SPĒD SFPC EXAM TEST 2024/2025 (ALL
AREAS)
Indicators of insider threats - CORRECT ANSWER-1. Failure to report overseas travel
or contact with foreign nationals
2. Seeking to gain higher clearance or expand access outside job scope
3. Engaging in classified conversations without NTK
4. Working inconsistent hours
5. Exploitable behavior traits
6. Repeated security violations
7. Unexplainable affluence/living above one's means
8. Illegal downloads of information/files
Elements that should be considered in identifying Critical Program
Information - CORRECT ANSWER-Elements which if compromised could:
1. cause significant degradation in mission effectiveness,
2. shorten expected combat-effective life of system
3. reduce technological advantage
4. significantly alter program direction; or
5. enable adversary to defeat, counter, copy, or reverse engineer technology/capability.
Elements that security professional should consider when assessing and managing
risks to DoD assets (risk management process) - CORRECT ANSWER-1. Assess
assets
2. Assess threats
3. Assess Vulnerabilities
4. Assess risks
5. Determine countermeasure options
6. Make RM decision
The three categories of Special Access Programs - CORRECT ANSWER-acquisition,
intelligence, and operations & support
Types of threats to classified information - CORRECT ANSWER-Insider Threat, Foreign
Intelligence Entities (FIE), criminal activities, cyber threats, business competitors
The concept of an insider threat - CORRECT ANSWER-An employee who may
represent a threat to
national security. These threats encompass potential espionage, violent acts against the
Government or the nation, and unauthorized disclosure of classified information
,The purpose of the Foreign Visitor Program - CORRECT ANSWER-To track and
approve access by a foreign entity to information that is classified; and to approve
access by a foreign entity to information that is unclassified, related to a U.S.
Government contract, or plant visits covered by ITAR.
Special Access Program - CORRECT ANSWER-A program established for a specific
class of
classified information that imposes safeguarding and access requirements that exceed
those normally required for information at the same classification level.
Enhanced security requirements for protecting Special Access Program (SAP)
information - CORRECT ANSWER-Within Personnel Security:
• Access Rosters;
• Billet Structures (if required);
• Indoctrination Agreement;
• Clearance based on appropriate investigation completed within last 5/6
years;
• Individual must materially contribute to program and have need to know (NTK);
• SAP personnel subject to random counterintelligence scope polygraph;
• Polygraph examination, if approved by the DepSecDef, may be used as a
mandatory access determination;
• Tier review process;
• Personnel must have Secret or TS clearance;
• SF-86 must be current within one year;
• Limited Access;
• Waivers required for foreign cohabitants, spouses, and immediate family
members.
Within Industrial Security:
The SecDef or DepSecDef can approve carve-out provision to relieve Defense
Security Service of industrial security oversight responsibilities.
Within Physical Security:
• Access Control;
• Maintain SAP Facility;
• Access Roster;
• All SAPs must have unclassified nickname/ Codeword (optional).
Within Information Security:
• The use of HVSACO;
• Transmission requirements (order of precedence).
Responsibilities of the Government SAP Security Officer/Contractor Program
Security Officer (GSSO/
CPSO) - CORRECT ANSWER-• Possess personnel clearance and Program access at
least equal to highest level of Program classified information involved.
• Provide security administration and management for organization.
• Ensure personnel processed for access to SAP meet prerequisite personnel clearance
and/or investigative requirements specified.
, • Ensure adequate secure storage and work spaces.
• Ensure strict adherence to the provisions of NISPOM, its supplement, and the
Overprint.
• When required, establish and oversee classified material control program for each
SAP.
• When required, conduct an annual inventory of accountable
classified material.
• When required, establish SAPF.
• Establish and oversee visitor control program.
• Monitor reproduction/duplication/destruction capability of SAP information
• Ensure adherence to special communications capabilities within SAPF.
• Provide for initial Program indoctrination of employees after access is approved;
rebrief and debrief personnel
• Establish and oversee specialized procedures for transmission of
SAP material to and from Program elements
• When required, ensure contractual specific security requirements are accomplished.
• Establish security training and briefings specifically tailored to unique requirements of
SAP.
The five Cognizant
Security Agencies (CSAs) - CORRECT ANSWER-Department of Defense
(DoD), Director of National Intelligence (DNI), Department of Energy (DoE), Department
of Homeland Security (DHS) and the Nuclear Regulatory Commission (NRC).
Cognizant Security Agencies (CSA)s' role in the National Industrial Security Program
(NISP). - CORRECT ANSWER-Establish general industrial security programs and
oversee/administer security requirements
Primary authorities governing foreign disclosure of classified military information -
CORRECT ANSWER-1. Arms Export Control Act
2. National Security Decision Memorandum 119
3. National Disclosure Policy-1
4. International Traffic in Arms Regulation (ITAR)
5. E.O.s 12829, 13526
6. Bilateral Security Agreements
7. DoD 5220.22-M, "NISPOM,"
Factors for determining
whether U.S. companies are under Foreign Ownership, Control or Influence
(FOCI) - CORRECT ANSWER-1. Record of economic and government
espionage against the U.S. targets
2. Record of enforcement/engagement
in unauthorized technology transfer
3. Type and sensitivity of information that shall be accessed
4. Source, nature and extent of FOCI
5. Record of compliance with pertinent U.S. laws, regulations and contracts
AREAS)
Indicators of insider threats - CORRECT ANSWER-1. Failure to report overseas travel
or contact with foreign nationals
2. Seeking to gain higher clearance or expand access outside job scope
3. Engaging in classified conversations without NTK
4. Working inconsistent hours
5. Exploitable behavior traits
6. Repeated security violations
7. Unexplainable affluence/living above one's means
8. Illegal downloads of information/files
Elements that should be considered in identifying Critical Program
Information - CORRECT ANSWER-Elements which if compromised could:
1. cause significant degradation in mission effectiveness,
2. shorten expected combat-effective life of system
3. reduce technological advantage
4. significantly alter program direction; or
5. enable adversary to defeat, counter, copy, or reverse engineer technology/capability.
Elements that security professional should consider when assessing and managing
risks to DoD assets (risk management process) - CORRECT ANSWER-1. Assess
assets
2. Assess threats
3. Assess Vulnerabilities
4. Assess risks
5. Determine countermeasure options
6. Make RM decision
The three categories of Special Access Programs - CORRECT ANSWER-acquisition,
intelligence, and operations & support
Types of threats to classified information - CORRECT ANSWER-Insider Threat, Foreign
Intelligence Entities (FIE), criminal activities, cyber threats, business competitors
The concept of an insider threat - CORRECT ANSWER-An employee who may
represent a threat to
national security. These threats encompass potential espionage, violent acts against the
Government or the nation, and unauthorized disclosure of classified information
,The purpose of the Foreign Visitor Program - CORRECT ANSWER-To track and
approve access by a foreign entity to information that is classified; and to approve
access by a foreign entity to information that is unclassified, related to a U.S.
Government contract, or plant visits covered by ITAR.
Special Access Program - CORRECT ANSWER-A program established for a specific
class of
classified information that imposes safeguarding and access requirements that exceed
those normally required for information at the same classification level.
Enhanced security requirements for protecting Special Access Program (SAP)
information - CORRECT ANSWER-Within Personnel Security:
• Access Rosters;
• Billet Structures (if required);
• Indoctrination Agreement;
• Clearance based on appropriate investigation completed within last 5/6
years;
• Individual must materially contribute to program and have need to know (NTK);
• SAP personnel subject to random counterintelligence scope polygraph;
• Polygraph examination, if approved by the DepSecDef, may be used as a
mandatory access determination;
• Tier review process;
• Personnel must have Secret or TS clearance;
• SF-86 must be current within one year;
• Limited Access;
• Waivers required for foreign cohabitants, spouses, and immediate family
members.
Within Industrial Security:
The SecDef or DepSecDef can approve carve-out provision to relieve Defense
Security Service of industrial security oversight responsibilities.
Within Physical Security:
• Access Control;
• Maintain SAP Facility;
• Access Roster;
• All SAPs must have unclassified nickname/ Codeword (optional).
Within Information Security:
• The use of HVSACO;
• Transmission requirements (order of precedence).
Responsibilities of the Government SAP Security Officer/Contractor Program
Security Officer (GSSO/
CPSO) - CORRECT ANSWER-• Possess personnel clearance and Program access at
least equal to highest level of Program classified information involved.
• Provide security administration and management for organization.
• Ensure personnel processed for access to SAP meet prerequisite personnel clearance
and/or investigative requirements specified.
, • Ensure adequate secure storage and work spaces.
• Ensure strict adherence to the provisions of NISPOM, its supplement, and the
Overprint.
• When required, establish and oversee classified material control program for each
SAP.
• When required, conduct an annual inventory of accountable
classified material.
• When required, establish SAPF.
• Establish and oversee visitor control program.
• Monitor reproduction/duplication/destruction capability of SAP information
• Ensure adherence to special communications capabilities within SAPF.
• Provide for initial Program indoctrination of employees after access is approved;
rebrief and debrief personnel
• Establish and oversee specialized procedures for transmission of
SAP material to and from Program elements
• When required, ensure contractual specific security requirements are accomplished.
• Establish security training and briefings specifically tailored to unique requirements of
SAP.
The five Cognizant
Security Agencies (CSAs) - CORRECT ANSWER-Department of Defense
(DoD), Director of National Intelligence (DNI), Department of Energy (DoE), Department
of Homeland Security (DHS) and the Nuclear Regulatory Commission (NRC).
Cognizant Security Agencies (CSA)s' role in the National Industrial Security Program
(NISP). - CORRECT ANSWER-Establish general industrial security programs and
oversee/administer security requirements
Primary authorities governing foreign disclosure of classified military information -
CORRECT ANSWER-1. Arms Export Control Act
2. National Security Decision Memorandum 119
3. National Disclosure Policy-1
4. International Traffic in Arms Regulation (ITAR)
5. E.O.s 12829, 13526
6. Bilateral Security Agreements
7. DoD 5220.22-M, "NISPOM,"
Factors for determining
whether U.S. companies are under Foreign Ownership, Control or Influence
(FOCI) - CORRECT ANSWER-1. Record of economic and government
espionage against the U.S. targets
2. Record of enforcement/engagement
in unauthorized technology transfer
3. Type and sensitivity of information that shall be accessed
4. Source, nature and extent of FOCI
5. Record of compliance with pertinent U.S. laws, regulations and contracts
