SAPPC Certification Study Guide Exam Questions with
Verified Answers.
Sharing and reporting information is essential to detecting potential insider threats. True or
False? - ANS True
Two security professionals - Paul and Ashley - are discussing security program areas.
Paul says that Information Security practitioners train and/or advise Original Classification
Authorities in the application of the process for making classification determinations.
Ashley says that Physical Security practitioners work with a facility's Antiterrorism Officer to
deploy defensive measures designed to reduce the facility's vulnerability from terrorist
attacks. - ANS Paul and Ashley are both correct
Two security professionals - Paul and Ashley - are discussing security program areas.
Paul says that Information Security practitioners work with a facility's Antiterrorism Officer to
deploy defensive measures designed to reduce the facility's vulnerability from terrorist
attacks.
Ashley says that Personnel Security practitioners train and/or advise Original Classification
Authorities in the application of the process for making classification determinations. - ANS
Paul and Ashley are both incorrect
Sped is an abbreviation for? - ANS Security Professional Education Development
Sped is a certification program of what agency? - ANS Department of Defense
Security Fundamentals Professional Certification (SFPC) definition? - ANS The individual
understands foundational security concepts, principles, and practices. (Core
Certification for Sped).
Security Asset Protection Professional Certification (SAPPC) definition? - ANS The
Individual applies foundational security concepts, principles, and practices. (Core
Certification for Sped).
Security Program Integration Professional Certification (SPIPC) definition? - ANS The
individual understands and applies risk assessment and security program management
based on security concepts, principles, and practices. (Core Certification for Sped).
Security Enterprise Professional Certification (SEPC) definition? - ANS The individual
understands and applies concepts, principles, and practices for managing enterprise-wide
security.
What are the three principle incident/events required to be reported to Dodd
Counterintelligence (CI) organizations? - ANS Espionage, Sabotage, Terrorism & Cyber
Policy
PMO is an abbreviation for? - ANS Program Management Office
Provides the legal requirements to use lawful means to ensure U. S. receives the best
intelligence available? - ANS E.O. 12333
P a g e 1 | 10
, The manual that includes CI-related requirements for Industry? - ANS Dodd 5220.22-M
(NISPOM)
Regulation mandating CI-specific training, briefing, and reporting? - ANS DoDI5240.6: CI
Awareness, Briefing, and Reporting Programs
Regulation providing procedures to follow when classified information is compromised? -
ANS Dodd 5200.1-R: information Security Program
What are three principle incidents/events required to report to Dodd counterintelligence (CI)
organizations? - ANS Espionage, Sabotage, Terrorism & Cyber Policy
List three different types of threats to classified information? - ANS Insider Threat, Foreign
Intelligence Entities (FIE), Cyber security Threat
List three indicators of insider threats? - ANS Failure to report overseas travel or contact with
foreign nationals.
Seeking to gain higher clearance or expand access outside the job scope.
Engaging in classified conversations without a need to know.
Working hours inconsistent with job assignment or insistence on working in private.
Exploitable behavior traits.
Repeated security violations.
Attempting to enter areas not granted access to.
List three elements that should be considered in identifying Critical Program Information? -
ANS - Cause significant degradation in mission effectiveness
- Shorten the expected combat-effective life of the system
- Reduce technological advantage
- Significantly alter program direction
- Enable an adversary to defeat, counter, copy, or reverse-engineer the technology or
capability.
Briefly describe the concept of insider threat? - ANS An employee who may represent a
threat to national security. These threats encompass potential espionage, violent acts
against the Government or the nation, and unauthorized disclosure of classified information,
including the vast amounts of classified data available on interconnected United States
Government computer networks and systems.
List three elements that a security professional should consider when assessing and
managing risks to Dodd assets? - ANS Asset
Threat
Vulnerability
Risk
Countermeasures
Describe the purpose of the Foreign Visitor Program? - ANS To track and approve access
by a foreign entity to information that is classified; and to approve access by a foreign entity
to information that is unclassified, related to a U.S. Government contract, or plant visits
covered by ITAR.
Briefly define a Special Access Program (SAP)? - ANS A program established for a specific
class of classified information that imposes safeguarding and access requirements that
exceed those normally required for information at the same classification level.
P a g e 2 | 10
Verified Answers.
Sharing and reporting information is essential to detecting potential insider threats. True or
False? - ANS True
Two security professionals - Paul and Ashley - are discussing security program areas.
Paul says that Information Security practitioners train and/or advise Original Classification
Authorities in the application of the process for making classification determinations.
Ashley says that Physical Security practitioners work with a facility's Antiterrorism Officer to
deploy defensive measures designed to reduce the facility's vulnerability from terrorist
attacks. - ANS Paul and Ashley are both correct
Two security professionals - Paul and Ashley - are discussing security program areas.
Paul says that Information Security practitioners work with a facility's Antiterrorism Officer to
deploy defensive measures designed to reduce the facility's vulnerability from terrorist
attacks.
Ashley says that Personnel Security practitioners train and/or advise Original Classification
Authorities in the application of the process for making classification determinations. - ANS
Paul and Ashley are both incorrect
Sped is an abbreviation for? - ANS Security Professional Education Development
Sped is a certification program of what agency? - ANS Department of Defense
Security Fundamentals Professional Certification (SFPC) definition? - ANS The individual
understands foundational security concepts, principles, and practices. (Core
Certification for Sped).
Security Asset Protection Professional Certification (SAPPC) definition? - ANS The
Individual applies foundational security concepts, principles, and practices. (Core
Certification for Sped).
Security Program Integration Professional Certification (SPIPC) definition? - ANS The
individual understands and applies risk assessment and security program management
based on security concepts, principles, and practices. (Core Certification for Sped).
Security Enterprise Professional Certification (SEPC) definition? - ANS The individual
understands and applies concepts, principles, and practices for managing enterprise-wide
security.
What are the three principle incident/events required to be reported to Dodd
Counterintelligence (CI) organizations? - ANS Espionage, Sabotage, Terrorism & Cyber
Policy
PMO is an abbreviation for? - ANS Program Management Office
Provides the legal requirements to use lawful means to ensure U. S. receives the best
intelligence available? - ANS E.O. 12333
P a g e 1 | 10
, The manual that includes CI-related requirements for Industry? - ANS Dodd 5220.22-M
(NISPOM)
Regulation mandating CI-specific training, briefing, and reporting? - ANS DoDI5240.6: CI
Awareness, Briefing, and Reporting Programs
Regulation providing procedures to follow when classified information is compromised? -
ANS Dodd 5200.1-R: information Security Program
What are three principle incidents/events required to report to Dodd counterintelligence (CI)
organizations? - ANS Espionage, Sabotage, Terrorism & Cyber Policy
List three different types of threats to classified information? - ANS Insider Threat, Foreign
Intelligence Entities (FIE), Cyber security Threat
List three indicators of insider threats? - ANS Failure to report overseas travel or contact with
foreign nationals.
Seeking to gain higher clearance or expand access outside the job scope.
Engaging in classified conversations without a need to know.
Working hours inconsistent with job assignment or insistence on working in private.
Exploitable behavior traits.
Repeated security violations.
Attempting to enter areas not granted access to.
List three elements that should be considered in identifying Critical Program Information? -
ANS - Cause significant degradation in mission effectiveness
- Shorten the expected combat-effective life of the system
- Reduce technological advantage
- Significantly alter program direction
- Enable an adversary to defeat, counter, copy, or reverse-engineer the technology or
capability.
Briefly describe the concept of insider threat? - ANS An employee who may represent a
threat to national security. These threats encompass potential espionage, violent acts
against the Government or the nation, and unauthorized disclosure of classified information,
including the vast amounts of classified data available on interconnected United States
Government computer networks and systems.
List three elements that a security professional should consider when assessing and
managing risks to Dodd assets? - ANS Asset
Threat
Vulnerability
Risk
Countermeasures
Describe the purpose of the Foreign Visitor Program? - ANS To track and approve access
by a foreign entity to information that is classified; and to approve access by a foreign entity
to information that is unclassified, related to a U.S. Government contract, or plant visits
covered by ITAR.
Briefly define a Special Access Program (SAP)? - ANS A program established for a specific
class of classified information that imposes safeguarding and access requirements that
exceed those normally required for information at the same classification level.
P a g e 2 | 10
