1
SAPPC Study Guide Questions with Correct
Answers | Updated (100% Correct Answers)
Describe the purpose, intent, and security professional's role in each
step of the Command Cyber Readiness Inspections (CCRI) process
Answer: Defining the scope, the inspection phase, documentation
of observations, and reporting findings. A security professional
would have responsibilities in defining the scope of the inspection,
overseeing the self-inspection and remediation efforts, and
coordinating with the CCRI team throughout the remainder of the
process
List two factors that should be considered when determining
position sensitivity Answer: (1) Level of access to classified
information (2) IT level needed (3) Duties associated with position
Explain the process for responding to a "spillage" Answer: 1.
Detection (implied)
2. Notification and preliminary inquiry
3. Containment and continuity of operations
4. Formal inquiry
5. Resolution
© 2025 All rights reserved
,2
6. Reporting
Explain how the adjudication process contributes to effective risk
management of DoD assets Answer: Determines an individual's
loyalty, reliability, and trustworthiness are in the best interest of
national security
Explain why access control measures are contingent on Force
Protection Conditions Answer: The Force Protection Conditions
determine the amount of control measures needed to be taken in
response to various levels of threats against military facilities or
installations.
Define the purpose and function of the militarily critical
technologies list (MCTL) Answer: Serves as a technical reference for
the development and implementation of DoD technology, security
policies on international transfers of defense-related goods, services,
and technologies as administered by the Director, Defense
Technology Security Administration (DTSA).
Describe how authorization of Limited Access Authority impacts risk
to DoD assets Answer: Increases risk by allowing a foreign national
access to classified information. Reduces risk by ensuring Foreign
Nationals with a unique or unusual skills set have been properly
investigated, adjudicated or vetted before being granted access to
specific pieces of classified information only.
© 2025 All rights reserved
, 3
List three different types of threats to classified information Answer:
(1) Insider threat
(2) Foreign Intelligence entities
(3) Cybersecurity Threat
What is the security professionals' role in pursuing and meeting
cyber security goals? Answer: The role of the cyberspace workforce
is to "secure, defend, and preserve data, networks, net-centric
capabilities, and other designated systems by ensuring appropriate
security controls and measures are in place, and taking internal
defense actions" (DoDD 8140.01). Per DoDI 8500.01, Cybersecurity
(March 14, 2014), personnel occupying cybersecurity positions must
be assigned in writing and trained / qualified in accordance with
their role.
Identify specific baseline administrative and/or physical security
controls applicable to each system categorization Answer: Controls
are identified by enumerating the common controls, identifying
those relevant to the categorization level as defined in NIST SP 800-
53, potentially tailored by the Authorizing Official, and overlays are
applied based on the nature of the system.
List three (3) factors for determining whether US companies are
under Foreign Ownership Control of Influence (FOCI) Answer: 1.
© 2025 All rights reserved
SAPPC Study Guide Questions with Correct
Answers | Updated (100% Correct Answers)
Describe the purpose, intent, and security professional's role in each
step of the Command Cyber Readiness Inspections (CCRI) process
Answer: Defining the scope, the inspection phase, documentation
of observations, and reporting findings. A security professional
would have responsibilities in defining the scope of the inspection,
overseeing the self-inspection and remediation efforts, and
coordinating with the CCRI team throughout the remainder of the
process
List two factors that should be considered when determining
position sensitivity Answer: (1) Level of access to classified
information (2) IT level needed (3) Duties associated with position
Explain the process for responding to a "spillage" Answer: 1.
Detection (implied)
2. Notification and preliminary inquiry
3. Containment and continuity of operations
4. Formal inquiry
5. Resolution
© 2025 All rights reserved
,2
6. Reporting
Explain how the adjudication process contributes to effective risk
management of DoD assets Answer: Determines an individual's
loyalty, reliability, and trustworthiness are in the best interest of
national security
Explain why access control measures are contingent on Force
Protection Conditions Answer: The Force Protection Conditions
determine the amount of control measures needed to be taken in
response to various levels of threats against military facilities or
installations.
Define the purpose and function of the militarily critical
technologies list (MCTL) Answer: Serves as a technical reference for
the development and implementation of DoD technology, security
policies on international transfers of defense-related goods, services,
and technologies as administered by the Director, Defense
Technology Security Administration (DTSA).
Describe how authorization of Limited Access Authority impacts risk
to DoD assets Answer: Increases risk by allowing a foreign national
access to classified information. Reduces risk by ensuring Foreign
Nationals with a unique or unusual skills set have been properly
investigated, adjudicated or vetted before being granted access to
specific pieces of classified information only.
© 2025 All rights reserved
, 3
List three different types of threats to classified information Answer:
(1) Insider threat
(2) Foreign Intelligence entities
(3) Cybersecurity Threat
What is the security professionals' role in pursuing and meeting
cyber security goals? Answer: The role of the cyberspace workforce
is to "secure, defend, and preserve data, networks, net-centric
capabilities, and other designated systems by ensuring appropriate
security controls and measures are in place, and taking internal
defense actions" (DoDD 8140.01). Per DoDI 8500.01, Cybersecurity
(March 14, 2014), personnel occupying cybersecurity positions must
be assigned in writing and trained / qualified in accordance with
their role.
Identify specific baseline administrative and/or physical security
controls applicable to each system categorization Answer: Controls
are identified by enumerating the common controls, identifying
those relevant to the categorization level as defined in NIST SP 800-
53, potentially tailored by the Authorizing Official, and overlays are
applied based on the nature of the system.
List three (3) factors for determining whether US companies are
under Foreign Ownership Control of Influence (FOCI) Answer: 1.
© 2025 All rights reserved
