CDSE Certification Preparatory Tools (CPTs) for the Security Fundamentals Professional Certification (SFPC) SFPC All Areas
Principle incident/
events
... [Show More] required to be reported to DoD counterintelligence (CI) organizations -
Correct Answer -espionage, sabotage, terrorism, cyber
Indicators of insider threats - Correct Answer -1. Failure to report overseas
travel or contact with foreign nationals
2. Seeking to gain higher clearance or expand access outside the job scope
3. Engaging in classified conversations without a need to know
4. Working hours inconsistent with job assignment or insistence on working
in private
5. Exploitable behavior traits
6. Repeated security violations
7. Attempting to enter areas not granted access to
8. Unexplainable affluence/living above one's means
9. Anomalies (adversary taking actions which indicate they are
knowledgeable to information)
10. Illegal downloads of information/files
Elements that
should be considered in
identifying Critical Program
Information - Correct Answer -Elements which if compromised could:
1. cause significant degradation in mission effectiveness,
2. shorten the expected combat-effective life of the system
3. reduce technological advantage
4. significantly alter program direction; or
5. enable an adversary to defeat, counter, copy, or reverseengineer the
technology or capability.
asset, threat, vulnerability, risk, countermeasures - Correct Answer -Elements
that a
security professional should
consider when assessing and
managing risks to DoD assets
The three categories of
Special Access Programs - Correct Answer -acquisition, intelligence, and
operations and support
Three different types
of threats to classified
information - Correct Answer -Insider Threat, Foreign Intelligence Entities
(FIE) and Cybersecurity Threat
The concept of an insider threat - Correct Answer -An employee who may
represent a threat to
national security. These threats encompass potential espionage, violent acts
against the Government or the nation, and unauthorized disclosure of
classified information, including the vast amounts of classified data available
on interconnected United States Government computer networks and
systems.
The purpose of the
Foreign Visitor Program - Correct Answer -To track and approve access by a
foreign entity to information that is classified; and to approve access by a
foreign entity to information that is unclassified, related to a U.S.
Government contract, or plant visits covered by ITAR.
Special Access
Program - Correct Answer -A program established for a specific class of
classified information that imposes safeguarding and access requirements
that exceed those normally required for information at the same
classification level.
Enhanced security requirements for protecting Special Access Program (SAP)
information - Correct Answer -Within Personnel Security:
• Access Rosters;
• Billet Structures (if required);
• Indoctrination Agreement;
• Clearance based on an appropriate investigation completed within the last
5
years;
• Individual must materially contribute to the program in addition to having
the
need to know;
• All individuals with access to SAP are subject to a random
counterintelligence scope
polygraph examination;
• Polygraph examination, if approved by the DepSecDef, may be used as a
mandatory access determination;
• Tier review process;
• Personnel must have a Secret or Top Secret clearance;
• SF-86 must be current within one year;
• Limited Access;
• Waivers required for foreign cohabitants, spouses, and immediate family
members.
Within Industrial Security:
The SecDef or DepSecDef can approve a carve-out provision to relieve
Defense
Security Service of industrial security oversight responsibilities.
Within Physical Security:
• Access Control;
• Maintain a SAP Facility;
• Access Roster;
• All SAPs must have an unclassified nickname/ Codeword (optional).
Within Information Security:
• The use of HVSACO;
• Transmission requirements (order of precedence).
Responsibilities of the Government SAP Security Officer/Contractor Program
Security Officer (GSSO/
CPSO) - Correct Answer -From Revision 1 Department of Defense Overprint to
the National
Industrial Security Program Operating Manual Supplement - 1 April
2004:
• Possess a personnel clearance and Program access at least equal to
the highest level of Program classified information involved.
• Provide security administration and management for his/her
organization.
• Ensure personnel processed for access to a SAP meet the prerequisite
personnel clearance and/or investigative requirements specified.
• Ensure adequate secure storage and work spaces.
• Ensure strict adherence to the provisions of the NISPOM, its
supplement, and the Overprint.
• When required, establish and oversee a classified material control
program for each SAP.
• When required, conduct an annual inventory of accountable
classified material.
• When required, establish a SAPF.
• Establish and oversee a visitor control program.
• Monitor reproduction and/or duplication and destruction capability
of SAP information
• Ensure adherence to special communications capabilities within the
SAPF.
• Provide for initial Program indoctrination of employees after their
access is approved; rebrief and debrief personnel as required.
• Establish and oversee specialized procedures for the transmission of
SAP material to and from Program elements
• When required, ensure contractual specific security requirements
such as TEMPEST Automated Information System (AIS), and
Operations Security (OPSEC) are accomplished.
• Establish security training and briefings specifically tailored to the
unique requirements of the SAP.
The four Cognizant
Security Agencies (CSAs) - Correct Answer -Department of Defense
(DoD), Director of National Intelligence (DNI), Department of Energy (DoE),
and the Nuclear Regulatory Commission (NRC).
Cognizant Security Agencies (CSA)s' role in the National Industrial Security
Program (NISP). - Correct Answer -Establish an industrial security program to
safeguard classified information under its
jurisdiction.
Critical Program Information
in DoD - Correct Answer -1. U.S. capability elements that contribute to the
warfighter's advantage throughout the
life cycle, which if compromised or subject
to unauthorized disclosure, decrease the advantage.
2. Elements or components of a Research, Development, and Acquisition
(RDA) program that, if compromised, could cause significant degradation in
mission effectiveness; shorten the expected combat-effective life of the
system;
reduce technological advantage; significantly alter program direction; or
enable an adversary to defeat, counter, copy, or reverse engineer the
technology or capability. Includes information
about applications, capabilities, processes and
end-items. Includes elements or components critical to a military system or
network mission effectiveness. Includes technology that would
reduce the U.S. technological advantage if it came under foreign control.
Primary authorities governing foreign disclosure of classified military
information - Correct Answer -1. Arms Export Control Act
2. National Security Decision Memorandum 119
3. National Disclosure Policy-1
4. International Traffic in Arms Regulation (ITAR)
5. E.O.s 12829, 13526
6. Bilateral Security Agreements
7. DoD 5220.22-M, "NISPOM, [Show Less]