SPeD SFPC SECURITY FUNDAMENTALS PROFESSIONAL CERTIFICATION 2023 ACTUAL EXAM 200 QUESTIONS AND CORRECT DETAILED ANSWERS (VERIFIED ANSWERS) |ALREADY GRADED A

SPeD SFPC SECURITY FUNDAMENTALS PROFESSIONAL

CERTIFICATION 2023 ACTUAL EXAM 200 QUESTIONS AND

CORRECT DETAILED ANSWERS (VERIFIED ANSWERS)

|ALREADY GRADED A

Describe the purpose of a Statement of Reason (SOR) - ANSWER- Provide a

comprehensive and detailed written explanation of why a preliminary unfavorable

adjudicative determination was made.

List the primary authorities governing foreign disclosure of classified military

information. - ANSWER- Arms Export Control Act

National Security Decision Memorandum 119

National Disclosure Policy - 1

International Traffic in Arms Regulation (ITAR)

E.O.s 12829, 13526

Bilateral Security Agreements

DoD 5220.22-M, "NISPOM."

List the key procedures for initiating Personnel Security Investigations (PSIs). -

ANSWER- Validate the need for an investigation.

Initiate e-QIP.

Review Personnel Security Questionnaire (PSQ) for completeness.

Submit electronically to Office of Personnel Management (OPM).

List three categories of Special Access Programs. - ANSWER- Acquisition

Intelligence

Operations and support

List three authorized sources of security classification guidance that could be used

in the derivative classification process - ANSWER- Security Classification Guide

Properly Marked source document

Contract Security Classification Specification (DD Form 254)

List three elements that should be considered in identifying critical program

information. - ANSWER- Element which if compromised could:

Cause significant degradation in mission effectiveness.

Shorten the expected combat-effective life of the system.

Reduce technological advantage.

Significantly alter program direction.

Enable an adversary to defeat, counter, copy, or reverse-engineer the technology or

capability.

List three different physical means for approved classified storage - ANSWERGeneral Services Administration (GSA)-approved storage containers.

Vaults (including modular vaults).

Open storage area (secure rooms, to include sensitive compartmented information

facility (SCIFs) and bulk storage areas).

What is the relationship between security control baselines and system

categorization? - ANSWER- Security controls are implemented based on the

system's categorization. Specifically, once the security category of the information

system is determined, organizations begin the security control selection process,

selecting the baseline security controls corresponding to the security category of

the system.

List three construction requirements for vault doors. - ANSWER- General Services

Administration (GSA)-approved

Class 5 door.

Steel Door with tamper resistant hinge pins.

Constructed of metal.

Hung on non-removable hinge pins or with interlocking leaves.

Equipped with a GSA-approved combination lock.

Emergency egress hardware (deadbolt or metal bar extending across width of

door).

List three main policies that govern the DoD Information Security Program. -

ANSWER- E.O. 13526

Information Security Oversight Office (ISOO) 32 CFR Parts 2001 & 2003,

Classified National Security Information; Final Rule"

DoD Manual 5200.01, Volumes 1-4

List three duration/length/declassification options for originally classified

information. - ANSWER- Date or event that is:

Less than 10 years

At 10 years

Up to 25 years

50X1-HUM (with no date or event)

50X2-WMD (with no date or event)

25X (with a date or event)

List five responsibilities of the Government Special Access Program (SAP)

Security Officer/Contractor Program Security Officer (GSSO/CPSO). - ANSWEREnsure personnel processed for access to a SAP meet the prerequisite personnel

clearance and/or investigative requirements specified.

Ensure adequate secure storage and work spaces.

Ensure strict adherence to provisions of the National Industrial Security Program

Operating Manual (NISPOM), its supplement, and the Overprint

.When required, establish and oversee a classified materials control program for

each SAP.

When required, conduct an annual inventory of accountable classified materials.

When required, establish a Special Access Program Facility (SAPF).Establish and

oversee a visitor control program.

Monitor reproduction and/or duplication and destruction capability of SAP

information.

Ensure adherence to special communications capabilities within the SAPF.

Provide for initial program indoctrination of employees after their access is

approved; rebrief and debrief personnel as required.

Establish and oversee specialized procedures for the transmission of SAP materials

to and from Program elements

When required, ensure contractual specific security requirements such as

TEMPEST Automated information system (AIS), and operation security (OPSEC)

are accomplished.

Establish security training and briefings specifically tailored to the unique

requirements of the SAP.

List three DoD position sensitivity types and their investigative requirements. -

ANSWER- Critical Sensitive: Tier 5, Tier 5R

Non-critical sensitive: Tier 3, Tier 3R

Nonsensitive: Tier 1

List three different types of threats to classified information - ANSWER- Insider

threat

Foreign Intelligence entities

Cyber-security Threat

Define each step of the Risk Management Framework (RMF) - ANSWER- Step 1:

Categorize Information System (IS)Categorize the system in accordance with the

CNSSI 1253.Initiate the Security Plan.

Register system with DoD Component Cybersecurity Program.

Assign qualified personnel to RMF roles.

Step 2: Select Security Controls

Common Control Identification.

Select security controls.

Develop system-level continuous monitoring strategy.

Review and approve the security plan and continuous monitoring strategy.

Apply overlays and tailor.

Step 3: Implement Security Controls

Implement control solutions consistent with DoD Component Cybersecurity

architectures.

Document security control implementation in the security plan.

Step 4: Assess Security Controls

Develop and approve Security Assessment Plan.

Assess security controls.

SCA prepares Security Assessment Report (SAR).Conduct initial remediation

actions.

Step 5: Authorize

Prepare the plan of action and milestones (POA&M).Submit Security

Authorization Package (security plan, SAR and POA&M) to authorizing official

(AO).AO conducts final risk determination.AO makes authorization decision.

Step 6: Monitor Security Controls

Determine impact of changes to the system and the environment.

Assess selected controls annually.

Conduct needed remediation.

Update security plan, SAR and POA&M.

Report security status to AO.AO reviews reported status.

Implement system decommissioning strategy.

List three types of initial personnel security investigations and to whom they apply.

- ANSWER- Tier 5: Military, Civilian, Contractor

Tier 3: Military, Civilian, Contractor

Tier 1: Civilian and Contractor