SPēD SAPPC: INFOSEC QUUESTIONS AND ANSWERS 100% PASS

Document Content and Description Below

SPēD SAPPC: INFOSEC QUUESTIONS AND ANSWERS 100% PASS Security Infraction ✔✔This event cannot reasonably be expected to and does not result in the loss, compromise, or suspected compromise of c... lassified information DoD Manual 5200.01, Volumes 1-4 ✔✔The manual that governs the DoD Information Security Program E.O. 13526 ✔✔The executive order that governs the DoD Information Security Program 32 CFR Parts 2001 & 2003, "Classified National Security Information; Final Rule" ✔✔The Information Security Oversight Office (ISOO) document that governs the DoD Information Security Program Security Violation ✔✔An event that results in or could be expected to result in the loss or compromise of classified information Unauthorized Disclosure ✔✔Communication or physical transfer of classified or controlled unclassified information to an unauthorized recipient Termination Briefing ✔✔This briefing is given when an individual's employment is terminated, clearance eligibility is withdrawn, or if the individual will be absent from duty for 60 days or more. It is also given to those who have been inadvertently exposed to classified information. Foreign Travel Briefing ✔✔This briefing that applies to cleared personnel who plan to travel in or through foreign countries, or attend meetings attended by representatives of other countries. Refresher Briefing ✔✔This briefing is presented annually to personnel who have access to classified information or assignment to sensitive duties. Secret ✔✔Unauthorized disclosure of this information could reasonably be expected to cause serious damage to our national security. Top Secret ✔✔Unauthorized disclosure of this information could reasonably be expected to cause exceptionally grave damage to our national security. Confidential ✔✔Unauthorized disclosure of this information could reasonably be expected to cause damage to our national security. Freedom of Information Act (FOIA) ✔✔The act regarding the withholding information from public release; framework and guidance for evaluation for public release for info to be exempt are from the 9 distro statements Derivative Classification ✔✔This is defined as the incorporating, paraphrasing, restating, or generating in new form any information that is already classified. Derivative classification process ✔✔1. Observe and respect the OCA original classification determination 2. Apply required markings 3. Use only authorized sources 4. Use caution when paraphrasing or restating classified information extracted form a classified source document 5. Always take the appropriate steps to resolve any doubts you have Original Classification ✔✔This is defined as an initial determination that information requires, in the interest of national security, protection against unauthorized disclosure. Compilation ✔✔This is defined as unclassified information or classified information (at a lower level) that when the information is combined or associated reveals additional factors that qualifies for classification. Original Classification Authority ✔✔The term used to identify individuals specifically authorized in writing to make initial classification decisions. Security Classification Guides (SCG) ✔✔This contains classification levels, special requirements and duration instructions for programs, projects, plans, etc. Original Classification Process ✔✔The six step process an OCA applies in making classification determinations. 1. Determine if the information is official government information 2. Determine if the information is eligible to be classified 3. Determine if there is a potential for damage to national security if unauthorized release occurs 4. Assign a level of classification 5. Make a decision about the duration of classification 6. Communicate the decision Declassification ✔✔The authorized change in the status of information goes from classified information to unclassified information Declassification systems ✔✔Scheduled, Automatic, Mandatory, Systematic Automatic declassification ✔✔The declassification system where Permanently Valuable Historical records are declassified when they are 25 years old Systematic declassification review ✔✔The declassification system where information exempted from automatic declassification is reviewed for possible declassification Mandatory Declassification Review (MDR) ✔✔The declassification system where the public can ask for classified information be review for declassification and public release Scheduled Declassification ✔✔The declassification system where an OCA, at the time the information is originally classified, sets a date or event for declassification Custodians ✔✔People who are in possession of, or who are otherwise charged with safeguarding classified information Options an OCA has when determining declassification ✔✔Specific Date, Specific Event, or by the 50X1-HUM Exemption The 25-year rule ✔✔The process where records automatically become declassified after 25 years Restricted Data and Formerly Restricted Data ✔✔This type of information does not provide declassification instructions Practices to follow when handling classified information ✔✔1. Properly destroy preliminary drafts, worksheets, and other material after they have served their purpose 2. Use approved secure communications circuits for telephone conversations to discuss classified information 3. Follow proper procedures when copying classified information 4. Use security forms such as SF 701 and SF 702 SF 702 ✔✔Security Container Check Sheet, which is used to record the opening and closing of your security container SF 701 ✔✔The Activity Security Checklist intended to verify that you did not accidentally leave classified materials unsecured, as well as, to ensure the area is safe and secure. The blank spaces can be utilized for additional warranted security and safety items, such as a block to remind personnel to complete tasks, such as turning off coffee pots. Actual compromise ✔✔An unauthorized disclosure of classified information Neither confirm nor deny ✔✔If classified information appears in the public media, DoD personnel must be careful not to make any statement of comment that would confirm the accuracy or verify the classified status of the information Potential Compromise ✔✔The possibility of compromise could exist but it is not known with certainty DISA, Joint Interoperability Test Command (JITC) ✔✔This organization maintains a register of certified security digital facsimiles COMSEC ✔✔The protection resulting from the measures designed to deny unauthorized persons information of value that might be derived from the possession and study of telecommunications and to ensure the authenticity of such communications. Insert the envelope into the outer envelope ✔✔When the document has been sealed within a properly marked inner envelope you must... DCS ✔✔Defense Courier Service Secret information ✔✔This kind of information can be sent via USPS express only when it is the most effective means considering security, time, cost, and accountability. Top Secret information ✔✔This kind of information can never be sent via USPS Methods to send hard copy Confidential information ✔✔DCS, First Class mail, registered mail, and certified mail True ✔✔True or False: Hand carrying classified information should only be done as a last resort False ✔✔True or False: Anyone can determine the need for hand carrying classified information True ✔✔True or False: When someone is carrying classified information, written authorization is always required DD Form 2501 ✔✔Courier Authorization Card Microfiche destruction ✔✔Burned or shredded to be destroyed. It can also be destroyed with chemicals that destroy the imprints. Typewriter ribbon destruction ✔✔Ribbons must be burned or shredded Floppy disk destruction ✔✔Must be burned, overwritten, or demagnetized Document destruction ✔✔Must be burned, shredded, or chemically decomposed of Videotape destruction ✔✔Must be burned, shredded, or demagnetized Initial Orientation Briefing ✔✔The initial briefing given to all personnel on the DoD Information Security Program Critical Program Information (CPI) ✔✔Most sensitive technology information in DoD research, development, and acquisition programs. DoD selects this to ensure that critical capabilities and the technology that enables those capabilities receives the highest order of protection. CPI elements ✔✔Elements or components of a Research, Development, and Acquisition (RDA) program that, if compromised, could cause significant degradation in mission effectiveness; shorten the expected combat-effective life of the system; reduce technological advantage; significantly alter program direction; or enable an adversary to defeat, counter, copy, or reverse engineer the technology or capability. Includes information about applications, capabilities, processes and end-items. Five steps for protecting CPI ✔✔1. Program must identify CPI 2. Identify any associated threats and vulnerabilities 3. conduct risks analysis, 4. develop and implement countermeasures 5. document it all Information Assurance ✔✔This refers to the measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. These measures include providing for restoration of IS by incorporating protection, detection, and reaction capabilities. Information Assurance ✔✔The fundamentals of this helps 1. Avoid being targeted by adversaries 2. Protect against social engineering 3. Protect against Insider Threat 4. Protects against Identity Theft True ✔✔True or False. Information should be classified for the length of time that it is in the best interest of national security to keep it protected. Program Protection Planning ✔✔The objective of this is to prevent exploitation of US technology and to prevent the development of countermeasures against US Defense systems. It aims to selectively and effectively apply security countermeasures to COP that are cost effective and consistent with risk management principles Program Protection Planning ✔✔This includes Classification Management, foreign disclosure, operations security OPSEC, system security engineering, contract and legal aspects Program Protection Planning ✔✔The benefits of this are that it saves money because it places safeguards and countermeasure son what are needed rather than placing unnecessary safeguards on an entire program CPI contractual requirements ✔✔Contractors who work for DoD RDA that include CPI must use CPI protection measures 1) determine what CPI protection measures are required to protect CPI for specific contracts, 2) identify those CPI protection measures in tier requirement documentation, 3) provide the government contracting activity (GCA) with CPI protection measures and requirements to be included in the resulting solicitations, 4) determine what support the CPI protection will require from DSS CPI Regulations and Requirements ✔✔5200.39 - Critical Program Information Protection - CPI must be identified early in the development, acquisition and sustainment process 5200.39-M - Procedures for the Protection of CPI 5000.02 - Operation of the Defense Acquisition System - it defines with the PPP is required DoDI 5240.11 - Counterintelligence Activities in research, development, and acquisition; establishes policy, assigns responsibility and provides procedures for CI for RDA Program Manager ✔✔CPI is identified by the ________ with the assistance of a working level integrated product team- PM, Program protection lead, key engineers, and key contractor personnel Defense Acquisition Cycle - Sustainment ✔✔Operations and Support - Full operational capability (FOC) CPI in Pre-system Acquisition ✔✔CPI must be identified prior to milestone B. CPI identification occurs mainly with in pre-system acquisition CPI in System Acquisition ✔✔During full-rate production decision review, the team conducts pre-inspection research, which includes reviewing material, identifying who the team needs to interview, and preparing a list of questions. CPI in Sustainment ✔✔The PM reviews for changes or upgrades that differs from original CPI CPI Identification Process ✔✔1. Mission risk assessment 2. "no CPI" memo 3. Review critical technology 4. preform critical analysis 5. review inherited CPI "No CPI" memo ✔✔This memo explains the reasoning behind ceasing the identification process. Signed by the PM and provided to the appropriate milestone decision authority Mission-risk assessment ✔✔The purpose of this assessment is to quickly identify programs that are unlikely to have CPI and to prevent them from unnecessarily continuing the process. The assessment is complete by the program and reviewed by the cognizant protection organization Review Critical Technology and Sources ✔✔Technology related to weapons of mass destruction example of critical technology, leading edge or critical technology. - military critical technology list - developing science and technology list - missile technology control regime - low observable/counter-low observable Review Inherited CPI ✔✔Existing CPI from inherited subsystems and similar programs is reviewed for continued protection. Horizontal CPI with in the acquisition security database and through discussions with the PM and science and technology leads of the inherited system. A threat to CPI ✔✔This exists when a foreign interest has a confirmed or assessed intent for acquiring specific classified or sensitive defense information or proprietary or intellectual proper information and the foreign interest has the capability to acquire such information Protect ✔✔It is essential that programs are aware of the threats specific to their CPI; as soon as a program identifies CPI, a counterintelligence threats assessment should be requested in order to ___________ CPI. Assessing Threat Values ✔✔Assess intent and capability, - consider where a threat is most likely to exist, could come from: insider threat, espionage, foreign companies, computer network exploitation, technology transfer and from with the supply chain Program Protection Plan (PPP) ✔✔This plan coordinates and integrates all protection efforts for CPI into a single document, required for all programs with CPI Horizontal Protection ✔✔Facilitated by the acquisitions security database and assists in determining whether defense technology and CPI are adequately protected. Required for all programs with CPI Technology Targeting Risk Assessment (TTRA) ✔✔Quantitative documentation of the risk that a particular country poses to CPI, - produced by DIA, - Evaluates 5 Factors 1. Technology competence 2. national level of interest 3. technology transfer 4. ability to assimilate 5. corporate technology protection CPI Vulnerabilities ✔✔May be present in how CPI is stored, maintained, ore transmitted, may be present in where CPI is located, -what information can an adversary learn simply by observing, human intelligence and insider threat, foreign involvement Risk Assessment ✔✔Aims to determine the extent of the potential threat to and the risk associated with CPI. To determine the likelihood of a future adverse event, threats to CPI must be analyzed together with the system's potential vulnerabilities and countermeasures Risk Management for CPI ✔✔Identifies in advertent loss of technology, evaluates inadvertent loss of technology, ranks inadvertent loss of technology, controls inadvertent loss of technology Types of CPI Countermeasures ✔✔1. Anti-tamper - used to hinder an adversary ability to gain technology or information 2. information assurance - protects the network on which data resides with access limitations and system accreditation 3. system and software assurance - safety, reliability, availability, maintain, free from vulnerabilities 4. Horizontal protection - same level of protection as other CPI programs Document, Countermeasures ✔✔All programs with CPI must __________ the _________ used to protect the information. CPI CM are provided by: SCG, technology assessment/control plan, counterintelligence support plan, and anti-tamper plan Special Handling ✔✔The following types of information requires _____________. 1. Atomic Energy Info (RD/FRD) - Restricted data and formerly restricted data 2. Sensitive Compartmental Information (SCI) - intelligence sources, methods or analytical processes 3. COMSEC - deny unauthorized persons information of value that might be derived from the possession and study of telecommunications [Show More]

Last updated: 1 year ago

Preview 1 out of 18 pages