Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search Store documents

The best documents sold by students who completed their studies

Search through all study resources
Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

University Rankings

Discover the best universities in your country according to Docsity users

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

From our blog

Exams and Study
Go to the blog

SPēD SFPC EXAM All Areas questions with correct answers., Exams of Nursing

Meharry Medical College (MMC)Nursing

SPēD SFPC EXAM All Areas questions with correct answers.

Typology: Exams

2024/2025

Available from 10/13/2024

Lectjoshua
Lectjoshua 🇺🇸

4.8

(6)

8.7K documents

1 / 14

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
SPēD SFPC EXAM All Areas questions with
correct answers
Indicators of insider threats - correct answer -1. Failure to report overseas travel or contact with foreign nationals
2. Seeking to gain higher clearance or expand access outside job scope
3. Engaging in classified conversations without NTK
4. Working inconsistent hours
5. Exploitable behavior traits
6. Repeated security violations
7. Unexplainable affluence/living above one's means
8. Illegal downloads of information/files
Elements that should be considered in identifying Critical Program
Information - correct answer -Elements which if compromised could:
1. cause significant degradation in mission effectiveness,
2. shorten expected combat-effective life of system
3. reduce technological advantage
4. significantly alter program direction; or
5. enable adversary to defeat, counter, copy, or reverse engineer technology/capability.
Elements that security professional should consider when assessing and managing risks to DoD assets (risk management
process) - correct answer -1. Assess assets
2. Assess threats
3. Assess Vulnerabilities
4. Assess risks
5. Determine countermeasure options
6. Make RM decision
The three categories of Special Access Programs - correct answer -acquisition, intelligence, and operations & support
Types of threats to classified information - correct answer -Insider Threat, Foreign Intelligence Entities (FIE), criminal
activities, cyber threats, business competitors
The concept of an insider threat - correct answer -An employee who may represent a threat to
national security. These threats encompass potential espionage, violent acts against the Government or the nation, and
unauthorized disclosure of classified information
The purpose of the Foreign Visitor Program - correct answer -To track and approve access by a foreign entity to information
that is classified; and to approve access by a foreign entity to information that is unclassified, related to a U.S. Government
contract, or plant visits covered by ITAR.
Special Access Program - correct answer -A program established for a specific class of
classified information that imposes safeguarding and access requirements that exceed those normally required for
information at the same classification level.
Enhanced security requirements for protecting Special Access Program (SAP) information - correct answer -Within Personnel
Security:
• Access Rosters;
• Billet Structures (if required);
• Indoctrination Agreement;
• Clearance based on appropriate investigation completed within last 5/6
years;
• Individual must materially contribute to program and have need to know (NTK);
• SAP personnel subject to random counterintelligence scope polygraph;
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe

Partial preview of the text

Download SPēD SFPC EXAM All Areas questions with correct answers. and more Exams Nursing in PDF only on Docsity!

SPēD SFPC EXAM All Areas questions with

correct answers

Indicators of insider threats - correct answer -1. Failure to report overseas travel or contact with foreign nationals

  1. Seeking to gain higher clearance or expand access outside job scope
  2. Engaging in classified conversations without NTK
  3. Working inconsistent hours
  4. Exploitable behavior traits
  5. Repeated security violations
  6. Unexplainable affluence/living above one's means
  7. Illegal downloads of information/files Elements that should be considered in identifying Critical Program Information - correct answer -Elements which if compromised could:
  8. cause significant degradation in mission effectiveness,
  9. shorten expected combat-effective life of system
  10. reduce technological advantage
  11. significantly alter program direction; or
  12. enable adversary to defeat, counter, copy, or reverse engineer technology/capability. Elements that security professional should consider when assessing and managing risks to DoD assets (risk management process) - correct answer -1. Assess assets
  13. Assess threats
  14. Assess Vulnerabilities
  15. Assess risks
  16. Determine countermeasure options
  17. Make RM decision The three categories of Special Access Programs - correct answer -acquisition, intelligence, and operations & support Types of threats to classified information - correct answer -Insider Threat, Foreign Intelligence Entities (FIE), criminal activities, cyber threats, business competitors The concept of an insider threat - correct answer -An employee who may represent a threat to national security. These threats encompass potential espionage, violent acts against the Government or the nation, and unauthorized disclosure of classified information The purpose of the Foreign Visitor Program - correct answer -To track and approve access by a foreign entity to information that is classified; and to approve access by a foreign entity to information that is unclassified, related to a U.S. Government contract, or plant visits covered by ITAR. Special Access Program - correct answer -A program established for a specific class of classified information that imposes safeguarding and access requirements that exceed those normally required for information at the same classification level. Enhanced security requirements for protecting Special Access Program (SAP) information - correct answer -Within Personnel Security:
  • Access Rosters;
  • Billet Structures (if required);
  • Indoctrination Agreement;
  • Clearance based on appropriate investigation completed within last 5/ years;
  • Individual must materially contribute to program and have need to know (NTK);
  • SAP personnel subject to random counterintelligence scope polygraph;
  • Polygraph examination, if approved by the DepSecDef, may be used as a mandatory access determination;
  • Tier review process;
  • Personnel must have Secret or TS clearance;
  • SF-86 must be current within one year;
  • Limited Access;
  • Waivers required for foreign cohabitants, spouses, and immediate family members. Within Industrial Security: The SecDef or DepSecDef can approve carve-out provision to relieve Defense Security Service of industrial security oversight responsibilities. Within Physical Security:
  • Access Control;
  • Maintain SAP Facility;
  • Access Roster;
  • All SAPs must have unclassified nickname/ Codeword (optional). Within Information Security:
  • The use of HVSACO;
  • Transmission requirements (order of precedence). Responsibilities of the Government SAP Security Officer/Contractor Program Security Officer (GSSO/ CPSO) - correct answer -• Possess personnel clearance and Program access at least equal to highest level of Program classified information involved.
  • Provide security administration and management for organization.
  • Ensure personnel processed for access to SAP meet prerequisite personnel clearance and/or investigative requirements specified.
  • Ensure adequate secure storage and work spaces.
  • Ensure strict adherence to the provisions of NISPOM, its supplement, and the Overprint.
  • When required, establish and oversee classified material control program for each SAP.
  • When required, conduct an annual inventory of accountable classified material.
  • When required, establish SAPF.
  • Establish and oversee visitor control program.
  • Monitor reproduction/duplication/destruction capability of SAP information
  • Ensure adherence to special communications capabilities within SAPF.
  • Provide for initial Program indoctrination of employees after access is approved; rebrief and debrief personnel
  • Establish and oversee specialized procedures for transmission of SAP material to and from Program elements
  • When required, ensure contractual specific security requirements are accomplished.
  • Establish security training and briefings specifically tailored to unique requirements of SAP. The five Cognizant Security Agencies (CSAs) - correct answer -Department of Defense (DoD), Director of National Intelligence (DNI), Department of Energy (DoE), Department of Homeland Security (DHS) and the Nuclear Regulatory Commission (NRC). Cognizant Security Agencies (CSA)s' role in the National Industrial Security Program (NISP). - correct answer -Establish general industrial security programs and oversee/administer security requirements Primary authorities governing foreign disclosure of classified military information - correct answer -1. Arms Export Control Act
  1. National Security Decision Memorandum 119
  2. National Disclosure Policy-
  3. International Traffic in Arms Regulation (ITAR)
  4. E.O.s 12829, 13526
  5. Bilateral Security Agreements

· Equivalent to Tier 3 NACI - correct answer -National Agency Check with Inquiries for civilians and contractors: · Non-Sensitive positions · Low Risk · HSPD-12 Credentialing National Agency Check (NAC) - correct answer -The fingerprint portion of personnel security investigation (PSI) The purpose of due process in Personnel Security Program (PSP) - correct answer -Ensures fairness by providing subject opportunity to appeal unfavorable adjudicative determination Personnel security program (PSP) security clearance eligibility process - correct answer -1. designation: check position responsibilities to validate need for investigation

  1. pre-investigation: initiate e-QIP, review for completeness/correctness, submit to DCSA (investigative entity)
  2. investigation: conduct based on risk/sensitivity level of position; conducted by DCSA (investigation results sent to DoDCAF)
  3. adjudication: evaluation of investigation report against 13 adjudicative guidelines (DoDCAF makes eligibility determination)
  4. reinvestigation/continuous evaluation: favorably adjudicated personnel reviewed to determine whether still eligible to maintain security clearance SF 312 Classified Information Non-Disclosure Agreement - correct answer -Contractual agreement between the US Gov't and cleared employee that must be executed as a condition of access Agreement to never disclose classified information to an unauthorized person Procedures for initiating Personnel Security Investigations (PSIs) - correct answer -1. Validate need for investigation
  5. Initiate e-QIP
  6. Review Personnel Security Questionnaire (PSQ) for completeness
  7. Submit electronically to OPM T/F: Only U.S. citizens may be granted a security clearance. - correct answer -True T/F: A security clearance guarantees that any individual will be granted access to classified information. - correct answer - False. Individual must also have NTK and sign a SF 312. T/F: Any individual with an official need to know to conduct assigned duties will be granted a clearance. - correct answer - False. The granting of a clearance is based on the favorable determination of an individual's integrity, loyalty, and trustworthiness by examining them against the 13 adjudicative guidelines. T/F: Non U.S. citizens are restricted from gaining access to classified. - correct answer -False. While non-U.S. citizens are restricted from receiving security clearances, they can gain limited access to classified information through a Limited Access Authorization (LAA). Only goes up to Secret level (NOT TOP SECRET). T/F: Non-US citizens are restricted from receiving security clearances. - correct answer -True. T/F: An individual must have a need for regular access to classified or sensitive information to establish a need for a security clearance. - correct answer -True. T/F: Ease of movement within a facility is an acceptable justification for obtaining a security clearance. - correct answer - False. Seeking ease of movement is not an acceptable justification for obtaining a security clearance. DoD position sensitivity types - correct answer -1. Critical/Special Sensitive--> TS
  8. Non-Critical Sensitive--> Confidential and Secret
  9. Non-Sensitive--> not national security positions T/F: Civilians in non-sensitive positions may receive security clearances. - correct answer -False. Only individuals in sensitive

positions receive security clearances. Investigative requirement for a Critical/Special-Sensitive position - correct answer -Single scope background investigation (SSBI aka T5), SSBI-PR (T5R), or PPR Investigative requirement for a Non-Critical Sensitive position - correct answer -ANACI or NACLC (T3) Revocation - correct answer -When current security clearance eligibility determination is rescinded Denial - correct answer -Initial request for security clearance eligibility is not granted What is the purpose of the Statement of Reasons (SOR)? - correct answer -Provide comprehensive and detailed written explanation of why preliminary unfavorable adjudicative determination was made. Can be appealed! The 13 Adjudicative Guidelines - correct answer -1. Allegiance to United States

  1. Foreign Influence
  2. Foreign Preference
  3. Sexual Behavior
  4. Personal Conduct
  5. Financial Considerations
  6. Alcohol Consumption
  7. Drug Involvement
  8. Psychological Conditions
  9. Criminal Conduct
  10. Handling Protected Information
  11. Outside Activities
  12. Use of Information Technology Systems Categories of approved classified material storage locations - correct answer -Storage Containers
  13. Security containers (e.g., field safes, cabinets)
  14. Vaults (including modular vaults)
  15. Open storage area (secure area/secure room) Storage Facilities
  16. SCIF (SCI information)
  17. AA&E storage facility (arms, ammunition, and explosives)
  18. Nuclear storage facility (nuclear weapons) Construction requirements for vault doors - correct answer -1. Constructed of hardened steel
  19. Hung on non-removable hinge pins or with interlocking leaves.
  20. Equipped with a GSA-approved combination lock.
  21. Emergency egress hardware (deadbolt or metal bar extending across width of door). The purpose of intrusion detection systems - correct answer -To deter, detect, and document unauthorized entry into secured areas The purpose of barriers - correct answer --Define physical limits of installation -Channel traffic -Impede access -Shield activities within installation from direct observation The purpose of an Antiterrorism Program - correct answer -Protect DoD personnel, their families, installations, facilities, information, and other material resources from terrorist acts Force Protection Condition (FPCONS) levels - correct answer -Measures taken to protect personnel and assets from attack; issued by COCOMs and installation commanders/facility directors Levels: Normal, Alpha, Bravo, Charlie, Delta

be absent from duty 60 days or more. Also given to those inadvertently exposed to classified information. Foreign Travel Briefing - correct answer -Given to cleared personnel who plan to travel in or through foreign countries, or attend meetings attended by representatives of other countries. Refresher Briefing - correct answer -Presented annually to personnel who have access to classified information or assignment to sensitive duties. Aims of Special Access Programs (SAPs) - correct answer -1. Protect technological breakthroughs

  1. Cover exploitation of adversary vulnerabilities
  2. Protect sensitive operational plans
  3. Reduce intelligence on U.S. capabilities Protection Level - correct answer -Communicates how SAP is acknowledged and protected Acknowledged SAP - correct answer -Existence-openly recognized Purpose-identified Program details-classified Funding-generally unclassified Unacknowledged - correct answer -Existence-protected Purpose-protected Program details-classified Funding-classified, unacknowledged, not directly linked to program Waived - correct answer -Unacknowledged SAPs with waived reporting requirements; reporting and access controls are more restrictive 4 Phases of SAP Lifecycle - correct answer -1. Establishment (is extra protection warranted?)
  4. Management and Administration (continued need? processes followed?)
  5. Apportionment (proper measures in place? approval received)
  6. Disestablishment (program no longer needed?) Component-level SAP Central Offices - correct answer -Manage and oversee list of SAP facilities Exist for each military component, the Joint Chiefs of Staff, Defense Advanced Research Projects Agency (DARPA), and Missile Defense Agency (MDA) Special Access Program Oversight Committee (SAPOC) - correct answer -The final SAP approving body chaired by the Deputy Secretary of Defense; make final approval decision Senior Review Group (SRG) - correct answer -Principal working-level body executing governance process. Make unanimous recommendation which is forwarded to DepSecDef for decision SAP Senior Working Group (SWG) - correct answer -Coordinate, deconflict, and integrate SAPs DoD Special Access Central Office (SAPCO) - correct answer -"One voice to Congress"/DoD SAP legislative liaison--> notifies Congress of SAP approval decision OSD-level SAP Central Offices - correct answer -Exercise oversight for specific SAP category under their purview: Acquisition-Office of USD for Acquisition, Technology, and Logistics Intelligence-Office of USD for Intelligence Operations & Support-Office of USD for Policy Authorization, Appropriations, and Intelligence Congressional - correct answer -Congressional committees granted SAP access PIE-FAO - correct answer -Personnel, information, equipment, facilities, activities, and operations

Antiterrorism Officer (individual involved in PHYSEC) - correct answer -Responsible for antiterrorism program CI Support (individual involved in PHYSEC) - correct answer -Responsible for providing valuable information on the capabilities, intentions, and threats of adversaries OPSEC Officer (individual involved in PHYSEC) - correct answer -Analyzes threats to assets and their vulnerabilities Physical Security Officer (individual involved in PHYSEC) - correct answer -Management, implementation, and direction of all physical security programs Law Enforcement (individual involved in PHYSEC) - correct answer -Must be integrated into intelligence gathering process; part of coordinating emergency responses and criminal incidents on a Federal installation Criticality - correct answer -Determination based on asset's importance to national security and effect of loss Area Security - correct answer -Security is geared towards protecting entire area of installation or facility Threat - correct answer -Intention and capability of adversary to undertake detrimental actions Point Security - correct answer -Security focused on resource itself Barrier Types - correct answer -1. Active-require action by personnel to permit entry

  1. Passive-effectiveness relies on bulk/mass; no moving parts
  2. natural-define boundaries and provide protection True or False: Site lighting is used to enable guard force personnel to observe activities inside or outside the installation - correct answer -True True or False: Standby lighting is used when regular lighting is not available - correct answer -False. Emergency lighting is used when regular lighting it not available. Standby lighting is activated by alarms or motion and operate as effective intruder deterrents. Two-way radio - correct answer -Assist in security; must always be back-up communication systems in addition to radios Intrusion Detection Systems (IDS) - correct answer -Detect, deter, and document intrusion. DO NOT prevent. Sends signal through wires when triggered Closed Circuit Televisions (CCTV) - correct answer -Has camera that captures visual image, converts image to video signal, and transmits image to remote location; provides video evidence and captures activity personnel may not have seen Automated access control systems - correct answer -Allows biometric (e.g., fingerprints, hand geometry, iris scan) and non- biometric (e.g., card swipe reader, key system, pin) forms of identification Common Access Card (CAC) - correct answer -Form of manual access control. Enables self-authentication on security websites and securely log into computer systems Mechanical combination lock - correct answer -Form of built-in combination lock. Operated entirely by mechanical means. Combination only changed with key. Combination padlock - correct answer -Permitted for securing confidential and secret info. May require supplemental controls. Electromechanical combination lock - correct answer -Form of built-in combination lock. Permitted for securing classified info. Ex: X-07/08/09/10 and CDX-07/08/09/ Low security padlock - correct answer -Key-operated padlock that has limited resistance to forced entry

Contracting Officer - correct answer -Government role Enter into, administer, and/or terminate contracts Contracting Officer's Representative (COR) - correct answer -Government role

  1. assigned to specific contract
  2. communicate security requirements
  3. verify/sponsor FCL
  4. subject matter expert with regular contact with contractor Statement of Work (SOW) - correct answer -Outlines project background and end-product objectives (what is to be completed as part of contract) DD Form 441: DoD Security Agreement - correct answer -- Legally binding contract between government and contractor
  • Contractor agrees to comply with NISPOM and acknowledge government review to ensure compliance
  • Government agrees to process contractor PCLs and provide guidance/oversight (must be completed before work begins) DD Form 254: DoD Contract Security Classification Specification - correct answer -Outlines security requirements and classification guidance (coordinated between contract knowledge, program knowledge, subject matter expert, and industrial/info security knowledge) A cleared individual can only have access at the _______ level as the facility clearance - correct answer -Same For the purpose of a visit to another cleared facility, a clearance can be verified by looking in ________ - correct answer -DISS The issuance of ________ is the responsibility of the DoD CAF - correct answer -Eligibility Secret - correct answer -Unauthorized disclosure of this information could reasonably be expected to cause serious damage to our national security. Top Secret - correct answer -Unauthorized disclosure of this information could reasonably be expected to cause exceptionally grave damage to our national security. Confidential - correct answer -Unauthorized disclosure of this information could reasonably be expected to cause damage to our national security. Derivative Classification - correct answer -Incorporating, paraphrasing, restating, or generating info already classified and marking newly developed material consistent with original source document The five requirements for Derivative Classification - correct answer -1. Observe and respect the OCA's original classification determination.
  1. Apply the required markings.
  2. Only use authorized sources.
  3. Use caution when paraphrasing. 5/ Always take the appropriate steps to resolve any doubt you have. Original Classification - correct answer -Initial determination that information requires protection against unauthorized disclosure Compilation - correct answer -Unclassified (or lower classified) information combined to create classified (or higher classified) information Contained in - correct answer -Incorporating classified information from source document into new document and no additional analysis needed to determine classification Revealed by - correct answer -Classified information that has been restated or paraphrased (not explicitly stated word-for-

word) from source document but classification deduced from interpretation or analysis Original Classification Authority (OCA) - correct answer --Authorized to make initial classification determination -Request for OCA contains mission justification and position title -Delegated in writing by president to occupant of position, not to an individual by name -Not able to delegate further unless "acting" -Specifies highest level OCA can classify piece of information and their jurisdiction -OCA training -Demonstrable and continuing need for such authority at least 2x a year Security Classification Guides (SCG) - correct answer -Preferred method of classification determination communication. Contains classification levels, downgrading and declassification instructions, and special handling requirements for programs, projects, plans, etc. 3 Types of Authorized Sources - correct answer -1. Security classification guide (SCG)

  1. properly marked source document
  2. DD Form 254 *when conflict is present, SCG always takes precedence 6 Step Original Classification Process - correct answer -1. Official (is info owned/produced/controlled by government?)
  3. Eligibility (does it fall into one of eight classification eligibility categories? are there prohibitions or limitations against classification? has info already been classified?)
  4. Impact (does unauthorized disclosure create potential for damage to national security?)
  5. Classification Level (confidential, secret, TS)
  6. Duration (downgrade? declassify?)
  7. Communication (via SCG or properly marked source document) 8 classification eligibility categories - correct answer -1. military plans/weapon systems/operations
  8. foreign government information (FGI)
  9. intelligence activities/sources/methods
  10. foreign relations/activities of U.S.
  11. scientific/technological/economic matters relating to national security
  12. programs for safeguarding nuclear materials/facilities
  13. vulnerabilities/capabilities of systems/installations/projects/plans relating to national security
  14. weapons of mass destruction (WMDs) classification prohibitions - correct answer -1. concealing violations of law, inefficiency, or administrative error
  15. preventing embarrassment
  16. restraining competition
  17. preventing/delaying release of information that does not require protection Declassification - correct answer -Change in status from classified to unclassified Automatic declassification - correct answer -Permanently Valuable Historical records are declassified 25 years from original classification date Systematic declassification review - correct answer -Information exempt from automatic declassification is reviewed for possible declassification Mandatory Declassification Review (MDR) - correct answer -Process for public to request review for declassification and public release of classified information Scheduled Declassification - correct answer -OCA, at the time of original classification, sets date or event for declassification within 25 years Custodians - correct answer -People who are in possession of, or who are otherwise charged with safeguarding classified

Methods to send confidential information - correct answer -Defense Courier Service (DCS), cleared courier/escort, USPS First Class, USPS priority mail express, USPS registered mail, and USPS certified mail (plus others-refer to CDSE course IF107.16) Methods to send secret information - correct answer -Defense Courier Service (DCS), cleared courier/escort, USPS registered mail, USPS priority mail express (plus others-refer to CDSE course IF107.16) Methods to send top secret information - correct answer -ONLY 6 methods

  1. direct contact
  2. cryptographic systems
  3. Defense Courier Service (DCS)
  4. Department of State Courier Service
  5. DoD Component Courier Service
  6. Cleared courier/escort True or False: Hand carrying classified information should only be done as a last resort - correct answer -True Responsibilities of couriers - correct answer -1. Ensure preparation of all documents (e.g., personal travel documents, inventory of classified materials [two copies: one for courier, one in security office], letter of authorization [for commercial air travel, one per flight])
  7. do not discuss material in public
  8. do not deviate from authorized travel schedule
  9. do not leave materials unattended/unsecured
  10. do not store material in unauthorized manner
  11. do not open material en-route
  12. can open package at customs (must be away from public view and must reseal package)
  13. protect material in case of emergency
  14. inventory material upon return
  15. ultimately: liable and responsible for materials When is a DD Form 2501 Courier Authorization Card issued? - correct answer -When a continuing need is identified True or False: When someone is carrying classified information, written authorization is always required - correct answer - True. Microfiche destruction method - correct answer -Burned, shredded, destroyed with chemicals that destroy imprints Typewriter ribbon destruction method - correct answer -Burned or shredded Floppy disk destruction method - correct answer -Burned, overwritten, or demagnetized Document destruction method - correct answer -Burned, shredded, or chemically decomposed of Videotape destruction method - correct answer -Burned, shredded, or demagnetized Homeland Security Presidential Directive 12 (HSPD-12) - correct answer -Requires government-wide development and implementation of standard for secure and reliable forms of identification for Federal employees and contractors. DoD 5200.08-R - correct answer -Physical Security Program regulation Describe the following cyber security principles critical to the protection of information and information networks: least privilege, defense-in-depth, situational awareness. - correct answer -Least privilege: The principle that a security architecture should be designed so that each entity is granted the minimum system resources and authorizations that the entity needs to perform its function. Situational Awareness: Within a volume of time and space, the perception of an enterprise's security posture and its threat environment; the comprehension/meaning of both taken together (risk); and the projection of their status into the near future.

Defense-in-depth: Security strategy integrating people, technology, and operations capabilities to establish variable barriers across multiple layers and missions of the organization. National Security Council (NSC) - correct answer -Provides overall policy direction for the Information Security Program Information Security Oversight Office (ISOO) - correct answer --Oversee and manages information security program under guidance of NSC. -NSC provides overall policy direction -ISOO is the operating arm -Annual report to president about each agency's security classification program, analysis and reports Under Secretary of Defense for Intelligence USD(I) - correct answer -Has primary responsibility for providing guidance, oversight, and approval authority of policies and procedures that govern DoD Information Security Program What is the Executive Order that designates the three levels of classified information? - correct answer -EO 13526 Who has designated primary and direct responsibility for SAPS within the DoD? - correct answer -Deputy Secretary of Defense (DepSecDef) How is classified information prepared for transit? - correct answer -Minimize risk of accidental exposure and facilitate detection of tampering EO 12869 - correct answer -Establishes National Industrial Security Program DoD 5220.22-M - correct answer -National Industrial Security Program Operating Manual (NISPOM) What is net national advantage? - correct answer -Information that is or will be valuable to the US either directly or indirectly What does critical program information include? - correct answer -Both classified military information and controlled unclassified information Requirements for interim clearance - correct answer -No need for immediate access, SF86 submitted, investigation opened by ISP, and all minimum requirements for interim eligibility satisfied This designation is applied to positions that include duties that require access to "Secret" information. - correct answer -Non- critical sensitive This designation is applied to positions that include duties associated with special programs such as Special Access Programs (SAP) and SCI. - correct answer -Special-sensitive Characteristics of each Force Protection Conditions (FPCONS) - correct answer -Normal: general global threat of possible terrorist activity--> routine security posture (i.e., access control at all installations) Alpha: increased general threat of possible terrorist activity against personnel/facilities; nature and extent unpredictable--> ALPHA measures must be capable of being maintained indefinitely Bravo: increased/more predictable threat or terrorist activity--> sustaining BRAVO measures may affect operational capability and military/civilian relationships Charlie: incident occurs or intelligence indicates some form of terrorist action is likely against personnel/facility---> sustaining CHARLIE measures may create hardship and affect activity of unit/personnel Delta: immediate area where terrorist attack has occurred of when intelligence indicates terrorist action against specific location/person is imminent (localized condition)--> not to be sustained for extended period of time