SFPC INFORMATION SECURITY EXAM WITH ACTUAL QUESTIONS AND
CORRECT VERIFIED ANSWERS .
Critical program information includes both classified military information and controlled
unclassified information: - (ANSWER)True
Critical program information needs to be protected from unauthorized or inadvertent destruction,
transfer, alteration, or loss: - (ANSWER)True @#$%^&*()_
+
Compromise of critical program information can significantly alter program direction, shorten
combat effective life of the system, or require additional research, development, test, and
evaluation resources to counter impact of its loss: - (ANSWER)True
SCGs address the possibility that the compilation and aggregation of the COP may reveal
classified information: - (ANSWER)True
The organizational or command security manager is responsible for developing, approving, and
implementing the Program Protection Plan- a single source document that specifies all protection
efforts designed to deny unauthorized access to critical program information: - (ANSWER)False
The preparation and implementation of a Program Protection Plan is based on effective
application of risk avoidance methodology: - (ANSWER)False
The Program Protection Plan needs to be classified according to its content: - (ANSWER)True
Two security professionals (Jo and Chris) are discussing the policy documents associated with
information classification
-Jo says that EO 13526 calls for basic classification policy that advocates classifying information
only when necessary to prevent damage to US national security and only for as long as
necessary, but not for longer than 15 years
-Chris says that DoD 5200.2R is the policy document that established the baseline information
security requirements for the DoD
Who is correct? - (ANSWER)Both are incorrect
Two security professionals (Jo and Chris) are discussing the topic of classifying information
-Jo says that information eligible for classification is owned by, produced for, or is under the
strict control of the government
Chris says that the three classification levels differ in the extent of damage one can expect from
the unauthorized disclosure of the designated information
Who is correct? - (ANSWER)Both correct
,SFPC INFORMATION SECURITY EXAM WITH ACTUAL QUESTIONS AND
CORRECT VERIFIED ANSWERS .
Two security professionals (Jo and Chris) are discussing the topic of classifying information
-Jo says that information can be classified to prevent or delay public release
-Chris says that information ineligible for classification can still be classified if there is a need to
limit dissemination of the information
@#$%^&*()_
Who is correct? - (ANSWER)Both are incorrect +
Two security professionals (Jo and Chris) are discussing the topic of original classification
-Jo says that original classification refers to the initial determination that information requires
protection against unauthorized disclosure in the interest of US national security
-Chris says that original classification entails the use of a 6 step process that results in the
information custodian making a classification determination
Who is correct? - (ANSWER)Jo is correct
Original classification authority is delegated to occupants of a position: - (ANSWER)True
Delegation of the original classification authority (OCA) needs to specify the lowest level the
OCA can classify a piece of information: - (ANSWER)False
An OCA cannot issue a SCG until approved by the Information Security Oversight Office
(ISOO): - (ANSWER)False
Declassified foreign government information may be considered for original classification by an
OCA: - (ANSWER)False
An OCA can communicate their classification decision by issuing either a security classification
guide or a properly marked source document: - (ANSWER)True
The original classification process begins with a determination of whether or not the information
is official government information and is not already classified by another OCA: -
(ANSWER)True
The original classification process only includes the assignment of a classification level to
eligible official government information, but not a determination of how long the classification
should last: - (ANSWER)False
EO 13526 requires the OCA to identify or describe the damage to national security that could
reasonably be expected from the unauthorized disclosure of the information: - (ANSWER)True
, SFPC INFORMATION SECURITY EXAM WITH ACTUAL QUESTIONS AND
CORRECT VERIFIED ANSWERS .
Prior to making classification determinations using the original classification process, the OCA
must go through required training per DoD 5200.1-R: - (ANSWER)True
Two security professionals (Jo and Chris) are discussing the topic of derivative classification
-Jo says that needs to be reviewed and approved by delegates of the OCA @#$%^&*()_
-Chris says that derivative classification refers to an individual's responsibility to properly mark
+
newly developed material consistent with the classification markings specified in authorized
sources
Who is correct? - (ANSWER)Chris is correct
The derivative classification process includes the evaluation of the original classification
authority's original classification determination: - (ANSWER)False
The derivative classification process calls for the use of the authorized source, such as the DD
254 to apply required markings on derivative documents: - (ANSWER)True
The SCG takes precedence when there is a conflict between marking information presented in
the source document and the SCG: - (ANSWER)True
Derivative classifiers need to be aware that paraphrasing or restating of classified information
extracted from a classified document could result in change in classification: - (ANSWER)True
Two security professionals (Jo and Chris) are discussing the SCG
-Jo says that derivative classifiers use the SCG to determine if something is classified, its
classification level, downgrading and declassification instructions, special control notices, and
other info critical to the proper classification, marking, and dissemination of the items in
question
-Chris says that the SCG is a document issued by the component or agency's Information
Security Program based on properly marked source document created by OCAs
Who is correct? - (ANSWER)Jo is correct
Two security professionals (Jo and Chris) are discussing the SCG
-Jo says that SCG specifies classification levels, special requirements, and duration instructions
for classified programs, projects, and plans
-Chris says that the SCG serves to document the results of implementation of a derivative
classification process
Who is correct? - (ANSWER)Jo is correct
CORRECT VERIFIED ANSWERS .
Critical program information includes both classified military information and controlled
unclassified information: - (ANSWER)True
Critical program information needs to be protected from unauthorized or inadvertent destruction,
transfer, alteration, or loss: - (ANSWER)True @#$%^&*()_
+
Compromise of critical program information can significantly alter program direction, shorten
combat effective life of the system, or require additional research, development, test, and
evaluation resources to counter impact of its loss: - (ANSWER)True
SCGs address the possibility that the compilation and aggregation of the COP may reveal
classified information: - (ANSWER)True
The organizational or command security manager is responsible for developing, approving, and
implementing the Program Protection Plan- a single source document that specifies all protection
efforts designed to deny unauthorized access to critical program information: - (ANSWER)False
The preparation and implementation of a Program Protection Plan is based on effective
application of risk avoidance methodology: - (ANSWER)False
The Program Protection Plan needs to be classified according to its content: - (ANSWER)True
Two security professionals (Jo and Chris) are discussing the policy documents associated with
information classification
-Jo says that EO 13526 calls for basic classification policy that advocates classifying information
only when necessary to prevent damage to US national security and only for as long as
necessary, but not for longer than 15 years
-Chris says that DoD 5200.2R is the policy document that established the baseline information
security requirements for the DoD
Who is correct? - (ANSWER)Both are incorrect
Two security professionals (Jo and Chris) are discussing the topic of classifying information
-Jo says that information eligible for classification is owned by, produced for, or is under the
strict control of the government
Chris says that the three classification levels differ in the extent of damage one can expect from
the unauthorized disclosure of the designated information
Who is correct? - (ANSWER)Both correct
,SFPC INFORMATION SECURITY EXAM WITH ACTUAL QUESTIONS AND
CORRECT VERIFIED ANSWERS .
Two security professionals (Jo and Chris) are discussing the topic of classifying information
-Jo says that information can be classified to prevent or delay public release
-Chris says that information ineligible for classification can still be classified if there is a need to
limit dissemination of the information
@#$%^&*()_
Who is correct? - (ANSWER)Both are incorrect +
Two security professionals (Jo and Chris) are discussing the topic of original classification
-Jo says that original classification refers to the initial determination that information requires
protection against unauthorized disclosure in the interest of US national security
-Chris says that original classification entails the use of a 6 step process that results in the
information custodian making a classification determination
Who is correct? - (ANSWER)Jo is correct
Original classification authority is delegated to occupants of a position: - (ANSWER)True
Delegation of the original classification authority (OCA) needs to specify the lowest level the
OCA can classify a piece of information: - (ANSWER)False
An OCA cannot issue a SCG until approved by the Information Security Oversight Office
(ISOO): - (ANSWER)False
Declassified foreign government information may be considered for original classification by an
OCA: - (ANSWER)False
An OCA can communicate their classification decision by issuing either a security classification
guide or a properly marked source document: - (ANSWER)True
The original classification process begins with a determination of whether or not the information
is official government information and is not already classified by another OCA: -
(ANSWER)True
The original classification process only includes the assignment of a classification level to
eligible official government information, but not a determination of how long the classification
should last: - (ANSWER)False
EO 13526 requires the OCA to identify or describe the damage to national security that could
reasonably be expected from the unauthorized disclosure of the information: - (ANSWER)True
, SFPC INFORMATION SECURITY EXAM WITH ACTUAL QUESTIONS AND
CORRECT VERIFIED ANSWERS .
Prior to making classification determinations using the original classification process, the OCA
must go through required training per DoD 5200.1-R: - (ANSWER)True
Two security professionals (Jo and Chris) are discussing the topic of derivative classification
-Jo says that needs to be reviewed and approved by delegates of the OCA @#$%^&*()_
-Chris says that derivative classification refers to an individual's responsibility to properly mark
+
newly developed material consistent with the classification markings specified in authorized
sources
Who is correct? - (ANSWER)Chris is correct
The derivative classification process includes the evaluation of the original classification
authority's original classification determination: - (ANSWER)False
The derivative classification process calls for the use of the authorized source, such as the DD
254 to apply required markings on derivative documents: - (ANSWER)True
The SCG takes precedence when there is a conflict between marking information presented in
the source document and the SCG: - (ANSWER)True
Derivative classifiers need to be aware that paraphrasing or restating of classified information
extracted from a classified document could result in change in classification: - (ANSWER)True
Two security professionals (Jo and Chris) are discussing the SCG
-Jo says that derivative classifiers use the SCG to determine if something is classified, its
classification level, downgrading and declassification instructions, special control notices, and
other info critical to the proper classification, marking, and dissemination of the items in
question
-Chris says that the SCG is a document issued by the component or agency's Information
Security Program based on properly marked source document created by OCAs
Who is correct? - (ANSWER)Jo is correct
Two security professionals (Jo and Chris) are discussing the SCG
-Jo says that SCG specifies classification levels, special requirements, and duration instructions
for classified programs, projects, and plans
-Chris says that the SCG serves to document the results of implementation of a derivative
classification process
Who is correct? - (ANSWER)Jo is correct
