SFPC Latest Real Exam Questions and
Solutions (2026) | Updated Question
Bank | Grade A+
• Counterintelligence -✓✓information gathered and activities conducted to
identify, deceive, exploit, disrupt or protect against espionage and other activities
carried out by foreign states or non-state actors
• OSD-level SAP Central Offices -✓✓Exercise oversight authority for the specific
SAP category under their purview.
• Who can approve a SAP? -✓✓Secretaries of State, Defense, Energy, Homeland
Security, Director of National Intelligence, Attorney General or their principal
deputies
• What are the 4 types of declassification systems? -✓✓Scheduled, Automatic,
Mandatory, Systematic
• 5 Requirements of derivative classification -✓✓1. Observe and respect OCAs
original classification determination
2. Apply the required markings
3. Only use authorized sources
4. Use caution when paraphrasing
5. Take appropriate steps to resolve any doubts
• Where formal SAP approval is made -✓✓SAPOC - SAP Oversight Committee
,• OPSEC -✓✓Operational Security - applies the risk management framework to
the process of protecting unclassified critical information
• How long can a program be considered a prospective SAP? -✓✓210 Days
• Who has designated primary and direct responsibility for SAPS within the DoD?
-✓✓Deputy Secretary of Defense (DepSecDef)
• Unacknowledged SAP -✓✓Existence and purpose are protected; details and
funding are classified
• Waived SAP -✓✓Unacknowledged SAP for which the secretary of defense has
waived applicable reporting requirements under Section 119 Title 10 US Code.
Have more restrictive reporting requirements and access controls
• Acquisition SAP -✓✓Established to protect sensitive research, development,
testing and evaluation, modification and procurement activities.
Involves buying or building something
• Intelligence SAP -✓✓Protect the planning and execution of especially sensitive
intelligence of CI operations or collection activities
Associated with Intelligence community
• Operation and Support SAP -✓✓Protect the planning and execution of and
support to sensitive military operations
, • What communicates how the SAP is acknowledged and protected? -
✓✓protection level
• This type of information does not provide declassification instructions -
✓✓Restricted Data and Formerly Restricted Data
• SAP Oversight Committee (SAPOC) -✓✓Where formal SAP approval is made.
Super users, have access to all SAPS
• 3 levels of classified information are designated by what executive order? -
✓✓EO 13526
• Acknowledged SAP -✓✓Existence is openly recognized; purpose may be
identified; details classified; funding unclassified
• Scheduled Declassification -✓✓The declassification system where an OCA, at
the time the information is originally classified, sets a date or event for
declassification
• Automatic declassification -✓✓The declassification system where Permanently
Valuable Historical records are declassified when they are 25 years old
• What is the responsibility of the National Security Council (NSC)? -✓✓Provide
overall policy direction for the information security program. Assists the president
in developing and issuing national security policies and guides and directs the
implementation of the executive order. Exercises guidance primarily through the
ISOO
Solutions (2026) | Updated Question
Bank | Grade A+
• Counterintelligence -✓✓information gathered and activities conducted to
identify, deceive, exploit, disrupt or protect against espionage and other activities
carried out by foreign states or non-state actors
• OSD-level SAP Central Offices -✓✓Exercise oversight authority for the specific
SAP category under their purview.
• Who can approve a SAP? -✓✓Secretaries of State, Defense, Energy, Homeland
Security, Director of National Intelligence, Attorney General or their principal
deputies
• What are the 4 types of declassification systems? -✓✓Scheduled, Automatic,
Mandatory, Systematic
• 5 Requirements of derivative classification -✓✓1. Observe and respect OCAs
original classification determination
2. Apply the required markings
3. Only use authorized sources
4. Use caution when paraphrasing
5. Take appropriate steps to resolve any doubts
• Where formal SAP approval is made -✓✓SAPOC - SAP Oversight Committee
,• OPSEC -✓✓Operational Security - applies the risk management framework to
the process of protecting unclassified critical information
• How long can a program be considered a prospective SAP? -✓✓210 Days
• Who has designated primary and direct responsibility for SAPS within the DoD?
-✓✓Deputy Secretary of Defense (DepSecDef)
• Unacknowledged SAP -✓✓Existence and purpose are protected; details and
funding are classified
• Waived SAP -✓✓Unacknowledged SAP for which the secretary of defense has
waived applicable reporting requirements under Section 119 Title 10 US Code.
Have more restrictive reporting requirements and access controls
• Acquisition SAP -✓✓Established to protect sensitive research, development,
testing and evaluation, modification and procurement activities.
Involves buying or building something
• Intelligence SAP -✓✓Protect the planning and execution of especially sensitive
intelligence of CI operations or collection activities
Associated with Intelligence community
• Operation and Support SAP -✓✓Protect the planning and execution of and
support to sensitive military operations
, • What communicates how the SAP is acknowledged and protected? -
✓✓protection level
• This type of information does not provide declassification instructions -
✓✓Restricted Data and Formerly Restricted Data
• SAP Oversight Committee (SAPOC) -✓✓Where formal SAP approval is made.
Super users, have access to all SAPS
• 3 levels of classified information are designated by what executive order? -
✓✓EO 13526
• Acknowledged SAP -✓✓Existence is openly recognized; purpose may be
identified; details classified; funding unclassified
• Scheduled Declassification -✓✓The declassification system where an OCA, at
the time the information is originally classified, sets a date or event for
declassification
• Automatic declassification -✓✓The declassification system where Permanently
Valuable Historical records are declassified when they are 25 years old
• What is the responsibility of the National Security Council (NSC)? -✓✓Provide
overall policy direction for the information security program. Assists the president
in developing and issuing national security policies and guides and directs the
implementation of the executive order. Exercises guidance primarily through the
ISOO
