SFPC (Possible Test Questions)

Two security professionals – Jo and Chris – are discussing the contracting process. Jo says that the Federal Acquisition Regulation governs the process the federal government uses to acquire or purchase goods and services. Chris says that although the Federal Acquisition Regulation’s intent is to provide uniform and government-wide policies and procedures for acquisition, the Department of Defense has issued a supplemental acquisition regulation called the DFAR. Who is correct?

Two security professionals – Jo and Chris – are discussing the Federal Acquisition Regulation (FAR). Jo says that, to be awarded a contract, a bidder needs to show that his or her organization it meets the FAR provisions of that contract. Chris says that a bidder can be awarded a contract with FAR provisions if his or her organization can demonstrate that it will be able to comply with those provisions at the time of the contract award. Who is correct?

Working papers need to be finalized or destroyed after how many days?

FOUO becomes legacy it turns into?

Banner Line Markings start with what first?

Definition of BIOMETRIC: "Measurable Physical characteristics or personal behavior traits used to recognize the identity, or verify the claimed identity. Fingerprints, Iris, handwriting, voice recognition."

Contractors are automatically authorized to do work at the level of the DD254.

What are the 3 SAP categories?

Couring information within a hotel room is allowed as long as it’s locked in a safe and the courier is in the room.

CNWDI, RD and FRD are categories which fall under which department?

What is a Security Violation?

What is a Security Infraction?

What is the form number for a Top Secret coversheet?

What is the form number for a Secret coversheet?

What is the form number for a Confidential coversheet?

If someone accidentally gave a foreign entity access to classified information, which guideline would it fall under?

SCATTERED CASTLES: "Intelligence Community (IC) Personnel Security Database that verifies personnel security access and visit certifications."

What is the RMF six-step process?

Vault doors have non-removable hinge pins.

What is the highest classification a contractor can courier overseas?

Access for a retired flag/general officer?

Industrial is NOT SAP is not a category

Who controls the list of approved shredders?

What are the threat levels?

What are the levels for FPCON?

Key word for (N) Normal FPCON?

Key word for (A) FPCON?

Key word for (B) Normal FPCON?

Key word for (C) Normal FPCON?

Key word for (D) Normal FPCON?

What are the 5 OPSEC steps?

What is the purpose of marking classified materials?

What is included in the markings of classified information?

When a classified data spill occurs, who is responsible for ensuring that policy requirements for addressing an unauthorized disclosure are met?

The inability to deny you are the sender of an email would be an indication of a lapse in:

Which of the following is the first action done to downgrade, declassify or remove classification markings?

What is the purpose of the Personnel Security Program (PSP)?

Which of the following is considered an element of the Personnel Security Program (PSP)?

Which of the following is not qualifying criteria for personnel assigned to nuclear weapons personnel reliability assurance positions?

Copies of personnel security investigative reports must be destroyed by DoD recipient organizations, within how many days following completion of the necessary personnel security determination?

Which of the following limitations is true regarding Limited Access Authorization (LAA) to non-U.S. citizens?

___________ is the security system performance goal of immediate indication of deliberate attempts, security probing and warning for inadvertent or mistaken intention is an example of which system security capability?

Which of the following would be considered a public safety crime?

Two security professionals – Paul and Ashley – are discussing the security procedures for visits and meetings. Paul says visits must serve a specific U.S. Government purpose. Ashley says DoD Components should, as a minimum, establish procedures that include verification of the identity, personnel security clearance, access (if appropriate), and need-to-know for all visitors. Who is correct?

Executive Order 12829, signed in January 1993, mandated that which of the following entities be responsible for implementing and monitoring the National industrial Security Program (NISP)?

Which of the following describes a Special Access Program (SAP) that is established to protect sensitive research, development, testing and evaluation, modification, and procurement activities?

Which type of briefing is used to identify security responsibilities, provide a basic understanding of DoD security policies, and explain the importance of protecting government assets?

Which type of briefing is used to reinforce the information provided during the initial security briefing and to keep cleared employees informed of appropriate changes in security regulations?

Which step of the Operations Security (OPSEC) process would be applied when conducting exercises, red teaming and analyzing operations?

Which step of the Operations Security (OPSEC) process would be applied when identifying potential adversaries and the associated capabilities and intentions to collect, analyze, and exploit critical information and indicators?

Who’s responsibility is it during the categorize steps to identify a potential impact (low, moderate, or high) due to loss of confidentiality, integrity, and availability if a security breach occurs?

Which of the following is NOT a category of Information Technology (IT)?

What step within the Risk Management Framework (RMF) does system categorization occur?

At what step of the Risk Management Framework (RMF) would you develop a system-level continuous monitoring strategy?

One responsibility of the Information System Security Manager (ISSM) during Step 6 of the Risk Management Framework (RMF) is: