was a loss in non- repudiation, what would this cause in
relation to information assurance?**
a. Data is no longer reliable, accurate, nor trusted.
b. Data may potentially be available to unauthorized users via electronic form.

c. General communications are no longer trusted.
d. Potential of unauthorized access to classified data.
e. Data is no longer available to authorized users, and missions cannot be conducted.
Answer:
B
Q: Which of the following examples describes
a security violation rather than a security infraction?
a. On a busy day, Karen printed classified documents on the printer in her open storage/secure
room. She forgot about the documents and they remained on the printer for about an hour before
she retrieved them.
b. Karen was late for a meeting in a different area of her building. She put a classified document
in a folder she believed was marked for carrying classified materials. When handing out the
materials, Karen realized that the folder was not marked for carrying classified materials, she had
put the documents in the wrong folder.
c. At the end of the day, Karen was leaving and taking with her unclassified documents she
would review at home. When she began to review those documents that night, she realized that
classified materials had slipped in between the unclassified materials.
d. Karen was working a mission rela
Answer:
C
Q: The inability to deny you are the sender of an email would be an indication of a lapse in:**
a. Non-Repudiation
b. Confidentiality
c. Integrity
d. Availability
Answer:
A. Non-repudiation
Q: Unauthorized disclosure and loss of privacy is a lapse in:**
a. Confidentiality
b. Integrity

c. Availability
d. Authentication
Answer:
A
Q: Which of the following is the first action done to downgrade, declassify
or remove classification markings? a. Through the appropriate chain of command, contact the
original classification authority (OCA) to confirm that information does not have an extended
classification period.
b. Change the classification authority block to indicate “Declassify ON:” to show the new
declassification instructions.
c. Take all classification markings off the document and redistribute.
d. Request a waiver from the Information Security Oversight. Office (ISOO) to remove the
declassification markings.
Answer:
A
Q: All of the
following are requirements to perform classified activities from non-traditional locations (e.g.,
the employees home), EXCEPT:
a. The employee must be trained to operate classified information systems.
b. The employee must be trained on protection and storage of classified information and
Communications Security (COMSEC) materials.
c. The employee must receive written approval for use of classified information and equipment
at home.
d. The employee must have an office space that meets requirements comparable to the Sensitive
Compartmented Information Facility (SCIF).
Answer:
B
Q: What is the purpose of the Personnel Security Program (PSP)?
a. To define original classification for DoD assets and information.
b. To designate individuals for positions requiring access to classified information.

c. To ensure that only loyal, trustworthy, and reliable individuals may access classified
information or perform sensitive duties.
d. To describe the safeguarding requirements personnel must employ when handling classified
materials at a cleared contractor facility.
Answer:
C
Q: DoD reciprocally accepts existing national security eligibility determinations or clearances
from other Government agencies in accordance with which of the following policy documents?
a. Office of Management and Budget Memorandum M-05-24, “Implementation of Homeland
Security Presidential Directive (HSPD) 12 – Policy for a Common Identification Standard for
Federal Employees and Contractors,”.
b. Executive Order 13467, “Reforming Processes Related to Suitability for Government
Employment, Fitness for Contractor Employees, and Eligibility for Access to Classified National
Security Information”.
c. Sections 301 and 7532 of title 5, United States Code.
d. Executive Order 13526, “Classified National Security Information”.
Answer:
B
Q: Review of Tier 5 on an individual disclosed that the subject had been a member of
an anarchist organization dedicated to disestablishing existing Federal laws and overthrowing the
U.S. government by any means necessary, including violence. Although the subject terminated
his membership with the organization upon learning he would be investigated for
a clearance for his new position, he still maintains social contact with several members of the
anarchist organization. Based on this information, which of the following adjudicative guidelines
is most appropriate for an adjudicator to apply to the case?
a. Psychological Conditions
b. Foreign Preference
c. Allegiance to the United States
d. Criminal Activity
Answer:
C
Powered by https://learnexams.com/search/study?query=aqa

SFPC Exam Prep| Questions and Verified
Answers (Latest 2023/ 2024 Update)- 100%
Correct
Q: What are the objectives of Joint Clearance and Access Verification System (JCAVS)?
Answer:

Update security accesses
Allow communication amongst other offices and CAFs
Facilitate management tasks (personnel actions/reports/notifications)
Q: What is the objective of JPAS?
Answer:
JPAS uses a centralized database with computer processing and application programs for
standard DoD PERSEC processes. Comprises JCAVS and JAMS
Q: Define and describe CATS
Answer:
Case Adjudication Tracking System – used by DoD CAF adjudicators to review electronic PSIs
completed by NBIB
Q: What is DISS and what two programs does it replace?
Answer:
Defense Information System for Security. It replaces CATS and JPAS

Q: What are the 4 information advisements required under the Privacy Act of 1974?
Answer:

Under what authority is the information being gathered?
What is the principal purpose for gathering the information?
How will the information routinely be used?
Is providing the information mandatory or voluntary; what are the consequences for refusal to
provide information
Q: What are the standards for creating classified working papers?
Answer:
They are dated upon creation
They are marked with the classification and “WOKRING PAPERS”
They are destroyed when no long needed or brought into accountability (180 days)
Q: Name the classified coversheet titles?
Answer:
SF-703 = TOP SECRET
SF-704 = SECRET
SF-705 = CONFIDENTIAL
Q: Original Classification
Answer:
Determines in the info is official government info, classification eligibility (including threat and
level), duration of classification, and communicates the decision
Q: Derivative Classification
Answer:

an assumed responsibility of anyone who applies markings for a new document or material
conveying classified info
Q: Scheduled Declassification
Answer:
Occurs when the instructions assigned by the OCA are followed (instructions consist of either a
date or event)
Q: Automatic Declassification
Answer:
Classified records that have been determined to have permanent historical value under Title 44 of
USC are automatically declassified on Dec 31 of the year that is 25 years from the date of its
original classification
Q: Mandatory Declassification Review
Answer:
Initiates a declassification review as requested from the public. The originating agency must
respond to the request in a timely manner
Q: What the 6 Steps of Original Classification?
Answer:

Government info confirmation
Eligibility
Impact
Designate classification level
Duration
Guidance
Powered by https://learnexams.com/search/study?query=aqa

Security Fundamentals Professional
Certificate Practice Exam Version 2|
Questions and Verified Answers (Latest 2023/
2024 Update)- 100% Correct
Q: Secure rooms and vaults may both be authorized for the open storage of classified
information. T/F
Answer:
True
Q: Which of the following are required practices when using storage containers?
a) safeguard keys, locks, and combinations at the same level of the classified information being
stored
b) Change combinations when anyone with knowledge of the combination no longer requires
access and when the container or lock has been subject to possible compromise.
c) Store classified information with sensitive items or weapons.
d) Keep records of security containers, vaults, and secure rooms used for the storage of classified
material as well as the openings and closings of these containers.
Answer:
a) safeguard keys, locks, and combinations at the same level of the classified information being
stored
b) Change combinations when anyone with knowledge of the combination no longer requires
access and when the container or lock has been subject to possible compromise
d) Keep records of security containers, vaults, and secure rooms used for the storage of classified
material as well as the openings and closings of these containers.
Q: Who provides construction and security requirements for SCIFs?
a) Director of National Intelligence (DNI)
b) Central Intelligence Agency (CIA)
c) Defense Intelligence Agency (DIA)
d) General Services Administration (GSA)

e) Department of Defense (DoD)
Answer:
a) Director of National Intelligence (DNI)
Q: Who provides accreditation for SCIFs?
a) Director of National Intelligence (DNI)
b) Central Intelligence Agency (CIA)
c) Defense Intelligence Agency (DIA)
d) General Services Administration (GSA)
e) Department of Defense (DoD)
Answer:
c) Defense Intelligence Agency (DIA)
Q: Which of the following statements are true of SCIFs?
a) They are used by the intelligence community to store classified information
b) They are used by the DoD to store AA&E
c) They are used to store sensitive compartmented information
d) They are used to store nuclear weapons
Answer:
a) They are used by the intelligence community to store classified information
c) They are used to store sensitive compartmented information
Q: Warning signs must be posted at each boundary of a restricted area and must be conspicuous
to those approaching on foot or by vehicle. T/F
Answer:
True
Q: The use of master key systems is acceptable in the storage of AA&E. T/F

Answer:
False
Q: The use of deadly force is authorized against anyone who enters a nuclear storage facility
without proper authorization. T/F
Answer:
True
Q: Securing drainage structures must be considered if they cross the fence line of an AA&E
storage area. T/F
Answer:
True
Q: The continual barrier concept is commonly employed in nuclear storage facilities. T/F
Answer:
True
Q: What are the 5 elements of PERSEC?
Answer: