Infrastructure Protection Plan Introduction | FEMA
Independent Study | Verified Q&A | Pass Guaranteed - A+
Graded
Section 1: NIPP Framework Overview & Core Principles (Questions
1–8)
Question 1
The National Infrastructure Protection Plan (NIPP) is built on a foundation of core
principles that guide national critical infrastructure security and resilience efforts. Which
of the following is NOT one of the core principles of the NIPP 2026 framework?
A. Risk-informed prioritization of critical assets and systems
B. Public-private partnership and co-ownership of risk management
C. Centralized federal control over all critical infrastructure operations
D. Integration of cybersecurity and physical security [CORRECT]
Rationale: The NIPP emphasizes partnership and collaboration, not centralized federal
control—private sector owners/operators retain operational control. The core principles
include risk-informed prioritization, public-private partnerships, regional collaboration,
resilience, cyber-physical integration, supply chain resilience, and climate adaptation. A,
B, and D are all explicitly stated NIPP core principles. C contradicts the partnership
model that is central to the NIPP framework.
,Question 2
The NIPP 2026 update places increased emphasis on climate resilience within critical
infrastructure protection. This expanded focus primarily addresses:
A. The complete elimination of all fossil fuel energy sources within ten years
B. The need to harden infrastructure against extreme weather events, cascading failures
from floods, heatwaves, wildfires, and sea level rise [CORRECT]
C. The relocation of all coastal infrastructure to inland areas
D. The federal takeover of state and local climate adaptation planning
Rationale: NIPP 2026 climate adaptation focuses on resilience investments, extreme
weather hardening, and managing cascading failures—not elimination of energy sources
(A), mass relocation (C), or federal takeover (D). The framework supports risk-informed
adaptation strategies across all sectors and levels of government. A is a policy position,
not a NIPP principle. C is impractical and not required. D violates the partnership model.
Question 3
Under the NIPP framework, "critical infrastructure resilience" is defined as the ability to:
A. Prevent all possible threats and hazards from affecting infrastructure
B. Withstand, adapt to, and rapidly recover from disruptions while maintaining essential
functions [CORRECT]
C. Maintain 100% operational capacity at all times regardless of circumstances
D. Transfer all risk to the federal government through insurance programs
Rationale: Resilience encompasses withstand, adapt, and recover—not absolute
prevention (A), impossible 100% uptime (C), or risk transfer (D). The NIPP recognizes
that disruptions will occur; resilience focuses on minimizing impact and ensuring rapid
recovery of essential functions. A is prevention-focused, not resilience. C is
operationally impossible. D misrepresents risk management.
, Question 4
The NIPP 2026 framework emphasizes supply chain resilience as a critical priority. This
focus is primarily concerned with:
A. Eliminating all international trade in critical infrastructure components
B. Addressing global dependencies, identifying single points of failure, and developing
alternate sourcing strategies [CORRECT]
C. Mandating that all critical infrastructure components be manufactured exclusively by
the federal government
D. Reducing supply chain complexity by limiting the number of suppliers to one per
component
Rationale: Supply chain resilience addresses vulnerabilities in global sourcing and single
points of failure through diversification, stockpiles, and alternate sourcing—not
isolationism (A), government manufacturing (C), or dangerous consolidation (D). The
NIPP promotes understanding dependencies and building redundancy. A is
economically impractical and not required. C contradicts private sector ownership. D
creates single points of failure.
Question 5
The integration of cybersecurity and physical security in the NIPP 2026 framework
recognizes that:
A. Cybersecurity and physical security are completely separate domains that should
never be coordinated
B. Cyber-physical convergence means that cyber attacks can cause physical damage
and operational disruptions, requiring integrated risk management [CORRECT]
C. Physical security is no longer necessary because cybersecurity can prevent all
threats
D. Only federal agencies need to worry about cyber-physical convergence