STEPP Questions
An individual who is seen modifying protected information on unauthorized equipment is causing concern under which adjudicative guideline? Select one: a. Guideline K: Handling Protected Information b. Guideline E: Personal Conduct c. Guideline A: Allegiance to the United States d. Guideline B: Foreign Influence
A
What type of security incident has occurred when classified data is introduced on an information system not approved for that level of information? Select one: a. Spillage b. Security Infraction c. Security category
A
When information, in the interest of national security, no longer requires protection at any level, it should be: Select one: a. Declassified. b. Unclassified. c. Classified.
A
Which individual is the government authority responsible for program security and all program areas and administers the security policies for the Special Access Program (SAP)? Select one: a. Program Security Officer (PSO) b. Contractor/Command Program Security Officer (CPSO) c. Contractor/Command Program Manager (CPM) d. Government Program Manager (GPM) e. Government SAP Security Officer (GSSO)
A
Who is responsible for identifying threats and informing the installation Commanding Officer on current threats? Select one: a. Threat Working Group b. Mission Assurance Senior Steering Group c. Antiterrorism Executive Committee d. Antiterrorism Working Group
A
Identify responsibilities for which critical-sensitive designation applies. Select all that apply. Select one or more: a. Development or approval of war-related plans, special operations, or critical and extremely important items b. National security policy-making or policy-determining positions c. Special access programs (SAPs) d. Unique intelligence-related information
A and B
The purpose of the DoD information security program is to _________________________. Select all that apply. Select one or more: a. Protect national security information b. Demonstrate a commitment to transparency in Government c. Classify as much government information as possible
A and B
Select ALL the correct responses. During classified visits, visitors may supply clearance information via ______________. Select one or more: a. a Visit Authorization Letter (VAL) b. an invitation acceptance form c. the DoD System of Record
A and C
Select ALL the correct responses. Which of the following are Counterintelligence Special Agent (CISA) responsibilities? Select one or more: a. Provide advice, assistance, and guidance regarding counterintelligence best practices b. Authorize and maintain Information Systems c. Assist with foreign travel briefings and debriefings
A and C
Continuous Evaluation (CE) incorporates which of the following processes? Select all that apply. Select one or more: a. Periodic reinvestigations b. Determination of updated skills and knowledge c. Verification of annual IRS reports and payments d. Automated record checks to cover gaps between initial and periodic investigations
A and D
Select ALL the correct responses. Which of the following are examples of security-in-depth, layering of physical security countermeasures? Select one or more: a. Fencing and guards b. Staff assist visits c. Inspections d. Lighting and cameras
A and D
Select ALL the correct responses. Which of the following are required before an individual may access classified information? Select one or more: a. Personnel Security Clearance (PCL) b. Facility Clearance (FCL) c. Approved safeguarding capability d. Need-To-Know (NTK)
A and D
The Personnel Security Program (PSP) comprehensive investigative background process applies to which of the following persons? Select all that apply. Select one or more: a. Members of the Armed Forces b. non-U.S. citizens that cannot be granted limited access authorization c. Persons who require access to classified information or who are assigned to national security sensitive duties d. DoD contractors
A, C and D
Adjudicators apply 13 National Security Adjudicative Guidelines and _____ factors when evaluating the relevance of an individual's conduct. Select one: a. thirteen b. nine c. six d. every day
B
Civilian positions involved in the development or approval of war plans; investigative duties; OR issuance of national security eligibility are described as which of the following OPM-defined civilian positions sensitivity levels? Select one: a. Noncritical-sensitive b. Critical-sensitive c. Nonsensitive d. Special-sensitive
B
If an individual inserts a thumb drive containing classified information on a computer in the office that is not part of the classified information system, what type of security incident is this? Select one: a. Security Violation b. Spillage c. Security Infraction
B
In order to receive and store classified information, facilities must be granted a Facility Clearance (FCL) and have _________________. Select one: a. full-time security personnel b. approved safeguarding capabilities c. a cleared subcontractor
B
Security categorization is the key first step in _________ because of its effect on all other steps in the framework, from selection of security controls to level of effort in assessing security control effectiveness. Select one: a. the DIACAP b. the RMF c. system protection d. establishing policy
B
Special Access Programs (SAPs) have many goals. Which of the following is a goal of Special Access Programs (SAPs)? Select one: a. Assume program personnel have a valid need-to-know b. Identify who has and has had access c. Maintain minimal program security
B
The __________ establishes industrial security programs and oversees security requirements. Select one: a. Government Contracting Activity (GCA) b. Cognizant Security Agency (CSA) c. Cognizant Security Office (CSO)
B
The funding for the Special Access Program (SAP) Karen is working on is often classified or not directly linked to the program. On what type of SAP is Karen working? Select one: a. Acknowledged SAP b. Unacknowledged SAP
B
To issue a Facility Clearance (FCL), the Facility Clearance Branch (FCB) reviews which of the following? Select one: a. Presence of suspicious contacts b. Facility sponsorship c. Information System Security Plans d. Employee foreign travel records
B
What is the relationship between vulnerabilities and threats? Select one: a. There is no relationship between them b. Threats exploit vulnerabilities c. Both are based on honesty d. Vulnerabilities exploit threats
B
Which investigation replaces the SSBI-PR and PPR? Select one: a. T5 b. T5R c. SSBI d. T3R
B
Which of the following countermeasures would NOT be appropriate against phishing or spear phishing? Select one: a. Delete suspicious emails b. Visiting website links contained in suspicious emails to ensure their legitimacy c. Look to see if official emails are digitally signed d. Contacting your security point of contact with any questions or to report potential incidents
B
Which of the following cyber events are NOT required to be reported to your FSO or security point of contact? (Select all that apply) Select one or more: a. Adversary attempts to acquire classified information b. Official emails from known sources c. Adversary attempt to acquire U.S. export controlled technology d. All suspicious cyber activities
B
Which of the following establishes duties and responsibilities that assist in maintaining operational order during both normal and stressful situations? Select one: a. Standard Operating Procedures and the Physical Security Plan b. Standard Operating Procedures and Post Orders c. Post Orders and the Physical Security Plan
B
Who issues security classification guides (SCG) for systems, plans, programs, projects, or missions? Select one: a. Derivative classifiers b. Original Classification Authorities c. Both derivative classifiers and Original Classification Authorities
B
You have a question about guidance received from the Special Access Program Central Office (SAPCO) and need to speak with the government official who exercises authority on behalf of SAPCO or the service component designee of the Special Access Program (SAP). With whom should you speak? Select one: a. Contractor/Command Program Security Officer (CPSO) b. Program Security Officer (PSO) c. Contractor/Command Program Manager (CPM) d. Government Program Manager (GPM) e. Government SAP Security Officer (GSSO)
B
Select ALL the correct responses. Which of the following is an exterior intrusion detection system (IDS)? Select one or more: a. Proximity detectors b. Buried line sensors that detect vibrations c. Fence disturbance sensors
B and C
Select ALL the correct responses. Which of the following protective measures can make doors more attack-resistant? Select one or more: a. Mount cameras on the roof b. Limit the number of entrances and exits to what is necessary c. Install solid steel doors
B and C
Select ALL the correct responses. Which of the following comprise the Mission Assurance Senior Steering Group? Select one or more: a. Counterintelligence Officers b. General or flag officers at the one and two-star levels c. OPSEC Officers d. Senior Executive Service
B and D
Select true statements concerning national security reinvestigations. Select all that apply. Select one or more: a. Security Specialists are exempt from continuous evaluation and/or periodic reinvestigations. b. Military and civilian personnel for whom periodic investigative requests are initiated must have at least 12 months remaining in service or employment. c. An out-of-scope reinvestigation requires no justification to be processed. d. The FIS determines when periodic reinvestigations must occur.
B and D
Select true statements regarding access to classified information. Select all that apply. Select one or more: a. Access to classified information is limited to those who have access to a federal government-owned computer. b. Access to classified information is determined by a valid need-to-know. c. If an individual has access to classified information the individual is also the holder of classified information. d. All U.S. citizens who are granted access to classified information must also have national security eligibility.
B and D
Select personal traits of nuclear workers identified by the Nuclear Personnel Reliability Program. Select all that apply. Select one or more: a. Responsive b. Professionally competent c. Emotionally stable d. Reliable
B, C and D
A Principal Authorizing Official (PAO) is appointed for each of the following DoD mission areas except: Select one: a. Enterprise Information Environment b. DoD portion of Intelligence c. Unit d. Business e. Warfighting
C
A type of targeted attack that takes the form of an email that appears to be from a specific organization, such as your employer or bank, is known as: Select one: a. Hacking b. Malicious Logic c. Spear Phishing d. Harpooning
C
All _____________ GSA-approved security containers must conform to Federal Specification FF-L-2740. Select one: a. Handles on b. Doors on c. Locks for
C
An individual who was dismissed from the Armed Forces for unwillingness to comply with rules and regulations may be a concern under which adjudicative guideline? Select one: a. Guideline J: Criminal Conduct b. Guideline A: Allegiance to the United States c. Guideline E: Personal Conduct d. Guideline L: Outside Activities
C
Mary needs to review guidance directly applicable to all Department of Defense (DoD) Special Access Programs (SAPs). What should she review? Select one: a. DoD 5220.22-M-Sup 1, National Industrial Security Program Operating Manual (NISPOM) Supplement b. DoD Directive 5205.07, DoD Special Access Program Policy c. DoDM 5205.07 Vols 1-4: DoD Special Access Program Security Manuals
C
RMF provides implementation guidance through a _____ step information system lifecycle. Select one: a. three b. five c. six d. seven
C
Risk Management Framework Tier 1 Organization roles and responsibilities are assigned to ___________________. Select one: a. Information Systems Security Manager (ISSM) b. Authorizing Official (AO) c. DoD CIO/SISO d. DoD Component CIO/SISO
C
The Security Assessment Report completed in RMF Step __ provides AOs with the information needed for understanding the current security state of the organization's information systems and supporting infrastructure and the current risk posture of the organization. Select one: a. 2 b. 3 c. 4 d. None of the above
C
The Special Access Program (SAP) Dan works on is developing and building a new aircraft. What category of SAP is Dan most likely working on? Select one: a. Operations and Support Special Access Program (SAP) b. Intelligence Special Access Program (SAP) c. Acquisition Special Access Program (SAP)
C
The ______________________ is a comprehensive written plan for appropriate and economical use of personnel and equipment to prevent or minimize criminal and disruptive activities Select one: a. COMSEC Plan b. Cybersecurity Plan c. Physical Security Plan d. Monthly Action Plan
C
The unauthorized disclosure of this type of information could reasonably be expected to cause damage to our national security. Select one: a. Top Secret b. Secret c. Confidential
C
The vast majority of Department of Defense (DoD) Special Access Programs (SAPs) fall under which category? Select one: a. Operations and Support Special Access Programs (SAPs) b. Intelligence Special Access Programs (SAPs) c. Acquisition Special Access Programs (SAPs)
C
Tier 1 of RMF guidance addresses risk management at the DoD __________ level. Select one: a. unit b. local c. enterprise d. mission
C
Which case states that an agency must follow its own regulations, even when those regulations are more restrictive than law requires. Select one: a. Adams vs. Laird b. Clifford vs. Shoultz c. Service vs. Dulles d. Greene vs. McElroy
C
Which contracting document contains security requirements and classification guidance? Select one: a. DD Form 441, Department of Defense Security Agreement b. SF 312, Classified Information Nondisclosure Agreement c. DD Form 254, Department of Defense Contract Security Classification Specification
C
Which of the following executive orders established a uniform PSP for all federal employees who hold sensitive positions or who must access classified information? Select one: a. E.O. 13467 b. E.O. 10450 c. E.O. 12968 d. E.O. 13764
C
Which of the following is the best general description of Special Access Programs (SAPs)? Select one: a. Special Access Programs (SAPs) allow everyone who has a clearance to have access. b. Special Access Programs (SAPs) are unclassified programs with safeguarding and access requirements. c. Special Access Programs (SAPs) are classified programs with enhanced safeguarding and access requirements.
C
Which of the following would NOT be an indication that an email is from an adversary attempting to gain unauthorized information? Select one: a. It attempts to gather information that could be harmful to you or the organization in the wrong hands b. It includes bad grammar, misspellings, or other generic greetings c. It comes from your IT security department and includes relevant security alerts d. It appears to be urgent, requiring immediate action
C
Which physical security countermeasure is used to secure sensitive compartmented information (SCI)? Select one: a. Vault b. Secure Rooms c. Sensitive Compartmented Information Facility (SCIF)
C
Which step in the risk management process is designed to identify and assess the perceived imminence of intended aggression by a capable entity to harm a nation, a government, or its instrumentalities? Select one: a. Identify and assess Vulnerabilities b. Determine Countermeasure Options c. Identify and assess Threats d. Identify and assess Assets
C
Who administers and oversees the contractor security program? Select one: a. Information System Security Professional/Security Control Assessor (ISSP/SCA) b. Information System Security Manager (ISSM) c. Facility Security Officer (FSO) d. Counterintelligence Special Agent (CISA)
C
National security position designations are based on which of the following? Select all that apply. Select one or more: a. The location from which personnel will interact with sensitive information b. Length of time personnel will hold the position c. Duties by which the occupant could bring about an adverse effect on national security d. Access to classified information e. The frequency at which personnel will interact with sensitive information
C and D
Which of the following are potential indicators of vulnerabilities related to unpatched and outdated software? (Select all that apply) Select one or more: a. Frequent emails from system administrators notifying users or updates and computer restarts b. Frequent notifications that new patches have been applied c. Unauthorized system access attempts d. Corrupt files and destroyed or modified information
C and D
An individual with a critical-sensitive position designation who has foreign national contacts is causing concern under which adjudicative guideline? Select one: a. Guideline C: Foreign Preference b. Guideline A: Allegiance to the United States c. Guideline E: Personal Conduct d. Guideline B: Foreign Influence
D
If you have just been given authorization to operate a classified information system, what step are you now in within the Risk Management Framework? Select one: a. Step 1: Categorize System b. Step 3: Implement Security Controls c. Step 5: Authorize System d. Step 6: Monitor Security Controls
D
Which document established standard requirements for conducting federal background investigations according to a five-tiered model? Select one: a. DoD(a) Civil Service Act of 1883 b. DoDM 5200.02 c. SEAD 6 d. Federal Investigative Standards (FIS)
D
Which of the following are programs that enhance security by requiring more stringent investigations and adjudications or more frequent reinvestigations than normal? Select all that apply. Select one: a. Presidential Support Activities b. Special Access Programs c. NATO Top Secret Designation d. All of the above
D
Whose primary responsibility is working with Industrial Security Representatives (IS Reps) and contractor personnel to authorize and maintain classified Information Systems? Select one: a. Information System Security Manager (ISSM) b. Counterintelligence Special Agent (CISA) c. Facility Security Officer (FSO) d. Information System Security Professional/Security Control Assessor (ISSP/SCA)
D
You are a government employee about to begin work on a Special Access Program (SAP). You are reviewing policy and guidance. Which guidance outlines the baseline responsibilities of personnel to safeguard classified information? Select one: a. DoDD 5205.2E, DoD OPSEC Program b. DoD 5220.22-M: National Industrial Security Program Operating Manual (NISPOM) c. DoD 5200.8-R, Physical Security Program d. DoDM 5200.01, Vols. 1-4, Information Security Program e. DoD 5200.2-R, Personnel Security Program
E
All Federal Government entities may initiate and conduct national security background investigations. Select one: True False
False
During an investigation, any area of questioning can be asked to properly determine eligibility. Select one: True False
False
Potential cyber attacks only need to be reported if they were successful, or if it is suspected that the network has been compromised. Select one: True False
False
The existence of Special Access Programs (SAPs) has always been public knowledge. Select one: True False
False
True/False. A Security Specialist has little or no interaction with persons in or out of the organization because of the sensitive nature of the job. Select one: True False
False
Users may install personal software on their organization's systems if they ensure that it comes from a trusted website and has been scanned for viruses. It is only necessary to notify the IT department if elevated permissions are required to install or run it. Select one: True False
False
When a Special Access Program (SAP) is waived, it means the SAP is not required to follow reporting procedures. Select one: True False
False
All documents required for approval are developed in the Management and Administration phase. Select one: True False
True
Circumstances may arise where an urgent operational or contractual exigency exists for cleared DoD personnel to have one-time or short-duration access to classified information at a higher level than authorized by the existing eligibility level. Select one: True False
True
Department of Defense (DoD) Special Access Programs (SAPs) are the responsibility of the Deputy Secretary of Defense (DEPSECDEF). Select one: True False
True
Derivative classifiers are the individuals who generate or create new material based on existing classification guidance. Select one: True False
True
DoD 8510.01 requires all information systems and platform information technology (PIT) systems for both NSS and non-NSS to be categorized in accordance with CNSSI 1253. Select one: True False
True
Program funding of an Unacknowledged SAP is often unacknowledged, classified, or not directly linked to the program. Select one: True False
True
Prompt reporting of cyber security incidents is critical to successfully mitigating risk and defeating attacks. Select one: True False
True
Security systems such as intrusion detection systems (IDS) and closed circuit television (CCTV) systems are countermeasures. Select one: True False
True
True or false? An employee's need for a Personnel Security Clearance (PCL) is determined by the program manager, but the clearance level is determined by the Government Contracting Activity (GCA). Select one: True False
True
When classified information is in an authorized individual's hands, why should the individual use a classified document cover sheet? Select all that apply. Select one or more: a. To prevent inadvertent viewing of classified information by unauthorized personnel b. To alert holders to the presence of classified information c. To record the removal of classified information from a GSA-approved security container
A and B
Which level of classified information may be transported via USPS mail? Select all that apply. Select one or more: a. Confidential b. Secret c. Top Secret
A and B
Select ALL the correct responses. Which of the following are Information System Security Professional/Security Control Assessor (ISSP/SCA) responsibilities? Select one or more: a. Perform classified Information System assessments b. Receive changed conditions and suspicious contact reports c. Oversee day-to-day personnel security program operation d. Respond to security violations involving authorized classified Information Systems
A and D
You decide that you should report a situation to your organization's security specialist when you discover the following information about a coworker: Select all that apply. Select one or more: a. She laughs at a news report of a man shooting his former co-workers as they left work at the end of day and makes a sarcastic comment about the victims "getting what they deserved." b. She invites you to join her at a restaurant that serves foreign foods you've never heard of before. c. She begins drinking unusual amounts of strong coffee in the morning. d. She speaks about her anger at the United States for issuing economic sanctions against her parents' country.
A and D
Select ALL the correct responses. Which of the following are Contracting Officer's Representative (COR) responsibilities? Select one or more: a. Communicates security requirements to the contractor b. Closely monitors contractor performance c. Initiates sponsorship for a Facility Clearance (FCL) if necessary d. Enters into, administers, and terminates contracts
A, B and C
Select ALL the correct responses. Which of the following are Information System Security Manager (ISSM) responsibilities? Select one or more: a. Conduct Information System awareness and training b. Establish Information System programs and procedures c. Develop facility procedures for handling media with classified information d. Receive company changed conditions and suspicious contact reports
A, B and C
Which of the following are applicable when using a phone for classified conversations? Select all that apply. Select one or more: a. Know how to use your Secure Terminal Equipment (STE) b. Be aware of your surroundings and who might be able to hear your end of the conversation c. Only use Secure Terminal Equipment (STE) phones
A, B and C
Which of the following are components of the national security adjudication guidelines? Select all that apply. Select one or more: a. Concern b. Conditions that may be disqualifying c. Conditions that can mitigate behavior d. Past investigations
A, B and C
Which volumes of DoDM 5200.01 provide guidance and direction on classification management, marking, protection, and handling requirements for classified information? Select all that apply. Select one or more: a. Volume 1 b. Volume 2 c. Volume 3 d. Volume 4
A, B and C
Identify functions of The Civil Service Act of 1883. Select all that apply. Select one or more: a. It encouraged loyalty to the United States rather than to specific political parties. b. Party loyalty could no longer be "bought" or necessarily even depended upon. c. It discouraged the number of persons applying for federal employment. d. It reduced the number of incompetent or corrupt public officials employed by the federal government.
A, B and D
Select ALL the correct responses. Security Forces may be comprised of which of the following? Select one or more: a. Military and contract personnel b. Mission Assurance Senior Steering Group c. Military working dogs d. DoD civilian personnel
A, C and D
__________ authorizes commanders to issue regulations for the protection or security of property and places under their command and establishes guidelines to build consistent minimum standards for protecting DoD installations and resources. Select one: a. DoDM 5200.01 b. DoDI 5200.08 c. DoD 5200.08-R
B
Security Specialists report unfavorable information that meets reportable behavior guidelines to which of the following entities? Select all that apply. Select one or more: a. House of Representatives Intelligence Chairperson b. Counter Intelligence supporting activity c. The supporting adjudication facility d. Law enforcement agency
B, C and D
Select ALL the correct responses. The National Industrial Security Program (NISP) is: Select one or more: a. a voluntary program for cleared contractor facilities b. a government-industry partnership c. designed to safeguard classified information entrusted to industry d. established by Executive Order 12829
B, C and D
As a Security Specialist, one important responsibility of the security office is to take part in four different types of briefings. Identify two of the briefings. Select one: a. Financial disclosure briefings and change in personal status briefings b. Media contact briefings; law enforcement briefings c. Annual (or refresher) briefings and insider threat briefings d. Drug and alcohol use briefings and emotional stress briefings
C
If a derivative classifier believes information to be improperly classified, they can _____________ the classification decision. Select one: a. Ignore b. Override c. Challenge
C
Individuals who have access to classified information or hold a sensitive position must follow strict reporting requirements for what primary reason? Select one: a. To avoid being required to submit to further security briefings b. To retain their DoD identification card c. To recognize and avoid personal behaviors and activities that may adversely affect continued national security eligibility d. To receive reimbursement for their DoD travel vouchers
C
Which of the following is the purpose of an interior intrusion detection system (IDS)? Select one: a. To terminate any intrusion into a facility. b. To provide a complete solution to a facility security posture. c. To deter, detect, and document intrusion in the environment.
C
Whose guidelines should you follow for the destruction of storage media such as thumb drives, zip drives, and computers? Select one: a. Original Classification Authorities b. Local information systems personnel c. National Security Agency
C
Department of Defense (DoD) Special Access Programs (SAPs) are categorized and managed by the Under Secretaries of Defense. Which Under Secretary oversees DoD Acquisition SAPs? Select one: a. Under Secretary of Defense, Acquisition, Logistics, and Technology (USD (AT&L)) b. Under Secretary of Defense, Intelligence (USD (I)) c. Under Secretary of Defense, Policy (USD (P))
A
DoD participates in ______ and NIST policy development as a vested stakeholder with the goals of a more standardized approach to cybersecurity. Select one: a. CNSS b. OPM c. GSA d. NASA
A
During which step of a cyber attack would an adversary research and identify targets through open sources, like social media or company websites? Select one: a. Reconnaissance b. Intrusion c. Data Exfiltration d. Maintain Persistence
A
Heidi has just been assigned to a Special Access Program (SAP) that is openly recognized; however, specifics are classified within that SAP, and program funding is generally unclassified. To what type of SAP is Heidi assigned? Select one: a. Acknowledged SAP b. Unacknowledged SAP c. Waived SAP
A
Identify the legislation that prohibits a grant or waiver of national security eligibility to individuals who have been convicted of crimes and incarcerated for more than one year or have been dishonorably discharged from the armed forces. Select one: a. The Bond Amendment b. SEAD 4 c. SEAD 3 d. Federal Investigative Standards Plan
A
In which order must documents containing classified information be marked? Select one: a. Portion markings, banner markings, classification authority block b. Portion markings, classification authority block, banner markings c. Banner markings, portion markings, classification authority block
A
In which phase of the Special Access Program (SAP) life cycle does the annual review occur where it is decided if the program will be revalidated and continue operation, be restructured, or be transitioned to the disestablishment phase? Select one: a. Management & Administration b. Disestablishment c. Apportionment d. Establishment
A
Malicious code is best described as: Select one: a. Software that causes damage and/or creates unwanted behaviors b. Anyone that seeks to do you or your organization harm c. A scam that places you and your organization at risk d. Email that appears to be from one source, but is actually from another
A
Protected information falls into which of the following categories? Select all that apply. Select one or more: a. Personal information b. Controlled unclassified information c. Classified information d. News articles
A and C
Select ALL the correct responses. The National Industrial Security Program Operating Manual (NISPOM) does which of the following? Select one or more: a. Defines NISP requirements b. Ensures uniform security requirements c. Provides guidance for contractors d. Identifies members of the NISP
A, B and C
Select ALL the correct responses. What does the Facility Security Officer (FSO) need to do when an employee no longer needs access to classified information? Select one or more: a. Remove the employee's access in the DoD System of Record b. Debrief the employee c. Remove the employee's name from access rosters and/or any active Visit Authorization Letters (VALs) d. Remove the employee's eligibility in the DoD System of Record
A, B and C
What is required to access classified information? Select all that apply. Select one or more: a. Signed SF-312, Nondisclosure Agreement b. Need-to-know c. Eligibility
A, B and C
Select ALL the correct responses. The Defense Security Service (DSS) oversees which of the following? Select one or more: a. Personnel Security Clearances (PCLs) b. Changes in ownership, management, or foreign involvement c. Contract-specific requirements d. Compliance with reporting requirements
A, B and D
Which of the following are disqualifying conditions for Guideline M: Use of Information Technology? Select all that apply. Select one or more: a. Removing files without authorization b. Storage of protected information on approved equipment c. Logging onto someone else's computer d. Transmitting controlled information to an unauthorized data storage device.
A, B, C and D
Which of the following sources can provide users with more information about reportable cyber events and how to report them? (Select all that apply) Select one or more: a. Security Points of Contact or FSOs b. Acceptable Use Policy (AUP) for the organization c. The National Industrial Security Program Operating Manual d. DOD Directive 5240.06, Counterintelligence Awareness and Reporting
A, B, C and D
What information is listed in the classification authority block on a document containing classified information? Select all that apply. Select one or more: a. Date on which to declassify the document b. Who created the classified document c. Classification level to downgrade to at a certain point in time (as applicable) d. Which source the information in the document was derived from e. Current classification level of the document
A, B, C, D
Which of the following are disqualifying conditions for Guideline I: Psychological Conditions? Select all that apply. Select one or more: a. Chronic lying b. Deceitful behavior c. Binge drinking d. Compulsive gambling
A, B, and D
Select ALL the correct responses. By signing DD Form 441, Department of Defense Security Agreement, the contractor agrees to _______________. Select one or more: a. Acknowledge government authority to review the company's security program b. Adhere to end-product objectives c. Determine whether a sub-contractor has appropriate Facility Clearance (FCL) d. Implement and maintain a security program that complies with the National Industrial Security Program Operating Manual (NISPOM)
A, C and D
Select ALL the correct responses. Which of the following represent the purpose of physical security? Select one or more: a. Deter intruders b. Manpower c. Safeguard against threats d. Prevent theft, damage, or unauthorized access to assets
A, C and D
Which entity exists for each military component, the Joint Chiefs of Staff; the Defense Advanced Research Projects Agency (DARPA); and the Missile Defense Agency (MDA) and is responsible for all SAPs under their purview? Select one: a. Office of the Secretary of Defense (OSD) Special Access Program Central Offices (SAPCOs) b. Special Access Program Central Offices (SAPCOs) c. Special Access Program Oversight Committee (SAPOC) d. Senior Review Group (SRG)
B
Which of the following are characteristics of a strong password? (Select all that apply) Select one or more: a. Uses names, dates, or dictionary words important to the user, so it's easy to remember b. Has a mix of upper and lower case, numbers, and special characters c. Is the same on multiple systems, so it's less likely to be forgotten d. Are changed often
B and D
Which of the following is true about the Department of Defense (DoD) Special Access Program (SAP) life cycle? Select one: a. Special Access Programs (SAPs) follow a different life cycle depending on their category. b. Special Access Programs (SAPs) follow a different life cycle depending on their protection level. c. All Special Access Programs (SAPs) follow the same life cycle.
C
John is a married mid-level employee with ACE Tech. He has a reputation for working all times of the night and was overheard bragging about the number of trips he has made to Europe in the last (3) three months. What are the possible espionage indicators for this scenario? Select all that apply. Select one or more: a. Unexplained affluence b. Disregard for security regulations c. Extensive foreign travel d. Unusual work hours
C and D
In which phase of the Special Access Program (SAP) life cycle is it determined enhanced security measures are warranted? Select one: a. Disestablishment b. Apportionment c. Management & Administration d. Establishment
D
Which of the following descriptors are associated with Tier 1 investigations. Select all that apply. Select one or more: a. 5-7-year basic scope b. Noncritical-sensitive position c. Use of the SF-85 d. Non-sensitive, low risk positions
C and D
Which of the following cybersecurity events are NOT required to be reported? Select one: a. Malicious code, such as viruses or spyware b. Network spillage events or compromise c. Social engineering attempts, including phishing d. Authorized files on the network
D
Which of the following most completely describes the circumstances under which Special Access Programs (SAPs) are established? Select one: a. The program requires funding that needs to be approved by specific Congressional committees. b. The program involves military operations. c. The program is a Department of Defense Acquisition, Intelligence, or Operations and Support program. d. The program is required by statute, the vulnerability of or threat to specific information is exceptional, and the normal criteria for determining access are insufficient.
D
You receive an email that appears to be from your IT department asking for your system password. You may have been the target of: Select one: a. Flipping b. Fracking c. Phreaking d. Phishing
D
If you suspect that your password has been compromised, it's not necessary to report it to your FSO or security point of contact. Just change it as soon as possible. Select one: True False
False
Need-to-know is the determination by an authorized holder of classified information that access to the information is required by another appropriately cleared individual to perform "OFFICIAL DUTIES." Select one: True False
True
Special Access Programs (SAPs) have existed for decades; however, they have not always been called Special Access Programs. Select one: True False
True
The Department of Defense follows the DoD 8500 series documentation for Cybersecurity policy. Select one: True False
True
True or false? Each Cognizant Security Agency (CSA) has one or more Cognizant Security Offices (CSOs) that administer the National Industrial Security Program (NISP) on their behalf. Select one: True False
True
Intelligence Community Policy Guideline (ICPG) 704.3 determines the processes necessary to handle denials and revocations of SCI access. There are no appeals processes once those determinations have been made. Select one: True False
False
______________ are provided to senior leaders to assist in determining the appropriate Force Protection Condition (FPCON) level. Select one: a. Threat levels b. Physical security layer strategies c. Antiterrorism countermeasures
A
Which threat level signifies anti-U.S. terrorists are present and they attack personnel as their preferred method of operation, or a group uses large casualty-producing attacks as their preferred method but has limited operational activity and the Operating Environment is neutral? Select one: a. Significant b. Moderate c. Low d. High
A
Which threat level signifies terrorists are present but there are no indications of anti-U.S. activity and the Operating Environment favors the Host Nation or the U.S.? Select one: a. Moderate b. Low c. High d. Significant
A
Who facilitates the process for identifying threats to specific assets, analyzing risk to those assets, and developing countermeasures against potential threats to national security? Select one: a. OPSEC Officer b. Physical Security Officer c. CI Support d. Antiterrorism Officer
A
Who is responsible for supporting antiterrorism concerns, efforts, and emergency response and law enforcement activities? Select one: a. Law Enforcement Officials b. Physical Security Officer c. CI Support d. OPSEC Officer
A
Who references information from security classification guides (SCG) in order to classify information? Select one: a. Derivative classifiers b. Original Classification Authorities c. Both derivative classifiers and Original Classification Authorities
A
Mark logged onto Sam's computer while he was on vacation is causing concern under which adjudicative guideline? Select one: a. Guideline M: Use of Information Technology b. Guideline L: Outside Activities c. Guideline K: Handling Protected Information d. Guideline E: Personal Conduct
A
National Security Adjudications, which grant eligibility for access to SCI, top secret, secret, or confidential information, or assignment to a national security sensitive position require the completion of what? Select one: a. SF-86 b. SF-85 c. SF-85B
A
The Physical Security Plan (PSP) should include which of the following? Select one: a. Special and general guard orders b. Building maintenance orders c. Generic and operational orders
A
The unauthorized disclosure of this type of information could reasonably be expected to cause exceptionally grave damage to our national security. Select one: a. Top Secret b. Secret c. Confidential
A
What type of declassification process is the review of classified information that has been exempted from automatic declassification? Select one: a. Systematic Declassification b. Mandatory Declassification Review c. Automatic Declassification d. Scheduled Declassification
A
The subject interview is a standard investigative element of which periodic reinvestigation? Select one: a. Tier 3 Reinvestigation (T3R) b. Tier 1 Reinvestigation (T1R) c. Tier 7 Reinvestigation (T7R) d. Tier 5 Reinvestigation (T5R)
D
What is the first step in the National Industrial Security Program (NISP) contracting process? Select one: a. Publishing a Request for Proposal (RFP) b. Defining the acquisition strategy for the contract c. Defining the initial requirements for the product/service d. Identifying a need for a product or service
D
Failure to comply with prescribed treatment is a mitigating condition under the psychological conditions adjudicative guideline. Select one: True False
False
Match the Phases of the National Security Eligibility Process with their descriptions
Phase 1 - An authorized agency initiates a request for a national security eligibility determination for an individual Phase 2 - The ISP will use centralized databases to send the individual's results to the DoD Consolidated Adjudication Facility. Phase 3 - The DoD CAF reviews the information in PSI and compares it to national adjudication standards. Phase 4 - The DoD CAF makes a determination and either grants or denies national security eligibility.
The National Security Adjudicator is responsible for protecting the subject's personal information during the investigative process. Select one: True False
True
The Personnel Security Program (PSP) helps to identify insider threats. Select one: True False
True