SFPC - Security Fundamentals Professional Operations Security (OPSEC) Concepts Questions and Answers

Question 1

Which of the following BEST defines the primary goal of Operations Security (OPSEC)?

Accepted Answer

To prevent adversaries from discovering critical information by viewing operations from their perspective.

Answer

The core principle of OPSEC is to identify and protect critical information by analyzing operations from an adversary's point of view. It focuses on preventing the inadvertent disclosure of sensitive data that, even if unclassified, could be exploited.

Question 2

A government agency is planning a major international conference. The planning team posts details about the event, including specific dates, times, and the names of high-profile attendees, on a public-facing website for attendee convenience. From an OPSEC standpoint, this action is a failure in which step of the OPSEC process?

Accepted Answer

Analysis of Vulnerabilities

Answer

This scenario represents a failure to analyze vulnerabilities. The vulnerability is the public-facing website, an unsecured channel, which adversaries could exploit to gain critical information (attendee lists, schedules) to plan an attack or disruption.

Question 3

Which of the following is considered the FIRST step in the traditional five-step OPSEC process?

Accepted Answer

Identify Critical Information

Answer

The foundational first step of the OPSEC process is to identify the critical information. An organization cannot protect its sensitive information if it does not first determine what information, if compromised, would cause the most harm to its mission or operations.

Question 4

An employee at a defense contracting company frequently discusses specific project details, such as testing timelines and equipment capabilities, with friends at a local restaurant. While the information is not classified, a competitor could piece it together to gain a competitive advantage. This employee's behavior creates an OPSEC _______.

Accepted Answer

vulnerability

Answer

The employee's behavior creates a vulnerability, which is a weakness that can be exploited by a threat. Discussing sensitive details in a public, unsecured setting is a weakness in the company's security posture that an adversary (the threat) could exploit.

Question 5

In the context of OPSEC, what is an 'indicator'?

Accepted Answer

Friendly, detectable actions that can be pieced together by an adversary to derive critical information.

Answer

Indicators are friendly activities, often unclassified and seemingly harmless on their own, that an adversary can observe and analyze to reveal or infer critical information. For example, a sudden increase in pizza deliveries to a command center late at night could indicate that a major operation is imminent.

SFPC - Security Fundamentals Professional Certification Practice Test

SFPC - Security Fundamentals Professional Certification Practice Test

SFPC - Security Fundamentals Professional Operations Security (OPSEC) Concepts Questions and Answers