The first phase of the investigative clearance process involves __________________________.
The determination of an individual’s need-to-know
The initiation and completion of the adjudication process
The initiation and completion of a personnel security investigation
A security clearance eligibility guarantees that an individual will be granted access to classified information.
A position may be designated as critical-sensitive even though the position does not have any requirement for accessing classified information.
Security considerations for civilian employees of the federal government are governed by Executive Order 10450.
A cleared individual who is being investigated refuses to provide information or sign a release form. This individual may lose his or her security clearance eligibility.
__________ is the investigative agency with the responsibility for conducting background investigations for the Department of Defense.
DSS
NBIB
OMB
FBI
JCAVS allows the Security Office to constantly update accesses and related information in real-time.
Position designations are based on what?
Access level of designated positions
Type of background investigation conducted
Their impact on national security
Eligibility determinations
An individual with security clearance eligibility and a need-to-know may access classified information _______________________________.
At any level when granted access by the local command or activity
At or below the specific level of their clearance eligibility and only orally for information above their level of eligibility
At or below the specific level of their clearance eligibility
Which of the following appoints the Director of the Office of Personnel Management as the Suitability Executive Agent and Director of National Intelligence as the Security Executive Agent?
Executive Order 12968
Executive Order 13467
Executive Order 10450
Which of the following is an objective of the Department of Defense’s Personnel Security Program?
Ensure that individuals granted access to classified information or assigned to sensitive duties are loyal, trustworthy, and reliable
Prevent the classification of the Department’s information to conceal violations of law
Protect the Department’s classified information in the possession of contractors
Prevent damage to, the theft of, and/or loss of the Department’s assets
Foreign relations do not play a part in how our national security is defined.
Ease of movement within a facility is an appropriate justification for obtaining a security clearance eligibility.
A security clearance is a favorable adjudicative determination made by a national security adjudicator to determine ____________ to classified information and/or assignment to a sensitive position.
Access and Need-to-Know
Need-to-Know and Eligibility
Eligibility for Access
The Security Office uses e-QIP to initiate the personnel security investigation process.
Which briefing makes individuals aware of counterintelligence and security reporting requirements?
Termination Briefing
Insider Threat Briefing
Annual Briefing
Initial Briefing
The __________ involves the examination of a sufficient period of a person’s life in order to determine if an individual is an acceptable security risk.
Adjudication process
Access determination
Personnel Security Investigation
Need-to-Know determination
The DoD defines an individual with a need for “regular access” to classified information based on an assessment of the individual’s specific situation or position and not in terms of the frequency with which the individual needs access to the classified information.
In which of the following situations may a Limited Access Authorization (LAA) be granted?
A non-U.S. citizen requires classified access to perform official duties.
A U.S. citizen requires immediate access to classified information while waiting for a security clearance eligibility determination.
A U.S. citizen requires temporary access to classified information to perform official duties.
A non-U.S. citizen requires temporary access to Top Secret information to perform official duties.
Which of the following briefings are given to personnel who inadvertently gained access to classified or sensitive information that they are not authorized to access?
Foreign Travel Briefing
The DoD CAF makes __________ after careful weighting of a number of variables known as the whole person concept against the adjudicative standards.
Suitability determinations
Investigative determinations
Access determinations
The ultimate authority for granting access to classified information to an individual rests with the __________________________.
Facility’s information security officer
Local command
Adjudicator who concluded that the individual may have a security clearance eligibility
Individual’s manager or supervisor
DoD Manual 5200.02 mandates and regulates the DoD Personnel Security Program and its major elements.
Which of the following briefings is provided to personnel to remind them of their responsibilities under the Personnel Security Program and inform them of changes to the Personnel Security Program?
The clearance process consists of __________ basic phases.
Three
Four
Five
Six
Which of the following civilian position sensitivity designations is applied to positions that include duties associated with Special Programs such as NC2 and SAP?
Non-critical sensitive
Non-sensitive
Critical sensitive
Which security briefing is intended to reinforce good security practices, and remind people of the continuing need to follow the rules?
Termination
Foreign Travel
Initial
Annual or Refresher
Which element of the Personnel Security Program involves monitoring employees for new information that could affect their security clearance eligibility status?
Designation
Investigation
Reinvestigation
Continuous Evaluation
Adjudication
An __________ allows an individual to begin working on sensitive projects prior to being granted a security clearance eligibility.
Interim access to classified information
Interim eligibility
Interim sensitive position
A security clearance eligibility determination is required when an individual has a need for “regular access” to classified information and/or assignment to a sensitive position.
You are holding a piece of classified information and some of the information is portion marked (S//RD-N). What type of information are you holding?
Top Secret
Formerly Restricted Data
Critical Nuclear Weapon Design Information (CNWDI)
The portion marking for a URL reflects the classification of the URL text.
Which of the following statements applies to derivative classifiers?
They are not responsible for marking the classified information they derive.
They are governed by a different Executive Order than Original Classification Authorities (OCAs).
They must receive refresher training every two years.
A URL appears on a webpage you are using. How should it be marked?
The URL is banner marked
The URL is not portion marked
The URL is portion marked in a way that does not render it inoperable
An OCA previously classified a recent government breakthrough in energy technology as Confidential. The military is developing a new weapons system that will use this technology, and it has been determined it will now cause greater damage to national security if the information is released. How should the OCA responsible for classifying the energy technology change the classification level?
Downgrade the energy technology classification
Extend the duration of classification
Declassify the energy technology information
Upgrade the energy technology classification
Which of the following does NOT apply to original classification?
It can only be determined by an OCA
It is the initial decision that information if disclosed could cause damage to national security and must be protected
It is the job of every cleared DoD employee who handles classified materials
Select ALL the correct responses. Which of the following types of classified materials require all standard classification markings?
Instant messages
Photographs
Emails
When filling out the classification authority block of a newly declassified document, it is acceptable to use a personal identifier if the identity of the declassification authority is classified.
In the banner line CONFIDENTIAL//FGI GBR, what is “GBR” considered as?
The three-letter country code
The level of classification of FGI
A U.S. classified document containing NATO information must include a statement that clearly identifies the presence of NATO classified information and its level of classification within the U.S. document.
Which of the following represent special types of materials that may contain classified information?
CDs containing classified information
Working papers
All of the above
You are taking notes at a classified meeting where Secret information is disclosed. You are to include banner markings, date the document was created, and the annotation Working Paper in your notes.
Which of the following is provided by classification markings?
Presence of classified information
Process for destroying the information
How to release the information publicly
You are generating a derivatively classified piece of information and are looking for information in a classified database. While you are searching, you find a piece of information that is extremely helpful. It includes a banner line and a notice regarding the content only being marked at the highest level of classification within the database. Is this information authorized for use as a source of derivative classification?
Yes
No
Which of the standard classification markings appear at the bottom of the first page and provides information regarding who classified the document, the reason for classification, downgrading instructions, and the declassification date?
Banner marking
Classification authority block
This information is not included with classified materials
Portion marking
You are sending Confidential information to a colleague in another office. You want to give her some background information and decide to attach a letter of transmittal. You include your name, a short greeting, and a Confidential description of the project. What markings must you apply to the letter of transmittal?
Banner markings
The technology behind the navigation system used in one class of fighter jets is classified Secret. The technology is now obsolete and has been replaced. It has been determined the information’s release no longer threatens national security. What should the OCA do?
Extend the information’s duration of classification
Upgrade the information’s classification
Declassify the information at this time
Which of the following is true of the Original Classification Authority (OCA)?
The OCA can be a government or contractor employee.
All cleared personnel are authorized as OCAs.
The OCA is the person authorized to originally classify information.
None of the above.
Banner markings identify the ___________.
classification levels of individual sections of the document
highest overall classification level of the document or page
downgrading and declassification dates
name of the derivative classifier who created the document
Which of the following is the portion marking that would be used for Confidential information from a Special Access Program (SAP) with the code word abbreviation HT?
(C//SAP)
(HT//C)
(C//HT)
(C//SAR-HT)
The Information Security Oversight Office (ISOO) released 32 CFR Parts 2001 and 2003, which established ______________.
the DoD procedures for the classification of national security information
the new standards for establishing controlled unclassified information
an implementation guide for the classification of national security information
a pocket guide for the classification of national security information
A new satellite system is about to come online. Some components covered by the current security classification guide (SCG) will need to have their classification level upgraded. You are working on a document referencing some of these components at their prior level of classification, which is currently the highest level of classification in the document. How will the banner markings on your document change once the SCG has been updated to reflect the new classification level?
The overall classification level will increase
The overall classification level will remain the same
The overall classification level will decrease
You have a draft version of a classified document that contains handwritten notes that you want to send to a colleague outside of your activity. It currently has banner markings, the creation date, and a “working paper” annotation. How should the markings change before you send the document out?v
Add portion markings only
No change are necessary
It should have the same markings as a finished document
Add the classification authority block only
After successful completion of a recent military mission, information regarding the mission would cause less damage to national security should it be released. However, the information could still cause some damage to national security if released to the general public. How should the OCA responsible for classifying this military information assign classification instructions?
Make no change to the classification
Assign downgrade instructions regarding mission completion
Upgrade the recent mission classification
Declassify the recent mission information
Select the correct banner marking if the following information appeared on your document:
(U) This information is not classified.
(S) This information is classified Secret.
(C) This information is classified Confidential.
TOP SECRET
UNCLASSIFIED
SECRET
CONFIDENTIAL
Which portion marking is correct?
(T)
COSMIC
(TS)
An event has occurred that affects information scheduled to be declassified. The OCA, as a result, has decided to extend the duration of the information’s classification. How will the markings in the classification authority block of a document containing this information change?
The OCA responsible for the change will be cited. No additional action is required.
The OCA responsible for the change as well as the date will be cited. Additionally, the old Declassify On date will be lined through and the new date will appear next to it.
No change
You are compiling information from multiple sources. In addition to applying the standard markings, is there any information specific to compilation that need to be applied?
Yes, annotate that the information was “Compiled”
Yes, include an explanation for the basis of compiled classification
No, only standard markings apply
You are deriving information from one properly marked source document. What information will you apply to the Declassify On line of your new document?
The same declassification information as the source document
A date 25 years older than the source document’s creation date
A date 10 years older than the source document’s creation date
You have finished marking several digital photographs that contain varying levels of classified information with several dissemination control markings. You saved them to a CD for storage. How should the CD be marked?
The CD must be marked with the lowest level of classification of the images
The CD is marked with the word CLASSIFIED
The CD requires markings according to the classification of the subject of the CD and not the images contained on the CD
The CD must be marked with the highest level of classification with all dissemination control markings of the images
What is the final phase of the Special Access Program (SAP) life cycle?
Exploration
Management & Administration
Establishment
Disestablishment
Renee is working on a Special Access Program (SAP) whose purpose is to plan and coordinate covert military operations. This SAP most likely falls under which SAP category?
Intelligence Special Access Program (SAP)
Operations and Support Special Access Program (SAP)
Acquisition Special Access Program (SAP)
Carlo has just been assigned to an Unacknowledged Waived SAP. What should be expected in terms of reporting requirements?
The Secretary of Defense has waived applicable reporting requirements and, therefore, waived SAPs have less restrictive Congressional reporting requirements.
The Secretary of Defense has waived applicable reporting requirements and, therefore, waived SAPs have no Congressional reporting requirements.
The Secretary of Defense has waived applicable reporting requirements and, therefore, waived SAPs have more restrictive Congressional reporting requirements.
Which category of Special Access Program (SAP) involves military personnel and operations?
Heidi has just been assigned to a Special Access Program (SAP) that is openly recognized; however, specifics are classified within that SAP, and program funding is generally unclassified. To what type of SAP is Heidi assigned?
Waived SAP
Unacknowledged SAP
Acknowledged SAP
SAP capabilities may be nominated for which phase once they are considered to be operationally relevant?
Apportionment
Which of the following is true about the Department of Defense (DoD) Special Access Program (SAP) life cycle?
Special Access Programs (SAPs) follow a different life cycle depending on their protection level.
Special Access Programs (SAPs) follow a different life cycle depending on their category.
All Special Access Programs (SAPs) follow the same life cycle.
SAPs require all of the following except:
Identification of special handling procedures
Use of customized classification levels specific to the particular Special Access Program (SAP)
Assignment of a nickname and/or codeword
Program Alpha exists to provide logistical assistance to a covert military operation in a turbulent foreign country. It’s funding is classified and the program is subject to stricter Congressional reporting requirements. Which type of Special Access Program (SAP) does this most likely describe?
An Acknowledged Waived Operations and Support SAP
An Acknowledged Operations and Support SAP
An Unacknowledged Intelligence SAP
An Unacknowledged Waived Operations and Support SAP
An Unacknowledged Acquisition SAP
An Acknowledged Acquisition Waived SAP
All documents required for approval are developed in the Management and Administration phase.
SAPs shall be established only when the program is required by statute or upon the specific finding that the vulnerability of, or threat to, specific information is exceptional, and the normal criteria for determining access to information classified at the same level are not sufficient.
Department of Defense (DoD) Special Access Programs (SAPs) are categorized and managed by the Under Secretaries of Defense. Which Under Secretary oversees DoD Acquisition SAPs?
Under Secretary of Defense, Policy (USD (P))
Under Secretary of Defense, Acquisition, Logistics, and Technology (USD (AT&L))
Under Secretary of Defense, Intelligence (USD (I))
The goal of a SAP is to maintain enhanced security to protect the SAP’s mission and maintain knowledge within the SAP.
Which of the following most completely describes what is required of personnel to access Special Access Programs (SAPs)?
An individual must be a government employee with a clearance.
An individual must have only a clearance and formal access approval.
An individual must have only a formal access approval.
An individual must have a clearance, formal access approval, and a valid need-to-know.
An individual must be a government employee and have a valid need-to-know.
You are working on a Special Access Program (SAP) and have a question about some of the contractual obligations. You need to meet with the individual that executes the Statement of Work, contract, task order, and all contractual obligations for industry. With whom should you meet?
Contractor Program Manager (CPM)
Contractor Program Security Officer (CPSO)
Government SAP Security Officer (GSSO)
Government Program Manager (GPM)
Program Security Officer (PSO)
Which guidance disseminates policy, assigns responsibilities, and prescribes procedures for implementation and use in the management, administration, and oversight of all Department of Defense (DoD) Special Access Programs (SAPs)?
DoD Directive 5205.07, DoD Special Access Program Policy
DoDI 5205.11, Management, Administration, and Oversight of DoD Special Access Programs
DoD 5220.22-M-Sup 1, National Industrial Security Program Operating Manual (NISPOM) Supplement
Department of Defense (DoD) Overprint to the National Industrial Security Program Operating Manual Supplement
Joint Air Force-Army-Navy (JAFAN) Manual 6/0: Special Access Program Security Manual
Which entities serve as the oversight authority for Acquisition, Intelligence, and Operations and Support SAPs?
Component-Level Special Access Program Central Offices (SAPCOs)
DoD Special Access Program Central Office (SAPCO)
Senior Review Group (SRG)
OUSD (A,T, & L) (AQ-SAP), OUSD (I) (IN-SAP), and OUSD (P) (O&S-SAP), respectively
Special Access Program Oversight Committee (SAPOC)
Which of the following most completely describes the circumstances under which Special Access Programs (SAPs) are established?
The program involves military operations.
The program requires funding that needs to be approved by specific Congressional committees.
The program is a Department of Defense Acquisition, Intelligence, or Operations and Support program.
The program is required by statute, the vulnerability of or threat to specific information is exceptional, and the normal criteria for determining access are insufficient.
You are a government contractor working at an industrial facility and need to review baseline guidance in preparation for your work on a new Special Access Program (SAP). Which guidance establishes the standard procedures and requirements for all government contractors, with regard to classified information?
DoD 5200.2-R, Personnel Security Program
DoD 5220.22-M: National Industrial Security Program Operating Manual (NISPOM)
DoDM 5200.01, Vols. 1-4, Information Security Program
Some Special Access Programs (SAPs) are not assigned to a SAP category (Acquisition, Intelligence, or Operations and Support).
Which individual is a senior government program official that has ultimate responsibility for all aspects of the Special Access Program (SAP)?
Contractor/Command Program Security Officer (CPSO)
Contractor/Command Program Manager (CPM)
Department of Defense (DoD) Special Access Programs (SAPs) are the responsibility of the Deputy Secretary of Defense (DEPSECDEF).
All of the following are true about Special Access Programs except:
Special Access Programs (SAPs) have always been publicly acknowledged.
At one time, Special Access Programs (SAPs) were restricted mainly to Department of Defense (DoD) Acquisition programs.
At one time, Special Access Programs (SAPs) were referred to as Black Programs.
Paolo requires access to an automated information system that houses classified information. Which briefing must he receive?
Cybersecurity briefing
Security professionals briefing
ISSM briefing
FGI briefing
______________ instills in personnel a desire and commitment to be proactive in the execution of their security responsibilities.
Awareness
Motivation
Education
Training
What is Standard Form 312?
DoD Contract Security Classification Specification
Department of Defense Security Agreement
Classified Information Nondisclosure Agreement
Marie is an engineer, and Paul is a technical writer. Both have Secret security clearances and work on the same project for the same contractor. Marie and Paul should receive identical initial security briefings.
Security education requirements specific to contractors are identified in the NISPOM.
A personnel security initial briefing must be provided to any individual with duties requiring a trustworthiness determination.
Security education and training programs exist solely to fulfill regulatory requirements.
Which of the following topics must always be included in initial security briefings for all cleared personnel?
Procedures for safeguarding COMSEC information
An overview of the classification system
Defensive measures used to reduce vulnerability to terrorist acts
Protection and defense of automated information systems
Which of the following policy documents mandate initial security briefings? A. DoDM 5200.01, Volumes 1-4, DoD Information Security Program B. DoD 5200.2-R, Personnel Security Program C. National Industrial Security Program Operating Manual
A and B only
C only
None of these
All of these
The purpose of performing program oversight on a regular basis is to _______________.
measure success by providing a picture of how the system is working
punish individuals who are struggling with their security responsibilities
replace reviews performed due to administrative inquiry or security violations
John has just assumed the role of security manager and is responsible for implementing the security program in his unit. Which special briefing must he receive?
Security professionals training
ACCM briefing
OPSEC briefing
FSO training
Who is responsible for ensuring that security procedures communicated by a security education program are properly implemented?
The security manager or FSO
The security manager or FSO and the audience of the program
The security manager or FSO and senior management
The security manager or FSO, senior management, and the audience of the training
You are a Facility Security Officer, and your facility no longer has need for access to classified information. Which security briefing should all employees of your facility receive?
Refresher training
Termination briefing/debriefing
Declassification authority briefing
Bob has been asked to deliver a classified document to the offices of a cleared facility. Which briefing must he receive prior to making the delivery?
COMSEC briefing
Courier briefing
SCI briefing
Foreign travel briefing
Who is responsible for providing security education and training to users of automated information systems?
DoD Component Head or Contractor Senior Management
Security Manager or Facility Security Officer
Information Systems Security Manager
Security education is not an expense, it’s an investment.
When is an oral COMSEC debriefing required?
An oral debriefing is always required for employees with access to COMSEC information
When the employee has had access to CRYPTO information
When an employee with access to COMSEC information returns from travel to a foreign country
An oral debriefing is never required for employees with access to COMSEC information
Employees should be informed of techniques employed by foreign intelligence entities to obtain classified information. This aspect of security education and training is referred to as _______________.
Continuous evaluation and reporting
Classification system
Threat awareness
Defensive security
In addition to periodic refresher training for cleared personnel, the DoDM 5200.01, Volumes 1-4, DoD Information Security Program, also mandates __________________.
continuous and ongoing education
refresher training for uncleared personnel
remedial training for personnel who violate security procedures
Select ALL the correct responses. Which of the following are important components for management to demonstrate its commitment to a successful security education and awareness program?
Emphasize security as a critical organizational priority
Provide a budget
Restrict staff meeting attendance to management to ensure that security programs and security education programs are prioritized appropriately
Offer organizational motivation
During the Design phase of your security education program, you should:
Develop specific, behavioral objectives
Solicit feedback on the effectiveness of the program
Develop training materials
Deliver the training
Which of the following are topics that should be covered in training for those with access to international programs? A. Special markings for Foreign Government Information B. Cooperative research C. Travel procedures D. Foreign disclosure
A, C, and D only
A, B, and D only
B, C, and D only
A, B, C, and D
The main goals of a security education program include which of the following: A. Safeguard national security and protect the warfighter B. Communicate threats to classified information C. Promote security best practices and awareness D. Inform personnel of their security responsibilities
Effective security education programs are:
Reactive
Comprehensive
Inflexible
Fun
Refresher training should be tailored to meet the needs of experienced personnel.
Individuals responsible for managing the OPSEC Program for an organization must be trained commensurate with their duties.
The purpose of security _____________ is to ensure that personnel remain continuously alert to security threats and vulnerabilities.
education
motivation
training
awareness
Original classification authorities and declassification authorities must receive identical training.
John, as the newly assigned Antiterrorism Officer (ATO), must complete what level of Antiterrorism and Force Protection training?
Level I
Level II
Level III
Level IV
Initial Briefings will vary slightly based on job role.
You are checking your records and see that Ricardo has not received any formal briefings in the year since he was first granted access to classified information. What briefing should he attend?
Termination briefing
Initial briefing
CNWDI briefings should cover:
Requirements and standards for creating, maintaining, and publishing security classification guides
Procedures for handling classified information while in transit, modes of transportation that may be used, and authorized destinations of classified materials
Processes for classifying information originally and derivatively, and the standards applicable to each
Special markings, transmission requirements, and other special handling requirements for Critical Nuclear Weapons Design Information
The physical security briefing should cover security-in-depth, to include perimeter fences, employee and visitor access controls, and random guard controls, among other topics.
What purpose do security education programs serve?
Increase vigilance and awareness for the detection of internal and external threats and vulnerabilities that lead to security breaches
Increase vigilance and awareness of security personnel only
Decrease the number of personnel granted access to classified information
Minimize the number of safeguarding practices required for classified information
During the Analysis phase of your security education program, you should:
Establish overall program goals
Select instructional media
Assess the effectiveness of the program
Create course materials
Uncleared personnel should never be included in security education regarding procedures for handling classified information
Refresher training is required ___________________.
only when there is a change in policy
at least annually
once every five years
only when employees change positions
It is important to communicate to employees the positive roles they can play in the security program and stress that everyone is part of the security team.
Which of the following is a true statement regarding the special handling requirements of Foreign Government Information (FGI)?
When the classification marking on a document containing FGI is not in English, or when the foreign government marking requires a different degree of protection than the same U.S. classification designation, a U.S. marking that results in a degree of protection equivalent to that required by the foreign government shall be applied.
A U.S. document containing FGI cannot be declassified or downgraded below the highest level of FGI contained in the document without the permission of the foreign government or international organization that originated the information.
Those holding security clearances issued by the U.S. government cannot access U.S. documents containing FGI without written consent from the originating foreign government.
The receiving DoD Components must maintain records for 1 year of the receipt, internal distribution, destruction, annual inventory, access, reproduction, and transmittal of foreign government Top Secret information.
Two security professionals – Paul and Ashley – are discussing the destruction of classified information. Paul says the destruction of classified documents and material shall be accomplished by means that eliminate risk of reconstruction of the classified information they contain. Ashley says the material that has been identified for destruction shall continue to be protected, as appropriate, for its classification until it is actually destroyed. Who is correct?
Paul is correct
Ashley is correct
Paul and Ashley are both correct
Paul and Ashley are both incorrect
A paragraph of a document which includes an “(N)” as part of the portion marking indicates what specific type of classified information is contained in the paragraph?
The additional (N) in the portion marking denotes that the classified material in the paragraph contains North Atlantic Treaty Organization (NATO) information.
The additional (N) in the portion marking denotes that the classified material in the paragraph contains Critical Nuclear Weapons Design Information (CNWDI).
The additional (N) in the portion marking indicates that only those with Sensitive Compartmented Information (SCI) access eligibility may access such information.
The additional (N) in the portion marking denotes that dissemination of such information may be made only to properly cleared Nuclear Regulatory Commission (NRC) personnel.
Which of the following is a requirement for access to North Atlantic Treaty Organization (NATO) information?
Personnel has been subject of a Single Scope Background Investigation (SSBI), including a National Agency Check (NAC) on the spouse and all members of the individual’s immediate family of 18 years of age or over who are United States citizens other than by birth or who are resident aliens.
Personnel has been subject of a favorably adjudicated background investigation (BI) (10-year scope), Tier 5, current within five years prior to the assignment, and completed a NATO brief.
Personnel has been subject of a favorably adjudicated BI (10-year scope), Defense National Agency Check with Inquiries (DNACI)/ National Agency Check with Inquiries (NACI) or NACI Entrance National Agency Check (ENTNAC), current within five years prior to the assignment.
Personnel requiring access to NATO COSMIC (Top Secret) or SECRETinformation must at least possess the equivalent interim U.S. security clearance.
According to Executive Order 13556, which of the following is considered a type of controlled unclassified information (CUI)?
Communications Security (COMSEC) Information
Declassified Information
Law Enforcement Sensitive (LES) Information
North Atlantic Treaty Organization (NATO) Information
What is the purpose of marking classified materials?
To alert holders to the presence of classified information, how to properly protect it, and for how long.
To deter foreign adversaries from committing actions aimed at accessing such information
To provide guidance for interpretation and analysis of classified information.
To alert holders to the methods used to collect classified information.
What is included in the markings of classified information?
Derivative classifier as the authority to make declassification determinations.
Agencies and authorities that have previously accessed theclassified information.
Document holder as the sole authority to make transfer and dissemination determinations.
Sources and reasons for the classification.
What is the purpose of the Controlled Access Program Coordination (CAPCO) register?
To identify the categories, types, and levels of Special Access Programs (SAPs.)
To define the authorities for classifying, declassifying, and regrading sensitive documents
To identify the official classification and control markings, and their authorized abbreviations and portion markings.
To define the requirements, restrictions, and measures necessary to safeguard classified information from unauthorized disclosure.
When a classified data spill occurs, who is responsible for ensuring that policy requirements for addressing an unauthorized disclosure are met?
Activity Security Manager
Information Assurance Staff
Information Assurance Manager
Information Assurance Officer
What are the information assurance attributes that are important to protect and defend DoD networks and information. If there was a loss in nonrepudiation, what would this cause in relation to information assurance?
Data is no longer reliable, accurate, nor trusted.
Data may potentially be available to unauthorized users via electronic form.
General communications are no longer trusted.
Potential of unauthorized access to classified data
Data is no longer available to authorized users, and missions cannot be conducted.
Which of the following examples describes a security violation rather than a security infraction?
On a busy day, Karen printed classified documents on the printer in her open storage/secure room. She forgot about the documents and they remained on the printer for about an hour before she retrieved them.
Karen was late for a meeting in a different area of her building. She put a classified document in a folder she believed was marked for carrying classified materials. When handing out the materials, Karen realized that the folder was not marked for carrying classified materials, she had put the documents in the wrong folder.
At the end of the day, Karen was leaving and taking with her unclassified documents she would review at home. When she began to review those documents that night, she realized that classified materials had slipped in between the unclassified materials.
Karen was working a mission related to Mexican Drug cartel operating out of Playa Carmen. Her husband planned a golf trip with friends to that area. She advised him not to go, and believing that it was a safety issue, she provided sensitive details about the cartel to make sure that he did not go.
The inability to deny you are the sender of an email would be an indication of a lapse in:
Non-Repudiation
Confidentiality
Integrity
Availability
Unauthorized disclosure and loss of privacy is a lapse in:
Authentication
Which of the following is the first action done to downgrade, declassify or remove classification markings?
Through the appropriate chain of command, contact the original classification authority (OCA) to confirm that information does not have an extended classification period.
Change the classification authority block to indicate “Declassify ON:” to show the new declassification instructions.
Take all classification markings off the document and redistribute.
Request a waiver from the Information Security Oversight. Office (ISOO) to remove the declassification markings.
What is the purpose of the Personnel SecurityProgram (PSP)?
To define original classification for DoD assets and information.
To designate individuals for positions requiring access to classified information.
To ensure that only loyal, trustworthy, and reliable individuals may access classified information or perform sensitive duties.
To describe the safeguarding requirements personnel must employ when handling classified materials at a cleared contractor facility.
DoD reciprocally accepts existing national security eligibility determinations or clearances from other Government agencies in accordance with which of the following policy documents?
Office of Management and Budget Memorandum M-05-24, “Implementation of Homeland Security Presidential Directive (HSPD) 12 - Policy for a Common Identification Standard for Federal Employees and Contractors,”.
Executive Order 13467, “Reforming Processes Related to Suitability for Government Employment, Fitness for Contractor Employees, and Eligibility for Access to Classified National Security Information”
Sections 301 and 7532 of title 5, United States Code.
Executive Order 13526, “Classified National Security Information”.
Review of Tier 5 on an individual disclosed that the subject had been a member of an anarchist organization dedicated to disestablishing existing Federal laws and overthrowing the U.S. government by any means necessary, including violence. Although the subject terminated his membership with the organization upon learning he would be investigated for a clearance for his new position, he still maintains social contact with several members of the anarchist organization. Based on this information, which of the following adjudicative guidelines is most appropriate for an adjudicator to apply to the case?
Psychological Conditions
Foreign Preference
Allegiance to the United States
Criminal Activity
Which of the following is considered an element of the Personnel Security Program (PSP)?
Risk Assessment and Analysis
Implementation
Classification
Limited access to classified information for specific programs may be approved for non-U.S. citizens only under which of the following conditions?
The subject is eligible to access material marked by a foreign government that is equivalent to a U.S. Top Secret classification marking.
The subject will only have one-time access to specific material, after which the material will be appropriately destroyed or returned to the originating U.S. agency
The subject will only have access to classified U.S. documents containing Foreign Government Information (FGI) originating from the foreign country of which the subject is a citizen.
The prior 10 years of the subject’s life can be appropriately investigated.
Which of the following is the investigative requirement for access to Single Integrated Operational Plan-Extremely Sensitive Information (SIOPESI)?
Individual has a valid favorably adjudicated Tier 5 or Single Scope Background (SSBI) Investigation.
Individual has a valid favorable adjudicated Tier 3 or National Agency Check with Local Agency Check (NACLC) investigation.
Individual has a valid favorably adjudicated Tier 3 or Access National Agency Check with Written Inquiries and Credit Check (ANACI) investigation.
Individual has a valid favorably adjudicated Tier
Which of the following is not qualifying criteria for personnel assigned to nuclear weapons personnel reliability assurance positions?
Individual must be a U.S. Citizen
Individual has a security clearance eligibility in accordance with the position
Individual is subject to a periodic reinvestigation every three years
Individual must be continuous evaluated
Which of the following is correct regarding the investigation requirement for initial assignment to a Presidential Support Activities (i.e. Yankee White) Category 2 position?
Favorably completed Tier 5/Single Scope Background Investigation (SSBI) within 36 months preceding selection.
Favorably completed Tier 3/National Agency Check with Local Agency Check (NACLC) within 36 months preceding selection.
Favorably completed Tier 5/SSBI within 24 months preceding selection.
Favorably completed Tier 3/NACLC within 24 months preceding selection.
Which of the following adjudication processes refers to a person’s identifiable character traits and conduct sufficient to decide whether employment or continued employment would or would not protect the integrity or promote the efficiency of the Federal service?
Homeland Security Presidential Directory (HSPD) 12 credentialing
National security adjudication
Suitability adjudication
Continuous evaluation
Copies of personnel security investigative reports must be destroyed by DoD recipient organizations, within how many days following completion of the necessary personnel security determination?
30 days
45 days
60 days
90 days
Which of the following limitations is true regarding Limited Access Authorization (LAA) to non-U.S. citizens?
LAAs shall only be granted access at the Secret and Confidential levels.
A favorably completed and adjudicated Tier 3 or National Agency Check with Local Agency Check (NACLC). investigation within the last five years is required.
An LAA is the same as a security clearance eligibility.
Access to classified information Is not limited to a specific program or project.
Which of the following is not considered when making a security clearance eligibility determination?
Education Level
Alcohol consumption
Financial considerations
A position designated as a DoD noncritical-sensitive civilian position may fall under any of the following criteria, EXCEPT:
A position not requiring eligibility for access to classified information, but having the potential to cause significant or serious damage to the national security
A position requiring eligibility for access to Top Secret information.
A position requiring eligibility for access to confidential information.
A position requiring eligibility for access to secret information.
What information must a statement of reasons (SOR) include?
SOR must state why an unfavorable national security eligibility determination is being proposed.
SOR must explain each security concern and state the specific facts that trigger each security concern.
The SOR must identify applicable adjudicative guideline(s) for each concern, and provide the disqualifying conditions and mitigating conditions for each guideline.
All of the Above
Which type of briefing is used to obtain confirmation that a cleared employee agrees never to disclose classified information to an unauthorized person?
Special Briefings – Courier
Original Classification Authority (OCA) Briefing
Special Briefings – Non-Disclosure
Debriefing
___________ is the security system performance goal of immediate indication of deliberate attempts, security probing and warning for inadvertent or mistaken intention is an example of which system security capability?
Detect
Assessment
Deterrence
Delay
Two security professionals - Paul and Ashley - are discussing secure rooms, containers, and vaults. Paul says weapons or sensitive items such as funds, jewels, or precious metals should not be stored in the same security container as classified information. Ashley says the General Service Administration approves security containers used to store classified information. Who is correct?
Which of the following is not a distinct phase of the Intrusion Detection System?
Detection
Control
Response
Which of the following would be considered a public safety crime?
Theft of ammunition shipment for the purpose of criminal or gang related activity.
Theft of sensitive, proprietary information relating to US aerospace and defense technologies
Deliberate destruction of DoD assets or interruption of normal operations.
Theft of an item and use of it outside of its intended purpose or without permission.
Which of the following best describes the goal of the Physical Security Program?
To ensure that industry safeguards the classified information in their possession, while performing work on contracts, bids, or research and development efforts on behalf of the government.
To protect assets against compromise resulting from activities such as espionage, sabotage, terrorism, damage or loss, and criminal.
To create uniform policies and procedures for defense acquisition by all executive agencies.
Preventing unauthorized access to information and equipment, safeguarding DoD assets against espionage and criminal activity, and providing the means to counter threats when preventative measures are ignored, best characterize the primary functions of which of the following programs or processes?
Physical Security Program
Operations Security (OPSEC) process
Security incident response process
Personnel Security Program
The process of integrating active and passive complementary physical security measures to ensure the protection of DoD assets is known as which of the following concepts?
Area security
Threat-vulnerability assessment
Security-in-depth
Point security
The stealing of sensitive, proprietary information related to U.S. aerospace and defense technologies with the intent to provide such information to a foreign adversary is an example of which type of threat to DoD assets?
Criminal activity
Economic espionage
Treason
Terrorism
When a Terrorism Threat Level is escalated from LOW to MODERATE, a DoD Component Head should employ which of the following countermeasures?
Cease all flying except for specifically authorized operational sorties.
Direct the execution of advance site reviews to facilitate the antiterrorism planning process.
Encourage dependent family members to complete Level I Antiterrorism Awareness Training before any travel outside the continental United States (OCONUS).
Conduct an immediate Terrorism Vulnerability Assessment for off-installation housing, schools, daycare centers, transportation
Requests for authorizing disclosure of classified information during visits must include all the following information, EXCEPT:
The explanation of the government purpose to perform when disclosing classified information.
The subject of the meeting, scope of classified topics and classification level
Expected time and location of the meeting.
The main content of the invitation to send to the participants.
Two security professionals – Paul and Ashley – are discussing the security procedures for visits and meetings. Paul says visits must serve a specific U.S. Government purpose. Ashley says DoD Components should, as a minimum, establish procedures that include verification of the identity, personnel security clearance, access (if appropriate), and need-to-know for all visitors. Who is correct?
Executive Order 12829, signed in January 1993, mandated that which of the following entities be responsible for implementing and monitoring the National industrial Security Program (NISP)?
Director of the Information Security Oversight Office (ISOO)
Secretary of Defense
National Security Council (NSC)
Director, Defense Security Services (DSS)
What is the role of the government contracting activity (GCA), or cleared prime contractor, when a contractor that does not have a Facility Clearance (FCL) wants to bid on a Request for Proposal (RFP) that requires access to classified information?
The GCA must issue a formal letter rejecting the contractor’s bid since the contractor does not have the requisite FCL.
The contractor must submit a sponsorship request to DSS, who will decide whether to allow the contractor to bid on the contract.
The GCA must sponsor the contractor for a facility security clearance by submitting a sponsorship request to DSS, which initiates the facility clearance process
The GCA must ensure that the all owners and senior management of the uncleared contractor are U.S. citizens and are eligible to be processed for a personnel security clearance.
What is the purpose of the Federal Acquisition Regulations (FAR)?
To codify and publish uniform policies and procedures for acquisition by all executive agencies.
To manage DoD funds and prioritize the development of vital research and technology.
To provide small businesses and minority owned companies an opportunity to compete in the government acquisition process.
To promote uniform standards and best practices of technology acquisition across U.S. industry.
What is the role of the security professional during the “Award Contract” step of the contracting process?
To ensure the appropriate classification level for the bid, and to define unique security requirements associated with the product.
To interface with the Cognizant Security Organization (CSO) to ensure oversight is performed and review results of and previous assessments on behalf of component.
To ensure that the contractor follows proper safeguarding and disposition guidance
To review and define the specific security requirements with the contracting officer – specifically, block 13 of DD Form 254.
What is the purpose of DD Form 254?
To convey security classification guidance and to advise contractors on the handling procedures for classified material.
To document the formal agreement between the US government and a cleared contractor in which the contactor agrees to maintain a security program in compliance with the NISPOM and the government agrees to security guidance and program oversight.
To validate details regarding the foreign ownership, control or influence affecting that cleared contractor facility
It replaces the actual contract document for any contract requiring access to classified information.
As part of Operations Security (OPSEC), a program coordinator should use which of the following tools to assess assets as part of the risk management process for critical information?
Critical Information List
Threat vulnerability matrix
Risk Rating Table
Security Classification Guide
What is the role of the Special Access Program Oversight Committee (SAPOC) during the maintenance phase of the Special Access Program (SAP) lifecycle?
To ensure that the SAP has adequate Internal Review and Audit Compliance (IRAC) support, including accessed auditors at\ supporting offices, to meet program audit needs.
To review existing programs annually to determine whether to revalidate them as SAPs
To provide oversight of SAP program and budget accomplishments.
To provide oversight of SAP audits and inspections.
Which of the following describes a Special Access Program (SAP) that is established to protect sensitive research, development, testing and evaluation, modification, and procurement activities?
Research and Technology SAP
Operations and Support SAP
Acquisition SAP
Intelligence SAP
Which type of briefing is used to identify security responsibilities, provide a basic understanding of DoD security policies, and explain the importance of protecting government assets?
Indoctrination Briefing
Which type of briefing is used to reinforce the information provided during the initial security briefing and to keep cleared employees informed of appropriate changes in security regulations?
Annual Refresher Briefings
Indoctrination Briefings
Attestation Briefings
Courier Briefings
Which step of the Operations Security (OPSEC) process would be applied when conducting exercises, red teaming and analyzing operations?
Conduct a Risk Assessment
Apply OPSEC Countermeasures
Conduct a Threat Analysis
Conduct a Vulnerability Analysis
Which step of the Operations Security (OPSEC) process would be applied when identifying potential adversaries and the associated capabilities and intentions to collect, analyze, and exploit critical information and indicators?
Please determine which of the following is an element of an Operations Security (OPSEC) Assessment.
Small in scale and focused on evaluating the effectiveness of the OPSEC program.
Conducted on an annual basis.
Uses external resources collectively to conduct with or without the use of indigenous resources.
Determines the likelihood that critical information can be protected based on procedures that are currently in place.
To provide access to Social Media sites, the DoD agency must provide all of the following, EXCEPT:
Protection against malware and advance threats.
Blocked access to prohibited sites and content.
Individual compliance with Joint Ethics Regulations and guidelines.
Constant monitoring to deter inappropriate site access.
Who’s responsibility is it during the categorize steps to identify a potential impact (low, moderate, or high) due to loss of confidentiality, integrity, and availability if a security breach occurs?
Information System Owner (ISO)
Information Owner (IO)
Information System Security Manager (ISSM)
Authorizing Official (AO)
Please determine which of the following is an example of reportable foreign intelligence contacts, activities, indicators, and behaviors.
Authorizing others to acquire unauthorized access to classified or sensitive information systems.
Unauthorized downloads or uploads of sensitive data.
Network spillage incidents or information compromise.
Use of DoD account credentials by unauthorized parties.
Limiting nonsecure computer e-mail messages to nonmilitary activities and not providing operational formation in nonsecure e-mail messages are functions of which OPSEC measure?
Operational and Logistic Measures
Technical Measures
Administrative Measures
Operations Security and Military Deception
Which of the following is NOT a category of Information Technology (IT)?
Platform Information Technology (PIT)
Information Technology Services
Information Technology Products
Information Technology Applications
What step within the Risk Management Framework (RMF) does system categorization occur?
Categorize Information System
Select Security Controls
Implement Security Controls
Assess Security Controls
Authorize
Monitor Security Controls
At what step of the Risk Management Framework (RMF) would you develop a system-level continuous monitoring strategy?
One responsibility of the Information System Security Manager (ISSM) during Step 6 of the Risk Management Framework (RMF) is:
Review and approve the security plan and system-level continuous monitoring strategy developed and implemented by the DoD Components.
Monitor the system for security relevant events and configuration changes that affect the security posture negatively.
Determine and documents a risk level in the Security Assessment Report (SAR) for every non-compliant security control in the system baseline.
Coordinate the organization of the Information System (IS) and Platform Information Technology (PIT) systems with the Program Manager (PM)/System Manager (SM), Information System Owner (ISO), Information Owner (IO), mission owner(s), Action Officer (AO) or their designated representatives.
What family of controls does Security Functionality Verification belong to?
System and Communications Protection
Maintenance
System and Information Integrity
Audit and Accountability
The _________________________ provides oversight in mission assurance efforts on issues that cut across all DoD protection programs and functions as an Office of Secretary of Defense (OSD) and Joint Staff-level management and decision support forum.
Antiterrorism Executive Committee
Mission Assurance Senior Steering Group
Threat Working Group
Antiterrorism Working Group
The primary purpose of physical security is prevention and protection.
Select ALL the correct responses. Which of the following are facility access control procedures?
Entry and exit inspections
Electronic gate
Identification systems
Select ALL the correct responses. Which of the following protective measures can make doors more attack-resistant?
Install solid steel doors
Mount cameras on the roof
Limit the number of entrances and exits to what is necessary
In order to plan and implement effective physical security measures, you must use the __________________ to determine where and how to allocate your security resources.
risk management process
threat assessment process
operation assessment process
vulnerability assessment process
Which of the following best defines security-in-depth?
The use of fencing around the perimeter of a structure
The use of barriers around the perimeter of a structure
The layering of physical security measures through the application of active and passive complementary security controls
True or false? Commanders should comply with and integrate DoD physical security and installation access control policies into their Force Protection Conditions (FPCON) plans.
______________ are provided to senior leaders to assist in determining the appropriate Force Protection Condition (FPCON) level.
Antiterrorism countermeasures
Physical security layer strategies
Threat levels
__________ authorizes commanders to issue regulations for the protection or security of property and places under their command and establishes guidelines to build consistent minimum standards for protecting DoD installations and resources.
DoDM 5200.01
DoDI 5200.08
DoD 5200.08-R
Which of the following establishes duties and responsibilities that assist in maintaining operational order during both normal and stressful situations?
Standard Operating Procedures and Post Orders
Standard Operating Procedures and the Physical Security Plan
Post Orders and the Physical Security Plan
Security systems such as intrusion detection systems (IDS) and closed circuit television (CCTV) systems are countermeasures.
Who is responsible for physical security planning, coordination, and integration of identified mission essential capabilities?
OPSEC Officer
CI Support
Antiterrorism Officer
Installation Commander/Facility Director
Inspections can ensure compliance with the physical security plan, verify policy compliance, and promote cost effective security.
Which of the following is the purpose of an interior intrusion detection system (IDS)?
To provide a complete solution to a facility security posture.
To terminate any intrusion into a facility.
To deter, detect, and document intrusion in the environment.
_____________ have reinforced concrete on all walls, ceilings, and floors and hardened steel doors.
Secure rooms
Vaults
Which threat level signifies terrorists are present but there are no indications of anti-U.S. activity and the Operating Environment favors the Host Nation or the U.S.?
Significant
Low
High
Moderate
The primary purpose of physical security is ____________ and protection.
attacking intruders
prevention
security-in-depth
