SAPPC Certification Study Guide
Sharing and reporting information is essential to detecting
potential insider threats. True or False? - ANSWER -
True Security Asset Protection Professional Certification
(SAPPC) definition? - ANSWER -The Individual
applies foundational security concepts, principles, and
practices. (Core Certification for SPed).
Two security professionals - Paul and Ashley - are
discussing security program areas.
Paul says that Information Security practitioners train Security Program Integration Professional Certification
and/or advise Original Classification Authorities in the (SPIPC) definition? - ANSWER -The individual
application of the process for making classification understands and applies risk assessment and security
determinations. program management based on security concepts,
principles, and practices. (Core Certification for SPed).
Ashley says that Physical Security practitioners work with
a facility's Antiterrorism Officer to deploy defensive
measures designed to reduce the facility's vulnerability
from terrorist attacks. - ANSWER -Paul and Ashley Security Enterprise Professional Certification (SEPC)
are both correct definition? - ANSWER -The individual understands
and applies concepts, principles, and practices for
managing enterprise-wide security.
Two security professionals - Paul and Ashley - are
discussing security program areas.
What are the three principle incident/events required to be
Paul says that Information Security practitioners work with reported to DoD Counterintelligence (CI) organizations? -
a facility's Antiterrorism Officer to deploy defensive ANSWER -Espionage, Sabotage, Terrorism & Cyber
measures designed to reduce the facility's vulnerability Policy
from terrorist attacks.
Ashley says that Personnel Security practitioners train
and/or advise Original Classification Authorities in the PMO is an abbreviation for? - ANSWER -Program
application of the process for making classification
Management Office
determinations. - ANSWER -Paul and Ashley are
both incorrect
Provides the legal requirements to use lawful means to
ensure U. S. receives the best intelligence available? -
SPeD is an abbreviation for? - ANSWER -Security ANSWER -E.O. 12333
Professional Education Development
The manual that includes CI-related requirements for
SPed is a certification program of what agency? - Industry? - ANSWER -DoD 5220.22-M (NISPOM)
ANSWER -Department of Defense
Regulation mandating CI-specific training, briefing, and
Security Fundamentals Professional Certification (SFPC) reporting? - ANSWER -DoDI5240.6: CI Awareness,
definition? - ANSWER -The individual understands Briefing, and Reporting Programs
foundational security concepts, principles, and practices.
(Core
Certification for SPed).
Regulation providing procedures to follow when classified
1/9
, SAPPC Certification Study Guide
information is compromised? - ANSWER -DoD
5200.1-R: information Security Program
List three elements that a security professional should
consider when assessing and managing risks to DoD
assets? - ANSWER -Asset
What are three principle incidents/events required to Threat
report to DoD counterintelligence (CI) organizations? - Vulnerability
ANSWER -Espionage, Sabotage, Terrorism & Cyber Risk
Policy Countermeasures
List three different types of threats to classified Describe the purpose of the Foreign Visitor Program? -
information? - ANSWER -Insider Threat, Foreign ANSWER -To track and approve access by a foreign
Intelligence Entities (FIE), Cybersecurity Threat entity to information that is classified; and to approve
access by a foreign entity to information that is
unclassified, related to a U.S. Government contract, or
plant visits covered by ITAR.
List three indicators of insider threats? - ANSWER -
Failure to report overseas travel or contact with foreign
nationals.
Seeking to gain higher clearance or expand access Briefly define a Special Access Program (SAP)? -
outside the job scope. ANSWER -A program established for a specific class
Engaging in classified conversations without a need to of classified information that imposes safeguarding and
know. access requirements that exceed those normally required
Working hours inconsistent with job assignment or for information at the same classification level.
insistence on working in private.
Exploitable behavior traits.
Repeated security violations.
Attempting to enter areas not granted access to. List three enhanced security requirements for protecting
Special Access Program (SAP) Information within
Personnel Security? - ANSWER -Access Rosters
Billet Structures (if required)
List three elements that should be considered in Indoctrination Agreement
identifying Critical Program Information? - Clearance based on an appropriate investigation
ANSWER -- Cause significant degradation in completed within the last 5 years
mission effectiveness Individual must materially contribute to the program in
- Shorten the expected combat-effective life of the system addition to having the need to know
- Reduce technological advantage All individuals with access to SAP are subject to a random
- Significantly alter program direction counterintelligence-scope polygraph
- Enable an adversary to defeat, counter, copy, or
reverse-engineer the technology or capability.
Identify the four Cognizant Security Agencies (CSA)? -
ANSWER -Department of Defense (DoD)
Briefly describe the concept of insider threat? - Director of National Intelligence (DNI)
ANSWER -An employee who may represent a threat Department of Energy (DoE)
to national security. These threats encompass potential Nuclear Regulatory Commission (NRC).
espionage, violent acts against the Government or the
nation, and unauthorized disclosure of classified
information, including the vast amounts of classified data
available on interconnected United States Government Describe the CSA's role in the National Industrial Security
computer networks and systems. Program (NISP)? - ANSWER -To establish an
industrial security program to safeguard classified
2/9
Sharing and reporting information is essential to detecting
potential insider threats. True or False? - ANSWER -
True Security Asset Protection Professional Certification
(SAPPC) definition? - ANSWER -The Individual
applies foundational security concepts, principles, and
practices. (Core Certification for SPed).
Two security professionals - Paul and Ashley - are
discussing security program areas.
Paul says that Information Security practitioners train Security Program Integration Professional Certification
and/or advise Original Classification Authorities in the (SPIPC) definition? - ANSWER -The individual
application of the process for making classification understands and applies risk assessment and security
determinations. program management based on security concepts,
principles, and practices. (Core Certification for SPed).
Ashley says that Physical Security practitioners work with
a facility's Antiterrorism Officer to deploy defensive
measures designed to reduce the facility's vulnerability
from terrorist attacks. - ANSWER -Paul and Ashley Security Enterprise Professional Certification (SEPC)
are both correct definition? - ANSWER -The individual understands
and applies concepts, principles, and practices for
managing enterprise-wide security.
Two security professionals - Paul and Ashley - are
discussing security program areas.
What are the three principle incident/events required to be
Paul says that Information Security practitioners work with reported to DoD Counterintelligence (CI) organizations? -
a facility's Antiterrorism Officer to deploy defensive ANSWER -Espionage, Sabotage, Terrorism & Cyber
measures designed to reduce the facility's vulnerability Policy
from terrorist attacks.
Ashley says that Personnel Security practitioners train
and/or advise Original Classification Authorities in the PMO is an abbreviation for? - ANSWER -Program
application of the process for making classification
Management Office
determinations. - ANSWER -Paul and Ashley are
both incorrect
Provides the legal requirements to use lawful means to
ensure U. S. receives the best intelligence available? -
SPeD is an abbreviation for? - ANSWER -Security ANSWER -E.O. 12333
Professional Education Development
The manual that includes CI-related requirements for
SPed is a certification program of what agency? - Industry? - ANSWER -DoD 5220.22-M (NISPOM)
ANSWER -Department of Defense
Regulation mandating CI-specific training, briefing, and
Security Fundamentals Professional Certification (SFPC) reporting? - ANSWER -DoDI5240.6: CI Awareness,
definition? - ANSWER -The individual understands Briefing, and Reporting Programs
foundational security concepts, principles, and practices.
(Core
Certification for SPed).
Regulation providing procedures to follow when classified
1/9
, SAPPC Certification Study Guide
information is compromised? - ANSWER -DoD
5200.1-R: information Security Program
List three elements that a security professional should
consider when assessing and managing risks to DoD
assets? - ANSWER -Asset
What are three principle incidents/events required to Threat
report to DoD counterintelligence (CI) organizations? - Vulnerability
ANSWER -Espionage, Sabotage, Terrorism & Cyber Risk
Policy Countermeasures
List three different types of threats to classified Describe the purpose of the Foreign Visitor Program? -
information? - ANSWER -Insider Threat, Foreign ANSWER -To track and approve access by a foreign
Intelligence Entities (FIE), Cybersecurity Threat entity to information that is classified; and to approve
access by a foreign entity to information that is
unclassified, related to a U.S. Government contract, or
plant visits covered by ITAR.
List three indicators of insider threats? - ANSWER -
Failure to report overseas travel or contact with foreign
nationals.
Seeking to gain higher clearance or expand access Briefly define a Special Access Program (SAP)? -
outside the job scope. ANSWER -A program established for a specific class
Engaging in classified conversations without a need to of classified information that imposes safeguarding and
know. access requirements that exceed those normally required
Working hours inconsistent with job assignment or for information at the same classification level.
insistence on working in private.
Exploitable behavior traits.
Repeated security violations.
Attempting to enter areas not granted access to. List three enhanced security requirements for protecting
Special Access Program (SAP) Information within
Personnel Security? - ANSWER -Access Rosters
Billet Structures (if required)
List three elements that should be considered in Indoctrination Agreement
identifying Critical Program Information? - Clearance based on an appropriate investigation
ANSWER -- Cause significant degradation in completed within the last 5 years
mission effectiveness Individual must materially contribute to the program in
- Shorten the expected combat-effective life of the system addition to having the need to know
- Reduce technological advantage All individuals with access to SAP are subject to a random
- Significantly alter program direction counterintelligence-scope polygraph
- Enable an adversary to defeat, counter, copy, or
reverse-engineer the technology or capability.
Identify the four Cognizant Security Agencies (CSA)? -
ANSWER -Department of Defense (DoD)
Briefly describe the concept of insider threat? - Director of National Intelligence (DNI)
ANSWER -An employee who may represent a threat Department of Energy (DoE)
to national security. These threats encompass potential Nuclear Regulatory Commission (NRC).
espionage, violent acts against the Government or the
nation, and unauthorized disclosure of classified
information, including the vast amounts of classified data
available on interconnected United States Government Describe the CSA's role in the National Industrial Security
computer networks and systems. Program (NISP)? - ANSWER -To establish an
industrial security program to safeguard classified
2/9
