Download SAPPC STUDY GUIDE EXAM | QUESTIONS & ANSWERS (VERIFIED) | LATEST UPDATE | GRADED A+ and more Exams Labor Management Relations in PDF only on Docsity!
SAPPC STUDY GUIDE EXAM |
QUESTIONS & ANSWERS (VERIFIED) |
LATEST UPDATE | GRADED A+
Describe the purpose, intent, and security professional's role in each step of the Command Cyber Readiness Inspections (CCRI) process Correct Answer: Defining the scope, the inspection phase, documentation of observations, and reporting findings. A security professional would have responsibilities in defining the scope of the inspection, overseeing the self-inspection and remediation efforts, and coordinating with the CCRI team throughout the remainder of the process List two factors that should be considered when determining position sensitivity Correct Answer: (1) Level of access to classified information (2) IT level needed (3) Duties associated with position Explain the process for responding to a "spillage" Correct Answer: 1. Detection (implied)
- Notification and preliminary inquiry
- Containment and continuity of operations
- Formal inquiry
- Resolution
- Reporting Explain how the adjudication process contributes to effective risk management of DoD assets Correct Answer: Determines an individual's loyalty, reliability, and trustworthiness are in the best interest of national security Explain why access control measures are contingent on Force Protection Conditions Correct Answer: The Force Protection Conditions determine the amount of control measures needed to be taken in response to various levels of threats against military facilities or installations. Define the purpose and function of the militarily critical technologies list (MCTL) Correct Answer: Serves as a technical reference for the development and implementation of DoD technology, security policies on international transfers of defense-related goods, services, and technologies as administered by the Director, Defense Technology Security Administration (DTSA). Describe how authorization of Limited Access Authority impacts risk to DoD assets Correct Answer: Increases risk by allowing a foreign national access to classified information. Reduces risk by ensuring Foreign Nationals with a unique or unusual skills
List three (3) factors for determining whether US companies are under Foreign Ownership Control of Influence (FOCI) Correct Answer: 1. Record of economic and government espionage against the US targets.
- Record of enforcement/engagement in unauthorized technology transfer.
- Type and sensitivity of the information that shall be accessed.
- The source, nature and extent of FOCI.
- Record of compliance with pertinent US laws, regulations and contracts.
- Nature and bilateral and multilateral security and information exchange agreements.
- Ownership or control in whole or part, by a foreign government. How does lack of attention to the concept of compilation of information introduce risks to DoD assets? Correct Answer: 1. Unauthorized disclosure
- Misclassification
- Security Violation
- Improper safeguarding
- Improper dissemination
- Improper handling
- Improper destruction
- Data Spill List at least three indicators of insider threats
Correct Answer: 1. Failure to report overseas travel or contact with foreign nationals.
- Seeking to gain higher clearance or expand access outside the job scope.
- Engaging in classified conversations without a need to know.
- Working hours inconsistent with job assignment or insistence on working in private.
- Exploitable behavior traits.
- Repeated security violations.
- Attempting to enter areas not granted access to.
- Unexplained affluence/living above one's means.
- Anomalies (adversary taking actions which indicate they are knowledgeable to information).
- Illegal downloads of information/files. What is the difference between physical security surveys and physical security inspections? Correct Answer: A physical security survey is a formal record assessment of an installation's overall security posture; whereas a physical security inspection is a formal record of compliance of physical procedures and measures implemented by a unit or activity to protect its assets Describe the security professional's possible roles in handling a security incident (hint SSRII) Correct Answer: 1. Secure
- Safeguard
List three elements that a security professional should consider when assessing and managing risks to DoD assets Correct Answer: 1. Asset
- Threat
- Vulnerability
- Risk
- Countermeasures Explain how visitor identification control methods are used to effectively control access to facilities Correct Answer: Ensure only authorized personnel and materials that enter and exit from an installation or facility are properly identified, verified, and authenticated Briefly define a Special Access Program Correct Answer: A program established for a specific class of classified information that imposes safeguarding and access requirements that exceed those normally required for information at the same classification level Identify the three core components of the Risk Assessment process Correct Answer: 1. Asset criticality
- Threat Assessment
- Vulnerability Assessment
List at least three (3) types of security briefings that help manage risks to DoD assets Correct Answer: 1. Initial orientation
- Annual refresher
- Threat awareness
- Foreign Travel
- Derivative classification
- Debriefings
- Termination briefing
- Counterintelligence briefing Who determines or identifies when physical security surveys and inspections are required? Correct Answer: 1. DoD Component Commanders.
- Program Managers
- Security Managers
- Physical Security Specialists/Officers List three transmission and transportation requirements that help manage risks to DoD assets Correct Answer: 1. Safeguarding
- Briefings
- Documentation
related to a US Government contract, or contractor/government facility visits covered by International Traffic in Arms Regulations (ITAR) Explain how effective implementation of the continuous evaluation process contributes to management of the risks to DoD assets Correct Answer: Ensures that individuals with security clearance eligibility and access are continuously assessed through utilization of accessible databases and other lawfully available information; continue to meet adjudicative standards; and that any issues that may arise are promptly reported and addressed Briefly describe the purpose of the DD Form 254 Correct Answer: Convey security requirements and classification guidance, and provide handling procedures for classified materials received and/or generated under a classified contract List the three categories of Special Access Programs Correct Answer: 1. Acquisition
- Intelligence
- Operations and support Identify the five Cognizant Security Agencies (CSAs) and describe their role in the National Industrial Security Program (NISP) Correct Answer: 1. Department of Defense
- Director of National Intelligence
- Department of Energy
- Nuclear Regulatory Commission
- Department of Homeland Security. Role: implement and oversee an Industrial Security Program to safeguard classified information with cleared industry under the respective CSA's jurisdiction. What are the five steps in the DoD risk management model Correct Answer: 1. Assess Assets
- Assess Threats
- Assess Vulnerabilities
- Assess Risks
- Determine Countermeasures What are 3 core components of the risk assessment process? Correct Answer: 1. Asset criticality
- Threat assessment
- Vulnerability assessment What do SAPs aim to achieve? Correct Answer: 1. Protect technological breakthroughs
- Cover exploitation of adversary vulnerabilities
- Equipment
- Facilities and
- Activities and Operations Define the four levels of asset impact loss Correct Answer: 1. Critical indicates that compromise to the assets targeted would have grave consequences leading to loss of life, serious injury, or mission failure. The rating scale is from 50- 100
- A High value indicates that a compromise to assets would have serious consequences resulting in the loss of classified or highly sensitive data that could impair operations affecting national interests for a limited period of time. The rating scale is from 13- 50
- An asset value of Medium indicates that a compromise to the assets would have moderate consequences resulting in the loss of confidential, sensitive data or costly equipment/property that would impair operations affecting national interests for a limited period of time. The rating scale is from 3- 13
- A Low value indicates that there is little or no impact on human life or the continuation of operations affecting national security or national interests. The rating scale is from 1- 3
Define the four threat criteria Correct Answer: A Critical rating indicates that a definite threat exists against the assets and that the adversary has both the capability and intent to launch an attack, and that the subject or similar assets are targeted on a frequent or recurring basis. The rating scale is set at 75-100%. A High rating indicates that a credible threat against the assets exists, based on our knowledge of the adversary's capability and intent to attack the assets and based on related incidents having taken place at similar facilities. The rating scale is 50-74%. A rating of Medium indicates that there is a potential threat to the assets based on the adversary's desire to compromise the assets and the possibility that the adversary could obtain the capability through a third party who has demonstrated the capability in related incidents. The rating scale is set from 25-49%. A Low rating indicates little or no credible evidence of capability or intent, with no history of actual or planned threats against the assets. The rating scale is set at 0-24%. What is the risk formula? Correct Answer: RISK = IMPACT x (THREAT x VULNERABILITY) What are the risk countermeasures? Correct Answer: 1. Manpower
- Information
- Facility
- Equipment What are the 8 categories of Classified Military Information (CMI)? Correct Answer: Category 1 includes information related to the organization, training, and employment of U.S. military forces. Category 2 includes information on specific items of equipment already in production, or in service, and the information necessary for their operation, maintenance, and training. Items on the U.S. Munitions List, or USML, fall within this category. Category 3 includes information related to fundamental theories, design, and experimental investigation into possible military applications; it includes engineering data, operational requirements, concepts, and military characteristics required to adopt the item for production. Development ceases when the equipment has completed suitability testing and has been adopted for use or production. Category 4 includes information related to designs, specifications, manufacturing techniques, and such related information necessary to manufacture materiel and munitions.
Category 5 includes information necessary to plan, ensure readiness for, and provide support to the achievement of mutual force development goals or participation in specific combined tactical operations and exercises. It does not include strategic plans and guidance or North American defense information. Category 6 includes information pertaining to U.S. forces in a specific area. Category 7 includes information related to plans, operations, programs, and projects, to include data and equipment, directly related to North American defense Category 8 includes military-related information that pertains to foreign nations. Define Designated Disclosure Authority (DDA) Correct Answer: An official at the subordinate component level designated by the Head of a DoD Component or the Component's Principal Disclosure Authority to control disclosures of classified military information by his or her organization Define Delegation of Disclosure Authority Letter (DDL) Correct Answer: a document issued by the appropriate designated disclosure authority explaining classification levels, categories, scope, and limitations of information under a DoD Component's disclosure jurisdiction that may be disclosed to a foreign government or international organization
