STEPP Questions and Answers Graded A+

STEPP Questions and Answers Graded A+ The purpose of the DoD information security program is to _________________________. Select all that apply. Select one or more: a. Protect national security information b. Demonstrate a commitment to transparency in Government c. Classify as much government information as possible A and B Which volumes of DoDM 5200.01 provide guidance and direction on classification management, marking, protection, and handling requirements for classified information? Select all that apply. Select one or more: a. Volume 1 b. Volume 2 c. Volume 3 d. Volume 4 A, B and C The unauthorized disclosure of this type of information could reasonably be expected to cause exceptionally grave damage to our national security. Select one: a. Top Secret b. Secret c. Confidential A The unauthorized disclosure of this type of information could reasonably be expected to cause damage to our national security. Select one: a. Top Secret b. Secret c. Confidential C Derivative classifiers are the individuals who generate or create new material based on existing classification guidance. Select one: True False True If a derivative classifier believes information to be improperly classified, they can _____________ the classification decision. Select one: a. Ignore b. Override c. Challenge C In which order must documents containing classified information be marked? Select one: a. Portion markings, banner markings, classification authority block b. Portion markings, classification authority block, banner markings c. Banner markings, portion markings, classification authority block A What information is listed in the classification authority block on a document containing classified information? Select all that apply. Select one or more: a. Date on which to declassify the document b. Who created the classified document c. Classification level to downgrade to at a certain point in time (as applicable) d. Which source the information in the document was derived from e. Current classification level of the document A, B, C, D Who references information from security classification guides (SCG) in order to classify information? Select one: a. Derivative classifiers b. Original Classification Authorities c. Both derivative classifiers and Original Classification Authorities A Who issues security classification guides (SCG) for systems, plans, programs, projects, or missions? Select one: a. Derivative classifiers b. Original Classification Authorities c. Both derivative classifiers and Original Classification Authorities B All _____________ GSA-approved security containers must conform to Federal Specification FF-L-2740. Select one: a. Handles on b. Doors on c. Locks for C When classified information is in an authorized individual's hands, why should the individual use a classified document cover sheet? Select all that apply. Select one or more: a. To prevent inadvertent viewing of classified information by unauthorized personnel b. To alert holders to the presence of classified information c. To record the removal of classified information from a GSA-approved security container A and B What is required to access classified information? Select all that apply. Select one or more: a. Signed SF-312, Nondisclosure Agreement b. Need-to-know c. Eligibility A, B and C Which of the following are applicable when using a phone for classified conversations? Select all that apply. Select one or more: a. Know how to use your Secure Terminal Equipment (STE) b. Be aware of your surroundings and who might be able to hear your end of the conversation c. Only use Secure Terminal Equipment (STE) phones A, B and C Which level of classified information may be transported via USPS mail? Select all that apply. Select one or more: a. Confidential b. Secret c. Top Secret A and B What type of security incident has occurred when classified data is introduced on an information system not approved for that level of information? Select one: a. Spillage b. Security Infraction c. Security category A If an individual inserts a thumb drive containing classified information on a computer in the office that is not part of the classified information system, what type of security incident is this? Select one: a. Security Violation b. Spillage c. Security Infraction B What type of declassification process is the review of classified information that has been exempted from automatic declassification? Select one: a. Systematic Declassification b. Mandatory Declassification Review c. Automatic Declassification d. Scheduled Declassification A When information, in the interest of national security, no longer requires protection at any level, it should be: Select one: a. Declassified. b. Unclassified. c. Classified. A Whose guidelines should you follow for the destruction of storage media such as thumb drives, zip drives, and computers? Select one: a. Original Classification Authorities b. Local information systems personnel c. National Security Agency C The __________ establishes industrial security programs and oversees security requirements. Select one: a. Government Contracting Activity (GCA) b. Cognizant Security Agency (CSA) c. Cognizant Security Office (CSO) B Select ALL the correct responses. What does the Facility Security Officer (FSO) need to do when an employee no longer needs access to classified information? Select one or more: a. Remove the employee's access in the DoD System of Record b. Debrief the employee c. Remove the employee's name from access rosters and/or any active Visit Authorization Letters (VALs) d. Remove the employee's eligibility in the DoD System of Record A, B and C What is the first step in the National Industrial Security Program (NISP) contracting process? Select one: a. Publishing a Request for Proposal (RFP) b. Defining the acquisition strategy for the contract c. Defining the initial requirements for the product/service d. Identifying a need for a product or service D To issue a Facility Clearance (FCL), the Facility Clearance Branch (FCB) reviews which of the following? Select one: a. Presence of suspicious contacts b. Facility sponsorship c. Information System Security Plans d. Employee foreign travel records B Select ALL the correct responses. The National Industrial Security Program Operating Manual (NISPOM) does which of the following? Select one or more: a. Defines NISP requirements b. Ensures uniform security requirements c. Provides guidance for contractors d. Identifies members of the NISP A, B and C Who administers and oversees the contractor security program? Select one: a. Information System Security Professional/Security Control Assessor (ISSP/SCA) b. Information System Security Manager (ISSM) c. Facility Security Officer (FSO) d. Counterintelligence Special Agent (CISA) C Select ALL the correct responses. Which of the following are Information System Security Manager (ISSM) responsibilities? Select one or more: a. Conduct Information System awareness and training b. Establish Information System programs and procedures c. Develop facility procedures for handling media with classified information d. Receive company changed conditions and suspicious contact reports A, B and C Whose primary responsibility is working with Industrial Security Representatives (IS Reps) and contractor personnel to authorize and maintain classified Information Systems? Select one: a. Information System Security Manager (ISSM) b. Counterintelligence Special Agent (CISA) c. Facility Security Officer (FSO) d. Information System Security Professional/Security Control Assessor (ISSP/SCA) D