SPED SFPC EXAM 100+ QUESTIONS & CORRECT ANSWERS LATEST 2025

SPED SFPC EXAM 100+ QUESTIONS & CORRECT
ANSWERS LATEST 2025




DoD systems are subject to what types of threats? - ANSWER-Confidentiality,
integrity, or availability of information processed, stored, or transmitted by DoD
systems.


Define system categorization - ANSWER-System Categorization is the process by
which the Information Owner identifies the potential impact (low, moderate, or
high) that would result from the loss of confidentiality, integrity, and availability
should a security breach occur.


What is non-repudiation and the negative impacts of not having non--
repudiation? - ANSWER-Definition: Protection against an individual falsely
denying having performed a particular action. Provides the capability to
determine whether a given individual took a particular action such as creating
information, sending a message, approving information, and receiving a message.


Negative impacts :
1.) Sender could deny message was sent.
2.) Recipient of email could change message and contest that altered message
was sent by sender.


What is confidentiality and the negative impacts of not having confidentiality? -
ANSWER-Definition: Preserving authorized restrictions on information access and

,disclosure, including means for protecting personal privacy and proprietary
information.


Negative impacts of no confidentiality:
1.) Persons could be granted access to information beyond their need-to-know.
2.) Sensitive or classified information could be disclosed to an unauthorized
system


What is CIA in relation to RMF? - ANSWER-Confidentiality: preserving authorized
restrictions on information access and disclosure
Integrity: guarding against unauthorized information modification or destruction
Availability: timely and reliable access to and use of information


What program does RMF replace? - ANSWER-DIACAP


What DoD guidance provides direction for the implementation of RMF? -
ANSWER-DoD 8510.01


What does the Risk Management Framework (RMF) provide? - ANSWER-A
structured, yet flexible approach for managing risk resulting from incorporation of
information systems into mission/business processes of organization


What policy partnerships ensure DoD RMF guidance is aligned with pre-existing
standards? - ANSWER-National Institute of Standards and Technology (NIST) and
Committee on National Security Systems (CNSS)

, Security controls and safeguards selected by the organization must take what into
account? - ANSWER-Potential mission or business impacts, risk to organizational
operations and assets, individuals, other organizations, the nation.


DoD RMF Guidance Tier 1 - ANSWER--Office of Secretary of Defense
-Addresses risk management at DoD enterprise level
-Key governance = DoD CIO, Sr IO or SISO


DoD RMF Guidance Tier 2 - ANSWER--Mission and business processes
-Addresses risk management at mission area and component levels
-Key governance = Principal Authorizing Official (PAO)


Who has authority and responsibility for security control assessment? - ANSWER-
Component Senior Information Security Officers (SISOs)


DoD RMF Guidance Tier 3 - ANSWER--Platform IT/Information Systems
-Addresses risk management at system level
-Key governance = AO (appoints and trains for all DoD systems within their
component)


What refers to all DoD-owned IT or controlled IT that receives, processes, stores,
or displays/transmits DoD information? - ANSWER-DoD Information Technology
(IT)


What is processed through JSIG? - ANSWER-SAP IT