SPeD General Security – Flashcards
Unlock all answers in this set
Unlock answersquestion
SPeD is an abbreviation for?
answer
Security Professional Education Development
question
SPed is a certification program of what agency?
answer
Department of Defense
question
Security Fundamentals Professional Certification (SFPC)
answer
The individual understands foundational security concepts, principles, and practices. (Core Certification for SPed)
question
Security Asset Protection Professional Certification (SAPPC)
answer
The Individual applies foundational security concepts, principles, and practices. (Core Certification for SPed)
question
Security Program Integration Professional Certification (SPIPC)
answer
The individual understands and applies risk assessment and security program management based on security concepts, principles, and practices. (Core Certification for SPed)
question
Security Enterprise Professional Certification (SEPC)
answer
The individual understands and applies concepts, principles, and practices for managing enterprise-wide security
question
What are the three principle incident/events required to be reported to DoD Counterintelligence (CI) organizations?
answer
Answer: Espionage, Sabotage, Terrorism, & Cyber Policy: DoD 5220.22M, "NISPOM" - E.O. 12333-DoDI 5200.01, DoD Information Security and Protection of SCI
question
PMO is an abbreviation for?
answer
Program Management Office
question
Provides the legal requirements to use lawful means to ensure U. S. receives the best intelligence available
answer
E.O. 12333
question
The manual that includes CI-related requirements for industry
answer
DoD 5220.2.2-M NISPOM
question
Regulation mandating CI-specific training, briefing, and reporting
answer
DoDI5240.6: CI Awareness, Briefing, and Reporting Programs
question
Regulation providing procedures to follow when classified information is compromised
answer
DoD 5200.1-R: information Security Program
question
What are three principle incidents/ events required to report to DoD counterintelligence (CI) organizations?
answer
Espionage Sabotage Terrorism Cyber
question
List three different types of threats to classified information.
answer
1. Insider Threat 2. Foreign Intelligence Entities (FIE) 3. Cybersecurity Threat
question
List three indicators of insider threats.
answer
Failure to report overseas travel or contact with foreign nationals Seeking to gain higher clearance or expand access outside the job scope Engaging in classified conversations without a need to know Working hours inconsistent with job assignment or insistence on working in private Exploitable behavior traits Repeated security violations Attempting to enter areas not granted access to
question
List three elements that should be considered in identifying Critical Program Information.
answer
Elements which if compromised could: 1. Cause significant degradation in mission effectiveness 2. Shorten the expected combat-effective life of the system 3. Reduce technological advantage 4. Significantly alter program direction 5. Enable an adversary to defeat, counter, copy, or reverse-engineer the technology or capability.
question
Briefly describe the concept of insider threat.
answer
An employee who may represent a threat to national security. These threats encompass potential espionage, violent acts against the Government or the nation, and unauthorized disclosure of classified information, including the vast amounts of classified data available on interconnected United States Government computer networks and systems.
question
List three elements that a security professional should consider when assessing and managing risks to DoD assets.
answer
Asset Threat Vulnerability Risk Countermeasures
question
Describe the purpose of the Foreign Visitor Program.
answer
To track and approve access by a foreign entity to information that is classified; and to approve access by a foreign entity to information that is unclassified, related to a U.S. Government contract, or plant visits covered by ITAR.
question
List three categories of Special Access Programs.
answer
1. Acquisition 2. Intelligence 3. Operations and Support
question
Briefly define a Special Access Program.
answer
A program established for a specific class of classified information that imposes safeguarding and access requirements that exceed those normally required for information at the same classification level.
question
List three enhanced security requirements for protecting Special Access Program (SAP) Information.
answer
Within Personnel Security: Access Rosters Billet Structures (if required) Indoctrination Agreement Clearance based on an appropriate investigation completed within the last 5 years Individual must materially contribute to the program in addition to having the need to know All individuals with access to SAP are subject to a random counterintelligence-scope polygraph
question
Identify the four Cognizant Security Agencies (CSAs) and describe their role in the National Industrial Security Program (NISP).
answer
The four CSAs are the Department of Defense (DoD), the Director of National Intelligence (DNI), the Department of Energy (DoE), and the Nuclear Regulatory Commission (NRC). Establish an industrial security program to safeguard classified information under its jurisdiction.
question
List three factors for determining whether U.S. companies are under Foreign Ownership, Control or Influence (FOCI).
answer
1. Record of economic and government espionage against the U.S. targets 2. Record of enforcement/engagement in unauthorized technology transfer 3. Type and sensitivity of the information that shall be accessed 4. The source, nature and extent of FOCI 5. Record of compliance with pertinent U.S. laws, regulations and contracts
question
Define the purpose and function of the Militarily Critical Technologies List (MCTL).
answer
Serves as a technical reference for the development and implementation of DoD technology, security policies on international transfers of defense-related goods, services, and technologies as administered by the Director, Defense Technology Security Administration (DTSA). Formulation of export control proposals and export license review
question
List three primary authorities governing foreign disclosure of classified military information.
answer
Arms Export Control Act National Security Decision Memorandum 119 National Disclosure Policy-1 International Traffic in Arms Regulation (ITAR) E.O.s 12829, 13526 Bilateral Security Agreements DoD 5220.22-M, "NISPOM,"
question
Briefly describe the purpose of the DD Form 254.
answer
Convey security requirements and classification guidance, and provide handling procedures for classified material received and/or generated on a classified contract.
question
List the three main policies that govern the DoD Information Security Program.
answer
E.O. 13526 Information Security Oversight Office (ISOO) 32 CFR Parts 2001 & 2003, "Classified National Security Information; Final Rule" DoD Manual 5200.01, Volumes 1-4
question
What must an "authorized person" have before being granted access to classified information?
answer
Have: favorable determination of eligibility for access a need to know the information signed SF 312 Nondisclosure Agreement
question
List three classification duration options for originally classified information.
answer
Date or event that is: less than 10 years at 10 years up to 25 years 50X1-HUM (with no date or event) 50X2-WMD (with no date or event 25X (with a date or event)
question
List three authorized sources of security classification guidance that could be used in the derivative classification process.
answer
Security Classification Guide Properly Marked Source Document Contract Security Classification Specification (DD Form 254)
question
Define derivative classification.
answer
Incorporating, paraphrasing, restating, or generating in new form information that is already classified and marking the newly developed material consistent with the markings that apply to the source information.
question
Define the difference between a security infraction and a security violation.
answer
An infraction cannot reasonably be expected to and does not result in the loss, compromise, or suspected compromise of classified information; whereas a violation does result in or could be expected to result in the loss or compromise of classified information.
question
Define unauthorized disclosure.
answer
Communication or physical transfer of classified or controlled unclassified information to an unauthorized recipient.
question
List three types of initial personnel security investigations and to whom they apply.
answer
SSBI: Military, Civilian, Contractor ANACI: Civilian NACLC: Military and Contractor NACI: Civilian and Contractor
question
Describe the purpose of due process in Personnel Security Program (PSP).
answer
Ensures fairness by providing the subject the opportunity to appeal an unfavorable adjudicative determination.
question
List the key procedures for initiating Personnel Security Investigations(PSIs)
answer
Validate the need for an investigation Initiate e-QIP Review Personnel Security Questionnaire (PSQ) for completeness Submit electronically to OPM
question
List three DoD position sensitivity types and their investigative requirements.
answer
Critical Sensitive: SSBI, SSBI-PR, PPR Non-Critical Sensitive: ANACI, NACLC Nonsensitive: NACI
question
Describe the difference between revocation and denial in Personnel Security Program
answer
Revocation: A current security eligibility determination is rescinded. Denial: An initial request for security eligibility is not granted.
question
Describe the purpose of a Statement of Reason (SOR).
answer
The purpose of the SOR is to provide a comprehensive and detailed written explanation of why a preliminary unfavorable adjudicative determination was made.
question
List five adjudicative guidelines.
answer
Allegiance to the United States Foreign Influence Foreign Preference Sexual Behavior Personal Conduct Financial Considerations Alcohol Consumption Drug Involvement Psychological Conditions Criminal Conduct Handling Protected Information Outside Activities Use of Information Technology
question
List three different types of approved classified material storage areas.
answer
GSA-approved storage containers Vaults (including modular vaults) Open storage area (secure rooms, to include SCIFs and bulk storage areas)
question
List three construction requirements for vault doors.
answer
Constructed of metal Hung on non-removable hinge pins or with interlocking leaves. Equipped with a GSA-approved combination lock. Emergency egress hardware (deadbolt or metal bar extending across width of door).
question
What is the purpose of intrusion detection systems?
answer
Detect unauthorized penetration into a secured area.
question
What is the purpose of perimeter barriers?
answer
Defines the physical limits of an installation, activity, or area, restrict, channel, impede access, or shield activities within the installation from immediate and direct observation.
question
What is the purpose of an Antiterrorism Program?
answer
Protect DoD personnel, their families, installations, facilities, information, and other material resources from terrorist acts.
question
List three Force Protection Condition levels.
answer
Normal, Alpha, Bravo, Charlie, Delta
question
Describe the concept of security-in-depth.
answer
Layered and complementary security controls sufficient to deter, detect, and document unauthorized entry and movement within an installation or facility.
question
In which security program area would you find practitioners who train and/or advise Original Classification Authorities in the application of the process for making classification determinations?
answer
Information Security
question
In which security program area would you find practitioners working with a facility's Antiterrorism Officer to deploy defensive measures designed to reduce the facility's vulnerability from terrorist attacks?
answer
Physical Security
question
In which security program area would you find practitioners involved with processes that monitor employees for new information that could affect their security clearance eligibility status?
answer
Personnel Security
question
Two security professionals - Paul and Ashley - are discussing security program areas. Paul says that Information Security practitioners train and/or advise Original Classification Authorities in the application of the process for making classification determinations. Ashley says that Physical Security practitioners work with a facility's Antiterrorism Officer to deploy defensive measures designed to reduce the facility's vulnerability from terrorist attacks.
answer
Paul and Ashley are both correct
question
Two security professionals - Paul and Ashley - are discussing security program areas. Paul says that Information Security practitioners work with a facility's Antiterrorism Officer to deploy defensive measures designed to reduce the facility's vulnerability from terrorist attacks. Ashley says that Personnel Security practitioners train and/or advise Original Classification Authorities in the application of the process for making classification determinations.
answer
Paul and Ashley are both incorrect
question
CI Foreign Travel Briefing
answer
Purpose to increase awareness and personal safety, targeting by foreign intelligence, current travel warnings, & where to seek help if needed
question
CI Elicitation is a form of social engineering.
answer
Collecting info from people though conversation
question
Potential Espionage Indicator Categories
answer
Foreign Contracts and Associations Foreign Travel Foreign Preference Anti-American Statements, Activities, and Associations Falsification/Failure to Report Substantive Information Sexual Behavior That Increases Vulnerability to Exploitation Suspicious Financial Transactions or Undue Affluence Illicit Information Collection or Transmittal Other Counterintelligence Issues
question
Who could become an insider threat?
answer
Any person with authorized access to any US government resources.
question
Executive Order 13587
answer
Government agencies to establish their own insider threat programs
question
Insider threat programs are intended to:
answer
Deter, Detect, and Mitigate the risk
question
Sharing and reporting information s essential to detecting potential insider threats
answer
True