SAPPC Study Guide- Questions with 100% Correct Answers
4 views 0 purchase
Course
SPeD SAPPC
Institution
SPeD SAPPC
Describe the purpose, intent, and security professional's role in each step of the Command Cyber Readiness Inspections (CCRI) process Defining the scope, the inspection phase, documentation of observations, and reporting findings. A security professional would have responsibilities in defining the ...
SAPPC Study Guide - Questions with 100% Correct Answers Describe the purpose, intent, and security professional's role in each step of the Command Cyber Readiness Inspections (CCRI) process ✅Defining the scope, the inspection phase, documentation of observations, and reporting findings. A security professional would have responsibilities in defining the scope of the inspection, overseeing the self -inspection and remediation efforts, and coordi nating with the CCRI team throughout the remainder of the process List two factors that should be considered when determining position sensitivity ✅(1) Level of access to classified information (2) IT level needed (3) Duties associated with position Explain the process for responding to a "spillage" ✅1. Detection (implied) 2. Notification and preliminary inquiry 3. Containment and continuity of operations 4. Formal inquiry 5. Resolution 6. Reporting Explain how the adjudication process contributes to effective risk management of DoD assets ✅Determines an individual's loyalty, reliability, and trustworthiness are in the best interest of national security Explain why access control measures are contingent on Force Protection Conditions ✅The Force Protection Conditions determine the amount of control measures needed to be taken in response to various levels of threats against military facilities or installations. Define the purpose and function of the militarily critical technologies list (MCTL) ✅Serves as a technical reference for the development and implementation of DoD technology, security policies on international transfers of defense -related goods, services, and technologies as administered by the Director, Defense Technology Security Adminis tration (DTSA). Describe how authorization of Limited Access Authority impacts risk to DoD assets ✅Increases risk by allowing a foreign national access to classified information. Reduces risk by ensuring Foreign Nationals with a unique or unusual skills set have been properly investigated, adjudicated or vetted before being granted access to specific pi eces of classified information only. List three different types of threats to classified information ✅(1) Insider threat (2) Foreign Intelligence entities (3) Cybersecurity Threat What is the security professionals' role in pursuing and meeting cyber security goals? ✅The role of the cyberspace workforce is to "secure, defend, and preserve data, networks, net -centric capabilities, and other designated systems by ensuring appropriate security controls and measures are in place, and taking internal defense actions" (DoDD 8140.01). Per DoDI 8500.01, Cybersecurity (March 14, 2014), personnel occupying cybersecurity positions must be assigned in writing and trained / qualified in accordance with their role. Identify specific baseline administrative and/or physical security controls applicable to each system categorization ✅Controls are identified by enumerating the common controls, identifying those relevant to the categorization level as defined in NIST SP 800-53, potentially tailored by the Authorizing Official, and overlays are applied based on the nature of the system. List three (3) factors for determining whether US companies are under Foreign Ownership Control of Influence (FOCI) ✅1. Record of economic and government espionage against the US targets. 2. Record of enforcement/engagement in unauthorized technology transfer. 3. Type and sensitivity of the information that shall be accessed. 4. The source, nature and extent of FOCI. 5. Record of compliance with pertinent US laws, regulations and contracts. 6. Nature and bilateral and multilateral security and information exchange agreements. 7. Ownership or control in whole or part, by a foreign government. How does lack of attention to the concept of compilation of information introduce risks to DoD assets? ✅1. Unauthorized disclosure 2. Misclassification 3. Security Violation 4. Improper safeguarding 5. Improper dissemination 6. Improper handling 7. Improper destruction 8. Data Spill List at least three indicators of insider threats ✅1. Failure to report overseas travel or contact with foreign nationals. 2. Seeking to gain higher clearance or expand access outside the job scope. 3. Engaging in classified conversations without a need to know. 4. Working hours inconsistent with job assignment or insistence on working in private. 5. Exploitable behavior traits. 6. Repeated security violations. 7. Attempting to enter areas not granted access to.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller twishfrancis. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $9.99. You're not tied to anything after your purchase.