SPēD SFPC EXAM 2023/2024 ACTUAL EXAM

Indicators of insider threats - Answer 1. Failure to report overseas travel or contact with foreign nationals 2. Seeking to gain higher clearance or expand access outside job scope 3. Engaging in classified conversations without NTK 4. Working inconsistent hours 5. Exploitable behavior traits 6. Repeated security violations 7. Unexplainable affluence/living above one's means 8. Illegal downloads of information/files Elements that should be considered in identifying Critical Program Information - Answer Elements which if compromised could: 1. cause significant degradation in mission effectiveness, 2. shorten expected combat-effective life of system 3. reduce technological advantage 4. significantly alter program direction; or 5. enable adversary to defeat, counter, copy, or reverse engineer technology/capability. Elements that security professional should consider when assessing and managing risks to DoD assets (risk management process) - Answer 1. Assess assets 2. Assess threats 3. Assess Vulnerabilities 4. Assess risks 5. Determine countermeasure options 6. Make RM decision The three categories of Special Access Programs - Answer acquisition, intelligence, and operations & support Types of threats to classified information - Answer Insider Threat, Foreign Intelligence Entities (FIE), criminal activities, cyber threats, business competitors The concept of an insider threat - Answer An employee who may represent a threat to national security. These threats encompass potential espionage, violent acts against the Government or the nation, and unauthorized disclosure of classified information The purpose of the Foreign Visitor Program - Answer To track and approve access by a foreign entity to information that is classified; and to approve access by a foreign entity to information that is unclassified, related to a U.S. Government contract, or plant visits covered by ITAR. Special Access Program - Answer A program established for a specific class of classified information that imposes safeguarding and access requirements that exceed those normally required for information at the same classification level. Enhanced security requirements for protecting Special Access Program (SAP) information - Answer Within Personnel Security: • Access Rosters; • Billet Structures (if required); • Indoctrination Agreement; • Clearance based on appropriate investigation completed within last 5/6 years; • Individual must materially contribute to program and have need to know (NTK); • SAP personnel subject to random counterintelligence scope polygraph; • Polygraph examination, if approved by the DepSecDef, may be used as a mandatory access determination; • Tier review process; • Personnel must have Secret or TS clearance; • SF-86 must be current within one year; • Limited Access; • Waivers required for foreign cohabitants, spouses, and immediate family members. Within Industrial Security: The SecDef or DepSecDef can approve carve-out provision to relieve Defense Security Service of industrial security oversight responsibilities. Within Physical Security: • Access Control; • Maintain SAP Facility; • Access Roster; • All SAPs must have unclassified nickname/ Codeword (optional). Within Information Security: • The use of HVSACO; • Transmission requirements (order of precedence). Responsibilities of the Government SAP Security Officer/Contractor Program Security Officer (GSSO/ CPSO) - Answer • Possess personnel clearance and Program access at least equal to highest level of Program classified information involved. • Provide security administration and management for organization. • Ensure personnel processed for access to SAP meet prerequisite personnel clearance and/or investigative requirements specified. • Ensure adequate secure storage and work spaces. • Ensure strict adherence to the provisions of NISPOM, its supplement, and the Overprint. • When required, establish and oversee classified material control program for each SAP. • When required, conduct an annual inventory of accountable classified material. • When required, establish SAPF. • Establish and oversee visitor control program. • Monitor reproduction/duplication/destruction capability of SAP information • Ensure adherence to special communications capabilities within SAPF. • Provide for initial Program indoctrination of employees after access is approved; rebrief and debrief personnel • Establish and oversee specialized procedures for transmission of SAP material to and from Program elements • When required, ensure contractual specific security requirements are accomplished. • Establish security training and briefings specifically tailored to unique requirements of SAP. The five Cognizant Security Agencies (CSAs) - Answer Department of Defense (DoD), Director of National Intelligence (DNI), Department of Energy (DoE), Department of Homeland Security (DHS) and the Nuclear Regulatory Commission (NRC). Cognizant Security Agencies (CSA)s' role in the National Industrial Security Program (NISP). - Answer Establish general industrial security programs and oversee/administer security requirements Primary authorities governing foreign disclosure of classified military information - Answer 1. Arms Export Control Act 2. National Security Decision Memorandum 119 3. National Disclosure Policy-1 4. International Traffic in Arms Regulation (ITAR) 5. E.O.s 12829, 13526 6. Bilateral Security Agreements 7. DoD 5220.22-M, "NISPOM," Factors for determining whether U.S. companies are under Foreign Ownership, Control or Influence (FOCI) - Answer 1. Record of economic and government espionage against the U.S. targets 2. Record of enforcement/engagement in unauthorized technology transfer 3. Type and sensitivity of information that shall be accessed 4. Source, nature and extent of FOCI 5. Record of compliance with pertinent U.S. laws, regulations and contracts 6. Nature of bilateral & multilateral security & information exchange agreements 7. Ownership/control, in whole or part, by foreign government The purpose and function of the Militarily Critical Technologies List (MCTL). - Answer 1. Serves as technical reference for development and implementation of DoD technology, security policies on international transfers of defense-related goods, services, and technologies as administered by the Director, Defense Technology Security Administration (DTSA). 2. Formulation of export control proposals and export license review Security Infraction - Answer Failure to comply with security requirements which cannot reasonably be expected to and does not result in loss, compromise, or suspected compromise of classified information DoD Manual 5200.01, Volumes 1-3 - Answer Manual that governs DoD Information Security Program DoDI 5200.01 - Answer Authorizes the publication of DoDM 5200.01 Vol 1-3, the DoD Information Security Program E.O. 13526 - Answer Executive order that governs DoD Information Security Program ISOO 32 CFR Parts 2001 & 2003, "Classified National Security Information; Final Rule" - Answer Provides guidance to all government agencies on classification, downgrading, declassification, and safeguarding of classified national security information Security Violation - Answer Knowing, willful, or negligent action that results in or could be expected to result in loss, suspected compromise, or compromise of classified information Unauthorized Disclosure - Answer Communication or physical transfer of classified or controlled unclassified information (CUI) to unauthorized recipient Three classification levels - Answer TS - grave damage to national security S - serious damage to national security C - damage to national security Single Scope Background Investigation (SSBI) - Answer For military, contractors, and civilians: · Critical/Special-Sensitive · TS, "Q" info, war-related plans, policymaking, revenue and funds, SCI, SAPs · Equivalent to Tier 5 Access National Agency Check with Inquiries (ANACI) - Answer For civilians: · Noncritical-Sensitive positions · Confidential/Secret, "L" info, systems containing PII · Equivalent to Tier 3 National Agency Check with Local Agency and Credit Check (NACLC) - Answer For military and contractors: · Noncritical-Sensitive · Confidential/Secret clearance eligibility · Equivalent to Tier 3 NACI - Answer National Agency Check with Inquiries for civilians and contractors: · Non-Sensitive positions · Low Risk · HSPD-12 Credentialing National Agency Check (NAC) - Answer The fingerprint portion of personnel security investigation (PSI) The purpose of due process in Personnel Security Program (PSP) - Answer Ensures fairness by providing subject opportunity to appeal unfavorable adjudicative determination Personnel security program (PSP) security clearance eligibility process - Answer 1. designation: check position responsibilities to validate need for investigation 2. pre-investigation: initiate e-QIP, review for completeness/correctness, submit to DCSA (investigative entity) 3. investigation: conduct based on risk/sensitivity level of position; conducted by DCSA (investigation results sent to DoDCAF) 4. adjudication: evaluation of investigation report against 13 adjudicative guidelines (DoDCAF makes eligibility determination) 5. reinvestigation/continuous evaluation: favorably adjudicated personnel reviewed to determine whether still eligible to maintain security clearance SF 312 Classified Information Non-Disclosure Agreement - Answer Contractual agreement between the US Gov't and cleared employee that must be executed as a condition of access Agreement to never disclose classified information to an unauthorized person Procedures for initiating Personnel Security Investigations (PSIs) - Answer 1. Validate need for investigation 2. Initiate e-QIP 3. Review Personnel Security Questionnaire (PSQ) for completeness 4. Submit electronically to OPM T/F: Only U.S. citizens may be granted a security clearance. - Answer True T/F: A security clearance guarantees that any individual will be granted access to classified information. - Answer False. Individual must also have NTK and sign a SF 312. T/F: Any individual with an official need to know to conduct assigned duties will be granted a clearance. - Answer False. The granting of a clearance is based on the favorable determination of an individual's integrity, loyalty, and trustworthiness by examining them against the 13 adjudicative guidelines. T/F: Non U.S. citizens are restricted from gaining access to classified. - Answer False. While non-U.S. citizens are restricted from receiving security clearances, they can gain limited access to classified information through a Limited Access Authorization (LAA). Only goes up to Secret level (NOT TOP SECRET). T/F: Non-US citizens are restricted from receiving security clearances. - Answer True. T/F: An individual must have a need for regular access to classified or sensitive information to establish a need for a security clearance. - Answer True. T/F: Ease of movement within a facility is an acceptable justification for obtaining a security clearance. - Answer False. Seeking ease of movement is not an acceptable justification for obtaining a security clearance. DoD position sensitivity types - Answer 1. Critical/Special Sensitive-- TS 2. Non-Critical Sensitive-- Confidential and Secret 3. Non-Sensitive-- not national security positions T/F: Civilians in non-sensitive positions may receive security clearances. - Answer False. Only individuals in sensitive positions receive security clearances. Investigative requirement for a Critical/Special-Sensitive position - Answer Single scope background investigation (SSBI aka T5), SSBI-PR (T5R), or PPR Investigative requirement for a Non-Critical Sensitive position - Answer ANACI or NACLC (T3) Revocation - Answer When current security clearance eligibility determination is rescinded Denial - Answer Initial request for security clearance eligibility is not granted What is the purpose of the Statement of Reasons (SOR)? - Answer Provide comprehensive and detailed written explanation of why preliminary unfavorable adjudicative determination was made. Can be appealed! The 13 Adjudicative Guidelines - Answer 1. Allegiance to United States 2. Foreign Influence 3. Foreign Preference 4. Sexual Behavior 5. Personal Conduct 6. Financial Considerations 7. Alcohol Consumption 8. Drug Involvement 9. Psychological Conditions 10. Criminal Conduct 11. Handling Protected Information 12. Outside Activities 13. Use of Information Technology Systems Categories of approved classified material storage locations - Answer Storage Containers 1. Security containers (e.g., field safes, cabinets) 2. Vaults (including modular vaults) 3. Open storage area (secure area/secure room) Storage Facilities 1. SCIF (SCI information) 2. AA&E storage facility (arms, ammunition, and explosives) 3. Nuclear storage facility (nuclear weapons) Construction requirements for vault doors - Answer 1. Constructed of hardened steel 2. Hung on non-removable hinge pins or with interlocking leaves. 3. Equipped with a GSA-approved combination lock. 4. Emergency egress hardware (deadbolt or metal bar extending across width of door). The purpose of intrusion detection systems - Answer To deter, detect, and document unauthorized entry into secured areas The purpose of barriers - Answer -Define physical limits of installation -Channel traffic -Impede access -Shield activities within installation from direct observation The purpose of an Antiterrorism Program - Answer Protect DoD personnel, their families, installations, facilities, information, and other material resources from terrorist acts Force Protection Condition (FPCONS) levels - Answer Measures taken to protect personnel and assets from attack; issued by COCOMs and installation commanders/facility directors Levels: Normal, Alpha, Bravo, Charlie, Delta The concept of security-in-depth - Answer Layered and complementary security controls sufficient to deter, detect, and document unauthorized entry and movement within installation/facility. e-QIP - Answer System used to document personal information from Personnel Security Questionnaire Personnel Security Investigation (PSI) - Answer The first phase of the security clearance process; used by DoD as standard for uniform collection of relevant and important background information about individual. JCAVS - Answer A security manager uses this system to communicate with the DoD CAF JAMS - Answer This sub-system (used by adjudicators) and JCAVS make up the JPAS/DISS system DISS - Answer A DoD system of record for personnel security clearance information Scattered Castles - Answer Intelligence Community (IC) Personnel Security Database that verifies personnel security access and visit certifications. Access - Answer Occurs when individual has security eligibility, NTK, and a signed SF 312 (NDA); permitted to access classified information PSIs are used to determine the eligibility of an individual for ___________ or retention to sensitive duties. - Answer Assignment True or False: The DoD CAF is the only authority who can grant an interim clearance. - Answer False DoD CAF responsibilities - Answer 1. Making adjudicative decisions by applying whole person concept 2. A repository for investigative records 3. Initiating special investigations Sensitive Duties - Answer Duties that have a great impact on National Security Continuous Evaluation/Vetting - Answer Ongoing review of individual's background to determine whether they should continue to hold security clearance or not Reinvestigation - Answer Periodic investigation conducted at predetermined intervals; CE supplements reinvestigations of all cleared personnel