Download SAPPC CERTIFICATION STUDY GUIDE EXAM | QUESTIONS & ANSWERS (VERIFIED) 2025/2026 and more Exams Labor and Social Security Law in PDF only on Docsity!
SAPPC CERTIFICATION STUDY GUIDE
EXAM | QUESTIONS & ANSWERS
(VERIFIED) | LATEST UPDATE | GRADED
A+
Sharing and reporting information is essential to detecting potential insider threats. True or False? Correct Answer: True Two security professionals - Paul and Ashley - are discussing security program areas. Paul says that Information Security practitioners train and/or advise Original Classification Authorities in the application of the process for making classification determinations. Ashley says that Physical Security practitioners work with a facility's Antiterrorism Officer to deploy defensive measures designed to reduce the facility's vulnerability from terrorist attacks. Correct Answer: Paul and Ashley are both correct
Two security professionals - Paul and Ashley - are discussing security program areas. Paul says that Information Security practitioners work with a facility's Antiterrorism Officer to deploy defensive measures designed to reduce the facility's vulnerability from terrorist attacks. Ashley says that Personnel Security practitioners train and/or advise Original Classification Authorities in the application of the process for making classification determinations. Correct Answer: Paul and Ashley are both incorrect SPeD is an abbreviation for? Correct Answer: Security Professional Education Development SPed is a certification program of what agency? Correct Answer: Department of Defense Security Fundamentals Professional Certification (SFPC) definition? Correct Answer: The individual understands foundational security concepts, principles, and practices. (Core Certification for SPed). Security Asset Protection Professional Certification (SAPPC) definition?
The manual that includes CI-related requirements for Industry? Correct Answer: DoD 5220.22-M (NISPOM) Regulation mandating CI-specific training, briefing, and reporting? Correct Answer: DoDI5240.6: CI Awareness, Briefing, and Reporting Programs Regulation providing procedures to follow when classified information is compromised? Correct Answer: DoD 5200.1-R: information Security Program What are three principle incidents/events required to report to DoD counterintelligence (CI) organizations? Correct Answer: Espionage, Sabotage, Terrorism & Cyber Policy List three different types of threats to classified information? Correct Answer: Insider Threat, Foreign Intelligence Entities (FIE), Cybersecurity Threat List three indicators of insider threats? Correct Answer: Failure to report overseas travel or contact with foreign nationals. Seeking to gain higher clearance or expand access outside the job scope. Engaging in classified conversations without a need to know. Working hours inconsistent with job assignment or insistence on working in private. Exploitable behavior traits.
Repeated security violations. Attempting to enter areas not granted access to. List three elements that should be considered in identifying Critical Program Information? Correct Answer: - Cause significant degradation in mission effectiveness
- Shorten the expected combat-effective life of the system
- Reduce technological advantage
- Significantly alter program direction
- Enable an adversary to defeat, counter, copy, or reverse-engineer the technology or capability. Briefly describe the concept of insider threat? Correct Answer: An employee who may represent a threat to national security. These threats encompass potential espionage, violent acts against the Government or the nation, and unauthorized disclosure of classified information, including the vast amounts of classified data available on interconnected United States Government computer networks and systems. List three elements that a security professional should consider when assessing and managing risks to DoD assets? Correct Answer: Asset Threat
All individuals with access to SAP are subject to a random counterintelligence-scope polygraph Identify the four Cognizant Security Agencies (CSA)? Correct Answer: Department of Defense (DoD) Director of National Intelligence (DNI) Department of Energy (DoE) Nuclear Regulatory Commission (NRC). Describe the CSA's role in the National Industrial Security Program (NISP)? Correct Answer: To establish an industrial security program to safeguard classified information under its jurisdiction. List three factors for determining whether U.S. companies are under Foreign Ownership, Control, or Influence (FOCI)? Correct Answer: Record of economic and government espionage against the U.S. targets Record of enforcement/engagement in unauthorized technology transfer Type and sensitivity of the information that shall be accessed The source, nature and extent of FOCI Record of compliance with pertinent U.S. laws, regulations and contracts Define the purpose and function of the Militarily Critical Technologies List (MCTL)?
Correct Answer: Serves as a technical reference for the development and implementation of DoD technology, security policies on international transfers of defense-related goods, services, and technologies as administered by the Director, Defense Technology Security Administration (DTSA). Formulation of export control proposals and export license review. List three primary authorities governing foreign disclosure of classified military information? Correct Answer: Arms Export Control Act National Security Decision Memorandum 119 National Disclosure Policy- 1 International Traffic in Arms Regulation (ITAR) E.O.s 12829, 13526 Bilateral Security Agreements DoD 5220.22-M, "NISPOM," Briefly describe the purpose of the DD Form 254? Correct Answer: Convey security requirements and classification guidance, and provide handling procedures for classified material received and/or generated on a classified contract. List the three main policies that govern the DoD Information Security Program? Correct Answer: E.O. 13526
Define derivative classification? Correct Answer: Incorporating, paraphrasing, restating, or generating in new form information that is already classified and marking the newly developed material consistent with the markings that apply to the source information. Define the difference between a security infraction and a security violation? Correct Answer: An infraction cannot reasonably be expected to and does not result in the loss, compromise, or suspected compromise of classified information; whereas a violation does result in or could be expected to result in the loss or compromise of classified information. Define unauthorized disclosure? Correct Answer: Communication or physical transfer of classified or controlled unclassified information to an unauthorized recipient. List three types of initial personnel security investigations and to whom they apply? Correct Answer: ANACI: Civilian NACI: Civilian and Contractor NACLC: Military and Contractor SSBI: Military, Civilian, Contractor Describe the purpose of due process in Personnel Security Program (PSP)?
Correct Answer: Ensures fairness by providing the subject the opportunity to appeal an unfavorable adjudicative determination. List the key procedures for initiating Personnel Security Investigations(PSIs)? Correct Answer: Validate the need for an investigation Initiate e-QIP Review Personnel Security Questionnaire (PSQ) for completeness Submit electronically to OPM List three DoD position sensitivity types and their investigative requirements? Correct Answer: Critical Sensitive: SSBI, SSBI-PR, PPR Non-Critical Sensitive: ANACI, NACLC Nonsensitive: NACI Describe the difference between revocation and denial in Personnel Security Program? Correct Answer: Revocation: A current security eligibility determination is rescinded. Denial: An initial request for security eligibility is not granted. Describe the purpose of a Statement of Reason (SOR)? Correct Answer: The purpose of the SOR is to provide a comprehensive and detailed written explanation of why a preliminary unfavorable adjudicative determination was made.
Equipped with a GSA-approved combination lock. Emergency egress hardware (deadbolt or metal bar extending across width of door). What is the purpose of intrusion detection systems? Correct Answer: Detect unauthorized penetration into a secured area. What is the purpose of perimeter barriers? Correct Answer: Defines the physical limits of an installation, activity, or area, restrict, channel, impede access, or shield activities within the installation from immediate and direct observation. What is the purpose of an Antiterrorism Program? Correct Answer: Protect DoD personnel, their families, installations, facilities, information, and other material resources from terrorist acts. List three Force Protection Condition levels? Correct Answer: Normal, Alpha, Bravo, Charlie, Delta Describe the concept of security-in-depth? Correct Answer: Layered and complementary security controls sufficient to deter, detect, and document unauthorized entry and movement within an installation or facility.
In which security program area would you find practitioners who train and/or advise Original Classification Authorities in the application of the process for making classification determinations? Correct Answer: Information Security In which security program area would you find practitioners working with a facility's Antiterrorism Officer to deploy defensive measures designed to reduce the facility's vulnerability from terrorist attacks? Correct Answer: Physical Security In which security program area would you find practitioners involved with processes that monitor employees for new information that could affect their security clearance eligibility status? Correct Answer: Personnel Security CI Foreign Travel Briefing? Correct Answer: Purpose to increase awareness and personal safety, targeting by foreign intelligence, current travel warnings, & where to seek help if needed. CI Elicitation is a form of social engineering? Correct Answer: Collecting info from people though conversation. Potential Espionage Indicator Categories?
Correct Answer: The SecDef or DepSecDef can approve a carve-out provision to relieve Defense Security Service of industrial security oversight responsibilities. List an enhanced security requirement for protecting Special Access Program (SAP) Information within Physical Security? Correct Answer: Access Control Maintain a SAP Facility Access Roster All SAPs must have an unclassified nickname/Codeword (optional). List an enhanced security requirement for protecting Special Access Program (SAP) Information within Information Security? Correct Answer: The use of HVSACO Transmission requirements (order of precedence) List five responsibilities of the Government SAP Security Officer/Contractor Program Security Officer (GSSO/CPSO)? Correct Answer: • Possess a personnel clearance and Program access at least equal to the highest level of
- Program classified information involved.
- Provide security administration and management for his/her organization.
- Ensure personnel processed for access to a SAP meet the prerequisite personnel
clearance and/or investigative requirements specified.
- Ensure adequate secure storage and work spaces.
- Ensure strict adherence to the provisions of the NISPOM, its supplement, and the Overprint.
- When required, establish and oversee a classified material control program for each SAP.
- When required, conduct an annual inventory of accountable classified material.
- When required, establish a SAPF.
- Establish and oversee a visitor control program.
- Monitor reproduction and/or duplication and destruction capability of SAP information
- Ensure adherence to special communications capabilities within the SAPF.
- Provide for initial Program indoctrination of employees after their access is approved; rebrief and debrief personnel as required.
- Establish and oversee specialized procedures for the transmission of SAP material to and from Program elements.
- When required, ensure contractual specific security requirements such as TEMPEST Automated Information System (AIS), and Operations Security (OPSEC) are accomplished.
- Establish security training and briefings specifically tailored to the unique requirements of the SAP. What is the definition of Critical Program Information in DoD?
Correct Answer: • Safeguarding
- Briefings
- Documentation
- Personal control
- Utilizing proper methods of transmission/transportation based on classification level
- Intended recipient(s) have proper clearance/eligibility and need to know (or access)
- Capability to properly store classified information List three types of security briefings that help manage risks to DoD assets? Correct Answer: • Initial Orientation
- Annual Refresher
- Threat Awareness
- Foreign Travel
- Special Training Requirements
- Derivative Classification
- Original Classification Authority (OCA)
- Declassification Authority
- Debriefings
- Termination briefing List three disposal and destruction methods used to effectively manage risks to DoD classified information?
Correct Answer: • Cross-cut shredding
- Burning/ Incinerating
- Pulverizing
- Disintegrating
- Mutilating
- Degaussing
- Chemical decomposition
- Special burn
- Wet pulping
- Overwriting
- Sanding
- Physical destruction List three types of safeguarding procedures for classified information? Correct Answer: • Proper storage
- Proper handling
- Approved disposition
- Proper transmission/transportation methods
- Receipt use, when required
- Forced entry protection
- Dissemination
- Physical security measures
