SFPC study questions and answers for INFOSEC portion
Responsible for ensuring that policy requirements for addressing an unauthorized disclosure
are met. - correct answer Activity Security Manger, Information Assurance Staff, Information
Assurance Manger, and Information Assurance Officer.
What is the responsibility of the Information Security Oversight Office, or ISOO? - correct
answer To oversee and mange the information security program, under the guidance of the
National Security Council, NSC
What is the responsibility of the National Security Council, or NSC? - correct answer Provide the
overall policy direction for the information security program. Assist the President in developing
and issuing National Security Policies, and it guides and directs the implementation and
application of the EXO. The NSC exercises its guidance primarily through the ISOO.
What is the USD(I) and their responsibility? - correct answer The Under Secretary of Defense
for Intelligence has the primary responsibility for providing guidance, oversight, and approval
authority of policies and procedures that govern the DoD Information Security Program (by
issuing the DoD Instruction 5200.01).
The three levels of classified information are designated by what executive order? - correct
answer - EO 13526
What are the 5 requirements for Derivative Classification? - correct answer 1) Observe and
respect the OCAs original class determination. 2) Apply the required markings 3) Only use
authorized sources 4) Use caution when paraphrasing 5) Always take the appropriate steps to
resolve any doubts you have
What are the 4 types of Declassification Systems? - correct answer Scheduled, automatic,
mandatory, and systematic.
What is Scheduled Declassification? - correct answer Instructions consist of either a date or
event for declassification.
What is Automatic Declassification? - correct answer Classified records that have been
determined to have permanent historical value, will be automatically declassified on December
31st of the year that is 25 years from the date of its original classification.. There are 9
categories of information that may be classified beyond 25 years. You can easily identify this
information by the use of a 25X instruction for declassification. The exemptions are annotated
as 25X with the category number following the X, for example, 25X1 or 25X9.)
What is Mandatory Declassification Review, or MDR? - correct answer It is another method of
declassifying information, based on requesting a review of the information to see if
classification is still necessary.
,What is Systematic Declassification? - correct answer A program to review classified records
after a certain age.
What are the options an OCA has when determining declassification? - correct answer Specific
Date, Specific Event, or by the 50X1-HUM Exemption
What type of information does not provide declassification instructions? - correct answer
Restricted Data and Formerly Restricted Data
What are the purposes of the SF701 and SF 702? - correct answer The SF 701, or the Activity
Security Checklist, is used to record your End of Day checks. The SF 702, or the Security
Container Check Sheet, is used to record the opening and closing of your security container.
What does the term Information System refer to? - correct answer Refers to a set of
information resources organized for the collection, storage, processing, maintenance, use,
sharing, dissemination, disposition, display, or transmission of information.
What is COMSEC? - correct answer Communications Security, or COMSEC, is defined as the
protection resulting from all measures designed to deny unauthorized persons, information of
value that might be derived from the possession and study of telecommunications, and to
ensure the authenticity of such communications. COMSEC includes crypto security, emission
security, transmission security, and physical security of COMSEC material and information.
How is classified information prepared for transportation? - correct answer Classified material
needs to be prepared for shipment, packaged, and sealed in ways that minimize risk of
accidental exposure and facilitates detection of tampering.
When should classified information be hand carried? - correct answer Only as a last resort
What is required to hand carry classified information? - correct answer Written authorization
What must be done before a courier hand carries classified information? - correct answer The
courier must be briefed
What must be included in a Courier Briefing? - correct answer 1) Courier's liability for the
materials 2) Material cannot be left unattended 3) Should not be opened en route (unless
customs) 4) No public discussion 5) Follow an authorized travel route and schedule 6) In case of
ER, protect classified material 7) All travel documents must be valid and current
When can Secret information can be sent via USPS? - correct answer Only when it is the most
effective means considering security, time, cost, and accountability.
List 3 approved methods for destroying classified material. - correct answer Burning, shredding,
pulverizing, disintegrating, pulping, melting, chemical decomposition, and mutilation to
preclude recognition.
Which agency creates the destruction standard that DoD uses? - correct answer The NSA.
, What is NATO? - correct answer The North Atlantic Treaty Organization, or NATO, is an alliance
of 28 countries from North America and Europe, committed to fulfilling the goals of the North
Atlantic Treaty signed on April 4, 1949. The United States is a member of NATO, and as such,
has access to NATO classified documents. NATO classified information, or documents prepared
by or for NATO, and NATO member nation documents that have been released into the NATO
security system, and that bear a NATO classification marking, needs to be safeguarded and
marked in compliance with United States Security Authority for NATO, or USSAN.
List 3 FOIA exemption categories - correct answer 1) National defense 2) DoD personnel
practices 3) Statutes 4) Trade secrets 5) Litigation 6) Personal and private 7) Law enforcement
8) Regulation of financial institutions 9) Well location
What is FOIA? - correct answer The Freedom of Information Act, or FOIA, recognizes the need
to withhold certain types of information from public release and, therefore, establishes the
guidance and framework for evaluating information for release to the public. The FOIA provides
that, for information to be exempt from mandatory release, it must first fit into one of nine
qualifying categories and there must be a legitimate Government purpose served by
withholding it..
What is STIP? - correct answer STIP stands for the DoD Scientific and Technical Information
Program. STIP is not a control marking. STIP was established to improve and enhance the
acquisition of data sources to prevent redundant research to disseminate technical information
efficiently to prevent the loss of technical information to U.S. adversaries and competitors and
last, but no less important, STIP was established to aid the transfer of technical information to
qualified researchers in U.S industry and government agencies.
List 5 common briefings. - correct answer 1) Initial 2) Indoctrination (access to special types of
class data, such as SCI/G/H/etc.) 3) Annual Refresher 4) Debriefing 5) Courier 6) NATO 7) Non-
Disclosure Briefing (unauthorized access) 8) Foreign Travel Briefing 9) Attestation (SAP briefing)
10) Antiterrorism/Force Protection (AT/FP)
What must an initial briefing accomplish? - correct answer Define classified information and
CUI; explain the importance of protecting such information; provide a basic understanding of
security policies and principles; notify personnel of their responsibilities within the security
program, and inform them of the administrative, civil, and/or criminal sanctions that can be
applied when appropriate; provide individuals enough information to ensure the proper
protection of classified information and CUI in their possession, including actions to be taken if
such information is discovered unsecured, a security vulnerability is noted, or a person has
been seeking unauthorized access to such information; and inform personnel of the need for
review of ALL unclassified DoD information prior to its release to the public.
What must a debriefing accomplish? - correct answer Emphasizes an individual's continued
responsibility to protect classified information to which they have had access; instructions for
reporting any unauthorized attempt to gain access to such information; advised on the
Responsible for ensuring that policy requirements for addressing an unauthorized disclosure
are met. - correct answer Activity Security Manger, Information Assurance Staff, Information
Assurance Manger, and Information Assurance Officer.
What is the responsibility of the Information Security Oversight Office, or ISOO? - correct
answer To oversee and mange the information security program, under the guidance of the
National Security Council, NSC
What is the responsibility of the National Security Council, or NSC? - correct answer Provide the
overall policy direction for the information security program. Assist the President in developing
and issuing National Security Policies, and it guides and directs the implementation and
application of the EXO. The NSC exercises its guidance primarily through the ISOO.
What is the USD(I) and their responsibility? - correct answer The Under Secretary of Defense
for Intelligence has the primary responsibility for providing guidance, oversight, and approval
authority of policies and procedures that govern the DoD Information Security Program (by
issuing the DoD Instruction 5200.01).
The three levels of classified information are designated by what executive order? - correct
answer - EO 13526
What are the 5 requirements for Derivative Classification? - correct answer 1) Observe and
respect the OCAs original class determination. 2) Apply the required markings 3) Only use
authorized sources 4) Use caution when paraphrasing 5) Always take the appropriate steps to
resolve any doubts you have
What are the 4 types of Declassification Systems? - correct answer Scheduled, automatic,
mandatory, and systematic.
What is Scheduled Declassification? - correct answer Instructions consist of either a date or
event for declassification.
What is Automatic Declassification? - correct answer Classified records that have been
determined to have permanent historical value, will be automatically declassified on December
31st of the year that is 25 years from the date of its original classification.. There are 9
categories of information that may be classified beyond 25 years. You can easily identify this
information by the use of a 25X instruction for declassification. The exemptions are annotated
as 25X with the category number following the X, for example, 25X1 or 25X9.)
What is Mandatory Declassification Review, or MDR? - correct answer It is another method of
declassifying information, based on requesting a review of the information to see if
classification is still necessary.
,What is Systematic Declassification? - correct answer A program to review classified records
after a certain age.
What are the options an OCA has when determining declassification? - correct answer Specific
Date, Specific Event, or by the 50X1-HUM Exemption
What type of information does not provide declassification instructions? - correct answer
Restricted Data and Formerly Restricted Data
What are the purposes of the SF701 and SF 702? - correct answer The SF 701, or the Activity
Security Checklist, is used to record your End of Day checks. The SF 702, or the Security
Container Check Sheet, is used to record the opening and closing of your security container.
What does the term Information System refer to? - correct answer Refers to a set of
information resources organized for the collection, storage, processing, maintenance, use,
sharing, dissemination, disposition, display, or transmission of information.
What is COMSEC? - correct answer Communications Security, or COMSEC, is defined as the
protection resulting from all measures designed to deny unauthorized persons, information of
value that might be derived from the possession and study of telecommunications, and to
ensure the authenticity of such communications. COMSEC includes crypto security, emission
security, transmission security, and physical security of COMSEC material and information.
How is classified information prepared for transportation? - correct answer Classified material
needs to be prepared for shipment, packaged, and sealed in ways that minimize risk of
accidental exposure and facilitates detection of tampering.
When should classified information be hand carried? - correct answer Only as a last resort
What is required to hand carry classified information? - correct answer Written authorization
What must be done before a courier hand carries classified information? - correct answer The
courier must be briefed
What must be included in a Courier Briefing? - correct answer 1) Courier's liability for the
materials 2) Material cannot be left unattended 3) Should not be opened en route (unless
customs) 4) No public discussion 5) Follow an authorized travel route and schedule 6) In case of
ER, protect classified material 7) All travel documents must be valid and current
When can Secret information can be sent via USPS? - correct answer Only when it is the most
effective means considering security, time, cost, and accountability.
List 3 approved methods for destroying classified material. - correct answer Burning, shredding,
pulverizing, disintegrating, pulping, melting, chemical decomposition, and mutilation to
preclude recognition.
Which agency creates the destruction standard that DoD uses? - correct answer The NSA.
, What is NATO? - correct answer The North Atlantic Treaty Organization, or NATO, is an alliance
of 28 countries from North America and Europe, committed to fulfilling the goals of the North
Atlantic Treaty signed on April 4, 1949. The United States is a member of NATO, and as such,
has access to NATO classified documents. NATO classified information, or documents prepared
by or for NATO, and NATO member nation documents that have been released into the NATO
security system, and that bear a NATO classification marking, needs to be safeguarded and
marked in compliance with United States Security Authority for NATO, or USSAN.
List 3 FOIA exemption categories - correct answer 1) National defense 2) DoD personnel
practices 3) Statutes 4) Trade secrets 5) Litigation 6) Personal and private 7) Law enforcement
8) Regulation of financial institutions 9) Well location
What is FOIA? - correct answer The Freedom of Information Act, or FOIA, recognizes the need
to withhold certain types of information from public release and, therefore, establishes the
guidance and framework for evaluating information for release to the public. The FOIA provides
that, for information to be exempt from mandatory release, it must first fit into one of nine
qualifying categories and there must be a legitimate Government purpose served by
withholding it..
What is STIP? - correct answer STIP stands for the DoD Scientific and Technical Information
Program. STIP is not a control marking. STIP was established to improve and enhance the
acquisition of data sources to prevent redundant research to disseminate technical information
efficiently to prevent the loss of technical information to U.S. adversaries and competitors and
last, but no less important, STIP was established to aid the transfer of technical information to
qualified researchers in U.S industry and government agencies.
List 5 common briefings. - correct answer 1) Initial 2) Indoctrination (access to special types of
class data, such as SCI/G/H/etc.) 3) Annual Refresher 4) Debriefing 5) Courier 6) NATO 7) Non-
Disclosure Briefing (unauthorized access) 8) Foreign Travel Briefing 9) Attestation (SAP briefing)
10) Antiterrorism/Force Protection (AT/FP)
What must an initial briefing accomplish? - correct answer Define classified information and
CUI; explain the importance of protecting such information; provide a basic understanding of
security policies and principles; notify personnel of their responsibilities within the security
program, and inform them of the administrative, civil, and/or criminal sanctions that can be
applied when appropriate; provide individuals enough information to ensure the proper
protection of classified information and CUI in their possession, including actions to be taken if
such information is discovered unsecured, a security vulnerability is noted, or a person has
been seeking unauthorized access to such information; and inform personnel of the need for
review of ALL unclassified DoD information prior to its release to the public.
What must a debriefing accomplish? - correct answer Emphasizes an individual's continued
responsibility to protect classified information to which they have had access; instructions for
reporting any unauthorized attempt to gain access to such information; advised on the
