SPED SFPC EXAM PACKAGE 2026 EXAM
SCRIPT AND TESTED QUESTIONS WITH
VERIFIED CORRECT ANSWERS
⩥ Define system categorization. Answer: System Categorization is the
process by which the Information Owner identifies the potential impact
(low, moderate, or high) that would result from the loss of
confidentiality, integrity, and availability should a security breach occur.
⩥ What is non-repudiation and the negative impacts of not having non--
repudiation? Answer: Definition: Protection against an individual falsely
denying having performed a particular action. Provides the capability to
determine whether a given individual took a particular action such as
creating information, sending a message, approving information, and
receiving a message.
Negative impacts :
1.) Sender could deny message was sent.
2.) Recipient of email could change message and contest that altered
message was sent by sender.
⩥ What is confidentiality and the negative impacts of not having
confidentiality? Answer: Definition: Preserving authorized restrictions
on information access and disclosure, including means for protecting
personal privacy and proprietary information.
, Negative impacts of no confidentiality:
1.) Persons could be granted access to information beyond their need-to-
know.
2.) Sensitive or classified information could be disclosed to an
unauthorized system
⩥ What is CIA in relation to RMF? Answer: Confidentiality: preserving
authorized restrictions on information access and disclosure
Integrity: guarding against unauthorized information modification or
destruction
Availability: timely and reliable access to and use of information
⩥ What program does RMF replace? Answer: DIACAP
⩥ What DoD guidance provides direction for the implementation of
RMF? Answer: DoD 8510.01
⩥ What does the Risk Management Framework (RMF) provide?
Answer: A structured, yet flexible approach for managing risk resulting
from incorporation of information systems into mission/business
processes of organization
SCRIPT AND TESTED QUESTIONS WITH
VERIFIED CORRECT ANSWERS
⩥ Define system categorization. Answer: System Categorization is the
process by which the Information Owner identifies the potential impact
(low, moderate, or high) that would result from the loss of
confidentiality, integrity, and availability should a security breach occur.
⩥ What is non-repudiation and the negative impacts of not having non--
repudiation? Answer: Definition: Protection against an individual falsely
denying having performed a particular action. Provides the capability to
determine whether a given individual took a particular action such as
creating information, sending a message, approving information, and
receiving a message.
Negative impacts :
1.) Sender could deny message was sent.
2.) Recipient of email could change message and contest that altered
message was sent by sender.
⩥ What is confidentiality and the negative impacts of not having
confidentiality? Answer: Definition: Preserving authorized restrictions
on information access and disclosure, including means for protecting
personal privacy and proprietary information.
, Negative impacts of no confidentiality:
1.) Persons could be granted access to information beyond their need-to-
know.
2.) Sensitive or classified information could be disclosed to an
unauthorized system
⩥ What is CIA in relation to RMF? Answer: Confidentiality: preserving
authorized restrictions on information access and disclosure
Integrity: guarding against unauthorized information modification or
destruction
Availability: timely and reliable access to and use of information
⩥ What program does RMF replace? Answer: DIACAP
⩥ What DoD guidance provides direction for the implementation of
RMF? Answer: DoD 8510.01
⩥ What does the Risk Management Framework (RMF) provide?
Answer: A structured, yet flexible approach for managing risk resulting
from incorporation of information systems into mission/business
processes of organization
