Download SAPPC EXAM | QUESTIONS & ANSWERS (VERIFIED) | LATEST UPDATE | GRADED A+ and more Exams Labor and Social Security Law in PDF only on Docsity!
SAPPC EXAM | QUESTIONS & ANSWERS
(VERIFIED) | LATEST UPDATE | GRADED
A+
Special Access Program (SAP) Correct Answer: A program established for a specific class of classified information that imposes safeguarding and access requirements that exceed those normally required for information at the same classification level Enhanced security requirements for protecting Special Access Program (SAP) information Correct Answer: 1. Within Personnel Security:
- Access Rosters; • Billet Structures (if required); • Indoctrination Agreement; • Clearance based on an appropriate investigation completed within the last 5 years; • Individual must materially contribute to the program in addition to having the need to know; • All individuals with access to SAP are subject to a random counterintelligence scope polygraph examination; • Polygraph examination, if approved by the DepSecDef, may be used as a mandatory access determination; • Tier review process; • Personnel must have a Secret or Top Secret clearance; • SF-86 must be current within one year; •
Limited Access; • Waivers required for foreign cohabitants, spouses, and immediate family members.
- Within Industrial Security: The SecDef or DepSecDef can approve a carve-out provision to relieve Defense Security Service of industrial security oversight responsibilities.
- Within Physical Security: • Access Control; • Maintain a SAP Facility; • Access Roster; • All SAPs must have an unclassified nickname/ Codeword (optional).
- Within Information Security: • The use of HVSACO; • Transmission requirements (order of precedence). Principle incident/events required to be reported to DoD counterintelligence (CI) organizations Correct Answer: espionage, sabotage, terrorism, cyber Indicators of insider threats Correct Answer: 1. Failure to report overseas travel or contact with foreign nationals
- Seeking to gain higher clearance or expand access outside the job scope
- Engaging in classified conversations without a need to know
Responsibilities of the Government SAP Security Officer/Contractor Program Security Officer (GSSO/CPSO): Correct Answer: From Revision 1 Department of Defense Overprint to the National Industrial Security Program Operating Manual Supplement - 1 April 2004:
- Possess a personnel clearance and Program access at least equal to the highest level of Program classified information involved.
- Provide security administration and management for his/her organization.
- Ensure personnel processed for access to a SAP meet the prerequisite personnel clearance and/or investigative requirements specified.
- Ensure adequate secure storage and work spaces.
- Ensure strict adherence to the provisions of the NISPOM, its supplement, and the Overprint.
- When required, establish and oversee a classified material control program for each SAP.
- When required, conduct an annual inventory of accountable classified material.
- When required, establish a SAPF.
- Establish and oversee a visitor control program.
- Monitor reproduction and/or duplication and destruction capability of SAP information
- Ensure adherence to special communications capabilities within the SAPF.
- Provide for initial Program indoctrination of employees after their access is approved; rebrief and debrief personnel as required.
- Establish and oversee specialized procedures for the transmission of SAP material to and from Program elements.
- When required, ensure contractual specific security requirements such as TEMPEST Automated Information System (AIS), and Operations Security (OPSEC) are accomplished.
- Establish security training and briefings specifically tailored to the unique requirements of the SAP. List three primary authorities governing foreign disclosure of classified military information Correct Answer: 1. Arms Export Control Act
- National Security Decision Memorandum 119
- National Disclosure Policy- 1
- International Traffic in Arms Regulation (ITAR)
- E.O.s 12829, 13526
- Bilateral Security Agreements
- DoD 5220.22-M, "NISPOM" Three different types of threats to classified information Correct Answer: Insider Threat, Foreign Intelligence Entities (FIE) and Cybersecurity Threat The concept of an insider threat
- Protect sensitive operational plans
- Reduce intelligence on U.S. capabilities Protection Level Correct Answer: This communicates how the SAP is acknowledged and protected. Acknowledged Correct Answer: This protection level describes a SAP whose existence may be openly recognized. Its purpose may be identified. However, the details of the program (including its technologies, materials, and techniques) are classified as dictated by their vulnerability to exploitation and the risk of compromise. The funding is generally unclassified. Unacknowledged Correct Answer: This protection level describes a SAP whose existence and purpose are protected. The details, technologies, materials, and techniques are classified as dictated by their vulnerability to exploitation and the risk of compromise. The program funding is often classified, unacknowledged, or not directly linked to the program. SAP Lifecycle Correct Answer: 1. Establishment (is extra protection warranted?)
- Management and Administration (continued need? processed followed?)
- Apportionment (proper measures in place? approval received)
- Disestablishment (program no longer needed?) Component-level SAP Central Offices Correct Answer: Exist for each military component, the Joint Chiefs of Staff, Defense Advanced Research Projects Agency (DARPA), and Missile Defense Agency (MDA) Special Access Program Oversight Committee (SAPOC) Correct Answer: The final SAP approving body chaired by the Deputy Secretary of Defense Senior Review Group (SRG) Correct Answer: This group ensures there are no duplicative efforts across SAPs DoD Special Access Central Office (SAPCO) Correct Answer: DoD SAP legislative liaison that notifies Congress of SAP approval Authorization, Appropriations, and Intelligence Congressional Correct Answer: Congressional committees granted SAP access OSD-level SAP Central Offices Correct Answer: Exercise oversight authority for the specific SAP category under their purview.
DD 1847
Correct Answer: SCI Indoctrination Memo - Used to precisely identify individuals when it is necessary to certify their access to SCI DD 1847- 1 Correct Answer: SCI NDA - used to precisely identify individuals when it is necessary to certify their access to SCI, non-disclosure agreement DD 1848 Correct Answer: SCI Debrief memo - A memo that records the fact that and individual was debriefed on a SCI SAP DD 1870 Correct Answer: Request for personnel security investigation SSBI, PR, SII or ENAC DD 2024 Correct Answer: DoD SCG Data Elements - this form is executed by the originator of each SCG issued pursuant to the req of DoD 5200.1-R, info sec program regulation to report: - approval (promulgation) of a new SCG; - revision of a SCG; reissuance; accomplishment of the biennial review; - cancellation; - correction of data on previously submitted form
DD 2056
Correct Answer: Telephone monitoring notification decal. Used to notify a user that the telephone is subject to monitoring at all times, used of that telephone constitutes consent to monitoring DD 2501 Correct Answer: Courier Authorization - used to identify appropriately cleared personnel 1) recurrent need, 2) signed by appropriate security person, 3) Forms are controlled to preclude unauthorized use, 4) issued for no more than 1 year, 5) followed approved processes for SCI or SAP DIS FL 381-R Correct Answer: Letter of notification of facility security clearance. This document notifies a facility that they are cleared to handle classified material DISCO Form 2 Correct Answer: Request for Forms - additional PSQ and NAQ forms may be ordered from DISCO with this form DISCO Form 560 Correct Answer: Letter of Consent - Used by DISCO to notify a contractor that a PCL or limited access authorization has been granted to an employee
SF 153
Correct Answer: COMSEC Material Report - Used to track the disposition of classified material, transfer, inventory, destruct, receipt or other SF 311 Correct Answer: Agency Information Security Program Data - data collection form that every executive branch agency submits on an annual basis to report the total # of OCA's, classification decisions, mandatory review request, and declass decision for that particular agency. The data collected is reported in the annual report to the president. SF 312 (SF 189 and 189A) Correct Answer: Classified information nondisclosure agreement - a contractual agreement between the U.S. government and a cleared employee in which the employee agrees never to disclose classified information to an unauthorized person SF 328 Correct Answer: Certificate Pertaining to Foreign Interest - The NISPON requr3is this form be submitted during the initial facility clearance process and when significant changes occur to information previously forwarded SF 700 Correct Answer: Security Container Information - 2 part form consisting of an envelope w/a tear off tab and cover sheet. The cover sheet and face of envelope
provide space for information about activity, container, type of lock and who to contact if container is left open SF 703, 704, 705 Correct Answer: Top Secret cover sheet SF 704 Correct Answer: Secret cover sheet SF 705 Correct Answer: Confidential cover sheet SF 706, 707, 708, 709, 710 Correct Answer: 706 - TS media label; 707 - S media label; 708 - Confidential media label; 709 - Classified media label; 710 Unclassified media label. If a media contains classified or unclassified data SF 711 Correct Answer: Data Description Label - used to identify additional safeguarding controls pertaining to classified information that is stored or contained on various forms of media DCS Form 1
adversaries. It is an analytical, risk-based process that incorporates five distinct elements: critical information identification, threat analysis, vulnerability analysis, risk assessment, and OPSEC countermeasures. OPSEC Countermeasures Correct Answer: Methods and means to gain and maintain essential secrecy about critical information Adversary Correct Answer: An individual, group, organization, or government that must be denied critical information Critical Information Correct Answer: Specific facts about friendly intentions, capabilities, and activities vitally needed by adversaries for them to plan and act effectively to guarantee failure or unacceptable consequences for friendly mission accomplishment The five-step OPSEC process Correct Answer: 1. Identify critical information 2. Analyze threats 3.Analyze vulnerabilities 4. Assess risks 5.Apply OPSEC countermeasures Ways to protect critical information
Correct Answer: Disclose information about your mission and organization judiciously and on a need-to-know basis. 1. Do not discuss your work in public places or where others can overhear your conversation 2. Do not discuss critical information on unencrypted telephones 3. Do not include critical information in unencrypted e-mail messages 4. Do not reveal critical information, indicators, or personal information on the Internet 5. Shred paper documents before placing them in the trash 6. Refer all inquiries from the press to your organization's public affairs office OPSEC countermeasures Correct Answer: 1. Minimize predictable patterns 2. Conceal indicators that may point to critical information 3. Make indicators seem unimportant 4. May be as simple as choosing not to talk about something 5. Protect critical information Five categories of risk process assets Correct Answer: 1. Assess assets (identify value of asset and degree of impact if asset is damaged or lost) 2. Assess threats (type and degree of threat) 3. Assess vulnerabilities (identification and extent of vulnerabilities) 4. Assess risks (calculation of risks) 5. Determine countermeasures (security countermeasure options that can reduce or mitigate risks cost effectively Five categories of assets Correct Answer: 1. People 2. Information 3. Equipment 4. Facilities 5. Activities & Operations
32 CFR Parts 2001 & 2003, "Classified National Security Information; Final Rule" Correct Answer: The Information Security Oversight Office (ISOO) document that governs the DoD Information Security Program Security Violation Correct Answer: An event that results in or could be expected to result in the loss or compromise of classified information Unauthorized Disclosure Correct Answer: Communication or physical transfer of classified or controlled unclassified information to an unauthorized recipient Termination Briefing Correct Answer: This briefing is given when an individual's employment is terminated, clearance eligibility is withdrawn, or if the individual will be absent from duty for 60 days or more. It is also given to those who have been inadvertently exposed to classified information. Foreign Travel Briefing Correct Answer: This briefing that applies to cleared personnel who plan to travel in or through foreign countries, or attend meetings attended by representatives of other countries.
Refresher Briefing Correct Answer: This briefing is presented annually to personnel who have access to classified information or assignment to sensitive duties. Secret Correct Answer: Unauthorized disclosure of this information could reasonably be expected to cause serious damage to our national security. Top Secret Correct Answer: Unauthorized disclosure of this information could reasonably be expected to cause exceptionally grave damage to our national security. Confidential Correct Answer: Unauthorized disclosure of this information could reasonably be expected to cause damage to our national security. Freedom of Information Act (FOIA) Correct Answer: The act regarding the withholding information from public release; framework and guidance for evaluation for public release for info to be exempt are from the 9 distro statements Derivative Classification
