Download SFPC SPēD Entry Exam SFPC Security Fundamentals Professional Certification Review Question and more Exams Security Analysis in PDF only on Docsity!
Defense Counterintelligence and Security
Agency (DCSA) / SPēD Program
Security Professional Education Development
(SPēD) Certification Program
Security Fundamentals Professional Certification
SFPC Exam
Course Title and Number: SFPC Certification Exam
Exam Title: SFPC
Exam Date: Exam 2025- 2026
Instructor: ____ [Insert Instructor’s Name] _______
Student Name: ___ [Insert Student’s Name] _____
Student ID: ____ [Insert Student ID] _____________
Examination
Time: - ____ Hours: ___ Minutes
Instructions:
**1. Read each question carefully.
- Answer all questions.
- Use the provided answer sheet to mark your responses.
- Ensure all answers are final before submitting the exam.
- Please answer each question below and click Submit when you have** **completed the Exam.
- This test has a time limit, The test will save and submit automatically** **when the time expires
- This is Exam which will assess your knowledge on the course Learning** Resources.
📱Hit Me UP__ Inbox Open 24/7 – 365 …...!!!! 📱 Chat with us here: 📱 Hybridgrades101@gmail.com SFPC SPēD Entry Exam SFPC Security Fundamentals Professional Certification Review Questions and Answers | 100% Pass Guaranteed | Graded A+ | 2025- Security Fundamentals Professional Certification SFPC SPēD Certification Program SFPC Exam SPēD Security Professional Education Development Read All Instructions Carefully and Answer All the Questions Correctly Good Luck: - True or false? Cybersecurity is important so that risk is eliminated. True
False - =Answer>> False
Select ALL of the correct responses. What are the Risk Management Framework (RMF) steps designed to mitigate risk? A Categorize System B Select Security Controls C Implement Security Controls
D Assess Security Controls - =Answer>> B & C
What activities occur in Step 4 of the Risk Management Framework (RMF), Assess Security Need Writing 📱Help? We've Got You Covered! ✍️� 100% NO A I or Plagiarism Guaranteed📱 Click Here To <> Follow Link https://yourassignmenthandlers.kit.com/93b2309b !!!.ORDER NOW.!!! << TO GET INSTANT EXPERT HELP >> !!!.ORDER NOW.!!!
📱Hit Me UP__ Inbox Open 24/7 – 365 …...!!!! 📱 Chat with us here: 📱 Hybridgrades101@gmail.com In which step of the Risk Management Framework (RMF) would you implement the decommissioning strategy? A. Step 3 - Implement security controls B. Step 4 - Assess security controls C. Step 5 - Authorize system
D. Step 6 - Monitor security controls - =Answer>> D
What evolving threats are attempts by hackers to damage or destroy a computer network or system? A. Insider Threat B. Social Media C. Cyber Attack
D. Mobile Computing - =Answer>> C
What is the first step in the Risk Management Framework (RMF)? A. Categorize System B. Authorize System C. Implement Security Controls D. Select Security Controls E. Assess Security Controls
F. Monitor Security Controls - =Answer>> A
Select ALL of the correct responses. What is included in the security authorization package? A Security Assessment Report (SAR) B Plan of Action and Milestones (POA&M) C Security Plan
D None of the above - =Answer>> A, B & C
Which two attributes are most important from an information security perspective? Select one: A. Confidentiality and integrity B. Confidentiality and authentication C. Integrity and non-repudiation Need Writing 📱Help? We've Got You Covered! ✍️� 100% NO A I or Plagiarism Guaranteed📱
📱Hit Me UP__ Inbox Open 24/7 – 365 …...!!!! 📱 Chat with us here: 📱 Hybridgrades101@gmail.com
D. Integrity and authentication - =Answer>> B.
What cybersecurity attribute guards against improper modification to or destruction of information? For example, this attribute prevents a user from improperly or maliciously modifying a
database. - =Answer>> Integrity
What cybersecurity attribute ensures timely and reliable access to and use of information? For example, this attribute ensures that an information system is accessible when an authorized user needs it. -
=Answer>> Availability
What cybersecurity attribute is the mechanism that authorizes or allows access to computer systems and networks and the data that resides there? For example, a Common Access Card (CAC) is one method to provide system identification that applies this attribute. -
=Answer>> Authentication
What cybersecurity attribute ensures that a party in an electronic exchange cannot deny their participation or the authenticity of the message? For example, a digital signature in an email message
confirms the identity of the sender. - =Answer>> Non-repudiation
What cybersecurity attribute preserves authorized restrictions on information disclosure and includes the ability to protect personal privacy and proprietary information. For example, this attribute guards against a user without proper clearance accessing classified
information. - =Answer>> Confidentiality
Who prepares the Security Assessment Report (SAR)? Select one: a. USCYBERCOM b. Security Controls Assessor (SCA) c. Security Personnel
d. DoD CIO - =Answer>> B.
Need Writing 📱Help? We've Got You Covered! ✍️� 100% NO A I or Plagiarism Guaranteed📱
📱Hit Me UP__ Inbox Open 24/7 – 365 …...!!!! 📱 Chat with us here: 📱 Hybridgrades101@gmail.com Select one: a. Limitation b. Acceptance c. Avoidance
d. All of the above - =Answer>> D
Select ALL of the correct responses. What does the information owner do when determining the impact of changes? Select one or more: a. Document in SAR for the AO to review b. Provide written and signed report c. Continuously monitors the system or information environment d. Reports significant changes in the security posture of the system e. Periodically assesses the quality of the security controls -
=Answer>> C, D, and E
Select ALL of the correct responses. What activities occur during implementation of security controls? Select one or more: a. Seek approvals from CIO b. Document security control implementation in the security plan c. Communicate updates to appropriate audiences d. Create appropriate training and communication plans e. Ensure consistency with DoD architectures
f. Identify security controls available for inheritance - =Answer>>
B, E, and F What are the implied skills of security personnel? Select one: a. Counsel stakeholders on security-related concerns b. Execute security awareness training c. Analysis
d. All of the above - =Answer>> D
Need Writing 📱Help? We've Got You Covered! ✍️� 100% NO A I or Plagiarism Guaranteed📱
📱Hit Me UP__ Inbox Open 24/7 – 365 …...!!!! 📱 Chat with us here: 📱 Hybridgrades101@gmail.com Select ALL of the correct responses. Which steps of the Risk Management Framework (RMF) are designed to evaluate risk? A. Step 1 - Categorize System. B. Step 2 - Select Security Controls. C. Step 3 - Implement Security Controls. D. Step 4 - Assess Security Controls. E. Step 5 - Authorize System.
F. Step 6 - Monitor Security Controls. - =Answer>> D, E, and F
Select ALL of the correct responses. Which activities occur during Step 2, Select Security Controls? Select one or more: a. Unique Control Identification b. Common Control Identification c. Security Plan Review and Approval d. Security Plan Creation
e. Monitoring Strategy - =Answer>> B, C, and E
Which of the following is defined as defensive measures used to reduce the vulnerability of individuals and property to terrorist attacks, to include limited response and containment? Select one: a. Threat Level Indicators b. Force Protection c. Physical Security Plan
d. Antiterrorism - =Answer>> D
Which of the following typically establish duties, roles, and responsibilities at individual assignments, checkpoints, and gates? Select one: a. Standard Operating Procedures b. Executive Orders
c. Post Orders - =Answer>> C
The _______________________ is responsible for developing and refining antiterrorism program guidance, policy, and standards and Need Writing 📱Help? We've Got You Covered! ✍️� 100% NO A I or Plagiarism Guaranteed📱
📱Hit Me UP__ Inbox Open 24/7 – 365 …...!!!! 📱 Chat with us here: 📱 Hybridgrades101@gmail.com What regulation implements DoD policies and minimum standards for the physical protection of DoD personnel, installations, operations, and related resources? A. DoD 5200.08-R B. DoDM 5200.
C. DoDI 5200.08 - =Answer>> A
What regulation addresses the physical security aspects of protecting classified information within the information security
program? - =Answer>> B
Protective barriers, Site lighting, Security forces, Security systems, Facility access control, Lock and key systems, and Storage containers and facilities are all examples of what? A. Protective Barriers B. Physical Security Countermeasures C. Security Systems
D. Intrusion Detection - =Answer>> B
A Principal Authorizing Official (PAO) is appointed for each of the following DoD mission areas except: Select one: a. DoD portion of Intelligence b. Unit c. Enterprise Information Environment d. Warfighting
e. Business - =Answer>> B
Tier 1 of RMF guidance addresses risk management at the DoD __________ level. Select one: a. enterprise b. local c. unit
d. mission - =Answer>> A
Need Writing 📱Help? We've Got You Covered! ✍️� 100% NO A I or Plagiarism Guaranteed📱
📱Hit Me UP__ Inbox Open 24/7 – 365 …...!!!! 📱 Chat with us here: 📱 Hybridgrades101@gmail.com True or False? DoD 8510.01 requires all information systems and platform information technology (PIT) systems for both NSS and non-NSS to be categorized in accordance with CNSSI 1253. -
=Answer>> True
DoD Cybersecurity policy is located in DoDI __________. Select one: a. 8500. b. 8500. c. 8500.
d. 8510.01 - =Answer>> C
A ____________ approach requires the management of risk at both the enterprise level and system level. Select one: a. top-down b. cybersecurity c. mission oriented
d. holistic - =Answer>> D
The post-authorization period involving the continuous monitoring of an information system's security controls, which includes __________ any proposed or actual changes to the information system or its environment of operation. Select one: a. analyzing and documenting b. disclosing c. discussing
d. reporting to AO - =Answer>> A
True or False? The RMF provides a structured yet flexible approach for risk mitigation, resulting from the incorporation of information systems into the mission and business processes of an organization.
- =Answer>> False Need Writing 📱Help? We've Got You Covered! ✍️� 100% NO A I or Plagiarism Guaranteed📱
📱Hit Me UP__ Inbox Open 24/7 – 365 …...!!!! 📱 Chat with us here: 📱 Hybridgrades101@gmail.com A paragraph of a document which includes an "(N)" as part of the portion marking indicates what specific type of classified
information is contained in the paragraph? - =Answer>> Critical
Nuclear Weapons Design Information (CNWDI) What are the investigative and briefing requirements for access to
NATO information? - =Answer>> Favorably adjudicated
background investigation (T3 (10-year scope) T5 within 5 years prior to assignment), and completed a NATO Briefing. According to E.O. 13556, which is considered a type of controlled unclassified information? -Communications Security (COMSEC) Information -Declassified Information -Law Enforcement Sensitive (LES) Information -North Atlantic Treaty Organization (NATO) Information -
=Answer>> Law Enforcement Sensitive Information
What is the purpose of marking classified materials? - =Answer>>
To alert holders to the presence of classified information, how to properly protect it, and for how long. What is included in the markings of classified information? -
=Answer>> Document holder as the sole authority to make
transfer and dissemination determinations. What is the purpose of the Controlled Access Program Coordination
(CAPCO) register? - =Answer>> To identify the official classification
and control markings, and their authorized abbreviations and portion markings. When a classified data spill occurs, who is responsible for ensuring that policy requirements for addressing an unauthorized disclosure
are met? - =Answer>> Activity Security Manager
Need Writing 📱Help? We've Got You Covered! ✍️� 100% NO A I or Plagiarism Guaranteed📱
📱Hit Me UP__ Inbox Open 24/7 – 365 …...!!!! 📱 Chat with us here: 📱 Hybridgrades101@gmail.com There are five information assurance attributes that are important to protect and defend DoD networks and information. If there was a loss in non-repudiation, what would this cause in relation to
information assurance? - =Answer>> Data may potentially be
available to unauthorized users via electronic form. What are the 5 information assurance attributes that are important to protect and defend DoD networks and information? -
=Answer>> Confidentiality
Integrity Availability Authenticity Non-repudiation At the end of the day, Karen was leaving and taking with her unclassified documents she would review at home. When she began to review those documents that night, she realized that classified materials had slipped in between the unclassified materials. Is this a
security violation or infraction? - =Answer>> Security Violation
The ability to deny you are the sender of an email would be an
indication of a lapse in what? - =Answer>> Integrity
Unauthorized disclosure and loss of privacy is a lapse in what? -
=Answer>> Confidentiality
What is the first action done to downgrade, declassify or remove
classification markings? - =Answer>> Contact the Original
Classification Authority through the appropriate chain of command to confirm that the information does not have an extended classification period. What are some requirements to perform classified activities from a
non-traditional location? (e.g. the employee's home) - =Answer>>
Employee must be trained to properly operate classified information Need Writing 📱Help? We've Got You Covered! ✍️� 100% NO A I or Plagiarism Guaranteed📱
📱Hit Me UP__ Inbox Open 24/7 – 365 …...!!!! 📱 Chat with us here: 📱 Hybridgrades101@gmail.com Limited access to classified information for specific programs may be approved for non-US citizens only if the following condition is
met. - =Answer>> The prior ten years of the subject's life can be
appropriately investigated. What is the investigative requirement for access to Single Integrated Operational Plan - Extremely Sensitive Information (SIOP-ESI)? -
=Answer>> Individual has a valid favorably adjudicated Tier 5 or
Single Scope Background (SSBI) Investigation. What is the criteria for personnel to be qualified for assignment to nuclear weapons personnel reliability assurance positions? -
=Answer>> Individual is a U.S. Citizen
Individual has a security clearance eligibility in accordance with the position Individual must be continuously evaluated What is the investigation requirement for initial assignment to a Presidential Support Activity (i.e. Yankee White) Category 2 position?
- =Answer>> Favorably completed Tier 5/Single Scope Background Investigation (SSBI) within 36 months preceding selection. What is the name of the adjudication process that refers to a person's identifiable character traits and conduct sufficient to decide whether employment or continued employment would or would not protect the integrity or promote the efficiency of Federal service? -
=Answer>> Suitability Adjudication
All unclassified DoD information in the possession or control of non- DoD entities on non-DoD information systems, to the extent provided by the applicable grant, shall minimally be safeguarded
under what standards? - =Answer>> Organizational wireless
connections holding such information must be encrypted, and those Need Writing 📱Help? We've Got You Covered! ✍️� 100% NO A I or Plagiarism Guaranteed📱
📱Hit Me UP__ Inbox Open 24/7 – 365 …...!!!! 📱 Chat with us here: 📱 Hybridgrades101@gmail.com accessing such information must use encrypted wireless connections where available when traveling. Copies of personnel security investigative reports must be destroyed by DoD recipient organizations, within how many days following completion of the necessary personnel security
determination? - =Answer>> 90 Days
What level(s) of access may be granted with Limited Access
Authorization for non-U.S. citizens? - =Answer>> LAAs shall only be
granted access at the Secret and Confidential Levels Which of the following is not considered when making a security clearance eligibility determination? Education Level Alcohol Consumption Financial Considerations
Psychological Conditions - =Answer>> Education Level
A position that does not require eligibility for access to classified information, but having the potential to cause significant or serious damage to national security may be designated as what position
sensitivity? - =Answer>> noncritical sensitive
What information must be included in a Statement of Reasons
(SOR)? - =Answer>> Why an unfavorable national security
eligibility determination is being proposed. Explain each security concern and state the specific facts that trigger each security concern. Identify all applicable adjudicative guidelines for each concern, and provide the disqualifying conditions and mitigating conditions for each guideline. Which type of briefing is used to obtain confirmation that a cleared employee agrees never to disclose classified information to an Need Writing 📱Help? We've Got You Covered! ✍️� 100% NO A I or Plagiarism Guaranteed📱
📱Hit Me UP__ Inbox Open 24/7 – 365 …...!!!! 📱 Chat with us here: 📱 Hybridgrades101@gmail.com Preventing unauthorized access to information and equipment, safeguarding DoD assets against espionage and criminal activity, and providing the means to counter threats when preventative measures are ignored, best characterize the primary functions of
which program or process? - =Answer>> Physical Security
Program The process of integrating active and passive complementary physical security measures to ensure the protection of DoD assets is
known as what concept? - =Answer>> Security-In-Depth
The stealing of sensitive, proprietary information related to U.S. aerospace and defense technologies with the intent to provide such information to a foreign adversary is an example of which type of
threat to DoD assets? - =Answer>> Economic Espionage
When a Terrorism Threat Level is escalated from LOW to MODERATE, a DoD Component Head should employ which of the following countermeasures?
- Cease all flying except for specifically authorized operational sorties.
- Direct the execution of advance site reviews to facilitate the antiterrorism planning process.
- Encourage dependent family members to complete Level I Antiterrorism Awareness Training before any travel outside the continental United States (OCONUS).
- Conduct an immediate Terrorism Vulnerability Assessment for off- installation housing, schools, daycare centers, transportation. -
=Answer>> Encourage dependent family members to complete
Level I Antiterrorism Awareness Training before any travel outside the continental United States (OCONUS). What information must a request to authorize disclosure of
classified information during a visit include? - =Answer>>
Need Writing 📱Help? We've Got You Covered! ✍️� 100% NO A I or Plagiarism Guaranteed📱
📱Hit Me UP__ Inbox Open 24/7 – 365 …...!!!! 📱 Chat with us here: 📱 Hybridgrades101@gmail.com Explanation of the government purpose to perform when disclosing classified information. The subject of the meeting, scope of classified topics, and classification level. The main content of the invitation to send to the participants. Two security professionals - Paul and Ashley - are discussing the security procedures for visits and meetings. Paul says visits must serve a specific U.S. Government purpose. Ashley says DoD Components should, as a minimum, establish procedures that include verification of the identity, personnel security clearance, access (if appropriate), and need-to-know for all visitors. Who is
correct? - =Answer>> Paul is correct.
Executive Order 12829, signed in January 1993, mandated that which entity be responsible for implementing and monitoring the
National Industrial Security Program (NISP)? - =Answer>> The
National Security Council shall provide overall policy direction for the NISP, but the Director of the Information Security Oversight Office (ISOO) (in consultation with the National Security Advisor) is responsible for implementation and monitoring. What is the role of the government contracting activity (GCA), or cleared prime contractor, when a contractor that does not have a Facility Clearance (FCL) wants to bid on a Request for Proposal (RFP)
that requires access to classified information? - =Answer>> The
GCA must sponsor the contractor for a facility security clearance by submitting a sponsorship request to DSS, which initiates the facility clearance process. What is the purpose of the Federal Acquisition Regulations (FAR)? -
=Answer>> To codify and publish uniform policies and procedures
for acquisition by all executive agencies. What is the briefing given when an individual's employment is terminated, clearance eligibility is withdrawn, or if the individual will Need Writing 📱Help? We've Got You Covered! ✍️� 100% NO A I or Plagiarism Guaranteed📱
