Download SFPC EXAM 2025-2026 WITH ACTUAL EXAM QUESTIONS AND CORRECT ANSWERS (VERIFIED ANSWERS) SECU and more Exams Computer Security in PDF only on Docsity!
SFPC EXAM 2025-2026 WITH ACTUAL EXAM
QUESTIONS AND CORRECT ANSWERS
(VERIFIED ANSWERS) SECURITY
FUNDAMENTALS PROFESSIONAL
CERTIFICATION (SFPC) REAL EXAM TEST
BANK (BRAND NEW!!)
Which of the following statements are true of storage containers and facilities? a) Storage containers and facilities protect valuable and/or sensitive assets by delaying unauthorized entry. b)They are categorized by how well they delay different types of unauthorized entry. c) They are important to our national security and to the safety of the general public. d) They are required only for the storage of classified information. a) Storage containers and facilities protect valuable and/or sensitive assets by delaying unauthorized entry. b)They are categorized by how well they delay different types of unauthorized entry. c) They are important to our national security and to the safety of the general public. Which of the following would be factors you would need to consider when selecting storage containers and facilities?
a) Whether the TOP SECRET material being stored is a set of documents or a weapon system b) If the material is being stored in a war zone or now c) Whether a document is CONFIDENTIAL or TOP SECRET d) Whether the items being stored are conventional AA&E or nuclear weapons All Apply: a) Whether the TOP SECRET material being stored is a set of documents or a weapon system b) If the material is being stored in a war zone or now c) Whether a document is CONFIDENTIAL or TOP SECRET d) Whether the items being stored are conventional AA&E or nuclear weapons In the DoD, classified information may be stored in a non-GSA-approved container. T/F True COMSEC material is stored in GSA-approved containers. T/F True
b) Number label c) Cabinet identification label d) GSA-approved label e) Warning label b) Number label For containers manufactured beginning April 2007, which label is attached to the top inside of the control drawer and states that any modification of the container that is not in accordance with Federal Standard 809 will invalidate the GSA approval of the container? a) Test certification label b) Number label c) Cabinet identification label d) GSA-approved label e) Warning label e) Warning label
Top Secret information can only be stored in a GSA-approved security container, secure room, or vault. T/F True Vaults are more secure than secure rooms. T/F True Vault doors are made of hardened steel and must retain their original gray color. T/F True Vaults are more secure than modular vaults. T/F False Secure rooms and vaults may both be authorized for the open storage of classified information. T/F True Which of the following are required practices when using storage containers? a) safeguard keys, locks, and combinations at the same level of the classified information being stored b) Change combinations when anyone with knowledge of the combination no longer requires access and when the container or lock has been subject to possible compromise.
Who provides accreditation for SCIFs? a) Director of National Intelligence (DNI) b) Central Intelligence Agency (CIA) c) Defense Intelligence Agency (DIA) d) General Services Administration (GSA) e) Department of Defense (DoD) c) Defense Intelligence Agency (DIA) Which of the following statements are true of SCIFs? a) They are used by the intelligence community to store classified information b) They are used by the DoD to store AA&E c) They are used to store sensitive compartmented information d) They are used to store nuclear weapons a) They are used by the intelligence community to store classified information c) They are used to store sensitive compartmented information
Warning signs must be posted at each boundary of a restricted area and must be conspicuous to those approaching on foot or by vehicle. T/F True The use of master key systems is acceptable in the storage of AA&E. T/F False The use of deadly force is authorized against anyone who enters a nuclear storage facility without proper authorization. T/F True Securing drainage structures must be considered if they cross the fence line of an AA&E storage area. T/F True The continual barrier concept is commonly employed in nuclear storage facilities. T/F True What are the 5 elements of PERSEC?
- Designation
- Investigation
What are the 4 civilian personnel designations?
- Special-sensitive
- Critical-sensitive
- Noncritical-sensitive
- Nonsensitive What are special-sensitive positions? Civilian position with potential for inestimable damage to NS or inestimable adverse impact to the efficiency of the DoD/Military; consists of SCI, SAP, or positions the DoD component head determines to be at a higher level of security What are critical-sensitive positions? A civilian NS position that has the potential to cause exceptionally grave damage to NS; consists of TOP SECRET duties, fiduciary duties or designation from DoD component head What are noncritical sensitive positions? A civilian NS position with the potential to cause significant or serious damage to NS; consists of positions requiring access to CONFIDENTIAL/SECRET info Define the Hatch Act of 1939
Established the initial guidelines for personnel security - requiring employees to pledge allegiance to the US What are the objectives of Joint Clearance and Access Verification System (JCAVS)?
- Update security accesses
- Allow communication amongst other offices and CAFs
- Facilitate management tasks (personnel actions/reports/notifications) What is the objective of JPAS? JPAS uses a centralized database with computer processing and application programs for standard DoD PERSEC processes. Comprises JCAVS and JAMS Define and describe CATS Case Adjudication Tracking System - used by DoD CAF adjudicators to review electronic PSIs completed by NBIB What is DISS and what two programs does it replace? Defense Information System for Security. It replaces CATS and JPAS What are the 4 information advisements required under the Privacy Act of 1974?
- Under what authority is the information being gathered?
- What is the principal purpose for gathering the information?
Scheduled Declassification Occurs when the instructions assigned by the OCA are followed (instructions consist of either a date or event) Automatic Declassification Classified records that have been determined to have permanent historical value under Title 44 of USC are automatically declassified on Dec 31 of the year that is 25 years from the date of its original classification Mandatory Declassification Review Initiates a declassification review as requested from the public. The originating agency must respond to the request in a timely manner What the 6 Steps of Original Classification?
- Government info confirmation
- Eligibility
- Impact
- Designate classification level
- Duration
- Guidance What are the 5 types of government inspection ratings?
- Superior
- Commendable
- Satisfactory
- Marginal
- Unsatisfactory Define vulnerability weakness that could be exploited to gain unauthorized access to information or an information system What are the 3 types of Risk Management (IA)?
- Risk Assessment - identifying controls
- Risk Mitigation - implementing controls
- Evaluation - as needed / scheduled What are the 4 characteristics of controls?
- Testable
- Measurable
- Assignable
- Accountable What are the 6 steps of RMF Assessment & Authorization?
- Categorize system
What are the requirements for initial assignment to a Presidential Support Activities (Yankee White) Category 2 position? Favorable completion of T5 SSBI within 36 months preceding selection What is the purpose of the Federal Acquisition Regulation (FAR)? To codify and publish uniform policies and procedures for acquisition by all executive agencies What is the role of the Special Access Program Oversight Committee (SAPOC) during the maintenance phase of the SAP lifecycle? To review existing programs annually to determine whether to revalidate them as SAPs Define acquisition SAP A SAP established to protect sensitive research, development, testing, and evaluation, modification, and procurement activities Define intelligence SAP A SAP established primarily to protect the planning and execution of especially sensitive intelligence or CI operations or collection activities Define operations and support SAP
A SAP established primarily to protect the planning for, execution of, and support to especially sensitive military operations. An operations and support SAP may protect organizations, property, operational concepts, plans, or activities Define Security-in-Depth Layered and complementary security controls sufficient to deter, detect, and document unauthorized entry and movement within the facility What is the purpose of Intrusion Detection System (IDS) Deter, detect, and document What are the components of IDS? Sensors, control or transmission units, monitor units, and computer monitoring stations List and define the four operational phases of IDS
- Detection: begins as soon as a detector or sensor reacts to the stimuli
- Reporting: begins when the premise control unit (PCU) receives signals from sensors in the protected area and incorporates the signals into a communication scheme
- Dispatch: the first phase requiring human interaction - operator initiates the appropriate response
- Response/Assessment: initiated once a response force is dispatched and continues when they arrive at the scene of the alarm
What are the objectives of physical security? Identify assets, identify threats, identify vulnerabilities What are host organization responsibilities for facility visits? Determine the need for the visit, confirm visitor PCL, determine NTK, control visitor access during visit When must you obtain an export authorization for discussion of classified information with international visitors? Both incoming and outgoing international visits. Access control procedures should ensure that the disclosure of, and access to, export-controlled articles and related information is limited to those that are approved by an export authorization. When is Technology Control Plan (TCP) needed for long-term visitors? A TCP is required to control access by foreign nationals assigned to, or employed by, cleared contractor facilities. When should you provide threat awareness training for international visits? Both incoming and outgoing visits. Personnel interacting with foreign visitors should receive threat awareness briefings and personnel going overseas must receive threat awareness and antiterrorism/force protection security briefings.
What are 5 steps of the OPSEC process?
- Identify critical information
- Analyze threats and adversaries
- Analyze vulnerabilities
- Conduct risk assessment
- Choose/apply countermeasures What do operational and logistical countermeasures (OPSEC) do? They randomize the performance of functions and operational missions What do technical countermeasures (OPSEC) do? Limit nonsecure computer e-mail messages to nonmilitary activities. Do not provide operational information in nonsecure e-mail messages What are the 5 criteria for OPSEC survey assessment?
- Purpose
- Scale
- Frequency
- Resources
- Design
