Browse all questions

1. Under the federal definition (18 U.S.C. §2331), terrorism centrally involves:

18 U.S.C. §2331 defines both international and domestic terrorism. The common elements: violent acts (or acts dangerous to human life) that violate criminal law, AND the actor's intent — to intimidate or coerce a civilian population, influence government policy by intimidation or coercion, or affect government conduct by mass destruction, assassination, or kidnapping. Personal motive without political/ideological coercion goal (a) is ordinary violent crime. Citizenship is not the dividing line (c) — both domestic and international terrorism exist. There is no casualty threshold (d).

2. 'Domestic terrorism' as defined by 18 U.S.C. §2331(5) is distinguished from 'international terrorism' chiefly by:

Domestic terrorism under §2331(5) involves activities that occur primarily within US territorial jurisdiction and are intended to intimidate or coerce a civilian population, influence government, or affect conduct of government by mass destruction, assassination, or kidnapping. The dividing line from international terrorism (§2331(1)) is geographic/jurisdictional, not severity (a), weapon type (b), or which agency leads (d — investigation may involve FBI Joint Terrorism Task Forces regardless). Recent threat assessments identify domestic violent extremism — including racially-motivated, anti-government, and other ideologies — as significant US threats.

3. 'Lone-wolf' or homegrown violent extremism is characterized by:

FBI / DHS threat assessments highlight that lone offenders — often radicalized through online content with minimal physical contact with formal organizations — are exceptionally difficult to detect through conspiracy-based intelligence because there is no conspiracy to penetrate. Early warning typically comes from observable pre-attack behaviors (leakage to family, online posts, surveillance, weapon acquisition) that security officers and the public may notice. This drives the importance of suspicious-activity reporting and the 'See Something, Say Something' campaign. (b), (c), and (d) describe other threat categories.

4. Which of the following is NOT generally listed as a Suspicious Activity Report (SAR) behavioral indicator under the Nationwide SAR Initiative?

Nationwide SAR Initiative indicators include surveillance, photography of restricted/critical infrastructure with no apparent purpose, eliciting information, testing/probing of security, breach/attempted intrusion, misrepresentation, theft/diversion of materials, acquisition of expertise or supplies, weapons discovery, sector-specific incidents, and expressed/implied threats. Routine employee activity during business hours (d) is normal and not a SAR indicator — SARs require articulable behavioral concerns, not status or appearance. 28 CFR Part 23 governs intelligence-system criminal information standards to prevent unconstitutional reporting.

5. DHS's public awareness campaign for reporting suspicious activity, often referenced in BSIS terrorism-awareness modules, is:

'If You See Something, Say Something' is the registered DHS campaign emphasizing that observation of behavior (not appearance, race, ethnicity, or religion) is what matters, and that the public — including security officers — are critical reporting partners. The campaign directs reports to local law enforcement or 911 for emergencies, the FBI for federal jurisdiction (especially terrorism), and tip lines such as 1-855-TELL-FBI. Officers are trained to report observable behavior, not based on identity characteristics — which would violate civil-rights protections (28 CFR Part 23, federal civil-rights statutes).

6. For an observed pattern suggesting terrorism preparation that is not an immediate emergency, the most appropriate reporting channel from the BSIS curriculum is:

Standard reporting flow: local law enforcement is the universal first channel (911 for emergencies, non-emergency line otherwise). For terrorism-related observations, the FBI's Joint Terrorism Task Force coordinates federal/state/local response; state Fusion Centers (in California, the State Threat Assessment Center and regional centers including JRIC) provide analysis and information sharing. Internal incident reporting to the employer parallels law-enforcement reporting. Social-media posting (a) compromises investigations and may defame; ignoring (b) abandons the SAR duty; confrontation (d) endangers the officer and tips off the suspect.

7. The 'CBRNE' acronym used in WMD-awareness training stands for:

CBRNE — Chemical, Biological, Radiological, Nuclear, Explosive — is the FEMA / CISA / DOD framework for categorizing weapons of mass destruction and weapons capable of mass casualties. Chemical agents (nerve, blister, blood, choking) cause harm through toxicity; Biological agents (pathogens, toxins) cause harm through disease; Radiological agents disperse radioactive material (dirty bombs); Nuclear involves fission/fusion devices; Explosive includes IEDs and conventional explosives. Different agent categories require different protective and response measures, which is why the framework drives training and equipment planning.

8. Which set of observations would most strongly suggest a possible chemical attack rather than a routine incident?

Chemical-attack indicators taught in CDC and DHS modules include sudden clustered casualties with similar symptoms, unusual odors (almonds may suggest cyanide, garlic may suggest mustard agent, freshly cut grass may suggest phosgene — although many agents are odorless), dead vegetation or animals in proximity, and witnesses reporting eye/skin/respiratory irritation. Single illness (a) is generally not a chemical attack signal; routine deliveries (c) and normal HVAC (d) do not suggest attack. Response: move upwind/uphill, deny entry, call 911 specifying possible chemical incident.

9. Biological attacks differ from chemical attacks in detection because:

Most biological agents (anthrax, plague, smallpox, tularemia, viral hemorrhagic fevers, botulinum toxin) have incubation periods ranging from hours to several weeks, so unlike chemical attacks (where casualties often appear immediately), biological events frequently come to light through epidemiological surveillance — unusual clusters of disease, deaths exceeding expected patterns, or geographically unusual cases. Officers may, however, notice abandoned dispersal devices or letters with unknown powders. Most biological agents are not odorous/visible (a); they do affect humans (d); casualties may emerge gradually (b).

10. The three fundamental radiological-protection principles for limiting exposure are:

Time, Distance, and Shielding are the three core principles of radiation protection adopted by the NRC, FEMA, and ICRP. Minimize Time of exposure (dose is cumulative); Maximize Distance (intensity falls with the inverse square — doubling distance quarters intensity); use Shielding (concrete, lead, even thick walls reduce dose) between you and the source. For a security officer responding to a suspected radiological incident (e.g., dirty-bomb concern), evacuating upwind, isolating the area, increasing distance, and notifying 911 / hazmat are the immediate priorities.

11. A 'dirty bomb' or radiological dispersal device (RDD) is distinguished from a true nuclear weapon by:

An RDD uses conventional explosives to disperse radioactive material — it is NOT a nuclear weapon and does not produce a fission/fusion yield. The immediate damage is primarily the conventional blast; the longer-term concern is contamination of the area, complicating cleanup and causing fear and economic disruption. A true nuclear device produces a fission or fusion chain reaction with catastrophic blast/thermal/radiation effects. Both warrant immediate evacuation and law-enforcement response; only proper training and detection equipment can characterize the threat. Security officers focus on isolating the area and notifying authorities.

12. Explosive (the 'E' in CBRNE) attacks in modern terrorism most commonly involve:

Improvised Explosive Devices are by far the most common explosive threat — homemade devices using readily available materials, often hidden in vehicles (VBIEDs), worn by attackers (PBIEDs), placed in packages, or mailed. Standoff distances and pre-event SAR observation (probing security, surveillance, acquiring precursors) are the principal defenses. Military munitions (a) are tightly controlled; nuclear devices (b) are extremely rare; firearms (d) are a different attack mode altogether. Security officers focus on access control, suspicious-package awareness, and reporting indicators of pre-attack preparation.

13. DHS / CISA identifies how many critical infrastructure sectors whose protection is prioritized for national security?

CISA designates 16 critical infrastructure sectors under Presidential Policy Directive 21 (PPD-21): Chemical; Commercial Facilities; Communications; Critical Manufacturing; Dams; Defense Industrial Base; Emergency Services; Energy; Financial Services; Food and Agriculture; Government Facilities; Healthcare and Public Health; Information Technology; Nuclear Reactors/Materials/Waste; Transportation Systems; Water and Wastewater Systems. Each sector has a Sector Risk Management Agency. Private security guards frequently work in commercial facilities, healthcare, and transportation sectors, which makes their awareness directly relevant to homeland security.

14. Protective measures that security officers contribute to critical-infrastructure protection include:

Security officers contribute to critical-infrastructure protection through multiple complementary measures captured in (d): perimeter maintenance (fences, lighting, gates), access control (verification of credentials), Crime Prevention Through Environmental Design (CPTED) awareness, visible patrols as deterrence, communication readiness (radio, phones, emergency contacts), and prompt reporting of SAR indicators. Security is layered — no single measure works alone, and the security officer is one critical layer. Singular focus options (a, b, c) miss the integrated nature of protection.

15. California's network for sharing terrorism-related intelligence among federal, state, local, and private-sector partners is built around:

Fusion Centers are the central national framework for state/local intelligence sharing post-9/11, supported by DHS and managed by host agencies. California operates the State Threat Assessment Center (STAC) in Sacramento and several regional Fusion Centers including JRIC (Los Angeles area), NCRIC (Northern California), and Orange County Intelligence Assessment Center. These integrate federal partners (FBI Field Offices, DHS Intelligence) with state and local law enforcement and private-sector liaisons. Private security firms participate through SAR submissions. The other options describe partial pieces of intelligence collection, not the framework.

16. When reporting suspicious activity, what civil-rights principle must the security officer observe?

28 CFR Part 23 and federal civil-rights statutes (and California's analogues including the Ralph and Bane Acts) require that intelligence collection and reporting be based on reasonable suspicion of criminal activity supported by articulable behavioral facts — NOT on protected characteristics such as race, ethnicity, national origin, religion, gender, sexual orientation, or political belief. Bias-based reporting violates civil rights and undermines the credibility of legitimate threat reporting. The DHS 'See Something, Say Something' campaign explicitly emphasizes behavior over identity. Officers report what people do, not who people are.