Which of the following security program areas would you find practitioners who train and\/
or advise Original Classification Authorities in the application of the process for making
classification determinations?
A. Information Security
B. Physical Security
C. Personnel Security
D. Industrial Security
A. Information Security<\/p>\n\n\n\n
Which of the following security program areas would you find practitioners working with a
facility’s Antiterrorism Officer to deploy defensive measures designed to reduce the facility’s
vulnerability from terrorist attacks?
A. Information Security
B. Physical Security
C. Personnel Security
D. Industrial Security
B. Physical Security<\/p>\n\n\n\n
Which of the following security programs areas would you find practitioners involved with
processes that monitor employees for new information that could affect their security clearance
eligibility status?
A. Foreign Disclosure
B. Information Security
C. International Security
D. Operations Security
E. Personnel Security
F. Physical Security
G. Research and Technology Protection
H. Information Assurance
E. Personnel Security<\/p>\n\n\n\n
Two security professionals – Paul and Ashley – are discussing security program areas.
Paul says that Information Security practitioners train and\/or advise Original Classification
Authorities in the application of the process for making classification determinations.
Ashley says that Physical Security practitioners work with a facility’s Antiterrorism Officer to
deploy defensive measures designed to reduce the facility’s vulnerability from terrorist attacks.
Who is correct?
A. Paul is correct
B. Ashley is correct
C. Paul and Ashley are both correct
D. Paul and Ashley are both incorrect
C. Paul and Ashley are both correct<\/p>\n\n\n\n
Two security professionals – Paul and Ashley – are discussing security program areas.
Paul says that Information Security practitioners work with a facility’s Antiterrorism Officer to
deploy defensive measures designed to reduce the facility’s vulnerability from terrorist attacks.
Ashley says that Personnel Security practitioners train and\/or advise Original Classification
Authorities in the application of the process for making classification determinations.
Who is correct?
A. Paul is correct
B. Ashley is correct
C. Paul and Ashley are both correct
D. Paul and Ashley are both incorrect
D. Paul and Ashley are both incorrect<\/p>\n\n\n\n
Which of the following is a true statement regarding the special handling requirements of Foreign Government Information (FGI)?<\/p>\n\n\n\n
a. When the classification marking on a document containing FGI is not in English, or when the foreign government marking requires a different degree of protection than
the same U.S. classification designation, a U.S. marking that results in a degree of protection equivalent to that required by the foreign government shall be applied.
b. A U.S. document containing FGI cannot be declassified or downgraded below the highest level of FGI contained in the document without the permission of the foreign government or international organization that originated the information.
c. Those holding security clearances issued by the U.S. government cannot access U.S. documents containing FGI without written consent from the originating foreign government.
d. The receiving DoD Components must maintain records for 1 year of the receipt, internal distribution, destruction, annual inventory, access, reproduction, and transmittal of foreign government Top Secret information.
B<\/p>\n\n\n\n
Which of the following is a requirement for access to North Atlantic Treaty Organization (NATO) information?
a. Personnel has been subject of a Single Scope Background Investigation (SSBI), including a National Agency Check (NAC) on the spouse and all members of the individual’s immediate family of 18 years of age or over who are United States citizens other than by birth or who are resident aliens.
b. Personnel has been subject of a favorably adjudicated background investigation (BI) (10-year scope), Tier 5, current within five years prior to the assignment, and completed a NATO brief.
c. Personnel has been subject of a favorably adjudicated BI (10-year scope), Defense National Agency Check with Inquiries (DNACI)\/ National Agency Check with Inquiries (NACI) or NACI Entrance National Agency Check (ENTNAC), current within five years prior to the assignment.
d. Personnel requiring access to NATO COSMIC (Top Secret) or SECRET information must at least possess the equivalent interim U.S. security clearance.
B<\/p>\n\n\n\n
According to Executive Order 13556, which of the following
is considered a type of controlled unclassified information (CUI)?
a. Communications Security (COMSEC) Information
b. Declassified Information
c. Law Enforcement Sensitive (LES) Information
d. North Atlantic Treaty Organization (NATO) Information
C. Law Enforcement Sensitive Information<\/p>\n\n\n\n
What is the purpose of marking classified materials?
a. To alert holders to the presence of classified information, how to properly protect it, and for how long.
b. To deter foreign adversaries from committing actions aimed at accessing such information.
c. To provide guidance for interpretation and analysis of classified information.
d. To alert holders to the methods used to collect classified information.
A<\/p>\n\n\n\n
What is included in the markings of classified information?
a. Derivative classifier as the authority to make declassification determinations.
b. Agencies and authorities that have previously accessed the classified information.
c. Document holder as the sole authority to make transfer and dissemination determinations.
d. Sources and reasons for the classification.
C<\/p>\n\n\n\n
What is the purpose of the Controlled
Access Program Coordination (CAPCO) register?
a. To identify the categories, types, and levels of Special Access Programs (SAPs.)
b. To define the authorities for classifying, declassifying, and regrading sensitive documents.
c. To identify the official classification and control markings, and their authorized abbreviations and portion markings.
d. To define the requirements, restrictions, and measures necessary to safeguard classified information from unauthorized disclosure.
C<\/p>\n\n\n\n
When a classified data spill occurs, who is responsible for ensuring that policy requirements for addressing an unauthorized disclosure are met?
a. Activity Security Manager
b. Information Assurance Staff
c. Information Assurance Manager
d. Information Assurance Officer
A<\/p>\n\n\n\n
There are five information assurance attributes that are important to protect and defend DoD networks and information. If there was a loss in non- repudiation, what would this cause in relation to information assurance?**
a. Data is no longer reliable, accurate, nor trusted.
b. Data may potentially be available to unauthorized users via electronic form.
c. General communications are no longer trusted.
d. Potential of unauthorized access to classified data.
e. Data is no longer available to authorized users, and missions cannot be conducted.
B<\/p>\n\n\n\n
Which of the following examples describes
a security violation rather than a security infraction?
a. On a busy day, Karen printed classified documents on the printer in her open storage\/secure room. She forgot about the documents and they remained on the printer for about an hour before she retrieved them.
b. Karen was late for a meeting in a different area of her building. She put a classified document in a folder she believed was marked for carrying classified materials. When handing out the materials, Karen realized that the folder was not marked for carrying classified materials, she had put the documents in the wrong folder.
c. At the end of the day, Karen was leaving and taking with her unclassified documents she would review at home. When she began to review those documents that night, she realized that classified materials had slipped in between the unclassified materials.
d. Karen was working a mission related to Mexican Drug cartel operating out of Playa Carmen. Her husband planned a golf trip with friends to that area. She advised him not to go, and believing that it was a safety issue, she provided sensitive details about the cartel to make sure that he did not go.
C<\/p>\n\n\n\n
The inability to deny you are the sender of an email would be an indication of a lapse in:**
a. Non-Repudiation
b. Confidentiality
c. Integrity
d. Availability
A. Non-repudiation<\/p>\n\n\n\n
Unauthorized disclosure and loss of privacy is a lapse in:**
a. Confidentiality
b. Integrity
c. Availability
d. Authentication
A<\/p>\n\n\n\n
Which of the following is the first action done to downgrade, declassify
or remove classification markings? a. Through the appropriate chain of command, contact the original classification authority (OCA) to confirm that information does not have an extended classification period.
b. Change the classification authority block to indicate “Declassify ON:” to show the new declassification instructions.
c. Take all classification markings off the document and redistribute.
d. Request a waiver from the Information Security Oversight. Office (ISOO) to remove the declassification markings.
A<\/p>\n\n\n\n
All of the
following are requirements to perform classified activities from non-traditional locations (e.g., the employees home), EXCEPT:
a. The employee must be trained to operate classified information systems.
b. The employee must be trained on protection and storage of classified information and Communications Security (COMSEC) materials.
c. The employee must receive written approval for use of classified information and equipment at home.
d. The employee must have an office space that meets requirements comparable to the Sensitive Compartmented Information Facility (SCIF).
B<\/p>\n\n\n\n
What is the purpose of the Personnel Security Program (PSP)?
a. To define original classification for DoD assets and information.
b. To designate individuals for positions requiring access to classified information.
c. To ensure that only loyal, trustworthy, and reliable individuals may access classified information or perform sensitive duties.
d. To describe the safeguarding requirements personnel must employ when handling classified materials at a cleared contractor facility.
C<\/p>\n\n\n\n
DoD reciprocally accepts existing national security eligibility determinations or clearances from other Government agencies in accordance with which of the following policy documents?
a. Office of Management and Budget Memorandum M-05-24, “Implementation of Homeland Security Presidential Directive (HSPD) 12 – Policy for a Common Identification Standard for Federal Employees and Contractors,”.
b. Executive Order 13467, “Reforming Processes Related to Suitability for Government Employment, Fitness for Contractor Employees, and Eligibility for Access to Classified National Security Information”.
c. Sections 301 and 7532 of title 5, United States Code.
d. Executive Order 13526, “Classified National Security Information”.
B<\/p>\n\n\n\n
Review of Tier 5 on an individual disclosed that the subject had been a member of
an anarchist organization dedicated to disestablishing existing Federal laws and overthrowing the U.S. government by any means necessary, including violence. Although the subject terminated his membership with the organization upon learning he would be investigated for
a clearance for his new position, he still maintains social contact with several members of the anarchist organization. Based on this information, which of the following adjudicative guidelines is most appropriate for an adjudicator to apply to the case?
a. Psychological Conditions
b. Foreign Preference
c. Allegiance to the United States
d. Criminal Activity
C<\/p>\n\n\n\n
Limited access to classified information for
specific programs may be approved for non-U.S. citizens only under which of the following conditions?
a. The subject is eligible to access material marked by a foreign government that is equivalent to a U.S. Top Secret classification marking.
b. The subject will only have one-time access to specific material, after which the material will be appropriately destroyed or returned to the originating U.S. agency
c. The subject will only have access to classified U.S. documents containing Foreign Government Information (FGI) originating from the foreign country of which the subject is a citizen.
d. The prior 10 years of the subject’s life can be appropriately investigated.
D<\/p>\n\n\n\n
Which of the following is the investigative requirement for access to
Single Integrated Operational
Plan-Extremely Sensitive Information (SIOP- ESI)?
a. Individual has a valid favorably adjudicated Tier 5 or Single Scope Background (SSBI) Investigation.
b. Individual has a valid favorable adjudicated Tier 3 or National Agency Check with Local Agency Check (NACLC) investigation.
c. Individual has a valid favorably adjudicated Tier 3 or Access National Agency Check with Written Inquiries and Credit Check (ANACI) investigation.
d. Individual has a valid favorably adjudicated Tier.
A<\/p>\n\n\n\n
Which of the following is not qualifying criteria for personnel assigned to nuclear weapons personnel reliability assurance positions?
a. Individual must be a U.S. Citizen
b. Individual has a security clearance eligibility in accordance with the position
c. Individual is subject to a periodic reinvestigation every three years
d. Individual must be continuous evaluated
C<\/p>\n\n\n\n
Which of the following is correct regarding the investigation requirement for initial assignment to a Presidential Support Activities (i.e. Yankee White) Category 2 position?
a. Favorably completed Tier 5\/Single Scope Background Investigation (SSBI) within 36 months preceding selection.
b. Favorably completed Tier 3\/National Agency Check with Local Agency Check (NACLC) within 36 months preceding selection.
c. Favorably completed Tier 5\/SSBI within 24 months preceding selection.
d. Favorably completed Tier 3\/NACLC within 24 months preceding selection.
A<\/p>\n\n\n\n
Which of the following adjudication processes refers to a person’s identifiable character traits and conduct sufficient to decide whether employment or continued employment would or would not protect the integrity or promote the efficiency of the Federal service?
a. Homeland Security Presidential Directory (HSPD) 12 credentialing
b. National security adjudication
c. Suitability adjudication
d. Continuous evaluation
C<\/p>\n\n\n\n
All unclassified DoD information in the possession or control of non-DoD entities on non-DoD information systems, to the
extent provided by the applicable grant, shall minimally be safeguarded under which of the following standards?
a. Information holders must use the Secret Internet Protocol Router Network (SIPRNET) to transmit such information.
b. Such information may be store in an open storage area, provided the room is equipped with an Intrusion Detection System (IDS) with the personnel responding to an alarm within 15 minutes of the alarm annunciation.
c. Such information must be stored in a General Services Administration (GSA)-approved security container equipped with a lock meeting FF-L-2740 standards.
d. Organizational wireless connections holding such information must be encrypted, and those accessing such information must use encrypted wireless connections where available when traveling.
D<\/p>\n\n\n\n
Copies of personnel security investigative reports must be destroyed by DoD recipient organizations, within how many days following completion
of the necessary personnel security determination?
a. 30 days
b. 45 days
c. 60 days
d. 90 days
D<\/p>\n\n\n\n
Which of the following limitations is true regarding Limited Access Authorization (LAA) to non-U.S. citizens?
a. LAAs shall only be granted access at the Secret and Confidential levels.
b. A favorably completed and adjudicated Tier 3 or National Agency Check with Local Agency Check (NACLC). investigation within the last five years is required.
c. An LAA is the same as a security clearance eligibility.
d. Access to classified information Is not limited to a specific program or project.
A<\/p>\n\n\n\n
A position designated as a DoD noncritical-sensitive civilian position may fall under any of the following criteria, EXCEPT:
a. A position not requiring eligibility for access to classified information, but having the potential to cause significant or serious damage to the national security.
b. A position requiring eligibility for access to Top Secret information.
c. A position requiring eligibility for access to confidential information.
d. A position requiring eligibility for access to secret information.
B<\/p>\n\n\n\n
What information must a statement of reasons (SOR) include?
a. SOR must state why an unfavorable national security eligibility determination is being proposed.
b. SOR must explain each security concern and state the specific facts that trigger each security concern.
c. The SOR must identify applicable adjudicative guideline(s) for each concern, and provide the disqualifying conditions and mitigating conditions for each guideline.
d. All of the Above
D<\/p>\n\n\n\n
Which type of briefing is used to obtain confirmation that a cleared employee agrees never to disclose classified information to an unauthorized person?
a. Special Briefings – Courier
b. Original Classification Authority (OCA) Briefing
c. Special Briefings – Non-Disclosure
d. Debriefing
C<\/p>\n\n\n\n
___________is the security system performance goal of immediate indication of deliberate attempts, security probing and warning for inadvertent or mistaken intention
is an example of which system security capability?
a. Detect
b. Assessment
c. Deterrence
d. Delay
C<\/p>\n\n\n\n
Two security professionals – Paul and Ashley – are discussing secure rooms, containers, and vaults. Paul says weapons or sensitive items such as funds, jewels, or precious metals should not be stored in the same security container as classified information. Ashley says the General Service Administration approves security containers used to store classified information. Who is correct?
a. Paul is correct
b. Ashley is correct
c. Paul and Ashley are both correct
d. Paul and Ashley are both incorrect
C<\/p>\n\n\n\n
Which of the following is not a distinct phase of the Intrusion Detection System?
a. Detection
b. Control
c. Assessment
d. Response
B<\/p>\n\n\n\n
Which of the following would be considered a public safety crime?
a. Theft of ammunition shipment for the purpose of criminal or gang related activity.
b. Theft of sensitive, proprietary information relating to US aerospace and defense technologies.
c. Deliberate destruction of DoD assets or interruption of normal operations.
d. Theft of an item and use of it outside of its intended purpose or without permission.
A<\/p>\n\n\n\n
Which of the following best describes the goal of the Physical Security Program?
a. To ensure that industry safeguards the classified information in their possession, while performing work on contracts, bids, or research and development efforts on behalf of the government.
b. To protect assets against compromise resulting from activities such as espionage, sabotage, terrorism, damage or loss, and criminal.
c. To ensure that only loyal, trustworthy, and reliable individuals may access classified information or perform sensitive duties.
d. To create uniform policies and procedures for defense acquisition by all executive agencies.
B<\/p>\n\n\n\n
Preventing unauthorized access to information
and equipment, safeguarding DoD assets against espionage and criminal activity, and providing the means to counter threats when preventative measures are ignored, best characterize the primary functions of which of the following programs or processes? a. Physical Security Program
b. Operations Security (OPSEC) process
c. Security incident response process
d. Personnel Security Program
A<\/p>\n\n\n\n
The process of integrating active and passive complementary physical security measures to ensure the protection of DoD assets is known as which of the following concepts?
a. Area security
b. Threat-vulnerability assessment
c. Security-in-depth
d. Point security
C<\/p>\n\n\n\n
The stealing of sensitive, proprietary information related to U.S. aerospace and defense technologies with the intent to provide such information to a foreign adversary is an example of which type of threat to DoD assets?
a. Criminal activity
b. Economic espionage
c. Treason
d. Terrorism
B<\/p>\n\n\n\n
When a Terrorism Threat Level is escalated from LOW to MODERATE, a DoD Component Head should employ which of the following countermeasures?
a. Cease all flying except for specifically authorized operational sorties.
b. Direct the execution of advance site reviews to facilitate the antiterrorism planning process.
c. Encourage dependent family members to complete Level I Antiterrorism Awareness Training before any travel outside the continental United States (OCONUS).
d. Conduct an immediate Terrorism Vulnerability Assessment for off-installation housing, schools, daycare centers, transportation.
C<\/p>\n\n\n\n
Requests for authorizing disclosure of classified information during visits must include all the following information, EXCEPT:
a. The explanation of the government purpose to perform when disclosing classified information.
b. The subject of the meeting, scope of classified topics and classification level
c. Expected time and location of the meeting.
d. The main content of the invitation to send to the participants.
C<\/p>\n\n\n\n
Two security professionals – Paul and Ashley<\/p>\n\n\n\n
Executive Order 12829, signed in January 1993, mandated that which of the following entities be responsible for implementing and monitoring the National industrial Security Program (NISP)?
a. Director of the Information Security Oversight Office (ISOO)
b. Secretary of Defense
c. National Security Council (NSC)
d. Director, Defense Security Services (DSS)
A<\/p>\n\n\n\n
What is the role of the government contracting activity (GCA), or cleared prime contractor, when a contractor that does not have a Facility Clearance (FCL) wants to bid on a Request
for Proposal (RFP) that requires access to classified information? a. The GCA must issue a formal letter rejecting the contractor’s bid since the contractor does not have the requisite FCL.
b. The contractor must submit a sponsorship request to DSS, who will decide whether to allow the contractor to bid on the contract.
c. The GCA must sponsor the contractor for a facility security clearance by submitting a sponsorship request to DSS, which initiates the facility clearance process.
d. The GCA must ensure that the all owners and senior management of the uncleared contractor are U.S. citizens and are eligible to be processed for a personnel security clearance.
C<\/p>\n\n\n\n
What is the purpose of the Federal Acquisition Regulations (FAR)?
a. To codify and publish uniform policies and procedures for acquisition by all executive agencies.
b. To manage DoD funds and prioritize the development of vital research and technology.
c. To provide small businesses and minority owned companies an opportunity to compete in the government acquisition process.
d. To promote uniform standards and best practices of technology acquisition across U.S. industry.
A<\/p>\n\n\n\n
What is the role of the security professional during the “Award Contract” step of the contracting process?
a. To ensure the appropriate classification level for the bid, and to define unique security requirements associated with the product.
b. To interface with the Cognizant Security Organization (CSO) to ensure oversight is performed and review results of and previous assessments on behalf of component.
c. To ensure that the contractor follows proper safeguarding and disposition guidance.
d. To review and define the specific security requirements with the contracting officer – specifically, block 13 of DD Form 254.
D<\/p>\n\n\n\n
What is the purpose of DD Form 254?
a. To convey security classification guidance and to advise contractors on the handling procedures for classified material.
b. To document the formal agreement between the US government and a cleared contractor in which the contactor agrees to maintain a security program in compliance with the NISPOM and the government agrees to security guidance and program oversight.
c. To validate details regarding the foreign ownership, control or influence affecting that cleared contractor facility.
d. It replaces the actual contract document for any contract requiring access to classified information.
A<\/p>\n\n\n\n
As part of Operations Security (OPSEC), a program coordinator should use which of the following tools to assess assets as part of the risk management process for critical information?
a. Critical Information List
b. Threat vulnerability matrix
c. Risk Rating Table
d. Security Classification Guide
A<\/p>\n\n\n\n
What is the role of the Special Access Program Oversight Committee (SAPOC) during the maintenance phase
of the Special Access Program (SAP) lifecycle?
a. To ensure that the SAP has adequate Internal Review and Audit Compliance (IRAC) support, including accessed auditors at supporting offices, to meet program audit needs.
b. To review existing programs annually to determine whether to revalidate them as SAPs.
c. To provide oversight of SAP program and budget accomplishments.
d. To provide oversight of SAP audits and inspections.
B<\/p>\n\n\n\n
Which of the following describes a Special Access Program (SAP) that is established to protect sensitive research, development, testing and evaluation, modification, and procurement activities?
a. Research and Technology SAP
b. Operations and Support SAP
c. Acquisition SAP
d. Intelligence SAP
C<\/p>\n\n\n\n
Which type of briefing is used to identify security responsibilities, provide a basic understanding of DoD security policies, and explain the importance of protecting government assets?
a. Indoctrination Briefing
b. Original Classification Authority (OCA)
Briefing
c. Foreign Travel Briefing
d. Debriefing
A<\/p>\n\n\n\n
Which type of briefing is used to reinforce the information provided during the initial security briefing and to keep cleared employees informed of appropriate changes in security regulations?
a. Annual Refresher Briefings
b. Indoctrination Briefings
c. Attestation Briefings
d. Courier Briefings
A<\/p>\n\n\n\n
Which step of the Operations Security (OPSEC) process would be applied when conducting exercises, red teaming and analyzing operations?
a. Conduct a Risk Assessment
b. Apply OPSEC Countermeasures
c. Conduct a Threat Analysis
d. Conduct a Vulnerability Analysis
B<\/p>\n\n\n\n
Which step of the Operations Security (OPSEC) process would be applied when identifying potential adversaries and the associated capabilities and intentions
to collect, analyze, and exploit critical information and indicators?
a. Conduct a Vulnerability Analysis
b. Conduct a Threat Analysis
c. Conduct a Risk Assessment
d. Apply OPSEC Countermeasures
B<\/p>\n\n\n\n
Please determine which of the following is an element of an Operations Security (OPSEC) Assessment.
a. Small in scale and focused on evaluating the effectiveness of the OPSEC program.
b. Conducted on an annual basis.
c. Uses external resources collectively to conduct with or without the use of indigenous resources.
d. Determines the likelihood that critical information can be protected based on procedures that are currently in place.
C<\/p>\n\n\n\n
To provide access to Social Media sites, the DoD agency must provide all of the following, EXCEPT:
a. Protection against malware and advance threats.
b. Blocked access to prohibited sites and content.
c. Individual compliance with Joint Ethics Regulations and guidelines.
d. Constant monitoring to deter inappropriate site access.
D<\/p>\n\n\n\n
Who’s responsibility is it during the categorize steps to identify a potential impact (low, moderate, or high) due
to loss of confidentiality, integrity, and availability if a security breach occurs?**
a. Information System Owner (ISO)
b. Information Owner (IO)
c. Information System Security Manager (ISSM)
d. Authorizing Official (AO)
B<\/p>\n\n\n\n
Please determine which of the following is an example of reportable foreign intelligence contacts, activities, indicators, and behaviors.
a. Authorizing others to acquire unauthorized access to classified or sensitive information systems.
b. Unauthorized downloads or uploads of sensitive data.
c. Network spillage incidents or information compromise.
d. Use of DoD account credentials by unauthorized parties.
A<\/p>\n\n\n\n
Limiting nonsecure computer e-mail messages to nonmilitary activities and not providing operational information in nonsecure e-mail messages are functions of which OPSEC measure?
a. Operational and Logistic Measures
b. Technical Measures
c. Administrative Measures
d. Operations Security and Military Deception
B<\/p>\n\n\n\n
Which of the following is NOT a category of Information Technology (IT)?**
a. Platform Information Technology (PIT)
b. Information Technology Services
c. Information Technology Products
d. Information Technology Applications
D<\/p>\n\n\n\n
What step within the Risk Management Framework (RMF) does system categorization occur?**
a. Categorize Information System
b. Select Security Controls
c. Implement Security Controls
d. Assess Security Controls
e. Authorize
f. Monitor Security Controls
A<\/p>\n\n\n\n
At what step of the Risk Management Framework (RMF) would you develop a
system-level continuous monitoring strategy?” **
a. Categorize Information System
b. Select Security Controls
c. Implement Security Controls
d. Assess Security Controls
e. Authorize
f. Monitor Security Controls
B<\/p>\n\n\n\n
One responsibility of the Information System Security Manager (ISSM) during Step 6 of the Risk Management Framework (RMF) is:**
a. Review and approve the security plan and system-level continuous monitoring strategy developed and implemented by the DoD Components.
b. Monitor the system for security relevant events and configuration changes that affect the security posture negatively.
c. Determine and documents a risk level in the Security Assessment Report (SAR) for every non-compliant security control in the system baseline.
d. Coordinate the organization of the Information System (IS) and Platform Information Technology (PIT) systems with the Program Manager (PM)\/System Manager (SM), Information System Owner (ISO), Information Owner (IO), mission owner(s), Action Officer (AO) or their designated representatives.
B<\/p>\n\n\n\n
What family of controls does Security Functionality
Verification belong to?**
a. System and Communications Protection
b. Maintenance
c. System and Information Integrity
d. Audit and Accountability
C<\/p>\n\n\n\n
What does “AO” stand for?
Authorizing Official<\/p>\n\n\n\n
What is a SAR as related to cyber security?
System Assessment Report<\/p>\n\n\n\n
What activities occur when authorizing the system? (select all that apply)
a. Implement decommissioning strategy
b. Develop, review, and approve Security Assessment Plan
c. Prepare the Plan of Action and Milestones (POA&M)
d. Submit security authorization package
C & D<\/p>\n\n\n\n
What activities occur when assessing security controls? (Select all that apply)
A. prepare the plan of action and milestones (POA&M)
B. conduct final risk determination
C. Develop, plan, and approve Security Assessment Plan
D. Prepare Security Assessment Report
C & D<\/p>\n\n\n\n
What activities occur when monitoring security controls? (Select all that apply)
A. Prepare the Plan of Action and Milestones (POA&M)
B. Develop, review, and approve Security Assessment Plan
C. Implement decommissioning strategy
D. Determine impact of changes
C & D<\/p>\n\n\n\n
What are the cybersecurity attributes?
Select all that apply.
A Confidentiality
B Integrity
C Availability
D Authentication
E Non-repudiation
All of the above<\/p>\n\n\n\n
Why do you need to be aware of cybersecurity?
A To uphold all elements of the National Industrial Security Program Operating Manual
B To appropriately manage risk by mitigating threats and vulnerabilities
C To examine your own actions and activities to uphold personal accountability
D To ensure all appropriate measures are taken to protect a place and ensure only people with permission enter and leave it
B<\/p>\n\n\n\n
What are the cybersecurity drivers?
A NIST 800-30 Rev 1 Guide for Conducting Risk Assessments
B DoD 8530.01 Cybersecurity Activities Support to DoD Information Network Operations
C DoD 8510.01 Risk Management Framework
D DoD 8500.01
E DoD Security Policy
All of the above<\/p>\n\n\n\n
Which skills do security personnel need?
A. Protect information systems.
B. Identify all cybersecurity concepts.
C. Identify fundamental cybersecurity concepts that are related to the protection of classified and controlled unclassified information.
D. Examine their role in protecting DoD’s information systems and the information they process, transmit, and store.
D<\/p>\n\n\n\n
What is the primary responsibility of security personnel?
A Monitor, evaluate, and provide advice to the Secretary of Defense
B Protect classified information and controlled unclassified information
C Direct the operation of and assure the security of the global DoD network
D Coordinate all DoD network operations
B<\/p>\n\n\n\n
What is security personnel’s primary skill in relationship to cybersecurity?
A Analyze duties
B Manage risk
C Execute training
D Respond to incidents
B<\/p>\n\n\n\n
What are the components of the Risk Management System? (Select all that apply)
A Revision
B Analysis
C Evaluation
D Assessment
E Mitigation
C, D & E<\/p>\n\n\n\n
What are the steps in the Risk Management Framework (RMF)? (Select all that apply)
A Monitor Security Controls
B Categorize System
C Authorize System
D Assess Security Controls
E Select Security Controls
F Implement Security Controls
All of the above<\/p>\n\n\n\n
What threat environments should you consider? (Select all that apply)
A Adversarial
B Environmental
C Structural
D Accidental
All of the above<\/p>\n\n\n\n
What should you look for when assessing vulnerabilities? (Select all that apply)
A Residual risk
B Ease
C Likelihood
D Related threats
D Rewards
All of the above<\/p>\n\n\n\n
Which steps of the RMF are designed to mitigate risk? (Select all that apply)
A Assess Security Controls
B Monitor Security Controls
C Select Security Controls
D Authorize System
E Implement Security Controls
F Categorize System
C & E<\/p>\n\n\n\n
Which of the following are the activities that occur when performing RMF Step 2, Select Security Controls? (Select all that apply)
A Common Control Identification
B Monitoring Strategy
C Security Baseline and Overlay Selection
D Security Plan and Review Approval
All of the above<\/p>\n\n\n\n
What activities occur during implementation of security controls? (Select all that apply)
A Communicate updates to appropriate audiences
B Seek approvals from CIO
C Create appropriate training and communication plans
D Ensure consistency with DoD architectures
E Document security control implementation in the security plan
F Identify security controls available for inheritance
D, E & F<\/p>\n\n\n\n
Which steps of the RMF are designed to evaluate risk? (Select all that apply)
A Select Security Controls
B Assess Security Controls
C Monitor Security Controls
D Authorize System
E Categorize System
F Implement Security Controls
B, C & D<\/p>\n\n\n\n
What activities occur when assessing security controls? (Select all that apply)
A Prepare the Plan of Action and Milestones (POA&M)
B Conduct final risk determination
C Develop, plan, and approve Security Assessment Plan
D Prepare Security Assessment Report (SAR)
C & D<\/p>\n\n\n\n
Select ALL of the correct responses. What activities occur during implementation of security
controls?
A Ensure consistency with DoD architectures
B Document security control implementation in the security plan
C Seek approvals from CIO
D Identify security controls available for inheritance
E Communicate updates to appropriate audiences
F Create appropriate training and communication plans
A, B & D<\/p>\n\n\n\n
Which role leads the day-to-day defense?
A Authorizing Official (AO)
B US Cyber Command (USCYBERCOM)
C Security personnel
D DoD Chief Information Officer (CIO)
B<\/p>\n\n\n\n
The cybersecurity attributes are confidentiality, integrity, availability, authentication, and:
A Validity
B Non-repudiation
C Architecture
D Stability
B<\/p>\n\n\n\n
True or false? Cybersecurity is important so that risk is eliminated.
True
False
False<\/p>\n\n\n\n
Select ALL of the correct responses. What are the Risk Management Framework (RMF) steps
designed to mitigate risk?
A Categorize System
B Select Security Controls
C Implement Security Controls
D Assess Security Controls
B & C<\/p>\n\n\n\n
What activities occur in Step 4 of the Risk Management Framework (RMF), Assess Security
Controls?
A Develop, plan, and approve Security Assessment Plan
B Prepare the Security Assessment Report (SAR)
C Conduct remediation actions on non-compliant security controls
D All of the above
D<\/p>\n\n\n\n
Select ALL of the correct responses. What are all cybersecurity attributes susceptible to?
A Vulnerabilities
B Threats
C Disclosure
D Authorization
A & B<\/p>\n\n\n\n
Select ALL of the correct responses. Which of the following are cybersecurity skill standards needed
by security personnel?
A Identify and manage all cybersecurity concepts
B Explain their role in protecting DoD’s information systems
C Identify fundamental cybersecurity concepts that are related to the protection of classified and
controlled unclassified information
D Conduct assessment and evaluation of all IT systems
B & C<\/p>\n\n\n\n
Which steps of the Risk Management Framework (RMF) are designed to evaluate risk?
A. Assess Security Controls, Monitor Security Controls, Categorize System
B. Assess Security Controls, Implement Security Controls, Authorize System
C. Implement Security Controls, Monitor Security Controls, Authorize System
D. Assess Security Controls, Monitor Security Controls, Authorize System
D<\/p>\n\n\n\n
In which step of the Risk Management Framework (RMF) would you implement the
decommissioning strategy?
A. Step 3 – Implement security controls
B. Step 4 – Assess security controls
C. Step 5 – Authorize system
D. Step 6 – Monitor security controls
D<\/p>\n\n\n\n
What evolving threats are attempts by hackers to damage or destroy a computer network or system?
A. Insider Threat
B. Social Media
C. Cyber Attack
D. Mobile Computing
C<\/p>\n\n\n\n
What is the first step in the Risk Management Framework (RMF)?
A. Categorize System
B. Authorize System
C. Implement Security Controls
D. Select Security Controls
E. Assess Security Controls
F. Monitor Security Controls
A<\/p>\n\n\n\n
Select ALL of the correct responses. What is included in the security authorization package?
A Security Assessment Report (SAR)
B Plan of Action and Milestones (POA&M)
C Security Plan
D None of the above
A, B & C<\/p>\n\n\n\n
Indicators of insider threats<\/p>\n\n\n\n
Elements that should be considered in identifying Critical Program
Information
Elements which if compromised could:<\/p>\n\n\n\n
Elements that security professional should consider when assessing and managing risks to DoD assets (risk management process)<\/p>\n\n\n\n
The three categories of Special Access Programs
acquisition, intelligence, and operations & support<\/p>\n\n\n\n
Types of threats to classified information
Insider Threat, Foreign Intelligence Entities (FIE), criminal activities, cyber threats, business competitors<\/p>\n\n\n\n
The concept of an insider threat
An employee who may represent a threat to
national security. These threats encompass potential espionage, violent acts against the Government or the nation, and unauthorized disclosure of classified information<\/p>\n\n\n\n
The purpose of the Foreign Visitor Program
To track and approve access by a foreign entity to information that is classified; and to approve access by a foreign entity to information that is unclassified, related to a U.S. Government contract, or plant visits covered by ITAR.<\/p>\n\n\n\n
Special Access Program
A program established for a specific class of
classified information that imposes safeguarding and access requirements that exceed those normally required for information at the same classification level.<\/p>\n\n\n\n
Enhanced security requirements for protecting Special Access Program (SAP) information
Within Personnel Security:<\/p>\n\n\n\n
Responsibilities of the Government SAP Security Officer\/Contractor Program
Security Officer (GSSO\/
CPSO)<\/p>\n\n\n\n
The five Cognizant
Security Agencies (CSAs)
Department of Defense
(DoD), Director of National Intelligence (DNI), Department of Energy (DoE), Department of Homeland Security (DHS) and the Nuclear Regulatory Commission (NRC).<\/p>\n\n\n\n
Cognizant Security Agencies (CSA)s’ role in the National Industrial Security Program (NISP).
Establish general industrial security programs and oversee\/administer security requirements<\/p>\n\n\n\n
Primary authorities governing foreign disclosure of classified military information<\/p>\n\n\n\n
Factors for determining
whether U.S. companies are under Foreign Ownership, Control or Influence
(FOCI)<\/p>\n\n\n\n
The purpose and function of the Militarily Critical Technologies List (MCTL).<\/p>\n\n\n\n
Security Infraction
Failure to comply with security requirements which cannot reasonably be expected to and does not result in loss, compromise, or suspected compromise of classified information<\/p>\n\n\n\n
DoD Manual 5200.01, Volumes 1-3
Manual that governs DoD Information Security Program<\/p>\n\n\n\n
DoDI 5200.01
Authorizes the publication of DoDM 5200.01 Vol 1-3, the DoD Information Security Program<\/p>\n\n\n\n
E.O. 13526
Executive order that governs DoD Information Security Program<\/p>\n\n\n\n
ISOO 32 CFR Parts 2001 & 2003,
“Classified National Security
Information; Final Rule”
Provides guidance to all government agencies on classification, downgrading, declassification, and safeguarding of classified national security information<\/p>\n\n\n\n
Security Violation
Knowing, willful, or negligent action that results in or could be expected to result in loss, suspected compromise, or compromise of classified information<\/p>\n\n\n\n
Unauthorized Disclosure
Communication or physical
transfer of classified or controlled unclassified information (CUI) to unauthorized recipient<\/p>\n\n\n\n
Three classification levels
TS – grave damage to national security
S – serious damage to national security
C – damage to national security<\/p>\n\n\n\n
Single Scope Background Investigation (SSBI)
For military, contractors, and civilians:
\u00b7 Critical\/Special-Sensitive
\u00b7 TS, “Q” info, war-related plans, policymaking, revenue and funds, SCI, SAPs
\u00b7 Equivalent to Tier 5<\/p>\n\n\n\n
Access National Agency Check with Inquiries (ANACI)
For civilians:
\u00b7 Noncritical-Sensitive positions
\u00b7 Confidential\/Secret, “L” info, systems containing PII
\u00b7 Equivalent to Tier 3<\/p>\n\n\n\n
National Agency Check with Local Agency and Credit Check (NACLC)
For military and contractors:
\u00b7 Noncritical-Sensitive
\u00b7 Confidential\/Secret clearance eligibility
\u00b7 Equivalent to Tier 3<\/p>\n\n\n\n
NACI
National Agency Check with Inquiries for civilians and contractors:
\u00b7 Non-Sensitive positions
\u00b7 Low Risk
\u00b7 HSPD-12 Credentialing<\/p>\n\n\n\n
National Agency Check (NAC)
The fingerprint portion of personnel security investigation (PSI)<\/p>\n\n\n\n
The purpose of due process in
Personnel Security Program (PSP)
Ensures fairness by providing subject opportunity to appeal unfavorable adjudicative determination<\/p>\n\n\n\n
Personnel security program (PSP) security clearance eligibility process<\/p>\n\n\n\n
SF 312 Classified Information Non-Disclosure Agreement
Contractual agreement between the US Gov’t and cleared employee that must be executed as a condition of access
Agreement to never disclose classified information to an unauthorized person<\/p>\n\n\n\n
Procedures for initiating
Personnel Security Investigations (PSIs)<\/p>\n\n\n\n
T\/F: Only U.S. citizens may be granted a security clearance.
True<\/p>\n\n\n\n
T\/F: A security clearance guarantees that any individual will be granted access to classified information.
False. Individual must also have NTK and sign a SF 312.<\/p>\n\n\n\n
T\/F: Any individual with an official need to know to conduct assigned duties will be granted a clearance.
False. The granting of a clearance is based on the favorable determination of an individual’s integrity, loyalty, and trustworthiness by examining them against the 13 adjudicative guidelines.<\/p>\n\n\n\n
T\/F: Non U.S. citizens are restricted from gaining access to classified.
False. While non-U.S. citizens are restricted from receiving security clearances, they can gain limited access to classified information through a Limited Access Authorization (LAA). Only goes up to Secret level (NOT TOP SECRET).<\/p>\n\n\n\n
T\/F: Non-US citizens are restricted from receiving security clearances.
True.<\/p>\n\n\n\n
T\/F: An individual must have a need for regular access to classified or sensitive information to establish a need for a security clearance.
True.<\/p>\n\n\n\n
T\/F: Ease of movement within a facility is an acceptable justification for obtaining a security clearance.
False. Seeking ease of movement is not an acceptable justification for obtaining a security clearance.<\/p>\n\n\n\n
DoD position sensitivity types<\/p>\n\n\n\n
T\/F: Civilians in non-sensitive positions may receive security clearances.
False. Only individuals in sensitive positions receive security clearances.<\/p>\n\n\n\n
Investigative requirement for a Critical\/Special-Sensitive position
Single scope background investigation (SSBI aka T5), SSBI-PR (T5R), or PPR<\/p>\n\n\n\n
Investigative requirement for a Non-Critical Sensitive position
ANACI or NACLC (T3)<\/p>\n\n\n\n
Revocation
When current security clearance eligibility determination is rescinded<\/p>\n\n\n\n
Denial
Initial request for security clearance eligibility is not granted<\/p>\n\n\n\n
What is the purpose of the Statement of Reasons (SOR)?
Provide comprehensive and detailed written explanation of why preliminary unfavorable adjudicative determination was made. Can be appealed!<\/p>\n\n\n\n
The 13 Adjudicative Guidelines<\/p>\n\n\n\n
Categories of approved classified material storage locations
Storage Containers<\/p>\n\n\n\n
Construction requirements for vault doors<\/p>\n\n\n\n
The purpose of intrusion detection systems
To deter, detect, and document unauthorized entry into secured areas<\/p>\n\n\n\n
The purpose of barriers
-Define physical limits of installation
-Channel traffic
-Impede access
-Shield activities within installation from direct observation<\/p>\n\n\n\n
The purpose of an Antiterrorism Program
Protect DoD personnel, their families, installations, facilities, information, and other material resources from terrorist acts<\/p>\n\n\n\n
Force Protection Condition (FPCONS) levels
Measures taken to protect personnel and assets from attack; issued by COCOMs and installation commanders\/facility directors<\/p>\n\n\n\n
Levels: Normal, Alpha, Bravo, Charlie, Delta<\/p>\n\n\n\n
The concept of security-in-depth
Layered and complementary security controls sufficient to deter, detect, and document unauthorized entry and movement within installation\/facility.<\/p>\n\n\n\n
e-QIP
System used to document personal information from Personnel Security Questionnaire<\/p>\n\n\n\n
Personnel Security Investigation (PSI)
The first phase of the security clearance process; used by DoD as standard for uniform collection of relevant and important background information about individual.<\/p>\n\n\n\n
JCAVS
A security manager uses this system to communicate with the DoD CAF<\/p>\n\n\n\n
JAMS
This sub-system (used by adjudicators) and JCAVS make up the JPAS\/DISS system<\/p>\n\n\n\n
DISS
A DoD system of record for personnel security clearance information<\/p>\n\n\n\n
Scattered Castles
Intelligence Community (IC) Personnel Security Database that verifies personnel security access and visit certifications.<\/p>\n\n\n\n
Access
Occurs when individual has security eligibility, NTK, and a signed SF 312 (NDA); permitted to access classified information<\/p>\n\n\n\n
PSIs are used to determine the eligibility of an individual for _<\/strong><\/em><\/strong> or retention to sensitive duties. True or False: The DoD CAF is the only authority who can grant an interim clearance. DoD CAF responsibilities<\/p>\n\n\n\n Sensitive Duties Continuous Evaluation\/Vetting Reinvestigation True True or False: There is no difference between a threat and a vulnerability. E.O. 12968 DoD 5200.2-R USD(I) Memorandum, August 30, 2006 Scope Administrative Judge Termination Briefing Foreign Travel Briefing Refresher Briefing Aims of Special Access Programs (SAPs)<\/p>\n\n\n\n Protection Level Acknowledged SAP Unacknowledged Waived 4 Phases of SAP Lifecycle<\/p>\n\n\n\n Component-level SAP Central Offices Special Access Program Oversight Committee (SAPOC) Senior Review Group (SRG) SAP Senior Working Group (SWG) DoD Special Access Central Office (SAPCO) OSD-level SAP Central Offices Authorization, Appropriations, and Intelligence Congressional PIE-FAO Antiterrorism Officer (individual involved in PHYSEC) CI Support (individual involved in PHYSEC) OPSEC Officer (individual involved in PHYSEC) Physical Security Officer (individual involved in PHYSEC) Law Enforcement (individual involved in PHYSEC) Criticality Area Security Threat Point Security Barrier Types<\/p>\n\n\n\n True or False: Site lighting is used to enable guard force personnel to observe activities inside or outside the installation True or False: Standby lighting is used when regular lighting is not available Two-way radio Intrusion Detection Systems (IDS) Closed Circuit Televisions (CCTV) Automated access control systems Common Access Card (CAC) Mechanical combination lock Combination padlock Electromechanical combination lock Low security padlock SCIF General Services Administration (GSA) Secure rooms Vaults Terrorist threat levels High terrorist threat level<\/p>\n\n\n\n Significant terrorist threat level<\/p>\n\n\n\n Moderate terrorist threat level<\/p>\n\n\n\n Low terrorist threat level Physical security plan (PSP) Defense Counterintelligence and Security Agency (DCSA) A contractor must adhere to the security rules of the __<\/em><\/strong> commander when working at a government installation National Industrial Security Program (NISP) Chapter 8 of the NISPOM Facility security officer (FSO) responsibilities True or False: A SAP can retain security cognizance if necessary. Contracting Officer Contracting Officer’s Representative (COR) Statement of Work (SOW) DD Form 441: DoD Security Agreement<\/p>\n\n\n\n DD Form 254: DoD Contract Security Classification Specification A cleared individual can only have access at the _<\/em><\/strong> level as the facility clearance For the purpose of a visit to another cleared facility, a clearance can be verified by looking in __<\/em><\/strong> The issuance of __<\/em><\/strong> is the responsibility of the DoD CAF Secret Top Secret Confidential Derivative Classification The five requirements for Derivative Classification<\/p>\n\n\n\n Original Classification Compilation Contained in Revealed by Original Classification Authority (OCA) Security Classification Guides (SCG) 3 Types of Authorized Sources<\/p>\n\n\n\n *when conflict is present, SCG always takes precedence<\/p>\n\n\n\n 6 Step Original Classification Process<\/p>\n\n\n\n 8 classification eligibility categories<\/p>\n\n\n\n classification prohibitions<\/p>\n\n\n\n Declassification Automatic declassification Systematic declassification review Mandatory Declassification Review (MDR) Scheduled Declassification Custodians Options an OCA has when determining declassification Restricted Data (RD) and Formerly Restricted Data (FRD) Practices to follow when handling classified information<\/p>\n\n\n\n SF 702: Security Container Check Sheet SF 701: Activity Security Checklist SF 700: Security Container Information Actual compromise Neither confirm nor deny Potential Compromise DISA, Joint Interoperability Test Command (JITC) COMSEC When a document has been sealed within a properly marked inner wrapping you must\u2026 Marking for inner wrapper used for transportation of classified information<\/p>\n\n\n\n Marking for outer wrapper used for transportation of classified information<\/p>\n\n\n\n When can secret information be sent via USPS express? What kind of information can never be sent via USPS? Methods to send confidential information Methods to send secret information Methods to send top secret information True or False: Hand carrying classified information should only be done as a last resort Responsibilities of couriers<\/p>\n\n\n\n When is a DD Form 2501 Courier Authorization Card issued? True or False: When someone is carrying classified information, written authorization is always required Microfiche destruction method Typewriter ribbon destruction method Floppy disk destruction method Document destruction method Videotape destruction method Homeland Security Presidential Directive 12 (HSPD-12) DoD 5200.08-R Describe the following cyber security principles critical to the protection of information and information networks: least privilege, defense-in-depth, situational awareness. Situational Awareness: Within a volume of time and space, the perception of an enterprise’s security posture and its threat environment; the comprehension\/meaning of both taken together (risk); and the projection of their status into the near future.<\/p>\n\n\n\n Defense-in-depth: Security strategy integrating people, technology, and operations capabilities to establish variable barriers across multiple layers and missions of the organization.<\/p>\n\n\n\n National Security Council (NSC) Information Security Oversight Office (ISOO) Under Secretary of Defense for Intelligence USD(I) What is the Executive Order that designates the three levels of classified information? Who has designated primary and direct responsibility for SAPS within the DoD? How is classified information prepared for transit? EO 12869 DoD 5220.22-M What is net national advantage? What does critical program information include? Requirements for interim clearance This designation is applied to positions that include duties that require access to “Secret” information. This designation is applied to positions that include duties associated with special programs such as Special Access Programs (SAP) and SCI. Characteristics of each Force Protection Conditions (FPCONS) What specifies classification levels, special requirements, and declassification instructions for classified programs, projects, and plans? Which of the following is a true statement regarding the special handling requirements of Foreign Government Information (FGI)? Two security professionals – Paul and Ashley – are discussing the destruction of classified information. Paul says the destruction of classified documents and material shall be accomplished by means that eliminate risk of reconstruction of the classified information they contain. Ashley says the material that has been identified for destruction shall continue to be protected, as appropriate, for its classification until it is actually destroyed. Who is correct? A paragraph of a document which includes an “(N)” as part of the portion marking indicates what specific type of classified information is contained in the paragraph? What are the investigative and briefing requirements for access to NATO information? According to E.O. 13556, which is considered a type of controlled unclassified information? What is the purpose of marking classified materials? What is included in the markings of classified information? What is the purpose of the Controlled Access Program Coordination (CAPCO) register? When a classified data spill occurs, who is responsible for ensuring that policy requirements for addressing an unauthorized disclosure are met? There are five information assurance attributes that are important to protect and defend DoD networks and information. If there was a loss in non-repudiation, what would this cause in relation to information assurance? What are the 5 information assurance attributes that are important to protect and defend DoD networks and information? At the end of the day, Karen was leaving and taking with her unclassified documents she would review at home. When she began to review those documents that night, she realized that classified materials had slipped in between the unclassified materials. Is this a security violation or infraction? The ability to deny you are the sender of an email would be an indication of a lapse in what? Unauthorized disclosure and loss of privacy is a lapse in what? What is the first action done to downgrade, declassify or remove classification markings? What are some requirements to perform classified activities from a non-traditional location? (e.g. the employee’s home) The employee must receive written approval for use of classified information and equipment at home.<\/p>\n\n\n\n What is the purpose of the Personnel Security Program? DoD reciprocally accepts existing national security eligibility determinations or clearances from other Government agencies in accordance with which policy document? Review of Tier 5 on an individual disclosed that the subject had been a member of an anarchist organization dedicated to disestablishing existing Federal laws and overthrowing the U.S. government by any means necessary, including violence. Although the subject terminated his membership with the organization upon learning he would be investigated for a clearance for his new position, he still maintains social contact with several members of the anarchist organization. Based on this information, which of the adjudicative guidelines is most appropriate for an adjudicator to apply to the case? Which of the following is an element of the Personnel Security Program? Limited access to classified information for specific programs may be approved for non-US citizens only if the following condition is met. What is the investigative requirement for access to Single Integrated Operational Plan – Extremely Sensitive Information (SIOP-ESI)? What is the criteria for personnel to be qualified for assignment to nuclear weapons personnel reliability assurance positions? What is the investigation requirement for initial assignment to a Presidential Support Activity (i.e. Yankee White) Category 2 position? What is the name of the adjudication process that refers to a person’s identifiable character traits and conduct sufficient to decide whether employment or continued employment would or would not protect the integrity or promote the efficiency of Federal service? All unclassified DoD information in the possession or control of non-DoD entities on non-DoD information systems, to the extent provided by the applicable grant, shall minimally be safeguarded under what standards? Copies of personnel security investigative reports must be destroyed by DoD recipient organizations, within how many days following completion of the necessary personnel security determination? What level(s) of access may be granted with Limited Access Authorization for non-U.S. citizens? Which of the following is not considered when making a security clearance eligibility determination? A position that does not require eligibility for access to classified information, but having the potential to cause significant or serious damage to national security may be designated as what position sensitivity? What information must be included in a Statement of Reasons (SOR)? Which type of briefing is used to obtain confirmation that a cleared employee agrees never to disclose classified information to an unauthorized person? What is the security system performance goal of immediate indication of deliberate attempts, security probing and warning for inadvertent or mistaken intention is an example of which system security capability? Two security professionals – Paul and Ashley – are discussing secure rooms, containers, and vaults. Paul says weapons or sensitive items such as funds, jewels, or precious metals should not be stored in the same security container as classified information. Ashley says the General Service Administration approves security containers used to store classified information. Who is correct? Which of the following is not a distinct phase of the Intrusion Detection System?<\/p>\n\n\n\n Which of the following would be considered a public safety crime?<\/p>\n\n\n\n Preventing unauthorized access to information and equipment, safeguarding DoD assets against espionage and criminal activity, and providing the means to counter threats when preventative measures are ignored, best characterize the primary functions of which program or process? The process of integrating active and passive complementary physical security measures to ensure the protection of DoD assets is known as what concept? The stealing of sensitive, proprietary information related to U.S. aerospace and defense technologies with the intent to provide such information to a foreign adversary is an example of which type of threat to DoD assets? When a Terrorism Threat Level is escalated from LOW to MODERATE, a DoD Component Head should employ which of the following countermeasures?<\/p>\n\n\n\n What information must a request to authorize disclosure of classified information during a visit include? Two security professionals – Paul and Ashley – are discussing the security procedures for visits and meetings. Paul says visits must serve a specific U.S. Government purpose. Ashley says DoD Components should, as a minimum, establish procedures that include verification of the identity, personnel security clearance, access (if appropriate), and need-to-know for all visitors. Who is correct? Executive Order 12829, signed in January 1993, mandated that which entity be responsible for implementing and monitoring the National Industrial Security Program (NISP)? What is the role of the government contracting activity (GCA), or cleared prime contractor, when a contractor that does not have a Facility Clearance (FCL) wants to bid on a Request for Proposal (RFP) that requires access to classified information? What is the purpose of the Federal Acquisition Regulations (FAR)? What is the briefing given when an individual’s employment is terminated, clearance eligibility is withdrawn, or if the individual will be absent from duty for more than 60 days. Which executive order governs the DoD Information Security Program? What is the ISOO document that governs the DoD Information Security Program? An event that results in or could be expected to result in the loss or compromise of classified information. Unauthorized disclosure of this information could reasonably be expected to cause serious damage to national security. Unauthorized disclosure of this information could reasonably be expected to cause exceptionally grave damage to our national security. Unauthorized disclosure of this information could reasonably be expected to cause damage to our national security. Unclassified information or classified information (at a lower level) that when the information is combined or associated reveals additional factors that qualifies for classified information. This document contains classification levels, special requirements, and duration instructions for programs, projects, plans, etc. What is the declassification system where information exempted from automatic declassification is reviewed for possible declassification? What is the declassification system where Permanently Valuable Historical records are declassified when they are 25 years old? What is the declassification system where an Original Classification Authority (OCA), at the time the information is originally classified, sets a date or event for declassification? What is the six step process an OCA applies in making classification determinations? What are options an OCA has when determining declassification? What are some examples of practices to follow when handling classified information?<\/p>\n\n\n\n What is the SF 702? What is the SF 701? What is the term for an unauthorized disclosure of classified information? What is the term for the possibility that a compromise could exist, but it is not known with certainty? What must DoD personnel be careful not to do if classified information appears in the public media? What organization maintains a register of certified security digital facsimiles? What is the term for the protection resulting from the measures designed to deny unauthorized persons information of value that might be derived from the possession and study of telecommunications to ensure the authenticity of such communications? This level of classified information can be sent via USPS express only when it is the most effective means considering security, time, cost, and accountability. What methods may be used to send hard copy Confidential information? This level of classified information may NEVER be sent via USPS What method of transportation for classified information should only be utilized as a last resort? What is required when someone is hand carrying classified information? What is a DD Form 2501? How long may it be issued for? What is the proper destruction method for typewriter ribbon? What is the proper destruction method for floppy disks? Compromise of what type of information can significantly alter program direction, shorten combat effective life of a system, or require additional research, development, test, and evaluation resources to counter impact of loss? How is the level of classification of the Program Protection Plan determined? What is the term for the initial determination that information requires protection against unauthorized disclosure in the interest of U.S. National Security? What takes precedence when there is a conflict between marking guidance in the source document and the Security Classification Guide (SCG)? What refers to an individual’s responsibility to properly mark newly developed material consistent with the classification marking specified in authorized sources? What is the DoD Cybersecurity Policy? (Select All that Apply) Which of the following security program areas would you find practitioners who train and\/ Which of the following security program areas would you find practitioners working with a Which of the following security programs areas would you find practitioners involved with Two security professionals – Paul and Ashley – are discussing security program areas. Two security professionals – Paul and Ashley – are discussing security program areas. Which of the following is a true statement regarding the special handling requirements of Foreign Government Information (FGI)?<\/p>\n\n\n\n a. When the classification marking on a document containing FGI is not in English, or when the foreign government marking requires a different degree of protection than Which of the following is a requirement for access to North Atlantic Treaty Organization (NATO) information? According to Executive Order 13556, which of the following What is the purpose of marking classified materials? What is included in the markings of classified information? What is the purpose of the Controlled When a classified data spill occurs, who is responsible for ensuring that policy requirements for addressing an unauthorized disclosure are met? There are five information assurance attributes that are important to protect and defend DoD networks and information. If there was a loss in non- repudiation, what would this cause in relation to information assurance?** Which of the following examples describes The inability to deny you are the sender of an email would be an indication of a lapse in:** Unauthorized disclosure and loss of privacy is a lapse in:** Which of the following is the first action done to downgrade, declassify All of the What is the purpose of the Personnel Security Program (PSP)? DoD reciprocally accepts existing national security eligibility determinations or clearances from other Government agencies in accordance with which of the following policy documents? Review of Tier 5 on an individual disclosed that the subject had been a member of Limited access to classified information for Which of the following is the investigative requirement for access to Which of the following is not qualifying criteria for personnel assigned to nuclear weapons personnel reliability assurance positions? Which of the following is correct regarding the investigation requirement for initial assignment to a Presidential Support Activities (i.e. Yankee White) Category 2 position? Which of the following adjudication processes refers to a person’s identifiable character traits and conduct sufficient to decide whether employment or continued employment would or would not protect the integrity or promote the efficiency of the Federal service? All unclassified DoD information in the possession or control of non-DoD entities on non-DoD information systems, to the Copies of personnel security investigative reports must be destroyed by DoD recipient organizations, within how many days following completion Which of the following limitations is true regarding Limited Access Authorization (LAA) to non-U.S. citizens? A position designated as a DoD noncritical-sensitive civilian position may fall under any of the following criteria, EXCEPT: What information must a statement of reasons (SOR) include? Which type of briefing is used to obtain confirmation that a cleared employee agrees never to disclose classified information to an unauthorized person? ___________is the security system performance goal of immediate indication of deliberate attempts, security probing and warning for inadvertent or mistaken intention Two security professionals – Paul and Ashley – are discussing secure rooms, containers, and vaults. Paul says weapons or sensitive items such as funds, jewels, or precious metals should not be stored in the same security container as classified information. Ashley says the General Service Administration approves security containers used to store classified information. Who is correct? Which of the following is not a distinct phase of the Intrusion Detection System? Which of the following would be considered a public safety crime? Which of the following best describes the goal of the Physical Security Program? Preventing unauthorized access to information The process of integrating active and passive complementary physical security measures to ensure the protection of DoD assets is known as which of the following concepts? The stealing of sensitive, proprietary information related to U.S. aerospace and defense technologies with the intent to provide such information to a foreign adversary is an example of which type of threat to DoD assets? When a Terrorism Threat Level is escalated from LOW to MODERATE, a DoD Component Head should employ which of the following countermeasures? Requests for authorizing disclosure of classified information during visits must include all the following information, EXCEPT: Two security professionals – Paul and Ashley<\/p>\n\n\n\n Executive Order 12829, signed in January 1993, mandated that which of the following entities be responsible for implementing and monitoring the National industrial Security Program (NISP)? What is the role of the government contracting activity (GCA), or cleared prime contractor, when a contractor that does not have a Facility Clearance (FCL) wants to bid on a Request What is the purpose of the Federal Acquisition Regulations (FAR)? What is the role of the security professional during the “Award Contract” step of the contracting process? What is the purpose of DD Form 254? As part of Operations Security (OPSEC), a program coordinator should use which of the following tools to assess assets as part of the risk management process for critical information? What is the role of the Special Access Program Oversight Committee (SAPOC) during the maintenance phase Which of the following describes a Special Access Program (SAP) that is established to protect sensitive research, development, testing and evaluation, modification, and procurement activities? Which type of briefing is used to identify security responsibilities, provide a basic understanding of DoD security policies, and explain the importance of protecting government assets? Which type of briefing is used to reinforce the information provided during the initial security briefing and to keep cleared employees informed of appropriate changes in security regulations? Which step of the Operations Security (OPSEC) process would be applied when conducting exercises, red teaming and analyzing operations? Which step of the Operations Security (OPSEC) process would be applied when identifying potential adversaries and the associated capabilities and intentions Please determine which of the following is an element of an Operations Security (OPSEC) Assessment. To provide access to Social Media sites, the DoD agency must provide all of the following, EXCEPT: Who’s responsibility is it during the categorize steps to identify a potential impact (low, moderate, or high) due Please determine which of the following is an example of reportable foreign intelligence contacts, activities, indicators, and behaviors. Limiting nonsecure computer e-mail messages to nonmilitary activities and not providing operational information in nonsecure e-mail messages are functions of which OPSEC measure? Which of the following is NOT a category of Information Technology (IT)?** What step within the Risk Management Framework (RMF) does system categorization occur?** At what step of the Risk Management Framework (RMF) would you develop a One responsibility of the Information System Security Manager (ISSM) during Step 6 of the Risk Management Framework (RMF) is:** What family of controls does Security Functionality What does “AO” stand for? What is a SAR as related to cyber security? What activities occur when authorizing the system? (select all that apply) What activities occur when assessing security controls? (Select all that apply) What activities occur when monitoring security controls? (Select all that apply) What are the cybersecurity attributes? Why do you need to be aware of cybersecurity? What are the cybersecurity drivers? Which skills do security personnel need? What is the primary responsibility of security personnel? What is security personnel’s primary skill in relationship to cybersecurity? What are the components of the Risk Management System? (Select all that apply) What are the steps in the Risk Management Framework (RMF)? (Select all that apply) What threat environments should you consider? (Select all that apply) What should you look for when assessing vulnerabilities? (Select all that apply) Which steps of the RMF are designed to mitigate risk? (Select all that apply) Which of the following are the activities that occur when performing RMF Step 2, Select Security Controls? (Select all that apply) What activities occur during implementation of security controls? (Select all that apply) Which steps of the RMF are designed to evaluate risk? (Select all that apply) What activities occur when assessing security controls? (Select all that apply) Select ALL of the correct responses. What activities occur during implementation of security Which role leads the day-to-day defense? The cybersecurity attributes are confidentiality, integrity, availability, authentication, and: True or false? Cybersecurity is important so that risk is eliminated. Select ALL of the correct responses. What are the Risk Management Framework (RMF) steps What activities occur in Step 4 of the Risk Management Framework (RMF), Assess Security Select ALL of the correct responses. What are all cybersecurity attributes susceptible to? Select ALL of the correct responses. Which of the following are cybersecurity skill standards needed Which steps of the Risk Management Framework (RMF) are designed to evaluate risk? In which step of the Risk Management Framework (RMF) would you implement the What evolving threats are attempts by hackers to damage or destroy a computer network or system? What is the first step in the Risk Management Framework (RMF)? Select ALL of the correct responses. What is included in the security authorization package? Which two attributes are most important from an information security perspective? What cybersecurity attribute guards against improper modification to or destruction of information? For example, this attribute prevents a user from improperly or maliciously modifying a database. What cybersecurity attribute ensures timely and reliable access to and use of information? For example, this attribute ensures that an information system is accessible when an authorized user needs it. What cybersecurity attribute is the mechanism that authorizes or allows access to computer systems and networks and the data that resides there? For example, a Common Access Card (CAC) is one method to provide system identification that applies this attribute. What cybersecurity attribute ensures that a party in an electronic exchange cannot deny their participation or the authenticity of the message? For example, a digital signature in an email message confirms the identity of the sender. What cybersecurity attribute preserves authorized restrictions on information disclosure and includes the ability to protect personal privacy and proprietary information. For example, this attribute guards against a user without proper clearance accessing classified information. Who prepares the Security Assessment Report (SAR)? Which step in the RMF is designed to assess risk? True or False? After you complete a risk management system component, you should constantly reassess as you deploy new solutions. True or false? Security personnel must be able to identify all cybersecurity concepts. What types and levels of vulnerabilities should you consider? What are the Risk Management Framework (RMF) steps designed to mitigate risk? When mitigating risk, what are your options? Select ALL of the correct responses. Select ALL of the correct responses. What activities occur during implementation of security controls? What are the implied skills of security personnel? Select ALL of the correct responses. Which steps of the Risk Management Framework (RMF) are designed to evaluate risk? Select ALL of the correct responses. Which activities occur during Step 2, Select Security Controls? Which of the following is defined as defensive measures used to reduce the vulnerability of individuals and property to terrorist attacks, to include limited response and containment? Which of the following typically establish duties, roles, and responsibilities at individual assignments, checkpoints, and gates? The ___________<\/em><\/strong><\/em><\/strong> is responsible for developing and refining antiterrorism program guidance, policy, and standards and integrating and aligning antiterrorism and mission assurance efforts when necessary. What plan, should include, at a minimum, special and general guard orders, access and material control, protective barrier and lighting systems, locks, and intrusion detection systems. Who is responsible for physical security planning, coordination, and integration of identified mission essential capabilities? What is the perceived imminence of intended aggression by a capable entity to harm a nation, a government, or its instrumentalities, such as intelligence, programs, operations, people, installations, or facilities? What regulation authorizes commanders to issue regulations for the protection or security of property and places under their command. This instruction also establishes guidelines to build consistent minimum standards for protecting DoD installations and resources? What regulation implements DoD policies and minimum standards for the physical protection of DoD personnel, installations, operations, and related resources? What regulation addresses the physical security aspects of protecting classified information within the information security program? Protective barriers, Site lighting, Security forces, Security systems, Facility access control, Lock and key systems, and Storage containers and facilities are all examples of what? A Principal Authorizing Official (PAO) is appointed for each of the following DoD mission areas except: Tier 1 of RMF guidance addresses risk management at the DoD __<\/em><\/strong> level. True or False? DoD 8510.01 requires all information systems and platform information technology (PIT) systems for both NSS and non-NSS to be categorized in accordance with CNSSI 1253. DoD Cybersecurity policy is located in DoDI __<\/em><\/strong>. A __<\/strong><\/em><\/strong> approach requires the management of risk at both the enterprise level and system level. The post-authorization period involving the continuous monitoring of an information system’s security controls, which includes __<\/em><\/strong> any proposed or actual changes to the information system or its environment of operation. True or False? The RMF provides a structured yet flexible approach for risk mitigation, resulting from the incorporation of information systems into the mission and business processes of an organization. Principle incident\/ Indicators of insider threats<\/p>\n\n\n\n Elements that asset, threat, vulnerability, risk, countermeasures The three categories of Three different types The concept of an insider threat The purpose of the Special Access Enhanced security requirements for protecting Special Access Program (SAP) information Responsibilities of the Government SAP Security Officer\/Contractor Program The four Cognizant Cognizant Security Agencies (CSA)s’ role in the National Industrial Security Program (NISP). Critical Program Information Primary authorities governing foreign disclosure of classified military information<\/p>\n\n\n\n The purpose of the DD Form 254 Factors for determining The purpose and the function of the Militarily Critical Technologies List (MCTL).<\/p>\n\n\n\n Security Infraction DoD Manual 5200.01, Volumes 1-4 E.O. 13526 32 CFR Parts 2001 & 2003, Security Violation Unauthorized Disclosure SSBI ANACI NACLC NACI NAC The purpose of due process in The key procedures for initiating DoD position sensitivity types Investigative requirement for a Critical- Sensitive position Investigative requirement for a Non-Critical Sensitive position Investigative requirement for a Non-Sensitive position Revocation Denial SOR What is the purpose of the Statement of Reasons (SOR)? The 13 Adjudicative Guidelines<\/p>\n\n\n\n Three different types of approved classified Construction requirements for vault doors<\/p>\n\n\n\n The purpose of intrusion detection systems The purpose of perimeter barriers The purpose of an Antiterrorism Program Force Protection Condition levels The concept of security-in-depth e-QIP Personnel Security Investigation JCAVS JAMS JPAS Scattered Castles Personnel Security Investigation (PSI) Access Acceptance Assignment False DoD CAF responsibilities<\/p>\n\n\n\n Designation of Sensitive Duties Continuous Evaluation Reinvestigation True False. Threats and vulnerabilities are related but distinct. Threats to national security exploit vulnerabilities. E.O. 12968 DoD 5200.2-R USD(I) Memorandum, August 30, 2006 DCII SII Scope Administrative Judge DOHA PSAB\/Appeal Board Termination Briefing Foreign Travel Briefing Refresher Briefing What SAPs aim to achieve<\/p>\n\n\n\n Protection Level Acknowledged Unacknowledged SAP Lifecycle<\/p>\n\n\n\n Component-level SAP Central Offices Special Access Program Oversight Committee (SAPOC) Senior Review Group (SRG) DoD Special Access Central Office (SAPCO) Authorization, Appropriations, and Intelligence Congressional OSD-level SAP Central Offices PIE-FAO Antiterrorism Officer CI Support OPSEC Officer Security Officer Law Enforcement Criticality Area Security Threat Point Security Effective Protective Barriers<\/p>\n\n\n\n Purpose of protective barriers<\/p>\n\n\n\n Controlling access True False Two-way radio Intrusion Detection Systems Closed Circuit Televisions (CCTV) Automated access control systems Common Access Card (CAC) Mechanical combination lock Combination padlock Electromechanical combination lock Low security padlock SCIF GSA Secure rooms Vaults High terrorist threat level Low terrorist threat level Significant terrorist threat level Moderate terrorist threat level Physical security plan Industrial Defense Security Service Installation NISP FSO responsibilities<\/p>\n\n\n\n Chapter 8 of the NISPOM True Contracting Officer COTR Statement of Work (SOW) DD Form 441 DD Form 254 Same JPAS Eligibility Secret Top Secret Confidential Derivative Classification Original Classification Compilation Original Classification Authority Security Classification Guides (SCG) Original Classification Process Declassification Automatic declassification Systematic declassification review Mandatory Declassification Review (MDR) Scheduled Declassification Custodians Options an OCA has when determining declassification The 25-year rule Restricted Data and Formerly Restricted Data Practices to follow when handling classified information<\/p>\n\n\n\n SF 702 SF 701 Actual compromise Neither confirm nor deny Potential Compromise DISA, Joint Interoperability Test Command (JITC) COMSEC Insert the envelope into the outer envelope DCS Secret information Top Secret information Methods to send hard copy Confidential information True False True DD Form 2501 Microfiche destruction Typewriter ribbon destruction Floppy disk destruction Document destruction Videotape destruction Initial Orientation Briefing Homeland Security Presidential Directive 12 (HSPD-12) DoD 5200.08-R DoD Instruction 5200.08, Security of DoD Installations and Resources and the DoD Physical Security Review Board (PSRB) Which of the following security program areas would you find practitioners who train and\/or advise Original Classification Authorities in the application of the process for makingclassification determinations?A. Information SecurityB. Physical SecurityC. Personnel SecurityD. Industrial SecurityA. Information Security Which of the following security program areas would you find practitioners working with afacility’s Antiterrorism Officer to deploy […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[],"tags":[],"class_list":["post-111195","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/posts\/111195","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/comments?post=111195"}],"version-history":[{"count":0,"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/posts\/111195\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/media?parent=111195"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/categories?post=111195"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/tags?post=111195"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Assignment<\/p>\n\n\n\n
False<\/p>\n\n\n\n\n
Duties that have a great impact on National Security<\/p>\n\n\n\n
Ongoing review of individual’s background to determine whether they should continue to hold security clearance or not<\/p>\n\n\n\n
Periodic investigation conducted at predetermined intervals; CE supplements reinvestigations of all cleared personnel<\/p>\n\n\n\n
True or False: Special access requirements are designed to provide an additional layer of security to some of our nation’s most valuable assets.<\/p>\n\n\n\n
False. Threats and vulnerabilities are related but distinct. Threats to national security exploit vulnerabilities.<\/p>\n\n\n\n
The Executive Order (E.O.) that establishes a uniform Personnel Security Program<\/p>\n\n\n\n
Implements and maintains the DoD personnel security policies and procedures<\/p>\n\n\n\n
Defines the Adjudicative Guidelines<\/p>\n\n\n\n
This refers to when adjudicators must ensure that an investigation meets the minimum timeframe and element requirements before reviewing the investigation.<\/p>\n\n\n\n
During due process, military and civilian personnel may request an in-person appearance before this individual.<\/p>\n\n\n\n
Given employment is terminated, clearance eligibility is withdrawn, or if individual will be absent from duty 60 days or more. Also given to those inadvertently exposed to classified information.<\/p>\n\n\n\n
Given to cleared personnel who plan to travel in or through foreign countries, or attend meetings attended by representatives of other countries.<\/p>\n\n\n\n
Presented annually to personnel who have access to classified information or assignment to sensitive duties.<\/p>\n\n\n\n\n
Communicates how SAP is acknowledged and protected<\/p>\n\n\n\n
Existence-openly recognized
Purpose-identified
Program details-classified
Funding-generally unclassified<\/p>\n\n\n\n
Existence-protected
Purpose-protected
Program details-classified
Funding-classified, unacknowledged, not directly linked to program<\/p>\n\n\n\n
Unacknowledged SAPs with waived reporting requirements; reporting and access controls are more restrictive<\/p>\n\n\n\n\n
Manage and oversee list of SAP facilities
Exist for each military component, the Joint Chiefs of Staff, Defense Advanced Research Projects Agency (DARPA), and Missile Defense Agency (MDA)<\/p>\n\n\n\n
The final SAP approving body chaired by the Deputy Secretary of Defense; make final approval decision<\/p>\n\n\n\n
Principal working-level body executing governance process. Make unanimous recommendation which is forwarded to DepSecDef for decision<\/p>\n\n\n\n
Coordinate, deconflict, and integrate SAPs<\/p>\n\n\n\n
“One voice to Congress”\/DoD SAP legislative liaison–> notifies Congress of SAP approval decision<\/p>\n\n\n\n
Exercise oversight for specific SAP category under their purview:
Acquisition-Office of USD for Acquisition, Technology, and Logistics
Intelligence-Office of USD for Intelligence
Operations & Support-Office of USD for Policy<\/p>\n\n\n\n
Congressional committees granted SAP access<\/p>\n\n\n\n
Personnel, information, equipment, facilities, activities, and operations<\/p>\n\n\n\n
Responsible for antiterrorism program<\/p>\n\n\n\n
Responsible for providing valuable information on the capabilities, intentions, and threats of adversaries<\/p>\n\n\n\n
Analyzes threats to assets and their vulnerabilities<\/p>\n\n\n\n
Management, implementation, and direction of all physical security programs<\/p>\n\n\n\n
Must be integrated into intelligence gathering process; part of coordinating emergency responses and criminal incidents on a Federal installation<\/p>\n\n\n\n
Determination based on asset’s importance to national security and effect of loss<\/p>\n\n\n\n
Security is geared towards protecting entire area of installation or facility<\/p>\n\n\n\n
Intention and capability of adversary to undertake detrimental actions<\/p>\n\n\n\n
Security focused on resource itself<\/p>\n\n\n\n\n
True<\/p>\n\n\n\n
False. Emergency lighting is used when regular lighting it not available. Standby lighting is activated by alarms or motion and operate as effective intruder deterrents.<\/p>\n\n\n\n
Assist in security; must always be back-up communication systems in addition to radios<\/p>\n\n\n\n
Detect, deter, and document intrusion. DO NOT prevent. Sends signal through wires when triggered<\/p>\n\n\n\n
Has camera that captures visual image, converts image to video signal, and transmits image to remote location; provides video evidence and captures activity personnel may not have seen<\/p>\n\n\n\n
Allows biometric (e.g., fingerprints, hand geometry, iris scan) and non-biometric (e.g., card swipe reader, key system, pin) forms of identification<\/p>\n\n\n\n
Form of manual access control. Enables self-authentication on security websites and securely log into computer systems<\/p>\n\n\n\n
Form of built-in combination lock. Operated entirely by mechanical means. Combination only changed with key.<\/p>\n\n\n\n
Permitted for securing confidential and secret info. May require supplemental controls.<\/p>\n\n\n\n
Form of built-in combination lock. Permitted for securing classified info. Ex: X-07\/08\/09\/10 and CDX-07\/08\/09\/10<\/p>\n\n\n\n
Key-operated padlock that has limited resistance to forced entry<\/p>\n\n\n\n
A facility used by intelligence community to store SCI<\/p>\n\n\n\n
The governing authority to approve security containers<\/p>\n\n\n\n
Areas designed and authorized for open storage of large volumes of classified information. Built to commercial construction standards and less secure than vault.<\/p>\n\n\n\n
Open storage of large volumes of classified information. Constructed to meet strict forcible entry standards, including reinforced concrete on all walls, ceiling, and floor, plus a hardened steel gray doors with GSA labels. More secure than secure rooms.<\/p>\n\n\n\n
Analytical assessment of terrorist activity based on info about terrorist groups (operational capability, intentions, activity, operational environment); issued by DIA for countries and COCOMs for geographic areas
Levels: high, significant, moderate, low<\/p>\n\n\n\n\n
\n
\n
No terrorist group is detected or terrorist group is non-threatening<\/p>\n\n\n\n
Comprehensive written plan providing appropriate and economical use of personnel and equipment to prevent\/minimize criminal\/disruptive activities. Should include special\/general guard orders, access and material control, protective barrier\/lighting systems, locks, and Intrusion Detection Systems (IDS)<\/p>\n\n\n\n
Replaced Defense Security Service (DSS). Operates as cognizant security office (CSO) for DoD. Investigative service provider for DoD clearance suitability investigations and forward findings to DoDCAF.<\/p>\n\n\n\n
Installation<\/p>\n\n\n\n
The program that covers protection of classified information by government contractors<\/p>\n\n\n\n
If you are a government contractor working on a contractor-owned system at a contractor facility, you must follow the security provisions of this reference<\/p>\n\n\n\n
*industry role<\/p>\n\n\n\n\n
True.<\/p>\n\n\n\n
*Government role
Enter into, administer, and\/or terminate contracts<\/p>\n\n\n\n
*Government role<\/p>\n\n\n\n\n
Outlines project background and end-product objectives (what is to be completed as part of contract)<\/p>\n\n\n\n\n
(must be completed before work begins)<\/li>\n<\/ul>\n\n\n\n
Outlines security requirements and classification guidance (coordinated between contract knowledge, program knowledge, subject matter expert, and industrial\/info security knowledge)<\/p>\n\n\n\n
Same<\/p>\n\n\n\n
DISS<\/p>\n\n\n\n
Eligibility<\/p>\n\n\n\n
Unauthorized disclosure of this information could reasonably be expected to cause serious damage to our national security.<\/p>\n\n\n\n
Unauthorized disclosure of this information could reasonably be expected to cause exceptionally grave damage to our national security.<\/p>\n\n\n\n
Unauthorized disclosure of this information could reasonably be expected to cause damage to our national security.<\/p>\n\n\n\n
Incorporating, paraphrasing, restating, or generating info already classified and marking newly developed material consistent with original source document<\/p>\n\n\n\n\n
5\/ Always take the appropriate steps to resolve any doubt you have.<\/li>\n<\/ol>\n\n\n\n
Initial determination that information requires protection against unauthorized disclosure<\/p>\n\n\n\n
Unclassified (or lower classified) information combined to create classified (or higher classified) information<\/p>\n\n\n\n
Incorporating classified information from source document into new document and no additional analysis needed to determine classification<\/p>\n\n\n\n
Classified information that has been restated or paraphrased (not explicitly stated word-for-word) from source document but classification deduced from interpretation or analysis<\/p>\n\n\n\n
-Authorized to make initial classification determination
-Request for OCA contains mission justification and position title
-Delegated in writing by president to occupant of position, not to an individual by name
-Not able to delegate further unless “acting”
-Specifies highest level OCA can classify piece of information and their jurisdiction
-OCA training
-Demonstrable and continuing need for such authority at least 2x a year<\/p>\n\n\n\n
Preferred method of classification determination communication. Contains classification levels, downgrading and declassification instructions, and special handling requirements for programs, projects, plans, etc.<\/p>\n\n\n\n\n
\n
\n
\n
Change in status from classified to unclassified<\/p>\n\n\n\n
Permanently Valuable Historical records are declassified 25 years from original classification date<\/p>\n\n\n\n
Information exempt from automatic declassification is reviewed for possible declassification<\/p>\n\n\n\n
Process for public to request review for declassification and public release of classified information<\/p>\n\n\n\n
OCA, at the time of original classification, sets date or event for declassification within 25 years<\/p>\n\n\n\n
People who are in possession of, or who are otherwise charged with safeguarding classified information<\/p>\n\n\n\n
Specific Date, Specific Event, or 50X1-HUM Exemption<\/p>\n\n\n\n
-Concerns design, manufacture, and use of atomic weapons
-Exempt from declassification date requirement<\/p>\n\n\n\n\n
\n
Record opening and closing of security container<\/p>\n\n\n\n
End-of-the-day security checks<\/p>\n\n\n\n
Record identification info for each container and record combination<\/p>\n\n\n\n
An unauthorized disclosure of classified information<\/p>\n\n\n\n
If classified information appears in the public media, DoD personnel must be careful not to make any statement of comment that would confirm the accuracy or verify the classified status of the information<\/p>\n\n\n\n
The possibility of compromise could exist but it is not known with certainty<\/p>\n\n\n\n
This organization maintains a register of certified security digital facsimiles<\/p>\n\n\n\n
The protection resulting from the measures designed to deny unauthorized persons information of value that might be derived from the possession and study of telecommunications and to ensure the authenticity of such communications. Requires more stringent protection requirements<\/p>\n\n\n\n
Insert the inner wrapping into an outer wrapping<\/p>\n\n\n\n\n
\n
Only when it is the most effective means considering security, time, cost, and accountability<\/p>\n\n\n\n
Top Secret<\/p>\n\n\n\n
Defense Courier Service (DCS), cleared courier\/escort, USPS First Class, USPS priority mail express, USPS registered mail, and USPS certified mail (plus others-refer to CDSE course IF107.16)<\/p>\n\n\n\n
Defense Courier Service (DCS), cleared courier\/escort, USPS registered mail, USPS priority mail express (plus others-refer to CDSE course IF107.16)<\/p>\n\n\n\n
ONLY 6 methods<\/p>\n\n\n\n\n
True<\/p>\n\n\n\n\n
When a continuing need is identified<\/p>\n\n\n\n
True.<\/p>\n\n\n\n
Burned, shredded, destroyed with chemicals that destroy imprints<\/p>\n\n\n\n
Burned or shredded<\/p>\n\n\n\n
Burned, overwritten, or demagnetized<\/p>\n\n\n\n
Burned, shredded, or chemically decomposed of<\/p>\n\n\n\n
Burned, shredded, or demagnetized<\/p>\n\n\n\n
Requires government-wide development and implementation of standard for secure and reliable forms of identification for Federal employees and contractors.<\/p>\n\n\n\n
Physical Security Program regulation<\/p>\n\n\n\n
Least privilege: The principle that a security architecture should be designed so that each entity is granted the minimum system resources and authorizations that the entity needs to perform its function.<\/p>\n\n\n\n
Provides overall policy direction for the Information Security Program<\/p>\n\n\n\n
-Oversee and manages information security program under guidance of NSC.
-NSC provides overall policy direction
-ISOO is the operating arm
-Annual report to president about each agency’s security classification program, analysis and reports<\/p>\n\n\n\n
Has primary responsibility for providing guidance, oversight, and approval authority of policies and procedures that govern DoD Information Security Program<\/p>\n\n\n\n
EO 13526<\/p>\n\n\n\n
Deputy Secretary of Defense (DepSecDef)<\/p>\n\n\n\n
Minimize risk of accidental exposure and facilitate detection of tampering<\/p>\n\n\n\n
Establishes National Industrial Security Program<\/p>\n\n\n\n
National Industrial Security Program Operating Manual (NISPOM)<\/p>\n\n\n\n
Information that is or will be valuable to the US either directly or indirectly<\/p>\n\n\n\n
Both classified military information and controlled unclassified information<\/p>\n\n\n\n
No need for immediate access, SF86 submitted, investigation opened by ISP, and all minimum requirements for interim eligibility satisfied<\/p>\n\n\n\n
Non-critical sensitive<\/p>\n\n\n\n
Special-sensitive<\/p>\n\n\n\n
Normal: general global threat of possible terrorist activity–> routine security posture (i.e., access control at all installations)
Alpha: increased general threat of possible terrorist activity against personnel\/facilities; nature and extent unpredictable–> ALPHA measures must be capable of being maintained indefinitely
Bravo: increased\/more predictable threat or terrorist activity–> sustaining BRAVO measures may affect operational capability and military\/civilian relationships
Charlie: incident occurs or intelligence indicates some form of terrorist action is likely against personnel\/facility—> sustaining CHARLIE measures may create hardship and affect activity of unit\/personnel
Delta: immediate area where terrorist attack has occurred of when intelligence indicates terrorist action against specific location\/person is imminent (localized condition)–> not to be sustained for extended period of time<\/p>\n\n\n\n
Security Classification Guide<\/p>\n\n\n\n
A)When the classification marking on a document containing FGI is not in English, or when the foreign government marking requires a different degree of protection than the same U.S. classification designation, a U.S. marking that results in a degree of protection equivalent to that required by the foreign government shall be applied.
B) A U.S. document containing FGI cannot be declassified or downgraded below the highest level of FGI contained in the document without the permission of the foreign government or international organization that originated the information.
C) Those holding security clearances issued by the U.S. government cannot access U.S. documents containing FGI without written consent from the originating foreign government.
D) The receiving DoD Components must maintain records for 1 year of the receipt, internal distribution, destruction, annual inventory, access, reproduction, and transmittal of foreign government Top Secret information.
B) A U.S. document containing FGI cannot be declassified or downgraded below the highest level of FGI contained in the document without the permission of the foreign government or international organization that originated the information.<\/p>\n\n\n\n
Paul and Ashley are both correct.<\/p>\n\n\n\n
Critical Nuclear Weapons Design Information (CNWDI)<\/p>\n\n\n\n
Favorably adjudicated background investigation (T3 (10-year scope) T5 within 5 years prior to assignment), and completed a NATO Briefing.<\/p>\n\n\n\n
-Communications Security (COMSEC) Information
-Declassified Information
-Law Enforcement Sensitive (LES) Information
-North Atlantic Treaty Organization (NATO) Information
Law Enforcement Sensitive Information<\/p>\n\n\n\n
To alert holders to the presence of classified information, how to properly protect it, and for how long.<\/p>\n\n\n\n
Document holder as the sole authority to make transfer and dissemination determinations.<\/p>\n\n\n\n
To identify the official classification and control markings, and their authorized abbreviations and portion markings.<\/p>\n\n\n\n
Activity Security Manager<\/p>\n\n\n\n
Data may potentially be available to unauthorized users via electronic form.<\/p>\n\n\n\n
Confidentiality
Integrity
Availability
Authenticity
Non-repudiation<\/p>\n\n\n\n
Security Violation<\/p>\n\n\n\n
Integrity<\/p>\n\n\n\n
Confidentiality<\/p>\n\n\n\n
Contact the Original Classification Authority through the appropriate chain of command to confirm that the information does not have an extended classification period.<\/p>\n\n\n\n
Employee must be trained to properly operate classified information systems, on the protection and storage of classified information, and Communications Security (COMSEC) materials.<\/p>\n\n\n\n
To ensure that only loyal, trustworthy, and reliable individuals may access classified information or perform sensitive duties.<\/p>\n\n\n\n
Executive Order 13467, “Reforming Processes Related to Suitability for Government Employment, Fitness for Contractor Employees, and Eligibility for Access to Classified National Security Information”<\/p>\n\n\n\n
Allegiance to the United States<\/p>\n\n\n\n
-Risk Assessment and Analysis
-Implementation
-Classification
-Continuous Vetting
Continuous Vetting (Formerly Continuous Evaluation)<\/p>\n\n\n\n
The prior ten years of the subject’s life can be appropriately investigated.<\/p>\n\n\n\n
Individual has a valid favorably adjudicated Tier 5 or Single Scope Background (SSBI) Investigation.<\/p>\n\n\n\n
Individual is a U.S. Citizen
Individual has a security clearance eligibility in accordance with the position
Individual must be continuously evaluated<\/p>\n\n\n\n
Favorably completed Tier 5\/Single Scope Background Investigation (SSBI) within 36 months preceding selection.<\/p>\n\n\n\n
Suitability Adjudication<\/p>\n\n\n\n
Organizational wireless connections holding such information must be encrypted, and those accessing such information must use encrypted wireless connections where available when traveling.<\/p>\n\n\n\n
90 Days<\/p>\n\n\n\n
LAAs shall only be granted access at the Secret and Confidential Levels<\/p>\n\n\n\n
Education Level
Alcohol Consumption
Financial Considerations
Psychological Conditions
Education Level<\/p>\n\n\n\n
noncritical sensitive<\/p>\n\n\n\n
Why an unfavorable national security eligibility determination is being proposed.
Explain each security concern and state the specific facts that trigger each security concern.
Identify all applicable adjudicative guidelines for each concern, and provide the disqualifying conditions and mitigating conditions for each guideline.<\/p>\n\n\n\n
Special Briefings – Non-Disclosure<\/p>\n\n\n\n
Deterrence<\/p>\n\n\n\n
Both are correct.<\/p>\n\n\n\n\n
Control<\/li>\n<\/ul>\n\n\n\n\n
Theft of ammunition shipment for the purpose of criminal or gang related activity.<\/li>\n<\/ul>\n\n\n\n
Physical Security Program<\/p>\n\n\n\n
Security-In-Depth<\/p>\n\n\n\n
Economic Espionage<\/p>\n\n\n\n\n
Encourage dependent family members to complete Level I Antiterrorism Awareness Training before any travel outside the continental United States (OCONUS).<\/li>\n<\/ul>\n\n\n\n
Explanation of the government purpose to perform when disclosing classified information.
The subject of the meeting, scope of classified topics, and classification level.
The main content of the invitation to send to the participants.<\/p>\n\n\n\n
Paul is correct.<\/p>\n\n\n\n
The National Security Council shall provide overall policy direction for the NISP, but the Director of the Information Security Oversight Office (ISOO) (in consultation with the National Security Advisor) is responsible for implementation and monitoring.<\/p>\n\n\n\n
The GCA must sponsor the contractor for a facility security clearance by submitting a sponsorship request to DSS, which initiates the facility clearance process.<\/p>\n\n\n\n
To codify and publish uniform policies and procedures for acquisition by all executive agencies.<\/p>\n\n\n\n
Termination Briefing<\/p>\n\n\n\n
E.O. 13526<\/p>\n\n\n\n
32 CFR Parts 2001 & 2003, “Classified National Security Information; Final Rule”<\/p>\n\n\n\n
Security Violation<\/p>\n\n\n\n
Secret<\/p>\n\n\n\n
Top Secret<\/p>\n\n\n\n
Confidential<\/p>\n\n\n\n
Compilation<\/p>\n\n\n\n
Security Classification Guide<\/p>\n\n\n\n
Systematic Declassification Review<\/p>\n\n\n\n
Automatic Declassification<\/p>\n\n\n\n
Mandatory Declassification Review<\/p>\n\n\n\n
Original Classification Process<\/p>\n\n\n\n
Specific Date, Specific Event, or by the 50X1-HUM Exemption<\/p>\n\n\n\n\n
Security Container Check Sheet – Used to record the opening and closing of your security container.<\/p>\n\n\n\n
The Activity Security Checklist – It is intended to verify that you did not accidentally leave classified materials unsecured, as well as, to ensure the area is safe and secure.<\/p>\n\n\n\n
Actual Compromise<\/p>\n\n\n\n
Potential Compromise<\/p>\n\n\n\n
Neither Confirm Nor Deny – DoD personnel must be careful not to make any statement or comment that would confirm the accuracy or verify the classified status of the information.<\/p>\n\n\n\n
DISA, Joint Interoperability Test Command (JITC)<\/p>\n\n\n\n
COMSEC<\/p>\n\n\n\n
Secret<\/p>\n\n\n\n
Defense Courier Service (DCS)
First Class Mail
Registered Mail
Certified Mail<\/p>\n\n\n\n
Top Secret<\/p>\n\n\n\n
Hand Carry<\/p>\n\n\n\n
Written Authorization
Authorization may be contained in a letter, a courier card, or other written document.<\/p>\n\n\n\n
Courier Authorization Card. Issued for no more than 2 years at a time.<\/p>\n\n\n\n
Burned or Shredded<\/p>\n\n\n\n
Burned
Overwritten
Demagnetized<\/p>\n\n\n\n
Critical Information<\/p>\n\n\n\n
Determined based on the level of classification of its content.<\/p>\n\n\n\n
Original Classification<\/p>\n\n\n\n
Security Classification Guide<\/p>\n\n\n\n
Derivative Classification<\/p>\n\n\n\n
A. Risk Management
B. Operational Resilience
C. Integration and Interoperability
D. Cyberspace Defense
E. Performance
F. Identity Assurance
G. Mission Partners
All Items<\/p>\n\n\n\n
or advise Original Classification Authorities in the application of the process for making
classification determinations?
A. Information Security
B. Physical Security
C. Personnel Security
D. Industrial Security
A. Information Security<\/p>\n\n\n\n
facility’s Antiterrorism Officer to deploy defensive measures designed to reduce the facility’s
vulnerability from terrorist attacks?
A. Information Security
B. Physical Security
C. Personnel Security
D. Industrial Security
B. Physical Security<\/p>\n\n\n\n
processes that monitor employees for new information that could affect their security clearance
eligibility status?
A. Foreign Disclosure
B. Information Security
C. International Security
D. Operations Security
E. Personnel Security
F. Physical Security
G. Research and Technology Protection
H. Information Assurance
E. Personnel Security<\/p>\n\n\n\n
Paul says that Information Security practitioners train and\/or advise Original Classification
Authorities in the application of the process for making classification determinations.
Ashley says that Physical Security practitioners work with a facility’s Antiterrorism Officer to
deploy defensive measures designed to reduce the facility’s vulnerability from terrorist attacks.
Who is correct?
A. Paul is correct
B. Ashley is correct
C. Paul and Ashley are both correct
D. Paul and Ashley are both incorrect
C. Paul and Ashley are both correct<\/p>\n\n\n\n
Paul says that Information Security practitioners work with a facility’s Antiterrorism Officer to
deploy defensive measures designed to reduce the facility’s vulnerability from terrorist attacks.
Ashley says that Personnel Security practitioners train and\/or advise Original Classification
Authorities in the application of the process for making classification determinations.
Who is correct?
A. Paul is correct
B. Ashley is correct
C. Paul and Ashley are both correct
D. Paul and Ashley are both incorrect
D. Paul and Ashley are both incorrect<\/p>\n\n\n\n
the same U.S. classification designation, a U.S. marking that results in a degree of protection equivalent to that required by the foreign government shall be applied.
b. A U.S. document containing FGI cannot be declassified or downgraded below the highest level of FGI contained in the document without the permission of the foreign government or international organization that originated the information.
c. Those holding security clearances issued by the U.S. government cannot access U.S. documents containing FGI without written consent from the originating foreign government.
d. The receiving DoD Components must maintain records for 1 year of the receipt, internal distribution, destruction, annual inventory, access, reproduction, and transmittal of foreign government Top Secret information.
B<\/p>\n\n\n\n
a. Personnel has been subject of a Single Scope Background Investigation (SSBI), including a National Agency Check (NAC) on the spouse and all members of the individual’s immediate family of 18 years of age or over who are United States citizens other than by birth or who are resident aliens.
b. Personnel has been subject of a favorably adjudicated background investigation (BI) (10-year scope), Tier 5, current within five years prior to the assignment, and completed a NATO brief.
c. Personnel has been subject of a favorably adjudicated BI (10-year scope), Defense National Agency Check with Inquiries (DNACI)\/ National Agency Check with Inquiries (NACI) or NACI Entrance National Agency Check (ENTNAC), current within five years prior to the assignment.
d. Personnel requiring access to NATO COSMIC (Top Secret) or SECRET information must at least possess the equivalent interim U.S. security clearance.
B<\/p>\n\n\n\n
is considered a type of controlled unclassified information (CUI)?
a. Communications Security (COMSEC) Information
b. Declassified Information
c. Law Enforcement Sensitive (LES) Information
d. North Atlantic Treaty Organization (NATO) Information
C. Law Enforcement Sensitive Information<\/p>\n\n\n\n
a. To alert holders to the presence of classified information, how to properly protect it, and for how long.
b. To deter foreign adversaries from committing actions aimed at accessing such information.
c. To provide guidance for interpretation and analysis of classified information.
d. To alert holders to the methods used to collect classified information.
A<\/p>\n\n\n\n
a. Derivative classifier as the authority to make declassification determinations.
b. Agencies and authorities that have previously accessed the classified information.
c. Document holder as the sole authority to make transfer and dissemination determinations.
d. Sources and reasons for the classification.
C<\/p>\n\n\n\n
Access Program Coordination (CAPCO) register?
a. To identify the categories, types, and levels of Special Access Programs (SAPs.)
b. To define the authorities for classifying, declassifying, and regrading sensitive documents.
c. To identify the official classification and control markings, and their authorized abbreviations and portion markings.
d. To define the requirements, restrictions, and measures necessary to safeguard classified information from unauthorized disclosure.
C<\/p>\n\n\n\n
a. Activity Security Manager
b. Information Assurance Staff
c. Information Assurance Manager
d. Information Assurance Officer
A<\/p>\n\n\n\n
a. Data is no longer reliable, accurate, nor trusted.
b. Data may potentially be available to unauthorized users via electronic form.
c. General communications are no longer trusted.
d. Potential of unauthorized access to classified data.
e. Data is no longer available to authorized users, and missions cannot be conducted.
B<\/p>\n\n\n\n
a security violation rather than a security infraction?
a. On a busy day, Karen printed classified documents on the printer in her open storage\/secure room. She forgot about the documents and they remained on the printer for about an hour before she retrieved them.
b. Karen was late for a meeting in a different area of her building. She put a classified document in a folder she believed was marked for carrying classified materials. When handing out the materials, Karen realized that the folder was not marked for carrying classified materials, she had put the documents in the wrong folder.
c. At the end of the day, Karen was leaving and taking with her unclassified documents she would review at home. When she began to review those documents that night, she realized that classified materials had slipped in between the unclassified materials.
d. Karen was working a mission related to Mexican Drug cartel operating out of Playa Carmen. Her husband planned a golf trip with friends to that area. She advised him not to go, and believing that it was a safety issue, she provided sensitive details about the cartel to make sure that he did not go.
C<\/p>\n\n\n\n
a. Non-Repudiation
b. Confidentiality
c. Integrity
d. Availability
A. Non-repudiation<\/p>\n\n\n\n
a. Confidentiality
b. Integrity
c. Availability
d. Authentication
A<\/p>\n\n\n\n
or remove classification markings? a. Through the appropriate chain of command, contact the original classification authority (OCA) to confirm that information does not have an extended classification period.
b. Change the classification authority block to indicate “Declassify ON:” to show the new declassification instructions.
c. Take all classification markings off the document and redistribute.
d. Request a waiver from the Information Security Oversight. Office (ISOO) to remove the declassification markings.
A<\/p>\n\n\n\n
following are requirements to perform classified activities from non-traditional locations (e.g., the employees home), EXCEPT:
a. The employee must be trained to operate classified information systems.
b. The employee must be trained on protection and storage of classified information and Communications Security (COMSEC) materials.
c. The employee must receive written approval for use of classified information and equipment at home.
d. The employee must have an office space that meets requirements comparable to the Sensitive Compartmented Information Facility (SCIF).
B<\/p>\n\n\n\n
a. To define original classification for DoD assets and information.
b. To designate individuals for positions requiring access to classified information.
c. To ensure that only loyal, trustworthy, and reliable individuals may access classified information or perform sensitive duties.
d. To describe the safeguarding requirements personnel must employ when handling classified materials at a cleared contractor facility.
C<\/p>\n\n\n\n
a. Office of Management and Budget Memorandum M-05-24, “Implementation of Homeland Security Presidential Directive (HSPD) 12 – Policy for a Common Identification Standard for Federal Employees and Contractors,”.
b. Executive Order 13467, “Reforming Processes Related to Suitability for Government Employment, Fitness for Contractor Employees, and Eligibility for Access to Classified National Security Information”.
c. Sections 301 and 7532 of title 5, United States Code.
d. Executive Order 13526, “Classified National Security Information”.
B<\/p>\n\n\n\n
an anarchist organization dedicated to disestablishing existing Federal laws and overthrowing the U.S. government by any means necessary, including violence. Although the subject terminated his membership with the organization upon learning he would be investigated for
a clearance for his new position, he still maintains social contact with several members of the anarchist organization. Based on this information, which of the following adjudicative guidelines is most appropriate for an adjudicator to apply to the case?
a. Psychological Conditions
b. Foreign Preference
c. Allegiance to the United States
d. Criminal Activity
C<\/p>\n\n\n\n\n
a. Risk Assessment and Analysis
b. Implementation
c. Classification
d. Continuous Evaluation
D<\/li>\n<\/ol>\n\n\n\n
specific programs may be approved for non-U.S. citizens only under which of the following conditions?
a. The subject is eligible to access material marked by a foreign government that is equivalent to a U.S. Top Secret classification marking.
b. The subject will only have one-time access to specific material, after which the material will be appropriately destroyed or returned to the originating U.S. agency
c. The subject will only have access to classified U.S. documents containing Foreign Government Information (FGI) originating from the foreign country of which the subject is a citizen.
d. The prior 10 years of the subject’s life can be appropriately investigated.
D<\/p>\n\n\n\n
Single Integrated Operational
Plan-Extremely Sensitive Information (SIOP- ESI)?
a. Individual has a valid favorably adjudicated Tier 5 or Single Scope Background (SSBI) Investigation.
b. Individual has a valid favorable adjudicated Tier 3 or National Agency Check with Local Agency Check (NACLC) investigation.
c. Individual has a valid favorably adjudicated Tier 3 or Access National Agency Check with Written Inquiries and Credit Check (ANACI) investigation.
d. Individual has a valid favorably adjudicated Tier.
A<\/p>\n\n\n\n
a. Individual must be a U.S. Citizen
b. Individual has a security clearance eligibility in accordance with the position
c. Individual is subject to a periodic reinvestigation every three years
d. Individual must be continuous evaluated
C<\/p>\n\n\n\n
a. Favorably completed Tier 5\/Single Scope Background Investigation (SSBI) within 36 months preceding selection.
b. Favorably completed Tier 3\/National Agency Check with Local Agency Check (NACLC) within 36 months preceding selection.
c. Favorably completed Tier 5\/SSBI within 24 months preceding selection.
d. Favorably completed Tier 3\/NACLC within 24 months preceding selection.
A<\/p>\n\n\n\n
a. Homeland Security Presidential Directory (HSPD) 12 credentialing
b. National security adjudication
c. Suitability adjudication
d. Continuous evaluation
C<\/p>\n\n\n\n
extent provided by the applicable grant, shall minimally be safeguarded under which of the following standards?
a. Information holders must use the Secret Internet Protocol Router Network (SIPRNET) to transmit such information.
b. Such information may be store in an open storage area, provided the room is equipped with an Intrusion Detection System (IDS) with the personnel responding to an alarm within 15 minutes of the alarm annunciation.
c. Such information must be stored in a General Services Administration (GSA)-approved security container equipped with a lock meeting FF-L-2740 standards.
d. Organizational wireless connections holding such information must be encrypted, and those accessing such information must use encrypted wireless connections where available when traveling.
D<\/p>\n\n\n\n
of the necessary personnel security determination?
a. 30 days
b. 45 days
c. 60 days
d. 90 days
D<\/p>\n\n\n\n
a. LAAs shall only be granted access at the Secret and Confidential levels.
b. A favorably completed and adjudicated Tier 3 or National Agency Check with Local Agency Check (NACLC). investigation within the last five years is required.
c. An LAA is the same as a security clearance eligibility.
d. Access to classified information Is not limited to a specific program or project.
A<\/p>\n\n\n\n\n
a. Education Level
b. Alcohol consumption
c. Financial considerations
d. Psychological Conditions
A<\/li>\n<\/ol>\n\n\n\n
a. A position not requiring eligibility for access to classified information, but having the potential to cause significant or serious damage to the national security.
b. A position requiring eligibility for access to Top Secret information.
c. A position requiring eligibility for access to confidential information.
d. A position requiring eligibility for access to secret information.
B<\/p>\n\n\n\n
a. SOR must state why an unfavorable national security eligibility determination is being proposed.
b. SOR must explain each security concern and state the specific facts that trigger each security concern.
c. The SOR must identify applicable adjudicative guideline(s) for each concern, and provide the disqualifying conditions and mitigating conditions for each guideline.
d. All of the Above
D<\/p>\n\n\n\n
a. Special Briefings – Courier
b. Original Classification Authority (OCA) Briefing
c. Special Briefings – Non-Disclosure
d. Debriefing
C<\/p>\n\n\n\n
is an example of which system security capability?
a. Detect
b. Assessment
c. Deterrence
d. Delay
C<\/p>\n\n\n\n
a. Paul is correct
b. Ashley is correct
c. Paul and Ashley are both correct
d. Paul and Ashley are both incorrect
C<\/p>\n\n\n\n
a. Detection
b. Control
c. Assessment
d. Response
B<\/p>\n\n\n\n
a. Theft of ammunition shipment for the purpose of criminal or gang related activity.
b. Theft of sensitive, proprietary information relating to US aerospace and defense technologies.
c. Deliberate destruction of DoD assets or interruption of normal operations.
d. Theft of an item and use of it outside of its intended purpose or without permission.
A<\/p>\n\n\n\n
a. To ensure that industry safeguards the classified information in their possession, while performing work on contracts, bids, or research and development efforts on behalf of the government.
b. To protect assets against compromise resulting from activities such as espionage, sabotage, terrorism, damage or loss, and criminal.
c. To ensure that only loyal, trustworthy, and reliable individuals may access classified information or perform sensitive duties.
d. To create uniform policies and procedures for defense acquisition by all executive agencies.
B<\/p>\n\n\n\n
and equipment, safeguarding DoD assets against espionage and criminal activity, and providing the means to counter threats when preventative measures are ignored, best characterize the primary functions of which of the following programs or processes? a. Physical Security Program
b. Operations Security (OPSEC) process
c. Security incident response process
d. Personnel Security Program
A<\/p>\n\n\n\n
a. Area security
b. Threat-vulnerability assessment
c. Security-in-depth
d. Point security
C<\/p>\n\n\n\n
a. Criminal activity
b. Economic espionage
c. Treason
d. Terrorism
B<\/p>\n\n\n\n
a. Cease all flying except for specifically authorized operational sorties.
b. Direct the execution of advance site reviews to facilitate the antiterrorism planning process.
c. Encourage dependent family members to complete Level I Antiterrorism Awareness Training before any travel outside the continental United States (OCONUS).
d. Conduct an immediate Terrorism Vulnerability Assessment for off-installation housing, schools, daycare centers, transportation.
C<\/p>\n\n\n\n
a. The explanation of the government purpose to perform when disclosing classified information.
b. The subject of the meeting, scope of classified topics and classification level
c. Expected time and location of the meeting.
d. The main content of the invitation to send to the participants.
C<\/p>\n\n\n\n\n
a. Paul is correct
b. Ashley is correct
c. Paul and Ashley are both correct
d. Paul and Ashley are both incorrect
A<\/li>\n<\/ul>\n\n\n\n
a. Director of the Information Security Oversight Office (ISOO)
b. Secretary of Defense
c. National Security Council (NSC)
d. Director, Defense Security Services (DSS)
A<\/p>\n\n\n\n
for Proposal (RFP) that requires access to classified information? a. The GCA must issue a formal letter rejecting the contractor’s bid since the contractor does not have the requisite FCL.
b. The contractor must submit a sponsorship request to DSS, who will decide whether to allow the contractor to bid on the contract.
c. The GCA must sponsor the contractor for a facility security clearance by submitting a sponsorship request to DSS, which initiates the facility clearance process.
d. The GCA must ensure that the all owners and senior management of the uncleared contractor are U.S. citizens and are eligible to be processed for a personnel security clearance.
C<\/p>\n\n\n\n
a. To codify and publish uniform policies and procedures for acquisition by all executive agencies.
b. To manage DoD funds and prioritize the development of vital research and technology.
c. To provide small businesses and minority owned companies an opportunity to compete in the government acquisition process.
d. To promote uniform standards and best practices of technology acquisition across U.S. industry.
A<\/p>\n\n\n\n
a. To ensure the appropriate classification level for the bid, and to define unique security requirements associated with the product.
b. To interface with the Cognizant Security Organization (CSO) to ensure oversight is performed and review results of and previous assessments on behalf of component.
c. To ensure that the contractor follows proper safeguarding and disposition guidance.
d. To review and define the specific security requirements with the contracting officer – specifically, block 13 of DD Form 254.
D<\/p>\n\n\n\n
a. To convey security classification guidance and to advise contractors on the handling procedures for classified material.
b. To document the formal agreement between the US government and a cleared contractor in which the contactor agrees to maintain a security program in compliance with the NISPOM and the government agrees to security guidance and program oversight.
c. To validate details regarding the foreign ownership, control or influence affecting that cleared contractor facility.
d. It replaces the actual contract document for any contract requiring access to classified information.
A<\/p>\n\n\n\n
a. Critical Information List
b. Threat vulnerability matrix
c. Risk Rating Table
d. Security Classification Guide
A<\/p>\n\n\n\n
of the Special Access Program (SAP) lifecycle?
a. To ensure that the SAP has adequate Internal Review and Audit Compliance (IRAC) support, including accessed auditors at supporting offices, to meet program audit needs.
b. To review existing programs annually to determine whether to revalidate them as SAPs.
c. To provide oversight of SAP program and budget accomplishments.
d. To provide oversight of SAP audits and inspections.
B<\/p>\n\n\n\n
a. Research and Technology SAP
b. Operations and Support SAP
c. Acquisition SAP
d. Intelligence SAP
C<\/p>\n\n\n\n
a. Indoctrination Briefing
b. Original Classification Authority (OCA)
Briefing
c. Foreign Travel Briefing
d. Debriefing
A<\/p>\n\n\n\n
a. Annual Refresher Briefings
b. Indoctrination Briefings
c. Attestation Briefings
d. Courier Briefings
A<\/p>\n\n\n\n
a. Conduct a Risk Assessment
b. Apply OPSEC Countermeasures
c. Conduct a Threat Analysis
d. Conduct a Vulnerability Analysis
B<\/p>\n\n\n\n
to collect, analyze, and exploit critical information and indicators?
a. Conduct a Vulnerability Analysis
b. Conduct a Threat Analysis
c. Conduct a Risk Assessment
d. Apply OPSEC Countermeasures
B<\/p>\n\n\n\n
a. Small in scale and focused on evaluating the effectiveness of the OPSEC program.
b. Conducted on an annual basis.
c. Uses external resources collectively to conduct with or without the use of indigenous resources.
d. Determines the likelihood that critical information can be protected based on procedures that are currently in place.
C<\/p>\n\n\n\n
a. Protection against malware and advance threats.
b. Blocked access to prohibited sites and content.
c. Individual compliance with Joint Ethics Regulations and guidelines.
d. Constant monitoring to deter inappropriate site access.
D<\/p>\n\n\n\n
to loss of confidentiality, integrity, and availability if a security breach occurs?**
a. Information System Owner (ISO)
b. Information Owner (IO)
c. Information System Security Manager (ISSM)
d. Authorizing Official (AO)
B<\/p>\n\n\n\n
a. Authorizing others to acquire unauthorized access to classified or sensitive information systems.
b. Unauthorized downloads or uploads of sensitive data.
c. Network spillage incidents or information compromise.
d. Use of DoD account credentials by unauthorized parties.
A<\/p>\n\n\n\n
a. Operational and Logistic Measures
b. Technical Measures
c. Administrative Measures
d. Operations Security and Military Deception
B<\/p>\n\n\n\n
a. Platform Information Technology (PIT)
b. Information Technology Services
c. Information Technology Products
d. Information Technology Applications
D<\/p>\n\n\n\n
a. Categorize Information System
b. Select Security Controls
c. Implement Security Controls
d. Assess Security Controls
e. Authorize
f. Monitor Security Controls
A<\/p>\n\n\n\n
system-level continuous monitoring strategy?” **
a. Categorize Information System
b. Select Security Controls
c. Implement Security Controls
d. Assess Security Controls
e. Authorize
f. Monitor Security Controls
B<\/p>\n\n\n\n
a. Review and approve the security plan and system-level continuous monitoring strategy developed and implemented by the DoD Components.
b. Monitor the system for security relevant events and configuration changes that affect the security posture negatively.
c. Determine and documents a risk level in the Security Assessment Report (SAR) for every non-compliant security control in the system baseline.
d. Coordinate the organization of the Information System (IS) and Platform Information Technology (PIT) systems with the Program Manager (PM)\/System Manager (SM), Information System Owner (ISO), Information Owner (IO), mission owner(s), Action Officer (AO) or their designated representatives.
B<\/p>\n\n\n\n
Verification belong to?**
a. System and Communications Protection
b. Maintenance
c. System and Information Integrity
d. Audit and Accountability
C<\/p>\n\n\n\n
Authorizing Official<\/p>\n\n\n\n
System Assessment Report<\/p>\n\n\n\n
a. Implement decommissioning strategy
b. Develop, review, and approve Security Assessment Plan
c. Prepare the Plan of Action and Milestones (POA&M)
d. Submit security authorization package
C & D<\/p>\n\n\n\n
A. prepare the plan of action and milestones (POA&M)
B. conduct final risk determination
C. Develop, plan, and approve Security Assessment Plan
D. Prepare Security Assessment Report
C & D<\/p>\n\n\n\n
A. Prepare the Plan of Action and Milestones (POA&M)
B. Develop, review, and approve Security Assessment Plan
C. Implement decommissioning strategy
D. Determine impact of changes
C & D<\/p>\n\n\n\n
Select all that apply.
A Confidentiality
B Integrity
C Availability
D Authentication
E Non-repudiation
All of the above<\/p>\n\n\n\n
A To uphold all elements of the National Industrial Security Program Operating Manual
B To appropriately manage risk by mitigating threats and vulnerabilities
C To examine your own actions and activities to uphold personal accountability
D To ensure all appropriate measures are taken to protect a place and ensure only people with permission enter and leave it
B<\/p>\n\n\n\n
A NIST 800-30 Rev 1 Guide for Conducting Risk Assessments
B DoD 8530.01 Cybersecurity Activities Support to DoD Information Network Operations
C DoD 8510.01 Risk Management Framework
D DoD 8500.01
E DoD Security Policy
All of the above<\/p>\n\n\n\n
A. Protect information systems.
B. Identify all cybersecurity concepts.
C. Identify fundamental cybersecurity concepts that are related to the protection of classified and controlled unclassified information.
D. Examine their role in protecting DoD’s information systems and the information they process, transmit, and store.
D<\/p>\n\n\n\n
A Monitor, evaluate, and provide advice to the Secretary of Defense
B Protect classified information and controlled unclassified information
C Direct the operation of and assure the security of the global DoD network
D Coordinate all DoD network operations
B<\/p>\n\n\n\n
A Analyze duties
B Manage risk
C Execute training
D Respond to incidents
B<\/p>\n\n\n\n
A Revision
B Analysis
C Evaluation
D Assessment
E Mitigation
C, D & E<\/p>\n\n\n\n
A Monitor Security Controls
B Categorize System
C Authorize System
D Assess Security Controls
E Select Security Controls
F Implement Security Controls
All of the above<\/p>\n\n\n\n
A Adversarial
B Environmental
C Structural
D Accidental
All of the above<\/p>\n\n\n\n
A Residual risk
B Ease
C Likelihood
D Related threats
D Rewards
All of the above<\/p>\n\n\n\n
A Assess Security Controls
B Monitor Security Controls
C Select Security Controls
D Authorize System
E Implement Security Controls
F Categorize System
C & E<\/p>\n\n\n\n
A Common Control Identification
B Monitoring Strategy
C Security Baseline and Overlay Selection
D Security Plan and Review Approval
All of the above<\/p>\n\n\n\n
A Communicate updates to appropriate audiences
B Seek approvals from CIO
C Create appropriate training and communication plans
D Ensure consistency with DoD architectures
E Document security control implementation in the security plan
F Identify security controls available for inheritance
D, E & F<\/p>\n\n\n\n
A Select Security Controls
B Assess Security Controls
C Monitor Security Controls
D Authorize System
E Categorize System
F Implement Security Controls
B, C & D<\/p>\n\n\n\n
A Prepare the Plan of Action and Milestones (POA&M)
B Conduct final risk determination
C Develop, plan, and approve Security Assessment Plan
D Prepare Security Assessment Report (SAR)
C & D<\/p>\n\n\n\n
controls?
A Ensure consistency with DoD architectures
B Document security control implementation in the security plan
C Seek approvals from CIO
D Identify security controls available for inheritance
E Communicate updates to appropriate audiences
F Create appropriate training and communication plans
A, B & D<\/p>\n\n\n\n
A Authorizing Official (AO)
B US Cyber Command (USCYBERCOM)
C Security personnel
D DoD Chief Information Officer (CIO)
B<\/p>\n\n\n\n
A Validity
B Non-repudiation
C Architecture
D Stability
B<\/p>\n\n\n\n
True
False
False<\/p>\n\n\n\n
designed to mitigate risk?
A Categorize System
B Select Security Controls
C Implement Security Controls
D Assess Security Controls
B & C<\/p>\n\n\n\n
Controls?
A Develop, plan, and approve Security Assessment Plan
B Prepare the Security Assessment Report (SAR)
C Conduct remediation actions on non-compliant security controls
D All of the above
D<\/p>\n\n\n\n
A Vulnerabilities
B Threats
C Disclosure
D Authorization
A & B<\/p>\n\n\n\n
by security personnel?
A Identify and manage all cybersecurity concepts
B Explain their role in protecting DoD’s information systems
C Identify fundamental cybersecurity concepts that are related to the protection of classified and
controlled unclassified information
D Conduct assessment and evaluation of all IT systems
B & C<\/p>\n\n\n\n
A. Assess Security Controls, Monitor Security Controls, Categorize System
B. Assess Security Controls, Implement Security Controls, Authorize System
C. Implement Security Controls, Monitor Security Controls, Authorize System
D. Assess Security Controls, Monitor Security Controls, Authorize System
D<\/p>\n\n\n\n
decommissioning strategy?
A. Step 3 – Implement security controls
B. Step 4 – Assess security controls
C. Step 5 – Authorize system
D. Step 6 – Monitor security controls
D<\/p>\n\n\n\n
A. Insider Threat
B. Social Media
C. Cyber Attack
D. Mobile Computing
C<\/p>\n\n\n\n
A. Categorize System
B. Authorize System
C. Implement Security Controls
D. Select Security Controls
E. Assess Security Controls
F. Monitor Security Controls
A<\/p>\n\n\n\n
A Security Assessment Report (SAR)
B Plan of Action and Milestones (POA&M)
C Security Plan
D None of the above
A, B & C<\/p>\n\n\n\n
Select one:
A. Confidentiality and integrity
B. Confidentiality and authentication
C. Integrity and non-repudiation
D. Integrity and authentication
B.<\/p>\n\n\n\n
Integrity<\/p>\n\n\n\n
Availability<\/p>\n\n\n\n
Authentication<\/p>\n\n\n\n
Non-repudiation<\/p>\n\n\n\n
Confidentiality<\/p>\n\n\n\n
Select one:
a. USCYBERCOM
b. Security Controls Assessor (SCA)
c. Security Personnel
d. DoD CIO
B.<\/p>\n\n\n\n
A. Step 1 – Categorize System.
B. Step 2 – Select Security Controls.
C. Step 3 – Implement Security Controls.
D. Step 4 – Assess Security Controls.
E. Step 5 – Authorize System.
F. Step 6 – Monitor Security Controls.
A<\/p>\n\n\n\n
True<\/p>\n\n\n\n
False<\/p>\n\n\n\n
Select one or more:
a. Information system level
b. Physical security
c. Mission\/business process level
d. People
e. Organization level
f. None of the above
A-E<\/p>\n\n\n\n
A. Step 1 – Categorize System.
B. Step 2 – Select Security Controls.
C. Step 3 – Implement Security Controls.
D. Step 4 – Assess Security Controls.
E. Step 5 – Authorize System.
F. Step 6 – Monitor Security Controls.
B and C<\/p>\n\n\n\n
Select one:
a. Limitation
b. Acceptance
c. Avoidance
d. All of the above
D<\/p>\n\n\n\n
What does the information owner do when determining the impact of changes?
Select one or more:
a. Document in SAR for the AO to review
b. Provide written and signed report
c. Continuously monitors the system or information environment
d. Reports significant changes in the security posture of the system
e. Periodically assesses the quality of the security controls
C, D, and E<\/p>\n\n\n\n
Select one or more:
a. Seek approvals from CIO
b. Document security control implementation in the security plan
c. Communicate updates to appropriate audiences
d. Create appropriate training and communication plans
e. Ensure consistency with DoD architectures
f. Identify security controls available for inheritance
B, E, and F<\/p>\n\n\n\n
Select one:
a. Counsel stakeholders on security-related concerns
b. Execute security awareness training
c. Analysis
d. All of the above
D<\/p>\n\n\n\n
A. Step 1 – Categorize System.
B. Step 2 – Select Security Controls.
C. Step 3 – Implement Security Controls.
D. Step 4 – Assess Security Controls.
E. Step 5 – Authorize System.
F. Step 6 – Monitor Security Controls.
D, E, and F<\/p>\n\n\n\n
Select one or more:
a. Unique Control Identification
b. Common Control Identification
c. Security Plan Review and Approval
d. Security Plan Creation
e. Monitoring Strategy
B, C, and E<\/p>\n\n\n\n
Select one:
a. Threat Level Indicators
b. Force Protection
c. Physical Security Plan
d. Antiterrorism
D<\/p>\n\n\n\n
Select one:
a. Standard Operating Procedures
b. Executive Orders
c. Post Orders
C<\/p>\n\n\n\n
Select one:
a. Mission Assurance Senior Steering Group
b. Antiterrorism Working Group
c. Antiterrorism Executive Committee
d. Threat Working Group
C<\/p>\n\n\n\n
Physical Security Plan<\/p>\n\n\n\n
Select one:
a. OPSEC Officer
b. Installation Commander\/Facility Director
c. Antiterrorism Officer
d. CI Support
B<\/p>\n\n\n\n
Threat<\/p>\n\n\n\n
A. DoD 5200.08-R
B. DoDM 5200.01
C. DoDI 5200.08
C<\/p>\n\n\n\n
A. DoD 5200.08-R
B. DoDM 5200.01
C. DoDI 5200.08
A<\/p>\n\n\n\n
B<\/p>\n\n\n\n
A. Protective Barriers
B. Physical Security Countermeasures
C. Security Systems
D. Intrusion Detection
B<\/p>\n\n\n\n
Select one:
a. DoD portion of Intelligence
b. Unit
c. Enterprise Information Environment
d. Warfighting
e. Business
B<\/p>\n\n\n\n
Select one:
a. enterprise
b. local
c. unit
d. mission
A<\/p>\n\n\n\n
True<\/p>\n\n\n\n
Select one:
a. 8500.10
b. 8500.03
c. 8500.01
d. 8510.01
C<\/p>\n\n\n\n
Select one:
a. top-down
b. cybersecurity
c. mission oriented
d. holistic
D<\/p>\n\n\n\n
Select one:
a. analyzing and documenting
b. disclosing
c. discussing
d. reporting to AO
A<\/p>\n\n\n\n
False<\/p>\n\n\n\n
events required to be reported to DoD counterintelligence (CI) organizations
espionage, sabotage, terrorism, cyber<\/p>\n\n\n\n\n
should be considered in
identifying Critical Program
Information
Elements which if compromised could:<\/p>\n\n\n\n\n
Elements that a
security professional should
consider when assessing and
managing risks to DoD assets<\/p>\n\n\n\n
Special Access Programs
acquisition, intelligence, and operations and support<\/p>\n\n\n\n
of threats to classified
information
Insider Threat, Foreign Intelligence Entities (FIE) and Cybersecurity Threat<\/p>\n\n\n\n
An employee who may represent a threat to
national security. These threats encompass potential espionage, violent acts against the Government or the nation, and unauthorized disclosure of classified information, including the vast amounts of classified data available on interconnected United States Government computer networks and systems.<\/p>\n\n\n\n
Foreign Visitor Program
To track and approve access by a foreign entity to information that is classified; and to approve access by a foreign entity to information that is unclassified, related to a U.S. Government contract, or plant visits covered by ITAR.<\/p>\n\n\n\n
Program
A program established for a specific class of
classified information that imposes safeguarding and access requirements that exceed those normally required for information at the same classification level.<\/p>\n\n\n\n
Within Personnel Security:<\/p>\n\n\n\n\n
years;<\/li>\n\n\n\n
need to know;<\/li>\n\n\n\n
polygraph examination;<\/li>\n\n\n\n
mandatory access determination;<\/li>\n\n\n\n
members.
Within Industrial Security:
The SecDef or DepSecDef can approve a carve-out provision to relieve Defense
Security Service of industrial security oversight responsibilities.
Within Physical Security:<\/li>\n\n\n\n
Within Information Security:<\/li>\n\n\n\n
Security Officer (GSSO\/
CPSO)
From Revision 1 Department of Defense Overprint to the National
Industrial Security Program Operating Manual Supplement – 1 April
2004:<\/p>\n\n\n\n\n
the highest level of Program classified information involved.<\/li>\n\n\n\n
organization.<\/li>\n\n\n\n
personnel clearance and\/or investigative requirements specified.<\/li>\n\n\n\n
supplement, and the Overprint.<\/li>\n\n\n\n
program for each SAP.<\/li>\n\n\n\n
classified material.<\/li>\n\n\n\n
of SAP information<\/li>\n\n\n\n
SAPF.<\/li>\n\n\n\n
access is approved; rebrief and debrief personnel as required.<\/li>\n\n\n\n
SAP material to and from Program elements<\/li>\n\n\n\n
such as TEMPEST Automated Information System (AIS), and
Operations Security (OPSEC) are accomplished.<\/li>\n\n\n\n
unique requirements of the SAP.<\/li>\n<\/ul>\n\n\n\n
Security Agencies (CSAs)
Department of Defense
(DoD), Director of National Intelligence (DNI), Department of Energy (DoE), and the Nuclear Regulatory Commission (NRC).<\/p>\n\n\n\n
Establish an industrial security program to safeguard classified information under its
jurisdiction.<\/p>\n\n\n\n
in DoD<\/p>\n\n\n\n\n
life cycle, which if compromised or subject
to unauthorized disclosure, decrease the advantage.<\/li>\n\n\n\n
reduce technological advantage; significantly alter program direction; or enable an adversary to defeat, counter, copy, or reverse engineer the technology or capability. Includes information
about applications, capabilities, processes and
end-items. Includes elements or components critical to a military system or network mission effectiveness. Includes technology that would
reduce the U.S. technological advantage if it came under foreign control.<\/li>\n<\/ol>\n\n\n\n\n
Convey security requirements, classification guidance and provide handling procedures for classified material received and\/or generated on a classified contract.<\/p>\n\n\n\n
whether U.S. companies are under Foreign Ownership, Control or Influence
(FOCI)<\/p>\n\n\n\n\n
espionage against the U.S. targets<\/li>\n\n\n\n
in unauthorized technology transfer<\/li>\n\n\n\n
agreements<\/li>\n\n\n\n\n
defense-related goods, services, and technologies as administered by the Director, Defense Technology Security
Administration (DTSA).<\/li>\n\n\n\n
This event cannot reasonably be expected to and does not result in the loss, compromise, or suspected compromise of classified information<\/p>\n\n\n\n
The manual that governs the DoD Information Security Program<\/p>\n\n\n\n
The executive order that governs the DoD Information Security Program<\/p>\n\n\n\n
“Classified National Security
Information; Final Rule”
The Information Security Oversight Office (ISOO) document that governs the DoD Information Security Program<\/p>\n\n\n\n
An event that results in or could be expected to result in the loss or compromise of
classified information<\/p>\n\n\n\n
Communication or physical
transfer of classified or controlled unclassified information to an unauthorized recipient<\/p>\n\n\n\n
Initial investigation for military, contractors, and civilians:
\u00b7 Special-Sensitive positions
\u00b7 Critical-Sensitive positions1
\u00b7 LAA
\u00b7 Top Secret clearance eligibility
\u00b7 IT-I duties<\/p>\n\n\n\n
Initial investigation for civilians:
\u00b7 Noncritical-Sensitive positions2
\u00b7 Confidential and Secret clearance eligibility
\u00b7 IT-II duties<\/p>\n\n\n\n
Initial National Agency Check with Law and Credit for military and contractors:
\u00b7 Secret or Confidential clearance eligibility
\u00b7 All military accessions and appointments
\u00b7 IT-II duties
\u00b7 IT-III duties (military only)<\/p>\n\n\n\n
National Agency Check with Inquiries for civilians and contractors:
\u00b7 Non-Sensitive positions
\u00b7 Low Risk
\u00b7 HSPD-12 Credentialing<\/p>\n\n\n\n
The fingerprint check portion of a PSI<\/p>\n\n\n\n
Personnel Security Program (PSP)
Ensures fairness by providing the
subject the opportunity to appeal an
unfavorable adjudicative determination<\/p>\n\n\n\n
Personnel Security Investigations (PSIs)<\/p>\n\n\n\n\n
and their investigative requirements.<\/p>\n\n\n\n\n
SSBI, SSBI-PR, or PPR<\/p>\n\n\n\n
ANACI or NACLC<\/p>\n\n\n\n
NACI<\/p>\n\n\n\n
The term when current security clearance eligibility determination is rescinded<\/p>\n\n\n\n
The term when an initial request for security clearance eligibility is not granted<\/p>\n\n\n\n
Statement of Reasons<\/p>\n\n\n\n
The purpose of the SOR is to provide
a comprehensive and detailed written
explanation of why a preliminary
unfavorable adjudicative determination
was made.<\/p>\n\n\n\n\n
material storage areas.<\/p>\n\n\n\n\n
\n
interlocking leaves.<\/li>\n\n\n\n
To detect unauthorized penetration into a secured area<\/p>\n\n\n\n
To define the physical limits of an installation, activity, or area, restrict, channel, impede access, or shield activities within the installation from immediate and direct observation<\/p>\n\n\n\n
Protect DoD personnel, their families, installations, facilities, information, and other material resources from terrorist acts<\/p>\n\n\n\n
Normal, Alpha, Bravo, Charlie, Delta<\/p>\n\n\n\n
Layered and complementary security controls sufficient to deter, detect, and document unauthorized entry and movement within an installation or facility.<\/p>\n\n\n\n
The system Mr. Smith needs to access when he needs to update his personal information on his Personnel Security Questionnaire for his re-investigation<\/p>\n\n\n\n
The first phase of the security clearance process<\/p>\n\n\n\n
A security manager uses this system to communicate with the DoD CAF<\/p>\n\n\n\n
This sub-system (used by adjudicators) and JCAVS make up the JPAS system<\/p>\n\n\n\n
A DoD system of record for personnel security clearance information<\/p>\n\n\n\n
Intelligence Community (IC) Personnel Security Database that verifies personnel security access and visit certifications.<\/p>\n\n\n\n
The DoD uses this as the standard for the uniform collection of relevant and important background information about an individual.<\/p>\n\n\n\n
PSIs are used to determine the eligibility of an individual for _<\/strong><\/em><\/strong> to classified information.<\/p>\n\n\n\n
PSIs are used to determine the eligibility of an individual for _<\/strong><\/em><\/strong> or retention to the armed forces.<\/p>\n\n\n\n
PSIs are used to determine the eligibility of an individual for _<\/strong><\/em><\/strong> or retention to sensitive duties.<\/p>\n\n\n\n
True or False: The DoD CAF is the only authority who can grant an interim clearance.<\/p>\n\n\n\n\n
Duties that have a great impact on National Security<\/p>\n\n\n\n
This is used to monitor employees for new information or changes that could affect their status.<\/p>\n\n\n\n
This is part of the Continuous Evaluation Program (CEP). It is done at certain intervals based on duties or access.<\/p>\n\n\n\n
True or False: Special access requirements are designed to provide an additional layer of security to some of our nation’s most valuable assets.<\/p>\n\n\n\n
True or False: There is no difference between a threat and a vulnerability.<\/p>\n\n\n\n
The Executive Order (E.O.) that establishes a uniform Personnel Security Program<\/p>\n\n\n\n
Implements and maintains the DoD personnel security policies and procedures<\/p>\n\n\n\n
Defines the Adjudicative Guidelines<\/p>\n\n\n\n
This is a system of records of fraud investigations<\/p>\n\n\n\n
This is a system of records of PSIs conducted by OPM<\/p>\n\n\n\n
This refers to when adjudicators must ensure that an investigation meets the minimum timeframe and element requirements before reviewing the investigation.<\/p>\n\n\n\n
During due process, military and civilian personnel may request an in-person appearance before this individual.<\/p>\n\n\n\n
Administers due process for contractor personnel.<\/p>\n\n\n\n
This board makes the final appeal determination for all personnel<\/p>\n\n\n\n
This briefing is given when an individual’s employment is terminated, clearance eligibility is withdrawn, or if the individual will be absent from duty for 60 days or more. It is also given to those who have been inadvertently exposed to classified information.<\/p>\n\n\n\n
This briefing that applies to cleared personnel who plan to travel in or through foreign countries, or attend meetings attended by representatives of other countries.<\/p>\n\n\n\n
This briefing is presented annually to personnel who have access to classified information or assignment to sensitive duties.<\/p>\n\n\n\n\n
This communicates how the SAP is acknowledged and protected.<\/p>\n\n\n\n
This protection level describes a SAP whose existence may be openly recognized. Its purpose may be identified. However, the details of the program (including its technologies, materials, and techniques) are classified as dictated by their vulnerability to exploitation and the risk of compromise. The funding is generally unclassified.<\/p>\n\n\n\n
This protection level describes a SAP whose existence and purpose are protected. The details, technologies, materials, and techniques are classified as dictated by their vulnerability to exploitation and the risk of compromise. The program funding is often classified, unacknowledged, or not directly linked to the program.<\/p>\n\n\n\n\n
Exist for each military component, the Joint Chiefs of Staff, Defense Advanced Research Projects Agency (DARPA), and Missile Defense Agency (MDA)<\/p>\n\n\n\n
The final SAP approving body chaired by the Deputy Secretary of Defense<\/p>\n\n\n\n
This group ensures there are no duplicative efforts across SAPs<\/p>\n\n\n\n
DoD SAP legislative liaison that notifies Congress of SAP approval<\/p>\n\n\n\n
Congressional committees granted SAP access<\/p>\n\n\n\n
Exercise oversight authority for the specific SAP category under their purview.<\/p>\n\n\n\n
People, information, equipment, facilities, activities, and operations<\/p>\n\n\n\n
This person is responsible for the installation’s antiterrorism program<\/p>\n\n\n\n
Responsible for providing valuable information on the capabilities, intentions, and threats of adversaries<\/p>\n\n\n\n
This person analyzes threats to assets and their vulnerabilities<\/p>\n\n\n\n
This person is charged with management, implementation, and direction of all physical security programs<\/p>\n\n\n\n
Must be integrated into our intelligence gathering process so that they can be part of coordinating emergency responses and criminal incidents on a Federal installation<\/p>\n\n\n\n
Determination based on an asset’s importance to national security and effect of loss<\/p>\n\n\n\n
Security is geared towards protecting an entire area of the installation or facility<\/p>\n\n\n\n
The intention and the capability of an adversary to undertake detrimental actions<\/p>\n\n\n\n
Security focused on the resource itself<\/p>\n\n\n\n\n
\n
The establishment of a restricted area improves security by __<\/em><\/strong><\/em><\/strong> and providing additional layers of security.<\/p>\n\n\n\n
True or False: Site lighting is used to enable guard force personnel to observe activities inside or outside the installation<\/p>\n\n\n\n
True or False: Standby lighting is used when regular lighting is not available<\/p>\n\n\n\n
Using these assists in security; however, there must always be back-up communication systems in addition to these<\/p>\n\n\n\n
This device sends a signal through wires when it has been triggered<\/p>\n\n\n\n
This system has a camera that captures a visual image, converts the image to a video signal, and transmits the image to a remote location<\/p>\n\n\n\n
This system allows one to be identified by their eye, handprint, or fingerprint<\/p>\n\n\n\n
This enables individuals to be able to authenticate themselves on security websites and securely log into computer systems<\/p>\n\n\n\n
Older style of lock; may be used for classified storage in certain cases<\/p>\n\n\n\n
Lock that complies with UL Standard 768-Group 1<\/p>\n\n\n\n
Lock that complies with FF-L-2740 series lock specification<\/p>\n\n\n\n
Lock that has limited resistance to forced entry<\/p>\n\n\n\n
A facility used by the intelligence community<\/p>\n\n\n\n
The governing authority to approve security containers<\/p>\n\n\n\n
Areas designed and authorized for the open storage of classified information. These facilities are usually build to commercial construction standards and do not afford the extra security inherent with a vault.<\/p>\n\n\n\n
Constructed to meet strict forcible entry standards, including reinforced concrete on all walls, ceiling, and floor, plus a hardened steel door<\/p>\n\n\n\n
The terrorist threat level indicating anti-U.S. terrorists are operationally active and use large casualty-producing attacks as their preferred method of operation. There is a substantial DoD presence, and the operating environment favors the terrorist.<\/p>\n\n\n\n
The terrorist threat level indicating no terrorist group is detected or the terrorist group in non-threatening<\/p>\n\n\n\n
The terrorist threat level indicating anti-U.S. terrorists are present and attack personnel as their preferred method of operation, or a group uses large casualty-producing attacks as their preferred method but has limited operational activity. The operating environment is neutral.<\/p>\n\n\n\n
The terrorist threat level indicating terrorists are present but there are no indications of anti-U.S. activity. The operating environment favors the host nation or the U.S.<\/p>\n\n\n\n
At a minimum, these should include special and general guard orders, access and material control, protective barrier lighting systems, locks, and Intrusion Detection Systems (IDS)<\/p>\n\n\n\n
Much of U.S. classified information originates within this environment<\/p>\n\n\n\n
Security compliance is overseen by this organization if a contractor works at his\/her own facility<\/p>\n\n\n\n
A contractor must adhere to the security rules of the __<\/em><\/strong> commander when working at a government installation<\/p>\n\n\n\n
The program that covers protection of classified information
by government contractors<\/p>\n\n\n\n\n
If you are a government contractor working on a contractor-owned system at a contractor facility, you must follow the security provisions of this reference<\/p>\n\n\n\n
True or False: A SAP can retain security cognizance if necessary.<\/p>\n\n\n\n
A government employee with the authority to enter into, administer, and\/or terminate contracts and make related determinations and findings<\/p>\n\n\n\n
This government employee is a subject matter expert who has regular contact with the contractor<\/p>\n\n\n\n
The document that outlines in detail what will be required to complete a contract<\/p>\n\n\n\n
The document that establishes the government’s authority to review the contractor’s security program to ensure compliance<\/p>\n\n\n\n
The form a contractor could use to determine if classified storage is required, and at what level<\/p>\n\n\n\n
A cleared individual can only have access at the _<\/em><\/strong> level as the facility clearance<\/p>\n\n\n\n
For the purpose of a visit to another cleared facility, a clearance can be verified by looking in __<\/em><\/strong><\/p>\n\n\n\n
The issuance of __<\/em><\/strong> is the responsibility of the DoD CAF<\/p>\n\n\n\n
Unauthorized disclosure of this information could reasonably be expected to cause serious damage to our national security.<\/p>\n\n\n\n
Unauthorized disclosure of this information could reasonably be expected to cause exceptionally grave damage to our national security.<\/p>\n\n\n\n
Unauthorized disclosure of this information could reasonably be expected to cause damage to our national security.<\/p>\n\n\n\n
This is defined as the incorporating, paraphrasing, restating, or generating in new form any information that is already classified.<\/p>\n\n\n\n
This is defined as an initial determination that information requires, in the interest of national security, protection against unauthorized disclosure.<\/p>\n\n\n\n
This is defined as unclassified information or classified information (at a lower level) that when the information is combined or associated reveals additional factors that qualifies for classification.<\/p>\n\n\n\n
The term used to identify individuals specifically authorized in writing to make initial classification decisions.<\/p>\n\n\n\n
This contains classification levels, special requirements and duration instructions for programs, projects, plans, etc.<\/p>\n\n\n\n
The six step process an OCA applies in making classification determinations<\/p>\n\n\n\n
The authorized change in the status of information goes from classified information to unclassified information<\/p>\n\n\n\n
The declassification system where Permanently Valuable Historical records are declassified when they are 25 years old<\/p>\n\n\n\n
The declassification system where information exempted from automatic declassification is reviewed for possible declassification<\/p>\n\n\n\n
The declassification system where the public can ask for classified information be review for declassification and public release<\/p>\n\n\n\n
The declassification system where an OCA, at the time the information is originally classified, sets a date or event for declassification<\/p>\n\n\n\n
People who are in possession of, or who are otherwise charged with safeguarding classified information<\/p>\n\n\n\n
Specific Date, Specific Event, or by the 50X1-HUM Exemption<\/p>\n\n\n\n
The process where records automatically become declassified after 25 years<\/p>\n\n\n\n
This type of information does not provide declassification instructions<\/p>\n\n\n\n\n
Security Container Check Sheet, which is used to record the opening and closing of your security container<\/p>\n\n\n\n
The Activity Security Checklist intended to verify that you did not accidentally leave classified materials unsecured, as well as, to ensure the area is safe and secure. The blank spaces can be utilized for additional warranted security and safety items, such as a block to remind personnel to complete tasks, such as turning off coffee pots.<\/p>\n\n\n\n
An unauthorized disclosure of classified information<\/p>\n\n\n\n
If classified information appears in the public media, DoD personnel must be careful not to make any statement of comment that would confirm the accuracy or verify the classified status of the information<\/p>\n\n\n\n
The possibility of compromise could exist but it is not known with certainty<\/p>\n\n\n\n
This organization maintains a register of certified security digital facsimiles<\/p>\n\n\n\n
The protection resulting from the measures designed to deny unauthorized persons information of value that might be derived from the possession and study of telecommunications and to ensure the authenticity of such communications.<\/p>\n\n\n\n
When the document has been sealed within a properly marked inner envelope you must\u2026<\/p>\n\n\n\n
Defense Courier Service<\/p>\n\n\n\n
This kind of information can be sent via USPS express only when it is the most effective means considering security, time, cost, and accountability.<\/p>\n\n\n\n
This kind of information can never be sent via USPS<\/p>\n\n\n\n
DCS, First Class mail, registered mail, and certified mail<\/p>\n\n\n\n
True or False: Hand carrying classified information should only be done as a last resort<\/p>\n\n\n\n
True or False: Anyone can determine the need for hand carrying classified information<\/p>\n\n\n\n
True or False: When someone is carrying classified information, written authorization is always required<\/p>\n\n\n\n
Courier Authorization Card<\/p>\n\n\n\n
Burned or shredded to be destroyed. It can also be destroyed with chemicals that destroy the imprints.<\/p>\n\n\n\n
Ribbons must be burned or shredded<\/p>\n\n\n\n
Must be burned, overwritten, or demagnetized<\/p>\n\n\n\n
Must be burned, shredded, or chemically decomposed of<\/p>\n\n\n\n
Must be burned, shredded, or demagnetized<\/p>\n\n\n\n
The initial briefing given to all personnel on the DoD Information Security Program<\/p>\n\n\n\n
On August 27, 2004, President Bush signed this directive; Policy for a Common Identification Standard for Federal Employees and contractors. This requires government-wide development and implementation of a standard for secure and reliable forms of identification for Federal employees and contractors.<\/p>\n\n\n\n
Physical Security Program regulation<\/p>\n\n\n\n
This document authorizes commanders to issue regulations for the protection or security of property and places under their command. This document also establishes guidelines to build consistent minimum standards for protecting DoD installations and resources.<\/p>\n","protected":false},"excerpt":{"rendered":"